* [PATCH AUTOSEL 5.10 24/39] scsi: st: Fix a use after free in st_open()
[not found] <20210325112558.1927423-1-sashal@kernel.org>
@ 2021-03-25 11:25 ` Sasha Levin
2021-03-25 11:25 ` [PATCH AUTOSEL 5.10 25/39] scsi: qla2xxx: Fix broken #endif placement Sasha Levin
1 sibling, 0 replies; 2+ messages in thread
From: Sasha Levin @ 2021-03-25 11:25 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Lv Yunlong, Kai Mäkisara, Martin K . Petersen, Sasha Levin,
linux-scsi
From: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
[ Upstream commit c8c165dea4c8f5ad67b1240861e4f6c5395fa4ac ]
In st_open(), if STp->in_use is true, STp will be freed by
scsi_tape_put(). However, STp is still used by DEBC_printk() after. It is
better to DEBC_printk() before scsi_tape_put().
Link: https://lore.kernel.org/r/20210311064636.10522-1-lyl2019@mail.ustc.edu.cn
Acked-by: Kai Mäkisara <kai.makisara@kolumbus.fi>
Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/st.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/st.c b/drivers/scsi/st.c
index e2e5356a997d..19bc8c923fce 100644
--- a/drivers/scsi/st.c
+++ b/drivers/scsi/st.c
@@ -1269,8 +1269,8 @@ static int st_open(struct inode *inode, struct file *filp)
spin_lock(&st_use_lock);
if (STp->in_use) {
spin_unlock(&st_use_lock);
- scsi_tape_put(STp);
DEBC_printk(STp, "Device already in use.\n");
+ scsi_tape_put(STp);
return (-EBUSY);
}
--
2.30.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [PATCH AUTOSEL 5.10 25/39] scsi: qla2xxx: Fix broken #endif placement
[not found] <20210325112558.1927423-1-sashal@kernel.org>
2021-03-25 11:25 ` [PATCH AUTOSEL 5.10 24/39] scsi: st: Fix a use after free in st_open() Sasha Levin
@ 2021-03-25 11:25 ` Sasha Levin
1 sibling, 0 replies; 2+ messages in thread
From: Sasha Levin @ 2021-03-25 11:25 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Alexey Dobriyan, Himanshu Madhani, Martin K . Petersen,
Sasha Levin, linux-scsi
From: Alexey Dobriyan <adobriyan@gmail.com>
[ Upstream commit 5999b9e5b1f8a2f5417b755130919b3ac96f5550 ]
Only half of the file is under include guard because terminating #endif
is placed too early.
Link: https://lore.kernel.org/r/YE4snvoW1SuwcXAn@localhost.localdomain
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/qla2xxx/qla_target.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/qla2xxx/qla_target.h b/drivers/scsi/qla2xxx/qla_target.h
index 1cff7c69d448..1e94586c7eb2 100644
--- a/drivers/scsi/qla2xxx/qla_target.h
+++ b/drivers/scsi/qla2xxx/qla_target.h
@@ -116,7 +116,6 @@
(min(1270, ((ql) > 0) ? (QLA_TGT_DATASEGS_PER_CMD_24XX + \
QLA_TGT_DATASEGS_PER_CONT_24XX*((ql) - 1)) : 0))
#endif
-#endif
#define GET_TARGET_ID(ha, iocb) ((HAS_EXTENDED_IDS(ha)) \
? le16_to_cpu((iocb)->u.isp2x.target.extended) \
@@ -244,6 +243,7 @@ struct ctio_to_2xxx {
#ifndef CTIO_RET_TYPE
#define CTIO_RET_TYPE 0x17 /* CTIO return entry */
#define ATIO_TYPE7 0x06 /* Accept target I/O entry for 24xx */
+#endif
struct fcp_hdr {
uint8_t r_ctl;
--
2.30.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-03-25 11:28 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20210325112558.1927423-1-sashal@kernel.org>
2021-03-25 11:25 ` [PATCH AUTOSEL 5.10 24/39] scsi: st: Fix a use after free in st_open() Sasha Levin
2021-03-25 11:25 ` [PATCH AUTOSEL 5.10 25/39] scsi: qla2xxx: Fix broken #endif placement Sasha Levin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox