projects / GitHub / LineageOS / G12 / android_kernel_amlogic_linux-4.9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cf5793c)
scsi: st: Fix a use after free in st_open()
authorLv Yunlong <lyl2019@mail.ustc.edu.cn>
Thu, 11 Mar 2021 06:46:36 +0000 (22:46 -0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 7 Apr 2021 10:05:39 +0000 (12:05 +0200)
[ Upstream commit c8c165dea4c8f5ad67b1240861e4f6c5395fa4ac ]

In st_open(), if STp->in_use is true, STp will be freed by
scsi_tape_put(). However, STp is still used by DEBC_printk() after. It is
better to DEBC_printk() before scsi_tape_put().

Link: https://lore.kernel.org/r/20210311064636.10522-1-lyl2019@mail.ustc.edu.cn
Acked-by: Kai Mäkisara <kai.makisara@kolumbus.fi>
Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/scsi/st.c patch | blob | blame | history

diff --git a/drivers/scsi/st.c b/drivers/scsi/st.c
index 618422ea3a4123d8d0b115f8811634e8225de8a1..0d58227431e43a918767701cdd73b86f95fc8a27 100644 (file)
--- a/drivers/scsi/st.c
+++ b/drivers/scsi/st.c
@@ -1267,8 +1267,8 @@ static int st_open(struct inode *inode, struct file *filp)
        spin_lock(&st_use_lock);
        if (STp->in_use) {
                spin_unlock(&st_use_lock);
-               scsi_tape_put(STp);
                DEBC_printk(STp, "Device already in use.\n");
+               scsi_tape_put(STp);
                return (-EBUSY);
        }