[PATCH AUTOSEL 4.19 13/20] scsi: st: Fix a use after free in st_open()
From: Sasha Levin
Date: Thu Mar 25 2021 - 07:38:13 EST
From: Lv Yunlong <lyl2019@xxxxxxxxxxxxxxxx>
[ Upstream commit c8c165dea4c8f5ad67b1240861e4f6c5395fa4ac ]
In st_open(), if STp->in_use is true, STp will be freed by
scsi_tape_put(). However, STp is still used by DEBC_printk() after. It is
better to DEBC_printk() before scsi_tape_put().
Link: https://lore.kernel.org/r/20210311064636.10522-1-lyl2019@xxxxxxxxxxxxxxxx
Acked-by: Kai Mäkisara <kai.makisara@xxxxxxxxxxx>
Signed-off-by: Lv Yunlong <lyl2019@xxxxxxxxxxxxxxxx>
Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/scsi/st.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/st.c b/drivers/scsi/st.c
index 307df2fa39a3..5078db7743cd 100644
--- a/drivers/scsi/st.c
+++ b/drivers/scsi/st.c
@@ -1265,8 +1265,8 @@ static int st_open(struct inode *inode, struct file *filp)
spin_lock(&st_use_lock);
if (STp->in_use) {
spin_unlock(&st_use_lock);
- scsi_tape_put(STp);
DEBC_printk(STp, "Device already in use.\n");
+ scsi_tape_put(STp);
return (-EBUSY);
}
--
2.30.1