Linux-SCSI Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH v2 1/2] scsi: sr: Fix sr_probe() missing mutex_destroy
@ 2020-05-30 17:58 Simon Arlott
  2020-05-30 17:59 ` [PATCH v2 2/2] scsi: sr: Fix sr_probe() missing deallocate of device minor Simon Arlott
  2020-06-10  2:02 ` [PATCH v2 1/2] scsi: sr: Fix sr_probe() missing mutex_destroy Martin K. Petersen
  0 siblings, 2 replies; 3+ messages in thread
From: Simon Arlott @ 2020-05-30 17:58 UTC (permalink / raw)
  To: Martin K . Petersen, James E.J. Bottomley, Jens Axboe, Bart Van Assche
  Cc: linux-scsi, Merlijn Wajer, Linux Kernel Mailing List

If the device minor cannot be allocated or the cdrom fails to be
registered then the mutex should be destroyed.

Signed-off-by: Simon Arlott <simon@octiron.net>
Fixes: 51a858817dcd ("scsi: sr: get rid of sr global mutex")
Cc: stable@vger.kernel.org
---
On 30/05/2020 17:41, James Bottomley wrote:
> On Sat, 2020-05-30 at 09:24 -0700, Bart Van Assche wrote:
>> Please add Fixes: and Cc: stable tags.

I've added a Fixes: tag and Cc:'d stable.

> This isn't really a bug, is it?  mutex_destroy is a nop unless lock
> debugging is enabled in which case it checks the lock is unlocked and
> marks it as unusable to detect a use after destroy.  Since the
> structure containing the mutex is kfree'd in the next statement, kasan
> would also detect any use after free.  That's not to say we shouldn't
> do this to be fully correct ... just that it has no potential ever to
> have user visible impact so there doesn't seem to be much point
> cluttering up the stable process with it.

If the current lock debugging implementation in stable will be ok with
it then I'd agree there's no reason to put it in stable kernels, except
that the commit this fixes was added to stable with this bug and one in
sr_block_release (72655c0ebd1d).

 drivers/scsi/sr.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c
index d2fe3fa470f9..8d062d4f3ce0 100644
--- a/drivers/scsi/sr.c
+++ b/drivers/scsi/sr.c
@@ -817,6 +817,7 @@ static int sr_probe(struct device *dev)
 
 fail_put:
 	put_disk(disk);
+	mutex_destroy(&cd->lock);
 fail_free:
 	kfree(cd);
 fail:
-- 
2.17.1

-- 
Simon Arlott

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [PATCH v2 2/2] scsi: sr: Fix sr_probe() missing deallocate of device minor
  2020-05-30 17:58 [PATCH v2 1/2] scsi: sr: Fix sr_probe() missing mutex_destroy Simon Arlott
@ 2020-05-30 17:59 ` Simon Arlott
  2020-06-10  2:02 ` [PATCH v2 1/2] scsi: sr: Fix sr_probe() missing mutex_destroy Martin K. Petersen
  1 sibling, 0 replies; 3+ messages in thread
From: Simon Arlott @ 2020-05-30 17:59 UTC (permalink / raw)
  To: Martin K . Petersen, James E.J. Bottomley, Jens Axboe, Bart Van Assche
  Cc: linux-scsi, Merlijn Wajer, Linux Kernel Mailing List

If the cdrom fails to be registered then the device minor should be
deallocated.

Signed-off-by: Simon Arlott <simon@octiron.net>
Cc: stable@vger.kernel.org
---
On 30/05/2020 17:24, Bart Van Assche wrote:
> On 2020-05-30 02:33, Simon Arlott wrote:
>> If the cdrom fails to be registered then the device minor should be
>> deallocated.
> 
> Also for this patch, please add Fixes: and Cc: stable tags.

I've Cc:'d stable.

There is no specific previous commit that this fixes. I was just
checking the rest of sr_probe when making a patch for the first issue.

 drivers/scsi/sr.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c
index 8d062d4f3ce0..1e13c6a0f0ca 100644
--- a/drivers/scsi/sr.c
+++ b/drivers/scsi/sr.c
@@ -797,7 +797,7 @@ static int sr_probe(struct device *dev)
 	cd->cdi.disk = disk;
 
 	if (register_cdrom(&cd->cdi))
-		goto fail_put;
+		goto fail_minor;
 
 	/*
 	 * Initialize block layer runtime PM stuffs before the
@@ -815,6 +815,10 @@ static int sr_probe(struct device *dev)
 
 	return 0;
 
+fail_minor:
+	spin_lock(&sr_index_lock);
+	clear_bit(minor, sr_index_bits);
+	spin_unlock(&sr_index_lock);
 fail_put:
 	put_disk(disk);
 	mutex_destroy(&cd->lock);
-- 
2.17.1

-- 
Simon Arlott

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v2 1/2] scsi: sr: Fix sr_probe() missing mutex_destroy
  2020-05-30 17:58 [PATCH v2 1/2] scsi: sr: Fix sr_probe() missing mutex_destroy Simon Arlott
  2020-05-30 17:59 ` [PATCH v2 2/2] scsi: sr: Fix sr_probe() missing deallocate of device minor Simon Arlott
@ 2020-06-10  2:02 ` Martin K. Petersen
  1 sibling, 0 replies; 3+ messages in thread
From: Martin K. Petersen @ 2020-06-10  2:02 UTC (permalink / raw)
  To: Bart Van Assche, James E.J. Bottomley, Simon Arlott, Jens Axboe
  Cc: Martin K . Petersen, Linux Kernel Mailing List, Merlijn Wajer,
	linux-scsi

On Sat, 30 May 2020 18:58:25 +0100, Simon Arlott wrote:

> If the device minor cannot be allocated or the cdrom fails to be
> registered then the mutex should be destroyed.

Applied to 5.8/scsi-queue, thanks!

[1/2] scsi: sr: Fix sr_probe() missing mutex_destroy
      https://git.kernel.org/mkp/scsi/c/a247e07f8dad
[2/2] scsi: sr: Fix sr_probe() missing deallocate of device minor
      https://git.kernel.org/mkp/scsi/c/6555781b3fde

-- 
Martin K. Petersen	Oracle Linux Engineering

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-30 17:58 [PATCH v2 1/2] scsi: sr: Fix sr_probe() missing mutex_destroy Simon Arlott
2020-05-30 17:59 ` [PATCH v2 2/2] scsi: sr: Fix sr_probe() missing deallocate of device minor Simon Arlott
2020-06-10  2:02 ` [PATCH v2 1/2] scsi: sr: Fix sr_probe() missing mutex_destroy Martin K. Petersen

Linux-SCSI Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-scsi/0 linux-scsi/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-scsi linux-scsi/ https://lore.kernel.org/linux-scsi \
		linux-scsi@vger.kernel.org
	public-inbox-index linux-scsi

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-scsi


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git