| Message ID | 0cb16d6f-098a-a8c3-09c3-273d02067ada@0882a8b5-c6c3-11e9-b005-00805fc181fe (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [1/2] scsi: sr: Fix sr_probe() missing mutex_destroy | expand |
On 2020-05-30 02:32, Simon Arlott wrote: > If the device minor cannot be allocated or the cdrom fails to be > registered then the mutex should be destroyed. Please add Fixes: and Cc: stable tags. Thanks, Bart.
On Sat, 2020-05-30 at 09:24 -0700, Bart Van Assche wrote: > On 2020-05-30 02:32, Simon Arlott wrote: > > If the device minor cannot be allocated or the cdrom fails to be > > registered then the mutex should be destroyed. > > Please add Fixes: and Cc: stable tags. This isn't really a bug, is it? mutex_destroy is a nop unless lock debugging is enabled in which case it checks the lock is unlocked and marks it as unusable to detect a use after destroy. Since the structure containing the mutex is kfree'd in the next statement, kasan would also detect any use after free. That's not to say we shouldn't do this to be fully correct ... just that it has no potential ever to have user visible impact so there doesn't seem to be much point cluttering up the stable process with it. James
On 2020-05-30 09:41, James Bottomley wrote: > On Sat, 2020-05-30 at 09:24 -0700, Bart Van Assche wrote: >> On 2020-05-30 02:32, Simon Arlott wrote: >>> If the device minor cannot be allocated or the cdrom fails to be >>> registered then the mutex should be destroyed. >> >> Please add Fixes: and Cc: stable tags. > > This isn't really a bug, is it? mutex_destroy is a nop unless lock > debugging is enabled in which case it checks the lock is unlocked and > marks it as unusable to detect a use after destroy. Since the > structure containing the mutex is kfree'd in the next statement, kasan > would also detect any use after free. That's not to say we shouldn't > do this to be fully correct ... just that it has no potential ever to > have user visible impact so there doesn't seem to be much point > cluttering up the stable process with it. That makes sense to me. I may have confused Simon with my suggestion. Bart.
diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c index d2fe3fa470f9..8d062d4f3ce0 100644 --- a/drivers/scsi/sr.c +++ b/drivers/scsi/sr.c @@ -817,6 +817,7 @@ static int sr_probe(struct device *dev) fail_put: put_disk(disk); + mutex_destroy(&cd->lock); fail_free: kfree(cd); fail:
If the device minor cannot be allocated or the cdrom fails to be registered then the mutex should be destroyed. Signed-off-by: Simon Arlott <simon@octiron.net> --- drivers/scsi/sr.c | 1 + 1 file changed, 1 insertion(+)