[PATCH OLK-6.6 0/2] scsi: sg: fix refcount underflow in

Fix adaptation error in sg_release() during patch merge, revert this patch in patch 1. Re-merge the community fix in patch 2. Bart Van Assche (1): scsi: sg: Enable runtime power management Zheng Qixing (1): Revert "scsi: sg: Enable runtime power management" drivers/scsi/sg.c | 1 - 1 file changed, 1 deletion(-) -- 2.39.2

hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IC9E41 -------------------------------- This reverts commit 2a7cfb3955e30cec30df7f71a131e1dd95047764. Fix adaptation error in sg_release() during patch merge, revert this patch and re-merge the community fix in the next patch. Fixes: 2a7cfb3955e3 ("scsi: sg: Enable runtime power management") Signed-off-by: Zheng Qixing <zhengqixing@huawei.com> --- drivers/scsi/sg.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index 371b097881c0..59de84387def 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -307,6 +307,10 @@ sg_open(struct inode *inode, struct file *filp) if (retval) goto sg_put; + retval = scsi_autopm_get_device(device); + if (retval) + goto sdp_put; + /* scsi_block_when_processing_errors() may block so bypass * check if O_NONBLOCK. Permits SCSI commands to be issued * during error recovery. Tread carefully. */ @@ -314,7 +318,7 @@ sg_open(struct inode *inode, struct file *filp) scsi_block_when_processing_errors(device))) { retval = -ENXIO; /* we are in error recovery for this device */ - goto sdp_put; + goto error_out; } mutex_lock(&sdp->open_rel_lock); @@ -367,6 +371,8 @@ sg_open(struct inode *inode, struct file *filp) } error_mutex_locked: mutex_unlock(&sdp->open_rel_lock); +error_out: + scsi_autopm_put_device(device); sdp_put: kref_put(&sdp->d_ref, sg_device_destroy); scsi_device_put(device); @@ -386,7 +392,7 @@ sg_release(struct inode *inode, struct file *filp) SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp, "sg_release\n")); mutex_lock(&sdp->open_rel_lock); - kref_put(&sfp->f_ref, sg_remove_sfp); + scsi_autopm_put_device(sdp->device); sdp->open_cnt--; /* possibly many open()s waiting on exlude clearing, start many; -- 2.39.2

From: Bart Van Assche <bvanassche@acm.org> stable inclusion from stable-v6.6.64 commit c72a9456fdc829c9b47726106d37ec107bf3d801 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IC9E41 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=... ------------------ [ Upstream commit 4045de893f691f75193c606aec440c365cf7a7be ] In 2010, runtime power management support was implemented in the SCSI core. The description of patch "[SCSI] implement runtime Power Management" mentions that the sg driver is skipped but not why. This patch enables runtime power management even if an instance of the sg driver is held open. Enabling runtime PM for the sg driver is safe because all interactions of the sg driver with the SCSI device pass through the block layer (blk_execute_rq_nowait()) and the block layer already supports runtime PM. Cc: Alan Stern <stern@rowland.harvard.edu> Cc: Douglas Gilbert <dgilbert@interlog.com> Fixes: bc4f24014de5 ("[SCSI] implement runtime Power Management") Signed-off-by: Bart Van Assche <bvanassche@acm.org> Link: https://lore.kernel.org/r/20241030220310.1373569-1-bvanassche@acm.org Acked-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org> Conflicts: drivers/scsi/sg.c [Due to merging commit a627f28cbe4f ("scsi: sg: Fix slab-use-after-free read in sg_release()").] Signed-off-by: Zheng Qixing <zhengqixing@huawei.com> --- drivers/scsi/sg.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index 59de84387def..62574886a911 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -307,10 +307,6 @@ sg_open(struct inode *inode, struct file *filp) if (retval) goto sg_put; - retval = scsi_autopm_get_device(device); - if (retval) - goto sdp_put; - /* scsi_block_when_processing_errors() may block so bypass * check if O_NONBLOCK. Permits SCSI commands to be issued * during error recovery. Tread carefully. */ @@ -318,7 +314,7 @@ sg_open(struct inode *inode, struct file *filp) scsi_block_when_processing_errors(device))) { retval = -ENXIO; /* we are in error recovery for this device */ - goto error_out; + goto sdp_put; } mutex_lock(&sdp->open_rel_lock); @@ -371,8 +367,6 @@ sg_open(struct inode *inode, struct file *filp) } error_mutex_locked: mutex_unlock(&sdp->open_rel_lock); -error_out: - scsi_autopm_put_device(device); sdp_put: kref_put(&sdp->d_ref, sg_device_destroy); scsi_device_put(device); @@ -392,7 +386,6 @@ sg_release(struct inode *inode, struct file *filp) SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp, "sg_release\n")); mutex_lock(&sdp->open_rel_lock); - scsi_autopm_put_device(sdp->device); sdp->open_cnt--; /* possibly many open()s waiting on exlude clearing, start many; -- 2.39.2

反馈: 您发送到kernel@openeuler.org的补丁/补丁集,已成功转换为PR! PR链接地址: https://gitee.com/openeuler/kernel/pulls/16367 邮件列表地址:https://mailweb.openeuler.org/archives/list/kernel@openeuler.org/message/54Z... FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/16367 Mailing list address: https://mailweb.openeuler.org/archives/list/kernel@openeuler.org/message/54Z...
participants (2)
-
patchwork bot
-
Zheng Qixing