summaryrefslogtreecommitdiffstats
path: root/drivers/scsi/device_handler
diff options
context:
space:
mode:
authorBart Van Assche <bvanassche@acm.org>2022-11-17 19:36:25 +0100
committerMartin K. Petersen <martin.petersen@oracle.com>2022-11-26 01:35:03 +0100
commita500c4cc06cd2830c692b571dd0a1c3585f23150 (patch)
treebea2baa4e1d33e03f870fe1217d1afc5cff8b320 /drivers/scsi/device_handler
parentscsi: snic: Fix possible UAF in snic_tgt_create() (diff)
downloadlinux-a500c4cc06cd2830c692b571dd0a1c3585f23150.tar.xz
linux-a500c4cc06cd2830c692b571dd0a1c3585f23150.zip
scsi: device_handler: alua: Revert "Move a scsi_device_put() call out of alua_check_vpd()"
There is a bug in commit 0b25e17e9018 ("scsi: alua: Move a scsi_device_put() call out of alua_check_vpd()"): that patch may cause alua_rtpg_queue() callers to call scsi_device_put() even if that function should not be called. Revert that commit to prepare for a different solution. Cc: Hannes Reinecke <hare@suse.de> Cc: Martin Wilck <mwilck@suse.com> Cc: Sachin Sant <sachinp@linux.ibm.com> Cc: Benjamin Block <bblock@linux.ibm.com> Reported-by: Sachin Sant <sachinp@linux.ibm.com> Reported-by: Benjamin Block <bblock@linux.ibm.com> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Link: https://lore.kernel.org/r/20221117183626.2656196-2-bvanassche@acm.org Tested-by: Sachin Sant <sachinp@linux.ibm.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Diffstat (limited to 'drivers/scsi/device_handler')
-rw-r--r--drivers/scsi/device_handler/scsi_dh_alua.c23
1 files changed, 8 insertions, 15 deletions
diff --git a/drivers/scsi/device_handler/scsi_dh_alua.c b/drivers/scsi/device_handler/scsi_dh_alua.c
index 693cd827e138..bd4ee294f5c7 100644
--- a/drivers/scsi/device_handler/scsi_dh_alua.c
+++ b/drivers/scsi/device_handler/scsi_dh_alua.c
@@ -324,7 +324,6 @@ static int alua_check_vpd(struct scsi_device *sdev, struct alua_dh_data *h,
struct alua_port_group *pg, *old_pg = NULL;
bool pg_updated = false;
unsigned long flags;
- bool put_sdev;
group_id = scsi_vpd_tpg_id(sdev, &rel_port);
if (group_id < 0) {
@@ -374,14 +373,11 @@ static int alua_check_vpd(struct scsi_device *sdev, struct alua_dh_data *h,
list_add_rcu(&h->node, &pg->dh_list);
spin_unlock_irqrestore(&pg->lock, flags);
- put_sdev = alua_rtpg_queue(rcu_dereference_protected(h->pg,
+ alua_rtpg_queue(rcu_dereference_protected(h->pg,
lockdep_is_held(&h->pg_lock)),
sdev, NULL, true);
spin_unlock(&h->pg_lock);
- if (put_sdev)
- scsi_device_put(sdev);
-
if (old_pg)
kref_put(&old_pg->kref, release_port_group);
@@ -982,10 +978,9 @@ queue_rtpg:
* RTPG already has been scheduled.
*
* Returns true if and only if alua_rtpg_work() will be called asynchronously.
- * That function is responsible for calling @qdata->fn(). If this function
- * returns true, the caller is responsible for invoking scsi_device_put(@sdev).
+ * That function is responsible for calling @qdata->fn().
*/
-static bool __must_check alua_rtpg_queue(struct alua_port_group *pg,
+static bool alua_rtpg_queue(struct alua_port_group *pg,
struct scsi_device *sdev,
struct alua_queue_data *qdata, bool force)
{
@@ -1024,6 +1019,8 @@ static bool __must_check alua_rtpg_queue(struct alua_port_group *pg,
else
kref_put(&pg->kref, release_port_group);
}
+ if (sdev)
+ scsi_device_put(sdev);
return true;
}
@@ -1130,12 +1127,10 @@ static int alua_activate(struct scsi_device *sdev,
rcu_read_unlock();
mutex_unlock(&h->init_mutex);
- if (alua_rtpg_queue(pg, sdev, qdata, true)) {
- scsi_device_put(sdev);
+ if (alua_rtpg_queue(pg, sdev, qdata, true))
fn = NULL;
- } else {
+ else
err = SCSI_DH_DEV_OFFLINED;
- }
kref_put(&pg->kref, release_port_group);
out:
if (fn)
@@ -1161,9 +1156,7 @@ static void alua_check(struct scsi_device *sdev, bool force)
return;
}
rcu_read_unlock();
-
- if (alua_rtpg_queue(pg, sdev, NULL, force))
- scsi_device_put(sdev);
+ alua_rtpg_queue(pg, sdev, NULL, force);
kref_put(&pg->kref, release_port_group);
}