diff options
author | Bart Van Assche <bvanassche@acm.org> | 2022-11-17 19:36:25 +0100 |
---|---|---|
committer | Martin K. Petersen <martin.petersen@oracle.com> | 2022-11-26 01:35:03 +0100 |
commit | a500c4cc06cd2830c692b571dd0a1c3585f23150 (patch) | |
tree | bea2baa4e1d33e03f870fe1217d1afc5cff8b320 /drivers/scsi/device_handler | |
parent | scsi: snic: Fix possible UAF in snic_tgt_create() (diff) | |
download | linux-a500c4cc06cd2830c692b571dd0a1c3585f23150.tar.xz linux-a500c4cc06cd2830c692b571dd0a1c3585f23150.zip |
scsi: device_handler: alua: Revert "Move a scsi_device_put() call out of alua_check_vpd()"
There is a bug in commit 0b25e17e9018 ("scsi: alua: Move a
scsi_device_put() call out of alua_check_vpd()"): that patch may cause
alua_rtpg_queue() callers to call scsi_device_put() even if that function
should not be called. Revert that commit to prepare for a different
solution.
Cc: Hannes Reinecke <hare@suse.de>
Cc: Martin Wilck <mwilck@suse.com>
Cc: Sachin Sant <sachinp@linux.ibm.com>
Cc: Benjamin Block <bblock@linux.ibm.com>
Reported-by: Sachin Sant <sachinp@linux.ibm.com>
Reported-by: Benjamin Block <bblock@linux.ibm.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Link: https://lore.kernel.org/r/20221117183626.2656196-2-bvanassche@acm.org
Tested-by: Sachin Sant <sachinp@linux.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Diffstat (limited to 'drivers/scsi/device_handler')
-rw-r--r-- | drivers/scsi/device_handler/scsi_dh_alua.c | 23 |
1 files changed, 8 insertions, 15 deletions
diff --git a/drivers/scsi/device_handler/scsi_dh_alua.c b/drivers/scsi/device_handler/scsi_dh_alua.c index 693cd827e138..bd4ee294f5c7 100644 --- a/drivers/scsi/device_handler/scsi_dh_alua.c +++ b/drivers/scsi/device_handler/scsi_dh_alua.c @@ -324,7 +324,6 @@ static int alua_check_vpd(struct scsi_device *sdev, struct alua_dh_data *h, struct alua_port_group *pg, *old_pg = NULL; bool pg_updated = false; unsigned long flags; - bool put_sdev; group_id = scsi_vpd_tpg_id(sdev, &rel_port); if (group_id < 0) { @@ -374,14 +373,11 @@ static int alua_check_vpd(struct scsi_device *sdev, struct alua_dh_data *h, list_add_rcu(&h->node, &pg->dh_list); spin_unlock_irqrestore(&pg->lock, flags); - put_sdev = alua_rtpg_queue(rcu_dereference_protected(h->pg, + alua_rtpg_queue(rcu_dereference_protected(h->pg, lockdep_is_held(&h->pg_lock)), sdev, NULL, true); spin_unlock(&h->pg_lock); - if (put_sdev) - scsi_device_put(sdev); - if (old_pg) kref_put(&old_pg->kref, release_port_group); @@ -982,10 +978,9 @@ queue_rtpg: * RTPG already has been scheduled. * * Returns true if and only if alua_rtpg_work() will be called asynchronously. - * That function is responsible for calling @qdata->fn(). If this function - * returns true, the caller is responsible for invoking scsi_device_put(@sdev). + * That function is responsible for calling @qdata->fn(). */ -static bool __must_check alua_rtpg_queue(struct alua_port_group *pg, +static bool alua_rtpg_queue(struct alua_port_group *pg, struct scsi_device *sdev, struct alua_queue_data *qdata, bool force) { @@ -1024,6 +1019,8 @@ static bool __must_check alua_rtpg_queue(struct alua_port_group *pg, else kref_put(&pg->kref, release_port_group); } + if (sdev) + scsi_device_put(sdev); return true; } @@ -1130,12 +1127,10 @@ static int alua_activate(struct scsi_device *sdev, rcu_read_unlock(); mutex_unlock(&h->init_mutex); - if (alua_rtpg_queue(pg, sdev, qdata, true)) { - scsi_device_put(sdev); + if (alua_rtpg_queue(pg, sdev, qdata, true)) fn = NULL; - } else { + else err = SCSI_DH_DEV_OFFLINED; - } kref_put(&pg->kref, release_port_group); out: if (fn) @@ -1161,9 +1156,7 @@ static void alua_check(struct scsi_device *sdev, bool force) return; } rcu_read_unlock(); - - if (alua_rtpg_queue(pg, sdev, NULL, force)) - scsi_device_put(sdev); + alua_rtpg_queue(pg, sdev, NULL, force); kref_put(&pg->kref, release_port_group); } |