From patchwork Wed Nov 6 13:39:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Massimiliano Pellizzer X-Patchwork-Id: 2007557 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Xk5tq6Ktwz1xyX for ; Thu, 7 Nov 2024 00:40:35 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1t8gGn-0000DI-KD; Wed, 06 Nov 2024 13:40:25 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1t8gGl-0000Cv-Sc for kernel-team@lists.ubuntu.com; Wed, 06 Nov 2024 13:40:23 +0000 Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id A14503F185 for ; Wed, 6 Nov 2024 13:40:23 +0000 (UTC) Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-a99fa9f0c25so493051666b.3 for ; Wed, 06 Nov 2024 05:40:23 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730900423; x=1731505223; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=I/HJtR115C8TuqTQknMElni1+ZMFty+lG98+RDP1nBs=; b=kcLjuidTEn9V1/qpIOMf/BgZt49FuGWSjoR+abypr8AfZAAg5yDEXimk6vNbkGWNVx CbvyTWeUZZL3fxUvS7PQ2NmewWwO+eQkn+9QH6UvCu7oI7Ov5s1qzM2DbOOehkDUAhRZ Re1wToEnqpxvncOWexSO1SHKOqzuNtEmujac6n7bZyzIFiNK++F+FLlhBt/7VSEHeR19 zwVDOS7vOIGNr0FrdZgGEibuUrs56RiWmIubqejqHxqMAL2OzMZPY+A2Ewx+EzEHCuyg nSSf+u4BpAfvK10Cvc2U/4Zasc5DnPBagnxsqbc//aKJ985u1ftJ5rnRYOTikTNJiKo2 MZ9A== X-Gm-Message-State: AOJu0YzBnb7e/NQkiMelmIewvascu9jOzlL2+W6Bd1h9y1snRQXlij+J BTUvoyYKj9iceG7vaGh0uqQZpoOgQmiSqobWkSr6EAX8NECfR9sTY1wXqRXoPXVrX9hzwdZynqo 8KQQj3ideSlogiJzTg0dKNB+k9lqbwlnImU9xAwS4sE86IVMOdl/Rfu5FGnGHUhKEOwb3OFUXuW FZlxbga94ytw== X-Received: by 2002:a17:907:9446:b0:a99:f619:d365 with SMTP id a640c23a62f3a-a9de5f6e257mr3327314266b.30.1730900422985; Wed, 06 Nov 2024 05:40:22 -0800 (PST) X-Google-Smtp-Source: AGHT+IHRZFnFhOT50Xr5+/0kej/34MwgiedqpEq2JFfYcc7DaHjy+mUYF35KmsOVgnEAvHN+eWk1pw== X-Received: by 2002:a17:907:9446:b0:a99:f619:d365 with SMTP id a640c23a62f3a-a9de5f6e257mr3327312366b.30.1730900422537; Wed, 06 Nov 2024 05:40:22 -0800 (PST) Received: from localhost.localdomain (net-93-66-99-170.cust.vodafonedsl.it. [93.66.99.170]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9eb17cec92sm280789166b.114.2024.11.06.05.40.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Nov 2024 05:40:22 -0800 (PST) From: Massimiliano Pellizzer To: kernel-team@lists.ubuntu.com Subject: [SRU][F][PATCH 1/1] scsi: lpfc: Move NPIV's transport unregistration to after resource clean up Date: Wed, 6 Nov 2024 14:39:54 +0100 Message-ID: <20241106133955.35489-2-massimiliano.pellizzer@canonical.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241106133955.35489-1-massimiliano.pellizzer@canonical.com> References: <20241106133955.35489-1-massimiliano.pellizzer@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Justin Tee [ Upstream commit 4ddf01f2f1504fa08b766e8cfeec558e9f8eef6c ] There are cases after NPIV deletion where the fabric switch still believes the NPIV is logged into the fabric. This occurs when a vport is unregistered before the Remove All DA_ID CT and LOGO ELS are sent to the fabric. Currently fc_remove_host(), which calls dev_loss_tmo for all D_IDs including the fabric D_ID, removes the last ndlp reference and frees the ndlp rport object. This sometimes causes the race condition where the final DA_ID and LOGO are skipped from being sent to the fabric switch. Fix by moving the fc_remove_host() and scsi_remove_host() calls after DA_ID and LOGO are sent. Signed-off-by: Justin Tee Link: https://lore.kernel.org/r/20240305200503.57317-3-justintee8345@gmail.com Signed-off-by: Martin K. Petersen Signed-off-by: Sasha Levin (backported from commit f2c7f029051edc4b394bb48edbe2297575abefe0 linux-5.15.y) [mpellizzer: since the fix commit moves the function calls fc_remove_host and scsi_remove_host at the end of lpfc_vport_delete the variable ns_ndlp_referenced, and the logic around it, become meaningless; the same logic has been removed by e9b1108316b9b in mainline, however e9b1108316b9b is a huge commit which is not worth backporting for the CVE fix.] CVE-2024-36952 Signed-off-by: Massimiliano Pellizzer --- drivers/scsi/lpfc/lpfc_vport.c | 28 +++------------------------- 1 file changed, 3 insertions(+), 25 deletions(-) diff --git a/drivers/scsi/lpfc/lpfc_vport.c b/drivers/scsi/lpfc/lpfc_vport.c index d0296f7cf45fc..409d5bc405f4d 100644 --- a/drivers/scsi/lpfc/lpfc_vport.c +++ b/drivers/scsi/lpfc/lpfc_vport.c @@ -606,7 +606,6 @@ lpfc_vport_delete(struct fc_vport *fc_vport) struct Scsi_Host *shost = lpfc_shost_from_vport(vport); struct lpfc_hba *phba = vport->phba; long timeout; - bool ns_ndlp_referenced = false; if (vport->port_type == LPFC_PHYSICAL_PORT) { lpfc_printf_vlog(vport, KERN_ERR, LOG_VPORT, @@ -656,22 +655,6 @@ lpfc_vport_delete(struct fc_vport *fc_vport) lpfc_debugfs_terminate(vport); - /* - * The call to fc_remove_host might release the NameServer ndlp. Since - * we might need to use the ndlp to send the DA_ID CT command, - * increment the reference for the NameServer ndlp to prevent it from - * being released. - */ - ndlp = lpfc_findnode_did(vport, NameServer_DID); - if (ndlp && NLP_CHK_NODE_ACT(ndlp)) { - lpfc_nlp_get(ndlp); - ns_ndlp_referenced = true; - } - - /* Remove FC host and then SCSI host with the vport */ - fc_remove_host(shost); - scsi_remove_host(shost); - ndlp = lpfc_findnode_did(phba->pport, Fabric_DID); /* In case of driver unload, we shall not perform fabric logo as the @@ -774,14 +757,9 @@ lpfc_vport_delete(struct fc_vport *fc_vport) skip_logo: - /* - * If the NameServer ndlp has been incremented to allow the DA_ID CT - * command to be sent, decrement the ndlp now. - */ - if (ns_ndlp_referenced) { - ndlp = lpfc_findnode_did(vport, NameServer_DID); - lpfc_nlp_put(ndlp); - } + /* Remove FC host to break driver binding. */ + fc_remove_host(shost); + scsi_remove_host(shost); lpfc_cleanup(vport); lpfc_sli_host_down(vport);