| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Nov 2016 09:13:06 -0800
From: Dan Williams <dan.j.williams@...el.com>
To: John Garry <john.garry@...wei.com>
Cc: jejb@...ux.vnet.ibm.com,
"Martin K. Petersen" <martin.petersen@...cle.com>,
wangyijing <wangyijing@...wei.com>,
linux-scsi <linux-scsi@...r.kernel.org>,
John Garry <john.garry2@...l.dcu.ie>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
linuxarm@...wei.com, lindar_liu@...sh.com,
Tejun Heo <tj@...nel.org>,
Jinpu Wang <jinpu.wang@...fitbricks.com>
Subject: Re: [RFC PATCH] scsi: libsas: fix WARN on device removal
On Mon, Nov 21, 2016 at 7:16 AM, John Garry <john.garry@...wei.com> wrote:
>>>>> @Maintainers, would you be willing to accept this patch as an interim
>>>>> fix
>>>>> for the dastardly WARN while we try to fix the flutter issue?
>>>>
>>>>
>>>>
>>>> To me this adds a bug to quiet a benign, albeit noisy, warning.
>>>>
>>>
>>> What is the bug which is being added?
>>
>>
>> The bug where we queue a port teardown, but see a port formation event
>> in the meantime.
>
>
> As I understand, this vulnerability already exists:
> http://marc.info/?l=linux-scsi&m=143801026028006&w=2
>
> I actually don't understand how libsas dealt with flutter (which I take to
> mean a burst of up and down events) before these changes, as it can only
> queue simultaneously one up and one down event per port. So, if we get a
> flutter, then the events are lost and we get indeterminate state.
>
The events are not lost. The new problem this patch introduces is
delaying sas port deletion where it was previously immediate. So now
we can get into a situation where the port has gone down and can start
processing a port up event before the previous deletion work has run.
>>
>>> And it's a very noisy warning, as in 6K lines on the console when an
>>> expander is unplugged.
>>
>>
>> Does something like this modulate the failure?
I'm curious if we simply need to fix the double deletion of the
sas_port bsg queue, could you try the changes below?
>>
>> diff --git a/drivers/scsi/scsi_transport_sas.c
>> b/drivers/scsi/scsi_transport_sas.c index
>> 60b651bfaa01..11401e5c88ba 100644
>> --- a/drivers/scsi/scsi_transport_sas.c
>> +++ b/drivers/scsi/scsi_transport_sas.c
>> @@ -262,9 +262,10 @@ static void sas_bsg_remove(struct Scsi_Host
>> *shost, struct sas_rphy *rphy
>> {
>> struct request_queue *q;
>>
>> - if (rphy)
>> + if (rphy) {
>> q = rphy->q;
>> - else
>> + rphy->q = NULL;
>> + } else
>> q = to_sas_host_attrs(shost)->q;
>>
>> if (!q)
>>
>> .
>>
>
>
Powered by blists - more mailing lists