APPLIED: [SRU][F][PATCH v2 0/1] CVE-2024-36952

[Roxana Nicolescu]

On 07/11/2024 08:30, Massimiliano Pellizzer wrote:
> [Impact]
>
> scsi: lpfc: Move NPIV's transport unregistration to after resource clean up
>
> There are cases after NPIV deletion where the fabric switch still believes
> the NPIV is logged into the fabric.  This occurs when a vport is
> unregistered before the Remove All DA_ID CT and LOGO ELS are sent to the
> fabric.
>
> Currently fc_remove_host(), which calls dev_loss_tmo for all D_IDs including
> the fabric D_ID, removes the last ndlp reference and frees the ndlp rport
> object.  This sometimes causes the race condition where the final DA_ID and
> LOGO are skipped from being sent to the fabric switch.
>
> Fix by moving the fc_remove_host() and scsi_remove_host() calls after DA_ID
> and LOGO are sent.
>
> [Fix]
>
> Noble:  Fixed through stable updates (eab2dce13aebd)
> Jammy:  Fixed
> Focal:  Backported from linux-5.15.y
> Bionic: Sent to ESM ML
> Xenial: Sent to ESM ML
>
> [Test Case]
>
> Compile tested only.
>
> [Where problems could occur]
>
> The fix affectrs the driver/scsi/lpfc subsystem. A bug in the patch
> could introduce issues during virtual port removal, leading to leftover
> references in the subsystem. Users might see kernel warnings, experience
> crashes, olr notice delays and disconnections in storage access,
> particularly under heavy SAN workloads.
>
> [Changes between v1 and v2]
> Backported only the changes strictly necessary to fix the CVE
>
> Justin Tee (1):
>    scsi: lpfc: Move NPIV's transport unregistration to after resource
>      clean up
>
>   drivers/scsi/lpfc/lpfc_vport.c | 28 +++-------------------------
>   1 file changed, 3 insertions(+), 25 deletions(-)
>
Applied to focal:linux master-next branch. Thanks!