Assigner | Linux |
Reserved | 2024-06-20 |
Published | 2024-06-20 |
Updated | 2024-06-20 |
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() The bnx2fc_destroy() functions are removing the interface before calling destroy_work. This results multiple WARNings from sysfs_remove_group() as the controller rport device attributes are removed too early. Replace the fcoe_port's destroy_work queue. It's not needed. The problem is easily reproducible with the following steps. Example: $ dmesg -w & $ systemctl enable --now fcoe $ fipvlan -s -c ens2f1 $ fcoeadm -d ens2f1.802 [ 583.464488] host2: libfc: Link down on port (7500a1) [ 583.472651] bnx2fc: 7500a1 - rport not created Yet!! [ 583.490468] ------------[ cut here ]------------ [ 583.538725] sysfs group 'power' not found for kobject 'rport-2:0-0' [ 583.568814] WARNING: CPU: 3 PID: 192 at fs/sysfs/group.c:279 sysfs_remove_group+0x6f/0x80 [ 583.607130] Modules linked in: dm_service_time 8021q garp mrp stp llc bnx2fc cnic uio rpcsec_gss_krb5 auth_rpcgss nfsv4 ... [ 583.942994] CPU: 3 PID: 192 Comm: kworker/3:2 Kdump: loaded Not tainted 5.14.0-39.el9.x86_64 #1 [ 583.984105] Hardware name: HP ProLiant DL120 G7, BIOS J01 07/01/2013 [ 584.016535] Workqueue: fc_wq_2 fc_rport_final_delete [scsi_transport_fc] [ 584.050691] RIP: 0010:sysfs_remove_group+0x6f/0x80 [ 584.074725] Code: ff 5b 48 89 ef 5d 41 5c e9 ee c0 ff ff 48 89 ef e8 f6 b8 ff ff eb d1 49 8b 14 24 48 8b 33 48 c7 c7 ... [ 584.162586] RSP: 0018:ffffb567c15afdc0 EFLAGS: 00010282 [ 584.188225] RAX: 0000000000000000 RBX: ffffffff8eec4220 RCX: 0000000000000000 [ 584.221053] RDX: ffff8c1586ce84c0 RSI: ffff8c1586cd7cc0 RDI: ffff8c1586cd7cc0 [ 584.255089] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb567c15afc00 [ 584.287954] R10: ffffb567c15afbf8 R11: ffffffff8fbe7f28 R12: ffff8c1486326400 [ 584.322356] R13: ffff8c1486326480 R14: ffff8c1483a4a000 R15: 0000000000000004 [ 584.355379] FS: 0000000000000000(0000) GS:ffff8c1586cc0000(0000) knlGS:0000000000000000 [ 584.394419] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 584.421123] CR2: 00007fe95a6f7840 CR3: 0000000107674002 CR4: 00000000000606e0 [ 584.454888] Call Trace: [ 584.466108] device_del+0xb2/0x3e0 [ 584.481701] device_unregister+0x13/0x60 [ 584.501306] bsg_unregister_queue+0x5b/0x80 [ 584.522029] bsg_remove_queue+0x1c/0x40 [ 584.541884] fc_rport_final_delete+0xf3/0x1d0 [scsi_transport_fc] [ 584.573823] process_one_work+0x1e3/0x3b0 [ 584.592396] worker_thread+0x50/0x3b0 [ 584.609256] ? rescuer_thread+0x370/0x370 [ 584.628877] kthread+0x149/0x170 [ 584.643673] ? set_kthread_struct+0x40/0x40 [ 584.662909] ret_from_fork+0x22/0x30 [ 584.680002] ---[ end trace 53575ecefa942ece ]---
Product status
0cbf32e1681d before 2a12fe8248a3
0cbf32e1681d before 262550f29c75
0cbf32e1681d before c93a290c862c
0cbf32e1681d before de6336b17a13
0cbf32e1681d before bf2bd892a0cb
0cbf32e1681d before 00849de10f79
0cbf32e1681d before b11e34f7bab2
0cbf32e1681d before ace7b6ef4125
0cbf32e1681d before 847f9ea4c518
3.2
Any version before 3.2
4.4.302
4.9.300
4.14.265
4.19.228
5.4.176
5.10.96
5.15.19
5.16.5
5.17
References
https://git.kernel.org/stable/c/2a12fe8248a38437b95b942bbe85aced72e6e2eb
https://git.kernel.org/stable/c/262550f29c750f7876b6ed1244281e72b64ebffb
https://git.kernel.org/stable/c/c93a290c862ccfa404e42d7420565730d67cbff9
https://git.kernel.org/stable/c/de6336b17a1376db1c0f7a528cce8783db0881c0
https://git.kernel.org/stable/c/bf2bd892a0cb14dd2d21f2c658f4b747813be311
https://git.kernel.org/stable/c/00849de10f798a9538242824a51b1756e7110754
https://git.kernel.org/stable/c/b11e34f7bab21df36f02a5e54fb69e858c09a65d
https://git.kernel.org/stable/c/ace7b6ef41251c5fe47f629a9a922382fb7b0a6b
https://git.kernel.org/stable/c/847f9ea4c5186fdb7b84297e3eeed9e340e83fce