Commit 17305932 authored by Kyoungrul Kim's avatar Kyoungrul Kim Committed by Pu Lehui
Browse files

scsi: ufs: core: Remove SCSI host only if added 

stable inclusion
from stable-v6.6.51
commit 2f49e05d6b58d660f035a75ff96b77071b4bd5ed
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAU9QP
CVE: CVE-2024-46843

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2f49e05d6b58



--------------------------------

[ Upstream commit 7cbff570dbe8907e23bba06f6414899a0fbb2fcc ]

If host tries to remove ufshcd driver from a UFS device it would cause a
kernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before
adding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host
has been defered after MCQ configuration introduced by commit 0cab4023
("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported").

To guarantee that SCSI host is removed only if it has been added, set the
scsi_host_added flag to true after adding a SCSI host and check whether it
is set or not before removing it.

Signed-off-by: default avatarKyoungrul Kim <k831.kim@samsung.com>
Signed-off-by: default avatarMinwoo Im <minwoo.im@samsung.com>
Link: https://lore.kernel.org/r/20240627085104epcms2p5897a3870ea5c6416aa44f94df6c543d7@epcms2p5


Reviewed-by: default avatarBart Van Assche <bvanassche@acm.org>
Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarPu Lehui <pulehui@huawei.com>
parent 91ff8f4b

drivers/ufs/core/ufshcd.c

+5 −2
Original line number Diff line number Diff line
@@ -10119,6 +10119,7 @@ void ufshcd_remove(struct ufs_hba *hba) 
	blk_mq_destroy_queue(hba->tmf_queue);

	blk_put_queue(hba->tmf_queue);

	blk_mq_free_tag_set(&hba->tmf_tag_set);

	if (hba->scsi_host_added)

		scsi_remove_host(hba->host);

	/* disable interrupts */

	ufshcd_disable_intr(hba, hba->intr_mask);
@@ -10391,6 +10392,7 @@ int ufshcd_init(struct ufs_hba *hba, void __iomem *mmio_base, unsigned int irq) 
			dev_err(hba->dev, "scsi_add_host failed\n");

			goto out_disable;

		}

		hba->scsi_host_added = true;

	}



	hba->tmf_tag_set = (struct blk_mq_tag_set) {
@@ -10472,6 +10474,7 @@ int ufshcd_init(struct ufs_hba *hba, void __iomem *mmio_base, unsigned int irq) 
free_tmf_tag_set:

	blk_mq_free_tag_set(&hba->tmf_tag_set);

out_remove_scsi_host:

	if (hba->scsi_host_added)

		scsi_remove_host(hba->host);

out_disable:

	hba->is_irq_enabled = false;