Commit 47880b80 authored by Tuo Li's avatar Tuo Li Committed by Li Lingfeng
Browse files

scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() 

mainline inclusion
from mainline-v6.5-rc2
commit 0e881c0a
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I917LZ
CVE: CVE-2024-24855

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0e881c0a4b6146b7e856735226208f48251facd8



--------------------------------

The variable phba->fcf.fcf_flag is often protected by the lock
phba->hbalock() when is accessed. Here is an example in
lpfc_unregister_fcf_rescan():

  spin_lock_irq(&phba->hbalock);
  phba->fcf.fcf_flag |= FCF_INIT_DISC;
  spin_unlock_irq(&phba->hbalock);

However, in the same function, phba->fcf.fcf_flag is assigned with 0
without holding the lock, and thus can cause a data race:

  phba->fcf.fcf_flag = 0;

To fix this possible data race, a lock and unlock pair is added when
accessing the variable phba->fcf.fcf_flag.

Reported-by: default avatarBassCheck <bass@buaa.edu.cn>
Signed-off-by: default avatarTuo Li <islituo@gmail.com>
Link: https://lore.kernel.org/r/20230630024748.1035993-1-islituo@gmail.com


Reviewed-by: default avatarJustin Tee <justin.tee@broadcom.com>
Reviewed-by: default avatarLaurence Oberman <loberman@redhat.com>
Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: default avatarLi Lingfeng <lilingfeng3@huawei.com>
parent 25bf6ba3
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment