Userspace can currently write to sysfs to transition sdev_state to RUNNING or OFFLINE from any source state. This causes issues because proper transitioning out of some states involves steps besides just changing sdev_state, so allowing userspace to change sdev_state regardless of the source state can result in inconsistencies; e.g. with iscsi we can end up with sdev_state == SDEV_RUNNING while the device queue is quiesced. Any task attempting IO on the device will then hang, and in more recent kernels, iscsid will hang as well. More detail about this bug is provided in my first attempt: https://groups.google.com/g/open-iscsi/c/PNKca4HgPDs/m/CXaDkntOAQAJ Signed-off-by: Uday Shankar <ushankar@xxxxxxxxxxxxxxx> Suggested-by: Mike Christie <michael.christie@xxxxxxxxxx> --- Looking for feedback on the "allowed source states" list. The bug I hit is solved by prohibiting transitions out of SDEV_BLOCKED, but I think most others shouldn't be allowed either. drivers/scsi/scsi_sysfs.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c index 9dad2fd5297f..b38c30fe681d 100644 --- a/drivers/scsi/scsi_sysfs.c +++ b/drivers/scsi/scsi_sysfs.c @@ -822,6 +822,14 @@ store_state_field(struct device *dev, struct device_attribute *attr, } mutex_lock(&sdev->state_mutex); + switch (sdev->sdev_state) { + case SDEV_RUNNING: + case SDEV_OFFLINE: + break; + default: + mutex_unlock(&sdev->state_mutex); + return -EINVAL; + } if (sdev->sdev_state == SDEV_RUNNING && state == SDEV_RUNNING) { ret = 0; } else { base-commit: 7f615c1b5986ff08a725ee489e838c90f8197bcd -- 2.25.1
