On 9/23/22 17:02, Uday Shankar wrote:
Userspace can currently write to sysfs to transition sdev_state to
RUNNING or OFFLINE from any source state. This causes issues because
proper transitioning out of some states involves steps besides just
changing sdev_state, so allowing userspace to change sdev_state
regardless of the source state can result in inconsistencies; e.g. with
iscsi we can end up with sdev_state == SDEV_RUNNING while the device
queue is quiesced. Any task attempting IO on the device will then hang,
and in more recent kernels, iscsid will hang as well. More detail about
this bug is provided in my first attempt:
https://groups.google.com/g/open-iscsi/c/PNKca4HgPDs/m/CXaDkntOAQAJ
Signed-off-by: Uday Shankar <ushankar@xxxxxxxxxxxxxxx>
Suggested-by: Mike Christie <michael.christie@xxxxxxxxxx>
---
Looking for feedback on the "allowed source states" list. The bug I hit
is solved by prohibiting transitions out of SDEV_BLOCKED, but I think
most others shouldn't be allowed either.
drivers/scsi/scsi_sysfs.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c
index 9dad2fd5297f..b38c30fe681d 100644
--- a/drivers/scsi/scsi_sysfs.c
+++ b/drivers/scsi/scsi_sysfs.c
@@ -822,6 +822,14 @@ store_state_field(struct device *dev, struct device_attribute *attr,
}
mutex_lock(&sdev->state_mutex);
+ switch (sdev->sdev_state) {
+ case SDEV_RUNNING:
+ case SDEV_OFFLINE:
+ break;
+ default:
+ mutex_unlock(&sdev->state_mutex);
+ return -EINVAL;
+ }
if (sdev->sdev_state == SDEV_RUNNING && state == SDEV_RUNNING) {
ret = 0;
} else {
The return value -EAGAIN might be more appropriate since it is not the value
written into sysfs that is invalid but the current state that is inappropriate
for the requested transition.
Thanks,
Bart.