Re: [BUG] Setting ALUA access state on a detached HBA causes OOPS

"Nicholas A. Bellinger" <nab@xxxxxxxxxxxxxxx> · Fri, 06 Jun 2014 01:10:42 -0700

Hi Chris & Philip,

On Thu, 2014-06-05 at 16:12 +0100, Chris Boot wrote:
> Hi folks,
> 
> Philip (CCed) discovered an OOPS during our testing. I narrowed it down
> to the following three commands as a reduced test case:
> 
> mkdir /sys/kernel/config/target/core/iblock_0
> mkdir /sys/kernel/config/target/core/iblock_0/test
> echo 1 >
> /sys/kernel/config/target/core/iblock_0/test/alua/default_tg_pt_gp/alua_access_state
> 
> This appears to happen on target_core_alua.c:1166 when
> core_alua_do_port_transition() attempts to take the lu_gp_mem_lock. If
> I'm reading the code right, the ALUA structures are only allocated in
> target_configure_device(), which happens when the TCM LUN is enabled.
> 
> core_alua_do_port_transition() should probably check for dev->dev_flags
> |= DF_CONFIGURED before doing anything.
> 
> Full OOPS output below:

Thanks for the bug report.

Applying the following patch to target-pending/master for v3.15 with a
CC' to stable.

--nab

>From ed3492f36bd0c74e908339fe2dfba5ceaaf86aa6 Mon Sep 17 00:00:00 2001
From: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx>
Date: Fri, 6 Jun 2014 00:52:57 -0700
Subject: [PATCH 5/5] target: Fix alua_access_state attribute OOPs for
 un-configured devices

This patch fixes a OOPs where an attempt to write to the per-device
alua_access_state configfs attribute at:

  /sys/kernel/config/target/core/$HBA/$DEV/alua/$TG_PT_GP/alua_access_state

results in an NULL pointer dereference when the backend device has not
yet been configured.

This patch adds an explicit check for DF_CONFIGURED, and fails with
-ENODEV to avoid this case.

Reported-by: Chris Boot <crb@xxxxxxxxxxxxxxxxxxxxx>
Cc: Chris Boot <crb@xxxxxxxxxxxxxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx>
---
 drivers/target/target_core_configfs.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c
index 60a9ae6..bf55c5a 100644
--- a/drivers/target/target_core_configfs.c
+++ b/drivers/target/target_core_configfs.c
@@ -2227,6 +2227,11 @@ static ssize_t target_core_alua_tg_pt_gp_store_attr_alua_access_state(
 			" tg_pt_gp ID: %hu\n", tg_pt_gp->tg_pt_gp_valid_id);
 		return -EINVAL;
 	}
+	if (!(dev->dev_flags & DF_CONFIGURED)) {
+		pr_err("Unable to set alua_access_state while device is"
+		       " not configured\n");
+		return -ENODEV;
+	}
 
 	ret = kstrtoul(page, 0, &tmp);
 	if (ret < 0) {
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe target-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html







