Commit efdcd1e3 authored Sep 23, 2022 by Uday Shankar Committed by Greg Kroah-Hartman Nov 10, 2022

scsi: core: Restrict legal sdev_state transitions via sysfs

[ Upstream commit 2331ce6126be8864b39490e705286b66e2344aac ]

Userspace can currently write to sysfs to transition sdev_state to RUNNING
or OFFLINE from any source state. This causes issues because proper
transitioning out of some states involves steps besides just changing
sdev_state, so allowing userspace to change sdev_state regardless of the
source state can result in inconsistencies; e.g. with ISCSI we can end up
with sdev_state == SDEV_RUNNING while the device queue is quiesced. Any
task attempting I/O on the device will then hang, and in more recent
kernels, iscsid will hang as well.

More detail about this bug is provided in my first attempt:

https://groups.google.com/g/open-iscsi/c/PNKca4HgPDs/m/CXaDkntOAQAJ

Link: https://lore.kernel.org/r/20220924000241.2967323-1-ushankar@purestorage.com


Signed-off-by: Uday Shankar <ushankar@purestorage.com>
Suggested-by: Mike Christie <michael.christie@oracle.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent 70119756

drivers/scsi/scsi_sysfs.c

+8 −0

Original line number	Diff line number	Diff line
		@@ -795,6 +795,14 @@ store_state_field(struct device dev, struct device_attribute attr,
		}

		mutex_lock(&sdev->state_mutex);
		switch (sdev->sdev_state) {
		case SDEV_RUNNING:
		case SDEV_OFFLINE:
		break;
		default:
		mutex_unlock(&sdev->state_mutex);
		return -EINVAL;
		}
		if (sdev->sdev_state == SDEV_RUNNING && state == SDEV_RUNNING) {
		ret = 0;
		} else {