[PATCH 3.2 034/153] scsi: aacraid: Fix udev inquiry race condition

From: Ben Hutchings
Date: Wed May 30 2018 - 07:13:42 EST


3.2.102-rc1 review patch. If anyone has any objections, please let me know.

------------------

From: Raghava Aditya Renukunta <RaghavaAditya.Renukunta@xxxxxxxxxxxxx>

commit f4e8708d3104437fd7716e957f38c265b0c509ef upstream.

When udev requests for a devices inquiry string, it might create multiple
threads causing a race condition on the shared inquiry resource string.

Created a buffer with the string for each thread.

Fixes: 3bc8070fb75b3315 ([SCSI] aacraid: SMC vendor identification)
Signed-off-by: Raghava Aditya Renukunta <RaghavaAditya.Renukunta@xxxxxxxxxxxxx>
Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx>
[bwh: Backported to 3.2:
- s/sup_adap_info->adapter_type_text/dev->supplement_adapter_info.AdapterTypeText/
- Adjust context]
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
--- a/drivers/scsi/aacraid/aachba.c
+++ b/drivers/scsi/aacraid/aachba.c
@@ -758,8 +758,16 @@ static void setinqstr(struct aac_dev *de
memset(str, ' ', sizeof(*str));

if (dev->supplement_adapter_info.AdapterTypeText[0]) {
- char * cp = dev->supplement_adapter_info.AdapterTypeText;
int c;
+ char *cp;
+ char *cname = kmemdup(dev->supplement_adapter_info.AdapterTypeText,
+ sizeof(dev->supplement_adapter_info.AdapterTypeText),
+ GFP_ATOMIC);
+
+ if (!cname)
+ return;
+
+ cp = cname;
if ((cp[0] == 'A') && (cp[1] == 'O') && (cp[2] == 'C'))
inqstrcpy("SMC", str->vid);
else {
@@ -768,8 +776,7 @@ static void setinqstr(struct aac_dev *de
++cp;
c = *cp;
*cp = '\0';
- inqstrcpy (dev->supplement_adapter_info.AdapterTypeText,
- str->vid);
+ inqstrcpy(cname, str->vid);
*cp = c;
while (*cp && *cp != ' ')
++cp;
@@ -783,8 +790,8 @@ static void setinqstr(struct aac_dev *de
cp[sizeof(str->pid)] = '\0';
}
inqstrcpy (cp, str->pid);
- if (c)
- cp[sizeof(str->pid)] = c;
+
+ kfree(cname);
} else {
struct aac_driver_ident *mp = aac_get_driver_ident(dev->cardtype);