Bug 670572 – [NetApp 6.0 Bug] Erroneous TPG ID check in SCSI ALUA Handler

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 670572 - [NetApp 6.0 Bug] Erroneous TPG ID check in SCSI ALUA Handler

Summary:	[NetApp 6.0 Bug] Erroneous TPG ID check in SCSI ALUA Handler

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	kernel (Show other bugs)
Sub Component:
Version:	6.0
Hardware:	All All

Priority	urgent Severity high
Target Milestone:	rc
Target Release:	---
Assigned To:	Mike Snitzer
QA Contact:	Gris Ge
Docs Contact:

URL:
Whiteboard:
Keywords:	ZStream

Depends On:	669961
Blocks:	673978
	Show dependency tree / graph

Reported:	2011-01-18 12:20 EST by Martin George
Modified:	2011-05-19 08:05 EDT (History)
CC List:	8 users (show)

See Also:
Fixed In Version:	kernel-2.6.32-112.el6
Doc Type:	Bug Fix
Doc Text:	For a device that used a Target Portal Group (TPG) ID which occupied the full 2 bytes in the RTPG (Report Target Port Groups) response (with either byte exceeding the maximum value that may be stored in a signed char), the kernel's calculated TPG ID would never match the group_id that it should. As a result, this signed char overflow also caused the ALUA handler to incorrectly identify the Asymmetric Access State (AAS) of the specified device as well as incorrectly interpret the supported AAS of the target. With this update, the aforementioned issue has been addressed and no longer occurs.
Story Points:	---
Clone Of:	669961
Environment:
Last Closed:	2011-05-19 08:05:30 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2011:0542	normal	SHIPPED_LIVE	Important: Red Hat Enterprise Linux 6.1 kernel security, bug fix and enhancement update	2011-05-19 07:58:07 EDT

Groups: None (edit)

Description Martin George 2011-01-18 12:20:22 EST

+++ This bug was initially created as a clone of Bug #669961 +++

Description of problem:
For Target Portal Group IDs occupying the full 2 bytes in the RTPG response, the following group_id check in the alua_rtpg routine always fails in scsi_dh_alua.c:

if (h->group_id == (ucp[2] << 8) + ucp[3]) {

This causes the ALUA handler to wrongly identify the AAS of a specified device as well as incorrectly interpreting the supported AAS of the target as seen by the following entries in the /var/log/messages:

"alua: port group 3ea state A supports tousna"
"alua: port group 3e9 state A supports tousna"

Version-Release number of selected component (if applicable):
RHEL 5.6 (2.6.18-238.el5)

Notes:
This is because 'ucp' is wrongly defined in alua_rtpg as a character pointer instead of an unsigned character pointer. The below patch fixes the problem:

--- scsi_dh_alua.c.orig 2011-01-14 16:48:37.000000000 +0530
+++ scsi_dh_alua.c      2011-01-16 10:27:54.000000000 +0530
@@ -535,7 +535,7 @@ static int alua_rtpg(struct scsi_device
 {
        struct scsi_sense_hdr sense_hdr;
        int len, k, off, valid_states = 0;
-       char *ucp;
+       unsigned char *ucp;
        unsigned err;
        unsigned long expiry, interval = 10;

Comment 1 Martin George 2011-01-18 12:21:38 EST

Seen on RHEL 6.0 as well (kernel-2.6.32-71.el6).

Comment 3 Martin George 2011-01-18 12:40:39 EST

This bug could break AAS handling in the ALUA handler. So it's important the
fix makes it to 6.0.z itself.

Comment 4 RHEL Product and Program Management 2011-01-18 13:00:53 EST

This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux maintenance release. Product Management has 
requested further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed 
products. This request is not yet committed for inclusion in an Update release.

Comment 7 Aristeu Rozanski 2011-02-03 11:20:15 EST

Patch(es) available on kernel-2.6.32-112.el6

Comment 10 Gris Ge 2011-02-23 03:41:12 EST

Is there any way for us to verify this patch?
Or just code review?

Comment 11 Martin Prpič 2011-02-23 10:13:12 EST

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
For a device that used a Target Portal Group (TPG) ID which occupied the full 2 bytes in the RTPG (Report Target Port Groups) response (with either byte exceeding the maximum value that may be stored in a signed char), the kernel's calculated TPG ID would never match the group_id that it should. As a result, this signed char overflow also caused the ALUA handler to incorrectly identify the Asymmetric Access State (AAS) of the specified device as well as incorrectly interpret the supported AAS of the target. With this update, the aforementioned issue has been addressed and no longer occurs.

Comment 12 Gris Ge 2011-03-10 21:20:49 EST

Code reviewed, patch has been applied into kernel-2.6.32-120.el6.

Set as Sanity Only

Comment 13 errata-xmlrpc 2011-05-19 08:05:30 EDT

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0542.html

Note You need to log in before you can comment on or make changes to this bug.