CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload

In the Linux kernel, the following vulnerability has been resolved:

scsi: bnx2fc: Remove spinlockbh while releasing resources after upload

The session resources are used by FW and driver when session is offloaded, once session is uploaded these resources are not used. The lock is not required as these fields won't be used any longer. The offload and upload calls are sequential, hence lock is not required.

This will suppress following BUGON():

[ 449.843143] ------------[ cut here ]------------ [ 449.848302] kernel BUG at mm/vmalloc.c:2727! [ 449.853072] invalid opcode: 0000 [#1] PREEMPT SMP PTI [ 449.858712] CPU: 5 PID: 1996 Comm: kworker/u24:2 Not tainted 5.14.0-118.el9.x8664 #1 Rebooting. [ 449.867454] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.3.4 11/08/2016 [ 449.876966] Workqueue: fcrporteq fcrportwork [libfc] [ 449.882910] RIP: 0010:vunmap+0x2e/0x30 [ 449.887098] Code: 00 65 8b 05 14 a2 f0 4a a9 00 ff ff 00 75 1b 55 48 89 fd e8 34 36 79 00 48 85 ed 74 0b 48 89 ef 31 f6 5d e9 14 fc ff ff 5d c3 <0f> 0b 0f 1f 44 00 00 41 57 41 56 49 89 ce 41 55 49 89 fd 41 54 41 [ 449.908054] RSP: 0018:ffffb83d878b3d68 EFLAGS: 00010206 [ 449.913887] RAX: 0000000080000201 RBX: ffff8f4355133550 RCX: 000000000d400005 [ 449.921843] RDX: 0000000000000001 RSI: 0000000000001000 RDI: ffffb83da53f5000 [ 449.929808] RBP: ffff8f4ac6675800 R08: ffffb83d878b3d30 R09: 00000000000efbdf [ 449.937774] R10: 0000000000000003 R11: ffff8f434573e000 R12: 0000000000001000 [ 449.945736] R13: 0000000000001000 R14: ffffb83da53f5000 R15: ffff8f43d4ea3ae0 [ 449.953701] FS: 0000000000000000(0000) GS:ffff8f529fc80000(0000) knlGS:0000000000000000 [ 449.962732] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 449.969138] CR2: 00007f8cf993e150 CR3: 0000000efbe10003 CR4: 00000000003706e0 [ 449.977102] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 449.985065] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 449.993028] Call Trace: [ 449.995756] iommudmafree+0x96/0x100 [ 450.000139] bnx2fcfreesessionresc+0x67/0x240 [bnx2fc] [ 450.006171] bnx2fcuploadsession+0xce/0x100 [bnx2fc] [ 450.011910] bnx2fcrporteventhandler+0x9f/0x240 [bnx2fc] [ 450.018136] fcrportwork+0x103/0x5b0 [libfc] [ 450.023103] processonework+0x1e8/0x3c0 [ 450.027581] workerthread+0x50/0x3b0 [ 450.031669] ? rescuerthread+0x370/0x370 [ 450.036143] kthread+0x149/0x170 [ 450.039744] ? setkthreadstruct+0x40/0x40 [ 450.044411] retfromfork+0x22/0x30 [ 450.048404] Modules linked in: vfat msdos fat xfs nfslayoutnfsv41files rpcsecgsskrb5 authrpcgss nfsv4 dnsresolver dmservicetime qedf qed crc8 bnx2fc libfcoe libfc scsitransportfc intelraplmsr intelraplcommon x86pkgtempthermal intelpowerclamp dcdbas rapl intelcstate inteluncore meime pcspkr mei ipmissif lpcich ipmisi fuse zram ext4 mbcache jbd2 loop nfsv3 nfsacl nfs lockd grace fscache netfs irdma ice sdmod t10pi sg ibuverbs ibcore 8021q garp mrp stp llc mgag200 i2calgobit drmkmshelper syscopyarea sysfillrect sysimgblt mxmwmi fbsysfops cec crct10difpclmul ahci crc32pclmul bnx2x drm ghashclmulniintel libahci rfkill i40e libata megaraidsas mdio wmi sunrpc lrw dmcrypt dmroundrobin dmmultipath dmsnapshot dmbufio dmmirror dmregionhash dmlog dmzero dmmod linear raid10 raid456 asyncraid6recov asyncmemcpy asyncpq asyncxor asynctx raid6pq libcrc32c crc32cintel raid1 raid0 iscsiibft squashfs be2iscsi bnx2i cnic uio cxgb4i cxgb4 tls [ 450.048497] libcxgbi libcxgb qla4xxx iscsibootsysfs iscsitcp libiscsitcp libiscsi scsitransportiscsi edd ipmidevintf ipmimsghandler [ 450.159753] ---[ end trace 712de2c57c64abc8 ]---

— NVD

Linux Kernel is vulnerable to a denial of service, caused by improper locking related to spinlockbh while releasing resources after upload. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

— IBM