CVE-2023-53041

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: qla2xxx: Perform lockless command completion in abort path<br /> <br /> While adding and removing the controller, the following call trace was<br /> observed:<br /> <br /> WARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dma_free_attrs+0x33/0x50<br /> CPU: 3 PID: 623596 Comm: sh Kdump: loaded Not tainted 5.14.0-96.el9.x86_64 #1<br /> RIP: 0010:dma_free_attrs+0x33/0x50<br /> <br /> Call Trace:<br /> qla2x00_async_sns_sp_done+0x107/0x1b0 [qla2xxx]<br /> qla2x00_abort_srb+0x8e/0x250 [qla2xxx]<br /> ? ql_dbg+0x70/0x100 [qla2xxx]<br /> __qla2x00_abort_all_cmds+0x108/0x190 [qla2xxx]<br /> qla2x00_abort_all_cmds+0x24/0x70 [qla2xxx]<br /> qla2x00_abort_isp_cleanup+0x305/0x3e0 [qla2xxx]<br /> qla2x00_remove_one+0x364/0x400 [qla2xxx]<br /> pci_device_remove+0x36/0xa0<br /> __device_release_driver+0x17a/0x230<br /> device_release_driver+0x24/0x30<br /> pci_stop_bus_device+0x68/0x90<br /> pci_stop_and_remove_bus_device_locked+0x16/0x30<br /> remove_store+0x75/0x90<br /> kernfs_fop_write_iter+0x11c/0x1b0<br /> new_sync_write+0x11f/0x1b0<br /> vfs_write+0x1eb/0x280<br /> ksys_write+0x5f/0xe0<br /> do_syscall_64+0x5c/0x80<br /> ? do_user_addr_fault+0x1d8/0x680<br /> ? do_syscall_64+0x69/0x80<br /> ? exc_page_fault+0x62/0x140<br /> ? asm_exc_page_fault+0x8/0x30<br /> entry_SYSCALL_64_after_hwframe+0x44/0xae<br /> <br /> The command was completed in the abort path during driver unload with a<br /> lock held, causing the warning in abort path. Hence complete the command<br /> without any lock held.