Linux Kernel QLA2XXX Driver Processor ID Vulnerability

A vulnerability in the Linux kernel's QLA2XXX SCSI driver has been addressed. The issue involved the use of 'smp_processor_id()' in preemptible code, which can lead to incorrect behavior in a multi-threaded environment. This vulnerability was observed in the NVMe over Fibre Channel (NVME-FC) controller connection process, where the QLA2XXX driver improperly handled processor ID retrieval. The problem has been fixed by replacing 'smp_processor_id()' with 'raw_smp_processor_id()', ensuring accurate processor identification without the risk of preemption interference. Additionally, the driver has been updated to use 'queue_work()' instead of 'queue_work_on()', further mitigating the issue by avoiding 'smp_processor_id()' usage when debugging preemption is enabled.

Impact

The vulnerability could cause incorrect processing of NVMe over Fibre Channel commands, potentially leading to missed interrupts or improper handling of asynchronous events, according to the upstream commit.

Reproduction

The vulnerability can be reproduced by connecting an NVMe over Fibre Channel controller using a QLA2XXX-based HBA. During the connection process, the driver will incorrectly use 'smp_processor_id()' instead of 'raw_smp_processor_id()', leading to a bug that can be observed in the kernel logs.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.