Linux Kernel SCSI QLA2XXX Command Handling Vulnerability After Chip Reset

A vulnerability in the Linux kernel's SCSI QLA2XXX driver has been addressed. The issue arose after a commit intended to fix offline port and host reset handling, which inadvertently caused commands sent to the firmware after a chip reset to become stuck and unreleased, as the firmware would no longer respond to them. This situation triggered a bug in the command free routine. Another commit that aimed to correct missed DMA unmapping for aborted commands introduced a different issue when two CPUs simultaneously attempted to unmap scatter-gather data, leading to a race condition. The latest fix reverts the problematic changes and restores proper command unmapping and handling.

Impact

The vulnerability could lead to commands getting stuck after a chip reset, causing improper command management and potential resource leaks.