diff --git a/RHEL-56840-fence_scsi-only-preempt-once-for-mpath-devices.patch b/RHEL-56840-fence_scsi-only-preempt-once-for-mpath-devices.patch new file mode 100644 index 0000000..78b7854 --- /dev/null +++ b/RHEL-56840-fence_scsi-only-preempt-once-for-mpath-devices.patch @@ -0,0 +1,40 @@ +From cb57f1c2ee734a40d01249305965ea4ecdf02039 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 5 Sep 2024 09:06:34 +0200 +Subject: [PATCH] fence_scsi: preempt clears all devices on the mpath device, + so only run it for the first device + +--- + agents/scsi/fence_scsi.py | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/agents/scsi/fence_scsi.py b/agents/scsi/fence_scsi.py +index a1598411c..12f7fb49b 100644 +--- a/agents/scsi/fence_scsi.py ++++ b/agents/scsi/fence_scsi.py +@@ -131,11 +131,13 @@ def reset_dev(options, dev): + return run_cmd(options, options["--sg_turs-path"] + " " + dev)["rc"] + + +-def register_dev(options, dev, key): ++def register_dev(options, dev, key, do_preempt=True): + dev = os.path.realpath(dev) + if re.search(r"^dm", dev[5:]): +- for slave in get_mpath_slaves(dev): +- register_dev(options, slave, key) ++ devices = get_mpath_slaves(dev) ++ register_dev(options, devices[0], key) ++ for device in devices[1:]: ++ register_dev(options, device, key, False) + return True + + # Check if any registration exists for the key already. We track this in +@@ -153,7 +155,7 @@ def register_dev(options, dev, key): + # If key matches, make sure it matches with the connection that + # exists right now. To do this, we can issue a preempt with same key + # which should replace the old invalid entries from the target. +- if not preempt(options, key, dev, key): ++ if do_preempt and not preempt(options, key, dev, key): + return False + + # If there was no reservation, we need to issue another registration diff --git a/fence-agents.spec b/fence-agents.spec index 21d3f6c..acbb0d5 100644 --- a/fence-agents.spec +++ b/fence-agents.spec @@ -87,7 +87,7 @@ Name: fence-agents Summary: Set of unified programs capable of host isolation ("fencing") Version: 4.2.1 -Release: 129%{?alphatag:.%{alphatag}}%{?dist}.4 +Release: 129%{?alphatag:.%{alphatag}}%{?dist}.5 License: GPLv2+ and LGPLv2+ Group: System Environment/Base URL: https://github.com/ClusterLabs/fence-agents @@ -283,6 +283,7 @@ Patch140: RHEL-5397-fence_scsi-3-fix-run_cmd.patch Patch141: RHEL-5397-4-fence_scsi-log-err.patch Patch142: RHEL-14343-fence_zvmip-2-fix-manpage-formatting.patch Patch143: RHEL-7734-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patch +Patch144: RHEL-56840-fence_scsi-only-preempt-once-for-mpath-devices.patch ### HA support libs/utils ### # all archs @@ -515,6 +516,7 @@ BuildRequires: python3-google-api-client python3-pip python3-wheel python3-jinja %patch -p1 -P 141 %patch -p1 -P 142 %patch -p1 -P 143 -F1 +%patch -p1 -P 144 # prevent compilation of something that won't get used anyway sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac @@ -631,7 +633,7 @@ pushd %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir} /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=1 < %{PATCH1001} /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=1 < %{PATCH1002} /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH1003} -/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH1004} +/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH1004} %ifarch x86_64 /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH2000} @@ -1526,6 +1528,11 @@ Fence agent for IBM z/VM over IP. %endif %changelog +* Tue Sep 24 2024 Oyvind Albrigtsen - 4.2.1-129.5 +- fence_scsi: preempt clears all devices on the mpath device, so only + run it for the first device + Resolves: RHEL-56840 + * Wed Jul 24 2024 Oyvind Albrigtsen - 4.2.1-129.4 - bundled setuptools: fix CVE-2024-6345 Resolves: RHEL-50223