U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2024-26627 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler Inside scsi_eh_wakeup(), scsi_host_busy() is called & checked with host lock every time for deciding if error handler kthread needs to be waken up. This can be too heavy in case of recovery, such as: - N hardware queues - queue depth is M for each hardware queue - each scsi_host_busy() iterates over (N * M) tag/requests If recovery is triggered in case that all requests are in-flight, each scsi_eh_wakeup() is strictly serialized, when scsi_eh_wakeup() is called for the last in-flight request, scsi_host_busy() has been run for (N * M - 1) times, and request has been iterated for (N*M - 1) * (N * M) times. If both N and M are big enough, hard lockup can be triggered on acquiring host lock, and it is observed on mpi3mr(128 hw queues, queue depth 8169). Fix the issue by calling scsi_host_busy() outside the host lock. We don't need the host lock for getting busy count because host the lock never covers that. [mkp: Drop unnecessary 'busy' variables pointed out by Bart]


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/07e3ca0f17f579491b5f54e9ed05173d6c1d6fcb
https://git.kernel.org/stable/c/07e3ca0f17f579491b5f54e9ed05173d6c1d6fcb
https://git.kernel.org/stable/c/4373534a9850627a2695317944898eb1283a2db0
https://git.kernel.org/stable/c/4373534a9850627a2695317944898eb1283a2db0
https://git.kernel.org/stable/c/65ead8468c21c2676d4d06f50b46beffdea69df1
https://git.kernel.org/stable/c/65ead8468c21c2676d4d06f50b46beffdea69df1
https://git.kernel.org/stable/c/d37c1c81419fdef66ebd0747cf76fb8b7d979059
https://git.kernel.org/stable/c/d37c1c81419fdef66ebd0747cf76fb8b7d979059
https://git.kernel.org/stable/c/db6338f45971b4285ea368432a84033690eaf53c
https://git.kernel.org/stable/c/db6338f45971b4285ea368432a84033690eaf53c
https://git.kernel.org/stable/c/f5944853f7a961fedc1227dc8f60393f8936d37c
https://git.kernel.org/stable/c/f5944853f7a961fedc1227dc8f60393f8936d37c
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Weakness Enumeration

CWE-ID CWE Name Source

Change History

7 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-26627
NVD Published Date:
03/06/2024
NVD Last Modified:
11/21/2024
Source:
kernel.org