In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: Fix a deadlock in the error handler
The following deadlock has been observed on a test setup:
All tags allocated
The SCSI error handler calls ufshcdehhostresethandler()
ufshcdehhostresethandler() queues work that calls ufshcderrhandler()
ufshcderrhandler() locks up as follows:
Workqueue: ufsehwq0 ufshcderrhandler.cfijt Call trace: _switchto+0x298/0x5d8 _schedule+0x6cc/0xa94 schedule+0x12c/0x298 blkmqgettag+0x210/0x480 _blkmqallocrequest+0x1c8/0x284 blkgetrequest+0x74/0x134 ufshcdexecdevcmd+0x68/0x640 ufshcdverifydevinit+0x68/0x35c ufshcdprobehba+0x12c/0x1cb8 ufshcdhostresetandrestore+0x88/0x254 ufshcdresetandrestore+0xd0/0x354 ufshcderrhandler+0x408/0xc58 processonework+0x24c/0x66c workerthread+0x3e8/0xa4c kthread+0x150/0x1b4 retfromfork+0x10/0x30
Fix this lockup by making ufshcdexecdev_cmd() allocate a reserved request.