CVE-2024-26873

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-26873
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26873.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-26873
Related
Published
2024-04-17T11:15:09Z
Modified
2024-09-18T03:26:06.777991Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: hisi_sas: Fix a deadlock issue related to automatic dump

If we issue a disabling PHY command, the device attached with it will go offline, if a 2 bit ECC error occurs at the same time, a hung task may be found:

[ 4613.652388] INFO: task kworker/u256:0:165233 blocked for more than 120 seconds. [ 4613.666297] "echo 0 > /proc/sys/kernel/hungtasktimeoutsecs" disables this message. [ 4613.674809] task:kworker/u256:0 state:D stack: 0 pid:165233 ppid: 2 flags:0x00000208 [ 4613.683959] Workqueue: 0000:74:02.0discoq sasrevalidatedomain [libsas] [ 4613.691518] Call trace: [ 4613.694678] _switchto+0xf8/0x17c [ 4613.698872] _schedule+0x660/0xee0 [ 4613.703063] schedule+0xac/0x240 [ 4613.706994] scheduletimeout+0x500/0x610 [ 4613.711705] _down+0x128/0x36c [ 4613.715548] down+0x240/0x2d0 [ 4613.719221] hisisasinternalaborttimeout+0x1bc/0x260 [hisisasmain] [ 4613.726618] sasexecuteinternalabort+0x144/0x310 [libsas] [ 4613.732976] sasexecuteinternalabortdev+0x44/0x60 [libsas] [ 4613.739504] hisisasinternaltaskabortdev.isra.0+0xbc/0x1b0 [hisisasmain] [ 4613.747499] hisisasdevgone+0x174/0x250 [hisisasmain] [ 4613.753682] sasnotifylldddevgone+0xec/0x2e0 [libsas] [ 4613.759781] sasunregistercommondev+0x4c/0x7a0 [libsas] [ 4613.765962] sasdestructdevices+0xb8/0x120 [libsas] [ 4613.771709] sasdorevalidatedomain.constprop.0+0x1b8/0x31c [libsas] [ 4613.778930] sasrevalidatedomain+0x60/0xa4 [libsas] [ 4613.784716] processonework+0x248/0x950 [ 4613.789424] workerthread+0x318/0x934 [ 4613.793878] kthread+0x190/0x200 [ 4613.797810] retfromfork+0x10/0x18 [ 4613.802121] INFO: task kworker/u256:4:316722 blocked for more than 120 seconds. [ 4613.816026] "echo 0 > /proc/sys/kernel/hungtasktimeoutsecs" disables this message. [ 4613.824538] task:kworker/u256:4 state:D stack: 0 pid:316722 ppid: 2 flags:0x00000208 [ 4613.833670] Workqueue: 0000:74:02.0 hisisasrstworkhandler [hisisasmain] [ 4613.841491] Call trace: [ 4613.844647] _switchto+0xf8/0x17c [ 4613.848852] _schedule+0x660/0xee0 [ 4613.853052] schedule+0xac/0x240 [ 4613.856984] scheduletimeout+0x500/0x610 [ 4613.861695] _down+0x128/0x36c [ 4613.865542] down+0x240/0x2d0 [ 4613.869216] hisisascontrollerprereset+0x58/0x1fc [hisisasmain] [ 4613.876324] hisisasrstworkhandler+0x40/0x8c [hisisasmain] [ 4613.883019] processonework+0x248/0x950 [ 4613.887732] workerthread+0x318/0x934 [ 4613.892204] kthread+0x190/0x200 [ 4613.896118] retfromfork+0x10/0x18 [ 4613.900423] INFO: task kworker/u256:1:348985 blocked for more than 121 seconds. [ 4613.914341] "echo 0 > /proc/sys/kernel/hungtasktimeoutsecs" disables this message. [ 4613.922852] task:kworker/u256:1 state:D stack: 0 pid:348985 ppid: 2 flags:0x00000208 [ 4613.931984] Workqueue: 0000:74:02.0eventq sasporteventworker [libsas] [ 4613.939549] Call trace: [ 4613.942702] _switchto+0xf8/0x17c [ 4613.946892] _schedule+0x660/0xee0 [ 4613.951083] schedule+0xac/0x240 [ 4613.955015] scheduletimeout+0x500/0x610 [ 4613.959725] waitforcommon+0x200/0x610 [ 4613.964349] waitforcompletion+0x3c/0x5c [ 4613.969146] flushworkqueue+0x198/0x790 [ 4613.973776] sasportebroadcastrcvd+0x1e8/0x320 [libsas] [ 4613.979960] sasporteventworker+0x54/0xa0 [libsas] [ 4613.985708] processonework+0x248/0x950 [ 4613.990420] workerthread+0x318/0x934 [ 4613.994868] kthread+0x190/0x200 [ 4613.998800] retfromfork+0x10/0x18

This is because when the device goes offline, we obtain the hisihba semaphore and send the ABORTDEV command to the device. However, the internal abort timed out due to the 2 bit ECC error and triggers automatic dump. In addition, since the hisi_hba semaphore has been obtained, the dump cannot be executed and the controller cannot be reset.

Therefore, the deadlocks occur on the following circular dependencies ---truncated---

References

Affected packages

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.7.12-1

Affected versions

6.*

6.1.27-1
6.1.37-1
6.1.38-1
6.1.38-2~bpo11+1
6.1.38-2
6.1.38-3
6.1.38-4~bpo11+1
6.1.38-4
6.1.52-1
6.1.55-1~bpo11+1
6.1.55-1
6.1.64-1
6.1.66-1
6.1.67-1
6.1.69-1~bpo11+1
6.1.69-1
6.1.76-1~bpo11+1
6.1.76-1
6.1.82-1
6.1.85-1
6.1.90-1~bpo11+1
6.1.90-1
6.1.94-1~bpo11+1
6.1.94-1
6.1.98-1
6.1.99-1
6.1.106-1
6.1.106-2
6.1.106-3
6.3.1-1~exp1
6.3.2-1~exp1
6.3.4-1~exp1
6.3.5-1~exp1
6.3.7-1~bpo12+1
6.3.7-1
6.3.11-1
6.4~rc6-1~exp1
6.4~rc7-1~exp1
6.4.1-1~exp1
6.4.4-1~bpo12+1
6.4.4-1
6.4.4-2
6.4.4-3~bpo12+1
6.4.4-3
6.4.11-1
6.4.13-1
6.5~rc4-1~exp1
6.5~rc6-1~exp1
6.5~rc7-1~exp1
6.5.1-1~exp1
6.5.3-1~bpo12+1
6.5.3-1
6.5.6-1
6.5.8-1
6.5.10-1~bpo12+1
6.5.10-1
6.5.13-1
6.6.3-1~exp1
6.6.4-1~exp1
6.6.7-1~exp1
6.6.8-1
6.6.9-1
6.6.11-1
6.6.13-1~bpo12+1
6.6.13-1
6.6.15-1
6.6.15-2
6.7-1~exp1
6.7.1-1~exp1
6.7.4-1~exp1
6.7.7-1
6.7.9-1
6.7.9-2
6.7.12-1~bpo12+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}