CVE-2024-26873 (GCVE-0-2024-26873)
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2025-05-04 08:58
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Fix a deadlock issue related to automatic dump If we issue a disabling PHY command, the device attached with it will go offline, if a 2 bit ECC error occurs at the same time, a hung task may be found: [ 4613.652388] INFO: task kworker/u256:0:165233 blocked for more than 120 seconds. [ 4613.666297] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 4613.674809] task:kworker/u256:0 state:D stack: 0 pid:165233 ppid: 2 flags:0x00000208 [ 4613.683959] Workqueue: 0000:74:02.0_disco_q sas_revalidate_domain [libsas] [ 4613.691518] Call trace: [ 4613.694678] __switch_to+0xf8/0x17c [ 4613.698872] __schedule+0x660/0xee0 [ 4613.703063] schedule+0xac/0x240 [ 4613.706994] schedule_timeout+0x500/0x610 [ 4613.711705] __down+0x128/0x36c [ 4613.715548] down+0x240/0x2d0 [ 4613.719221] hisi_sas_internal_abort_timeout+0x1bc/0x260 [hisi_sas_main] [ 4613.726618] sas_execute_internal_abort+0x144/0x310 [libsas] [ 4613.732976] sas_execute_internal_abort_dev+0x44/0x60 [libsas] [ 4613.739504] hisi_sas_internal_task_abort_dev.isra.0+0xbc/0x1b0 [hisi_sas_main] [ 4613.747499] hisi_sas_dev_gone+0x174/0x250 [hisi_sas_main] [ 4613.753682] sas_notify_lldd_dev_gone+0xec/0x2e0 [libsas] [ 4613.759781] sas_unregister_common_dev+0x4c/0x7a0 [libsas] [ 4613.765962] sas_destruct_devices+0xb8/0x120 [libsas] [ 4613.771709] sas_do_revalidate_domain.constprop.0+0x1b8/0x31c [libsas] [ 4613.778930] sas_revalidate_domain+0x60/0xa4 [libsas] [ 4613.784716] process_one_work+0x248/0x950 [ 4613.789424] worker_thread+0x318/0x934 [ 4613.793878] kthread+0x190/0x200 [ 4613.797810] ret_from_fork+0x10/0x18 [ 4613.802121] INFO: task kworker/u256:4:316722 blocked for more than 120 seconds. [ 4613.816026] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 4613.824538] task:kworker/u256:4 state:D stack: 0 pid:316722 ppid: 2 flags:0x00000208 [ 4613.833670] Workqueue: 0000:74:02.0 hisi_sas_rst_work_handler [hisi_sas_main] [ 4613.841491] Call trace: [ 4613.844647] __switch_to+0xf8/0x17c [ 4613.848852] __schedule+0x660/0xee0 [ 4613.853052] schedule+0xac/0x240 [ 4613.856984] schedule_timeout+0x500/0x610 [ 4613.861695] __down+0x128/0x36c [ 4613.865542] down+0x240/0x2d0 [ 4613.869216] hisi_sas_controller_prereset+0x58/0x1fc [hisi_sas_main] [ 4613.876324] hisi_sas_rst_work_handler+0x40/0x8c [hisi_sas_main] [ 4613.883019] process_one_work+0x248/0x950 [ 4613.887732] worker_thread+0x318/0x934 [ 4613.892204] kthread+0x190/0x200 [ 4613.896118] ret_from_fork+0x10/0x18 [ 4613.900423] INFO: task kworker/u256:1:348985 blocked for more than 121 seconds. [ 4613.914341] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 4613.922852] task:kworker/u256:1 state:D stack: 0 pid:348985 ppid: 2 flags:0x00000208 [ 4613.931984] Workqueue: 0000:74:02.0_event_q sas_port_event_worker [libsas] [ 4613.939549] Call trace: [ 4613.942702] __switch_to+0xf8/0x17c [ 4613.946892] __schedule+0x660/0xee0 [ 4613.951083] schedule+0xac/0x240 [ 4613.955015] schedule_timeout+0x500/0x610 [ 4613.959725] wait_for_common+0x200/0x610 [ 4613.964349] wait_for_completion+0x3c/0x5c [ 4613.969146] flush_workqueue+0x198/0x790 [ 4613.973776] sas_porte_broadcast_rcvd+0x1e8/0x320 [libsas] [ 4613.979960] sas_port_event_worker+0x54/0xa0 [libsas] [ 4613.985708] process_one_work+0x248/0x950 [ 4613.990420] worker_thread+0x318/0x934 [ 4613.994868] kthread+0x190/0x200 [ 4613.998800] ret_from_fork+0x10/0x18 This is because when the device goes offline, we obtain the hisi_hba semaphore and send the ABORT_DEV command to the device. However, the internal abort timed out due to the 2 bit ECC error and triggers automatic dump. In addition, since the hisi_hba semaphore has been obtained, the dump cannot be executed and the controller cannot be reset. Therefore, the deadlocks occur on the following circular dependencies ---truncated---
References
Impacted products
Vendor Product Version
Linux Linux Version: 91e035e98fa1383ca90d774c29bb14c3c5ed2d8c
Version: 2ff07b5c6fe9173e7a7de3b23f300d71ad4d8fde
Version: 2ff07b5c6fe9173e7a7de3b23f300d71ad4d8fde
Version: 2ff07b5c6fe9173e7a7de3b23f300d71ad4d8fde
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26873",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-23T14:02:10.417549Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:43.301Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:04.227Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e022dd3b875315a2d2001a512e98d1dc8c991f4a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/85c98073ffcfe9e46abfb9c66f3364467119d563"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3c4f53b2c341ec6428b98cb51a89a09b025d0953"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/hisi_sas/hisi_sas_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a47f0b03149af538af4442ff0702eac430ace1cb",
              "status": "affected",
              "version": "91e035e98fa1383ca90d774c29bb14c3c5ed2d8c",
              "versionType": "git"
            },
            {
              "lessThan": "e022dd3b875315a2d2001a512e98d1dc8c991f4a",
              "status": "affected",
              "version": "2ff07b5c6fe9173e7a7de3b23f300d71ad4d8fde",
              "versionType": "git"
            },
            {
              "lessThan": "85c98073ffcfe9e46abfb9c66f3364467119d563",
              "status": "affected",
              "version": "2ff07b5c6fe9173e7a7de3b23f300d71ad4d8fde",
              "versionType": "git"
            },
            {
              "lessThan": "3c4f53b2c341ec6428b98cb51a89a09b025d0953",
              "status": "affected",
              "version": "2ff07b5c6fe9173e7a7de3b23f300d71ad4d8fde",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/hisi_sas/hisi_sas_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Fix a deadlock issue related to automatic dump\n\nIf we issue a disabling PHY command, the device attached with it will go\noffline, if a 2 bit ECC error occurs at the same time, a hung task may be\nfound:\n\n[ 4613.652388] INFO: task kworker/u256:0:165233 blocked for more than 120 seconds.\n[ 4613.666297] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.674809] task:kworker/u256:0  state:D stack:    0 pid:165233 ppid:     2 flags:0x00000208\n[ 4613.683959] Workqueue: 0000:74:02.0_disco_q sas_revalidate_domain [libsas]\n[ 4613.691518] Call trace:\n[ 4613.694678]  __switch_to+0xf8/0x17c\n[ 4613.698872]  __schedule+0x660/0xee0\n[ 4613.703063]  schedule+0xac/0x240\n[ 4613.706994]  schedule_timeout+0x500/0x610\n[ 4613.711705]  __down+0x128/0x36c\n[ 4613.715548]  down+0x240/0x2d0\n[ 4613.719221]  hisi_sas_internal_abort_timeout+0x1bc/0x260 [hisi_sas_main]\n[ 4613.726618]  sas_execute_internal_abort+0x144/0x310 [libsas]\n[ 4613.732976]  sas_execute_internal_abort_dev+0x44/0x60 [libsas]\n[ 4613.739504]  hisi_sas_internal_task_abort_dev.isra.0+0xbc/0x1b0 [hisi_sas_main]\n[ 4613.747499]  hisi_sas_dev_gone+0x174/0x250 [hisi_sas_main]\n[ 4613.753682]  sas_notify_lldd_dev_gone+0xec/0x2e0 [libsas]\n[ 4613.759781]  sas_unregister_common_dev+0x4c/0x7a0 [libsas]\n[ 4613.765962]  sas_destruct_devices+0xb8/0x120 [libsas]\n[ 4613.771709]  sas_do_revalidate_domain.constprop.0+0x1b8/0x31c [libsas]\n[ 4613.778930]  sas_revalidate_domain+0x60/0xa4 [libsas]\n[ 4613.784716]  process_one_work+0x248/0x950\n[ 4613.789424]  worker_thread+0x318/0x934\n[ 4613.793878]  kthread+0x190/0x200\n[ 4613.797810]  ret_from_fork+0x10/0x18\n[ 4613.802121] INFO: task kworker/u256:4:316722 blocked for more than 120 seconds.\n[ 4613.816026] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.824538] task:kworker/u256:4  state:D stack:    0 pid:316722 ppid:     2 flags:0x00000208\n[ 4613.833670] Workqueue: 0000:74:02.0 hisi_sas_rst_work_handler [hisi_sas_main]\n[ 4613.841491] Call trace:\n[ 4613.844647]  __switch_to+0xf8/0x17c\n[ 4613.848852]  __schedule+0x660/0xee0\n[ 4613.853052]  schedule+0xac/0x240\n[ 4613.856984]  schedule_timeout+0x500/0x610\n[ 4613.861695]  __down+0x128/0x36c\n[ 4613.865542]  down+0x240/0x2d0\n[ 4613.869216]  hisi_sas_controller_prereset+0x58/0x1fc [hisi_sas_main]\n[ 4613.876324]  hisi_sas_rst_work_handler+0x40/0x8c [hisi_sas_main]\n[ 4613.883019]  process_one_work+0x248/0x950\n[ 4613.887732]  worker_thread+0x318/0x934\n[ 4613.892204]  kthread+0x190/0x200\n[ 4613.896118]  ret_from_fork+0x10/0x18\n[ 4613.900423] INFO: task kworker/u256:1:348985 blocked for more than 121 seconds.\n[ 4613.914341] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.922852] task:kworker/u256:1  state:D stack:    0 pid:348985 ppid:     2 flags:0x00000208\n[ 4613.931984] Workqueue: 0000:74:02.0_event_q sas_port_event_worker [libsas]\n[ 4613.939549] Call trace:\n[ 4613.942702]  __switch_to+0xf8/0x17c\n[ 4613.946892]  __schedule+0x660/0xee0\n[ 4613.951083]  schedule+0xac/0x240\n[ 4613.955015]  schedule_timeout+0x500/0x610\n[ 4613.959725]  wait_for_common+0x200/0x610\n[ 4613.964349]  wait_for_completion+0x3c/0x5c\n[ 4613.969146]  flush_workqueue+0x198/0x790\n[ 4613.973776]  sas_porte_broadcast_rcvd+0x1e8/0x320 [libsas]\n[ 4613.979960]  sas_port_event_worker+0x54/0xa0 [libsas]\n[ 4613.985708]  process_one_work+0x248/0x950\n[ 4613.990420]  worker_thread+0x318/0x934\n[ 4613.994868]  kthread+0x190/0x200\n[ 4613.998800]  ret_from_fork+0x10/0x18\n\nThis is because when the device goes offline, we obtain the hisi_hba\nsemaphore and send the ABORT_DEV command to the device. However, the\ninternal abort timed out due to the 2 bit ECC error and triggers automatic\ndump. In addition, since the hisi_hba semaphore has been obtained, the dump\ncannot be executed and the controller cannot be reset.\n\nTherefore, the deadlocks occur on the following circular dependencies\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:58:34.180Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a47f0b03149af538af4442ff0702eac430ace1cb"
        },
        {
          "url": "https://git.kernel.org/stable/c/e022dd3b875315a2d2001a512e98d1dc8c991f4a"
        },
        {
          "url": "https://git.kernel.org/stable/c/85c98073ffcfe9e46abfb9c66f3364467119d563"
        },
        {
          "url": "https://git.kernel.org/stable/c/3c4f53b2c341ec6428b98cb51a89a09b025d0953"
        }
      ],
      "title": "scsi: hisi_sas: Fix a deadlock issue related to automatic dump",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26873",
    "datePublished": "2024-04-17T10:27:32.647Z",
    "dateReserved": "2024-02-19T14:20:24.184Z",
    "dateUpdated": "2025-05-04T08:58:34.180Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-26873\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-04-17T11:15:09.610\",\"lastModified\":\"2025-01-10T18:28:25.100\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nscsi: hisi_sas: Fix a deadlock issue related to automatic dump\\n\\nIf we issue a disabling PHY command, the device attached with it will go\\noffline, if a 2 bit ECC error occurs at the same time, a hung task may be\\nfound:\\n\\n[ 4613.652388] INFO: task kworker/u256:0:165233 blocked for more than 120 seconds.\\n[ 4613.666297] \\\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\\\" disables this message.\\n[ 4613.674809] task:kworker/u256:0  state:D stack:    0 pid:165233 ppid:     2 flags:0x00000208\\n[ 4613.683959] Workqueue: 0000:74:02.0_disco_q sas_revalidate_domain [libsas]\\n[ 4613.691518] Call trace:\\n[ 4613.694678]  __switch_to+0xf8/0x17c\\n[ 4613.698872]  __schedule+0x660/0xee0\\n[ 4613.703063]  schedule+0xac/0x240\\n[ 4613.706994]  schedule_timeout+0x500/0x610\\n[ 4613.711705]  __down+0x128/0x36c\\n[ 4613.715548]  down+0x240/0x2d0\\n[ 4613.719221]  hisi_sas_internal_abort_timeout+0x1bc/0x260 [hisi_sas_main]\\n[ 4613.726618]  sas_execute_internal_abort+0x144/0x310 [libsas]\\n[ 4613.732976]  sas_execute_internal_abort_dev+0x44/0x60 [libsas]\\n[ 4613.739504]  hisi_sas_internal_task_abort_dev.isra.0+0xbc/0x1b0 [hisi_sas_main]\\n[ 4613.747499]  hisi_sas_dev_gone+0x174/0x250 [hisi_sas_main]\\n[ 4613.753682]  sas_notify_lldd_dev_gone+0xec/0x2e0 [libsas]\\n[ 4613.759781]  sas_unregister_common_dev+0x4c/0x7a0 [libsas]\\n[ 4613.765962]  sas_destruct_devices+0xb8/0x120 [libsas]\\n[ 4613.771709]  sas_do_revalidate_domain.constprop.0+0x1b8/0x31c [libsas]\\n[ 4613.778930]  sas_revalidate_domain+0x60/0xa4 [libsas]\\n[ 4613.784716]  process_one_work+0x248/0x950\\n[ 4613.789424]  worker_thread+0x318/0x934\\n[ 4613.793878]  kthread+0x190/0x200\\n[ 4613.797810]  ret_from_fork+0x10/0x18\\n[ 4613.802121] INFO: task kworker/u256:4:316722 blocked for more than 120 seconds.\\n[ 4613.816026] \\\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\\\" disables this message.\\n[ 4613.824538] task:kworker/u256:4  state:D stack:    0 pid:316722 ppid:     2 flags:0x00000208\\n[ 4613.833670] Workqueue: 0000:74:02.0 hisi_sas_rst_work_handler [hisi_sas_main]\\n[ 4613.841491] Call trace:\\n[ 4613.844647]  __switch_to+0xf8/0x17c\\n[ 4613.848852]  __schedule+0x660/0xee0\\n[ 4613.853052]  schedule+0xac/0x240\\n[ 4613.856984]  schedule_timeout+0x500/0x610\\n[ 4613.861695]  __down+0x128/0x36c\\n[ 4613.865542]  down+0x240/0x2d0\\n[ 4613.869216]  hisi_sas_controller_prereset+0x58/0x1fc [hisi_sas_main]\\n[ 4613.876324]  hisi_sas_rst_work_handler+0x40/0x8c [hisi_sas_main]\\n[ 4613.883019]  process_one_work+0x248/0x950\\n[ 4613.887732]  worker_thread+0x318/0x934\\n[ 4613.892204]  kthread+0x190/0x200\\n[ 4613.896118]  ret_from_fork+0x10/0x18\\n[ 4613.900423] INFO: task kworker/u256:1:348985 blocked for more than 121 seconds.\\n[ 4613.914341] \\\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\\\" disables this message.\\n[ 4613.922852] task:kworker/u256:1  state:D stack:    0 pid:348985 ppid:     2 flags:0x00000208\\n[ 4613.931984] Workqueue: 0000:74:02.0_event_q sas_port_event_worker [libsas]\\n[ 4613.939549] Call trace:\\n[ 4613.942702]  __switch_to+0xf8/0x17c\\n[ 4613.946892]  __schedule+0x660/0xee0\\n[ 4613.951083]  schedule+0xac/0x240\\n[ 4613.955015]  schedule_timeout+0x500/0x610\\n[ 4613.959725]  wait_for_common+0x200/0x610\\n[ 4613.964349]  wait_for_completion+0x3c/0x5c\\n[ 4613.969146]  flush_workqueue+0x198/0x790\\n[ 4613.973776]  sas_porte_broadcast_rcvd+0x1e8/0x320 [libsas]\\n[ 4613.979960]  sas_port_event_worker+0x54/0xa0 [libsas]\\n[ 4613.985708]  process_one_work+0x248/0x950\\n[ 4613.990420]  worker_thread+0x318/0x934\\n[ 4613.994868]  kthread+0x190/0x200\\n[ 4613.998800]  ret_from_fork+0x10/0x18\\n\\nThis is because when the device goes offline, we obtain the hisi_hba\\nsemaphore and send the ABORT_DEV command to the device. However, the\\ninternal abort timed out due to the 2 bit ECC error and triggers automatic\\ndump. In addition, since the hisi_hba semaphore has been obtained, the dump\\ncannot be executed and the controller cannot be reset.\\n\\nTherefore, the deadlocks occur on the following circular dependencies\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: hisi_sas: soluciona un problema de interbloqueo relacionado con el volcado autom\u00e1tico. Si emitimos un comando de desactivaci\u00f3n PHY, el dispositivo conectado se desconectar\u00e1 si se produce un error ECC de 2 bits en el Al mismo tiempo, se puede encontrar una tarea colgada: [ 4613.652388] INFORMACI\u00d3N: tarea kworker/u256:0:165233 bloqueada durante m\u00e1s de 120 segundos. [4613.666297] \\\"echo 0 \u0026gt; /proc/sys/kernel/hung_task_timeout_secs\\\" desactiva este mensaje. [ 4613.674809] tarea:kworker/u256:0 estado:D pila: 0 pid:165233 ppid: 2 banderas:0x00000208 [ 4613.683959] Cola de trabajo: 0000:74:02.0_disco_q sas_revalidate_domain [libsas] [ 4613.691518] Rastreo de llamadas: [4613.694678] __switch_to +0xf8/0x17c [ 4613.698872] __programaci\u00f3n+0x660/0xee0 [ 4613.703063] programaci\u00f3n+0xac/0x240 [ 4613.706994] programaci\u00f3n_timeout+0x500/0x610 [ 4613.711705] c [ 4613.715548] abajo+0x240/0x2d0 [ 4613.719221] hisi_sas_internal_abort_timeout+0x1bc /0x260 [hisi_sas_main] [ 4613.726618] sas_execute_internal_abort+0x144/0x310 [libsas] [ 4613.732976] sas_execute_internal_abort_dev+0x44/0x60 [libsas] [ 4613.739504] _dev.isra.0+0xbc/0x1b0 [hisi_sas_main] [ 4613.747499] hisi_sas_dev_gone+0x174/0x250 [hisi_sas_main] [ 4613.753682] sas_notify_lldd_dev_gone+0xec/0x2e0 [libsas] [ 4613.759781] sas_unregister_common_dev+0x4c/0x7a0 [libsas] [ 4613.765962] sas_destruct_devices+0xb8/0x120 [libsas] [ 4613.771709] sas_do_revalidate_domain.constprop.0+0x1b8/0x31c [libsas ] [ 4613.778930] sas_revalidate_domain+0x60/0xa4 [libsas] [ 4613.784716] Process_one_work+0x248/0x950 [ 4613.789424] trabajador_thread+0x318/0x934 [ 4613.793878] 0x200 [4613.797810] ret_from_fork+0x10/0x18 [4613.802121] INFORMACI\u00d3N: tarea kworker/u256:4:316722 bloqueado durante m\u00e1s de 120 segundos. [4613.816026] \\\"echo 0 \u0026gt; /proc/sys/kernel/hung_task_timeout_secs\\\" desactiva este mensaje. [ 4613.824538] tarea:kworker/u256:4 estado:D pila: 0 pid:316722 ppid: 2 banderas:0x00000208 [ 4613.833670] Cola de trabajo: 0000:74:02.0 hisi_sas_rst_work_handler [hisi_sas_main] [ 4613.841491 ] Rastreo de llamadas: [4613.844647] __switch_to+ 0xf8/0x17c [ 4613.848852] __programaci\u00f3n+0x660/0xee0 [ 4613.853052] programaci\u00f3n+0xac/0x240 [ 4613.856984] programaci\u00f3n_timeout+0x500/0x610 [ 4613.861695] c [ 4613.865542] abajo+0x240/0x2d0 [ 4613.869216] hisi_sas_controller_prereset+0x58/ 0x1fc [hisi_sas_main] [ 4613.876324] hisi_sas_rst_work_handler+0x40/0x8c [hisi_sas_main] [ 4613.883019] Process_one_work+0x248/0x950 [ 4613.887732] trabajador_thread+0x318/0x934 [ 461 3.892204] kthread+0x190/0x200 [ 4613.896118] ret_from_fork+0x10/0x18 [ 4613.900423] INFORMACI\u00d3N: tarea kworker/u256:1:348985 bloqueada durante m\u00e1s de 121 segundos. [4613.914341] \\\"echo 0 \u0026gt; /proc/sys/kernel/hung_task_timeout_secs\\\" desactiva este mensaje. [ 4613.922852] tarea:kworker/u256:1 estado:D pila: 0 pid:348985 ppid: 2 banderas:0x00000208 [ 4613.931984] Cola de trabajo: 0000:74:02.0_event_q sas_port_event_worker [libsas] [ 4613.939549] Rastreo de llamadas: [4613.942702] __switch_to +0xf8/0x17c [ 4613.946892] __schedule+0x660/0xee0 [ 4613.951083] Schedule+0xac/0x240 [ 4613.955015] Schedule_timeout+0x500/0x610 [ 4613.959725] x610 [ 4613.964349] espera_para_compleci\u00f3n+0x3c/0x5c [ 4613.969146] descarga_cola de trabajo+0x198 /0x790 [ 4613.973776] sas_porte_broadcast_rcvd+0x1e8/0x320 [libsas] [ 4613.979960] sas_port_event_worker+0x54/0xa0 [libsas] [ 4613.985708] Process_one_work+0x248/0x950 [ 4613.9 90420] hilo_trabajador+0x318/0x934 [ 4613.994868] kthread+0x190/0x200 [ 4613.998800 ] ret_from_fork+0x10/0x18 Esto se debe a que cuando el dispositivo se desconecta, obtenemos el sem\u00e1foro hisi_hba y enviamos el comando ABORT_DEV al dispositivo. Sin embargo, el aborto interno expir\u00f3 debido al error ECC de 2 bits y activa el volcado autom\u00e1tico. Adem\u00e1s, dado que se obtuvo el sem\u00e1foro hisi_hba, el volcado no se puede ejecutar y el controlador no se puede restablecer. Por lo tanto, los interbloqueos ocurren en las siguientes dependencias circulares ---truncadas---\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.7.11\",\"matchCriteriaId\":\"9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.8\",\"versionEndExcluding\":\"6.8.2\",\"matchCriteriaId\":\"543A75FF-25B8-4046-A514-1EA8EDD87AB1\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3c4f53b2c341ec6428b98cb51a89a09b025d0953\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/85c98073ffcfe9e46abfb9c66f3364467119d563\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a47f0b03149af538af4442ff0702eac430ace1cb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e022dd3b875315a2d2001a512e98d1dc8c991f4a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3c4f53b2c341ec6428b98cb51a89a09b025d0953\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/85c98073ffcfe9e46abfb9c66f3364467119d563\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e022dd3b875315a2d2001a512e98d1dc8c991f4a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/e022dd3b875315a2d2001a512e98d1dc8c991f4a\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/85c98073ffcfe9e46abfb9c66f3364467119d563\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/3c4f53b2c341ec6428b98cb51a89a09b025d0953\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T00:21:04.227Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-26873\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-23T14:02:10.417549Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-05T15:20:43.649Z\"}}], \"cna\": {\"title\": \"scsi: hisi_sas: Fix a deadlock issue related to automatic dump\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"91e035e98fa1383ca90d774c29bb14c3c5ed2d8c\", \"lessThan\": \"a47f0b03149af538af4442ff0702eac430ace1cb\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"2ff07b5c6fe9173e7a7de3b23f300d71ad4d8fde\", \"lessThan\": \"e022dd3b875315a2d2001a512e98d1dc8c991f4a\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"2ff07b5c6fe9173e7a7de3b23f300d71ad4d8fde\", \"lessThan\": \"85c98073ffcfe9e46abfb9c66f3364467119d563\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"2ff07b5c6fe9173e7a7de3b23f300d71ad4d8fde\", \"lessThan\": \"3c4f53b2c341ec6428b98cb51a89a09b025d0953\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/scsi/hisi_sas/hisi_sas_main.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.7\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"6.7\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"6.7.11\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.7.*\"}, {\"status\": \"unaffected\", \"version\": \"6.8.2\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.8.*\"}, {\"status\": \"unaffected\", \"version\": \"6.9\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/scsi/hisi_sas/hisi_sas_main.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/a47f0b03149af538af4442ff0702eac430ace1cb\"}, {\"url\": \"https://git.kernel.org/stable/c/e022dd3b875315a2d2001a512e98d1dc8c991f4a\"}, {\"url\": \"https://git.kernel.org/stable/c/85c98073ffcfe9e46abfb9c66f3364467119d563\"}, {\"url\": \"https://git.kernel.org/stable/c/3c4f53b2c341ec6428b98cb51a89a09b025d0953\"}], \"x_generator\": {\"engine\": \"bippy-5f407fcff5a0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nscsi: hisi_sas: Fix a deadlock issue related to automatic dump\\n\\nIf we issue a disabling PHY command, the device attached with it will go\\noffline, if a 2 bit ECC error occurs at the same time, a hung task may be\\nfound:\\n\\n[ 4613.652388] INFO: task kworker/u256:0:165233 blocked for more than 120 seconds.\\n[ 4613.666297] \\\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\\\" disables this message.\\n[ 4613.674809] task:kworker/u256:0  state:D stack:    0 pid:165233 ppid:     2 flags:0x00000208\\n[ 4613.683959] Workqueue: 0000:74:02.0_disco_q sas_revalidate_domain [libsas]\\n[ 4613.691518] Call trace:\\n[ 4613.694678]  __switch_to+0xf8/0x17c\\n[ 4613.698872]  __schedule+0x660/0xee0\\n[ 4613.703063]  schedule+0xac/0x240\\n[ 4613.706994]  schedule_timeout+0x500/0x610\\n[ 4613.711705]  __down+0x128/0x36c\\n[ 4613.715548]  down+0x240/0x2d0\\n[ 4613.719221]  hisi_sas_internal_abort_timeout+0x1bc/0x260 [hisi_sas_main]\\n[ 4613.726618]  sas_execute_internal_abort+0x144/0x310 [libsas]\\n[ 4613.732976]  sas_execute_internal_abort_dev+0x44/0x60 [libsas]\\n[ 4613.739504]  hisi_sas_internal_task_abort_dev.isra.0+0xbc/0x1b0 [hisi_sas_main]\\n[ 4613.747499]  hisi_sas_dev_gone+0x174/0x250 [hisi_sas_main]\\n[ 4613.753682]  sas_notify_lldd_dev_gone+0xec/0x2e0 [libsas]\\n[ 4613.759781]  sas_unregister_common_dev+0x4c/0x7a0 [libsas]\\n[ 4613.765962]  sas_destruct_devices+0xb8/0x120 [libsas]\\n[ 4613.771709]  sas_do_revalidate_domain.constprop.0+0x1b8/0x31c [libsas]\\n[ 4613.778930]  sas_revalidate_domain+0x60/0xa4 [libsas]\\n[ 4613.784716]  process_one_work+0x248/0x950\\n[ 4613.789424]  worker_thread+0x318/0x934\\n[ 4613.793878]  kthread+0x190/0x200\\n[ 4613.797810]  ret_from_fork+0x10/0x18\\n[ 4613.802121] INFO: task kworker/u256:4:316722 blocked for more than 120 seconds.\\n[ 4613.816026] \\\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\\\" disables this message.\\n[ 4613.824538] task:kworker/u256:4  state:D stack:    0 pid:316722 ppid:     2 flags:0x00000208\\n[ 4613.833670] Workqueue: 0000:74:02.0 hisi_sas_rst_work_handler [hisi_sas_main]\\n[ 4613.841491] Call trace:\\n[ 4613.844647]  __switch_to+0xf8/0x17c\\n[ 4613.848852]  __schedule+0x660/0xee0\\n[ 4613.853052]  schedule+0xac/0x240\\n[ 4613.856984]  schedule_timeout+0x500/0x610\\n[ 4613.861695]  __down+0x128/0x36c\\n[ 4613.865542]  down+0x240/0x2d0\\n[ 4613.869216]  hisi_sas_controller_prereset+0x58/0x1fc [hisi_sas_main]\\n[ 4613.876324]  hisi_sas_rst_work_handler+0x40/0x8c [hisi_sas_main]\\n[ 4613.883019]  process_one_work+0x248/0x950\\n[ 4613.887732]  worker_thread+0x318/0x934\\n[ 4613.892204]  kthread+0x190/0x200\\n[ 4613.896118]  ret_from_fork+0x10/0x18\\n[ 4613.900423] INFO: task kworker/u256:1:348985 blocked for more than 121 seconds.\\n[ 4613.914341] \\\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\\\" disables this message.\\n[ 4613.922852] task:kworker/u256:1  state:D stack:    0 pid:348985 ppid:     2 flags:0x00000208\\n[ 4613.931984] Workqueue: 0000:74:02.0_event_q sas_port_event_worker [libsas]\\n[ 4613.939549] Call trace:\\n[ 4613.942702]  __switch_to+0xf8/0x17c\\n[ 4613.946892]  __schedule+0x660/0xee0\\n[ 4613.951083]  schedule+0xac/0x240\\n[ 4613.955015]  schedule_timeout+0x500/0x610\\n[ 4613.959725]  wait_for_common+0x200/0x610\\n[ 4613.964349]  wait_for_completion+0x3c/0x5c\\n[ 4613.969146]  flush_workqueue+0x198/0x790\\n[ 4613.973776]  sas_porte_broadcast_rcvd+0x1e8/0x320 [libsas]\\n[ 4613.979960]  sas_port_event_worker+0x54/0xa0 [libsas]\\n[ 4613.985708]  process_one_work+0x248/0x950\\n[ 4613.990420]  worker_thread+0x318/0x934\\n[ 4613.994868]  kthread+0x190/0x200\\n[ 4613.998800]  ret_from_fork+0x10/0x18\\n\\nThis is because when the device goes offline, we obtain the hisi_hba\\nsemaphore and send the ABORT_DEV command to the device. However, the\\ninternal abort timed out due to the 2 bit ECC error and triggers automatic\\ndump. In addition, since the hisi_hba semaphore has been obtained, the dump\\ncannot be executed and the controller cannot be reset.\\n\\nTherefore, the deadlocks occur on the following circular dependencies\\n---truncated---\"}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-01-09T15:35:24.891Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-26873\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-09T15:35:24.891Z\", \"dateReserved\": \"2024-02-19T14:20:24.184Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-04-17T10:27:32.647Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.