cve-2024-56589
Vulnerability from cvelistv5
Published
2024-12-27 14:50
Modified
2024-12-27 14:50
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Add cond_resched() for no forced preemption model For no forced preemption model kernel, in the scenario where the expander is connected to 12 high performance SAS SSDs, the following call trace may occur: [ 214.409199][ C240] watchdog: BUG: soft lockup - CPU#240 stuck for 22s! [irq/149-hisi_sa:3211] [ 214.568533][ C240] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--) [ 214.575224][ C240] pc : fput_many+0x8c/0xdc [ 214.579480][ C240] lr : fput+0x1c/0xf0 [ 214.583302][ C240] sp : ffff80002de2b900 [ 214.587298][ C240] x29: ffff80002de2b900 x28: ffff1082aa412000 [ 214.593291][ C240] x27: ffff3062a0348c08 x26: ffff80003a9f6000 [ 214.599284][ C240] x25: ffff1062bbac5c40 x24: 0000000000001000 [ 214.605277][ C240] x23: 000000000000000a x22: 0000000000000001 [ 214.611270][ C240] x21: 0000000000001000 x20: 0000000000000000 [ 214.617262][ C240] x19: ffff3062a41ae580 x18: 0000000000010000 [ 214.623255][ C240] x17: 0000000000000001 x16: ffffdb3a6efe5fc0 [ 214.629248][ C240] x15: ffffffffffffffff x14: 0000000003ffffff [ 214.635241][ C240] x13: 000000000000ffff x12: 000000000000029c [ 214.641234][ C240] x11: 0000000000000006 x10: ffff80003a9f7fd0 [ 214.647226][ C240] x9 : ffffdb3a6f0482fc x8 : 0000000000000001 [ 214.653219][ C240] x7 : 0000000000000002 x6 : 0000000000000080 [ 214.659212][ C240] x5 : ffff55480ee9b000 x4 : fffffde7f94c6554 [ 214.665205][ C240] x3 : 0000000000000002 x2 : 0000000000000020 [ 214.671198][ C240] x1 : 0000000000000021 x0 : ffff3062a41ae5b8 [ 214.677191][ C240] Call trace: [ 214.680320][ C240] fput_many+0x8c/0xdc [ 214.684230][ C240] fput+0x1c/0xf0 [ 214.687707][ C240] aio_complete_rw+0xd8/0x1fc [ 214.692225][ C240] blkdev_bio_end_io+0x98/0x140 [ 214.696917][ C240] bio_endio+0x160/0x1bc [ 214.701001][ C240] blk_update_request+0x1c8/0x3bc [ 214.705867][ C240] scsi_end_request+0x3c/0x1f0 [ 214.710471][ C240] scsi_io_completion+0x7c/0x1a0 [ 214.715249][ C240] scsi_finish_command+0x104/0x140 [ 214.720200][ C240] scsi_softirq_done+0x90/0x180 [ 214.724892][ C240] blk_mq_complete_request+0x5c/0x70 [ 214.730016][ C240] scsi_mq_done+0x48/0xac [ 214.734194][ C240] sas_scsi_task_done+0xbc/0x16c [libsas] [ 214.739758][ C240] slot_complete_v3_hw+0x260/0x760 [hisi_sas_v3_hw] [ 214.746185][ C240] cq_thread_v3_hw+0xbc/0x190 [hisi_sas_v3_hw] [ 214.752179][ C240] irq_thread_fn+0x34/0xa4 [ 214.756435][ C240] irq_thread+0xc4/0x130 [ 214.760520][ C240] kthread+0x108/0x13c [ 214.764430][ C240] ret_from_fork+0x10/0x18 This is because in the hisi_sas driver, both the hardware interrupt handler and the interrupt thread are executed on the same CPU. In the performance test scenario, function irq_wait_for_interrupt() will always return 0 if lots of interrupts occurs and the CPU will be continuously consumed. As a result, the CPU cannot run the watchdog thread. When the watchdog time exceeds the specified time, call trace occurs. To fix it, add cond_resched() to execute the watchdog thread.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2174bbc235f79fce88ea71fd08cf836568fcad5f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2233c4a0b948211743659b24c13d6bd059fa75fc
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2991a023896b79e6753813ed88fbc98979713c73
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3dd2c5cb2c698a02a4ed2ea0acb7c9909374a8bf
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/50ddf4b0e1a4cb5e9ca0aac3d0a73202b903c87f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/601f8001373fc3fbad498f9be427254908b7fcce
Impacted products
Vendor Product Version
Linux Linux
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/hisi_sas/hisi_sas_v3_hw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3dd2c5cb2c698a02a4ed2ea0acb7c9909374a8bf",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "2174bbc235f79fce88ea71fd08cf836568fcad5f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "2991a023896b79e6753813ed88fbc98979713c73",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "50ddf4b0e1a4cb5e9ca0aac3d0a73202b903c87f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "601f8001373fc3fbad498f9be427254908b7fcce",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "2233c4a0b948211743659b24c13d6bd059fa75fc",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/hisi_sas/hisi_sas_v3_hw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13-rc1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Add cond_resched() for no forced preemption model\n\nFor no forced preemption model kernel, in the scenario where the\nexpander is connected to 12 high performance SAS SSDs, the following\ncall trace may occur:\n\n[  214.409199][  C240] watchdog: BUG: soft lockup - CPU#240 stuck for 22s! [irq/149-hisi_sa:3211]\n[  214.568533][  C240] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--)\n[  214.575224][  C240] pc : fput_many+0x8c/0xdc\n[  214.579480][  C240] lr : fput+0x1c/0xf0\n[  214.583302][  C240] sp : ffff80002de2b900\n[  214.587298][  C240] x29: ffff80002de2b900 x28: ffff1082aa412000\n[  214.593291][  C240] x27: ffff3062a0348c08 x26: ffff80003a9f6000\n[  214.599284][  C240] x25: ffff1062bbac5c40 x24: 0000000000001000\n[  214.605277][  C240] x23: 000000000000000a x22: 0000000000000001\n[  214.611270][  C240] x21: 0000000000001000 x20: 0000000000000000\n[  214.617262][  C240] x19: ffff3062a41ae580 x18: 0000000000010000\n[  214.623255][  C240] x17: 0000000000000001 x16: ffffdb3a6efe5fc0\n[  214.629248][  C240] x15: ffffffffffffffff x14: 0000000003ffffff\n[  214.635241][  C240] x13: 000000000000ffff x12: 000000000000029c\n[  214.641234][  C240] x11: 0000000000000006 x10: ffff80003a9f7fd0\n[  214.647226][  C240] x9 : ffffdb3a6f0482fc x8 : 0000000000000001\n[  214.653219][  C240] x7 : 0000000000000002 x6 : 0000000000000080\n[  214.659212][  C240] x5 : ffff55480ee9b000 x4 : fffffde7f94c6554\n[  214.665205][  C240] x3 : 0000000000000002 x2 : 0000000000000020\n[  214.671198][  C240] x1 : 0000000000000021 x0 : ffff3062a41ae5b8\n[  214.677191][  C240] Call trace:\n[  214.680320][  C240]  fput_many+0x8c/0xdc\n[  214.684230][  C240]  fput+0x1c/0xf0\n[  214.687707][  C240]  aio_complete_rw+0xd8/0x1fc\n[  214.692225][  C240]  blkdev_bio_end_io+0x98/0x140\n[  214.696917][  C240]  bio_endio+0x160/0x1bc\n[  214.701001][  C240]  blk_update_request+0x1c8/0x3bc\n[  214.705867][  C240]  scsi_end_request+0x3c/0x1f0\n[  214.710471][  C240]  scsi_io_completion+0x7c/0x1a0\n[  214.715249][  C240]  scsi_finish_command+0x104/0x140\n[  214.720200][  C240]  scsi_softirq_done+0x90/0x180\n[  214.724892][  C240]  blk_mq_complete_request+0x5c/0x70\n[  214.730016][  C240]  scsi_mq_done+0x48/0xac\n[  214.734194][  C240]  sas_scsi_task_done+0xbc/0x16c [libsas]\n[  214.739758][  C240]  slot_complete_v3_hw+0x260/0x760 [hisi_sas_v3_hw]\n[  214.746185][  C240]  cq_thread_v3_hw+0xbc/0x190 [hisi_sas_v3_hw]\n[  214.752179][  C240]  irq_thread_fn+0x34/0xa4\n[  214.756435][  C240]  irq_thread+0xc4/0x130\n[  214.760520][  C240]  kthread+0x108/0x13c\n[  214.764430][  C240]  ret_from_fork+0x10/0x18\n\nThis is because in the hisi_sas driver, both the hardware interrupt\nhandler and the interrupt thread are executed on the same CPU. In the\nperformance test scenario, function irq_wait_for_interrupt() will always\nreturn 0 if lots of interrupts occurs and the CPU will be continuously\nconsumed. As a result, the CPU cannot run the watchdog thread. When the\nwatchdog time exceeds the specified time, call trace occurs.\n\nTo fix it, add cond_resched() to execute the watchdog thread."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-27T14:50:56.983Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3dd2c5cb2c698a02a4ed2ea0acb7c9909374a8bf"
        },
        {
          "url": "https://git.kernel.org/stable/c/2174bbc235f79fce88ea71fd08cf836568fcad5f"
        },
        {
          "url": "https://git.kernel.org/stable/c/2991a023896b79e6753813ed88fbc98979713c73"
        },
        {
          "url": "https://git.kernel.org/stable/c/50ddf4b0e1a4cb5e9ca0aac3d0a73202b903c87f"
        },
        {
          "url": "https://git.kernel.org/stable/c/601f8001373fc3fbad498f9be427254908b7fcce"
        },
        {
          "url": "https://git.kernel.org/stable/c/2233c4a0b948211743659b24c13d6bd059fa75fc"
        }
      ],
      "title": "scsi: hisi_sas: Add cond_resched() for no forced preemption model",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56589",
    "datePublished": "2024-12-27T14:50:56.983Z",
    "dateReserved": "2024-12-27T14:03:06.002Z",
    "dateUpdated": "2024-12-27T14:50:56.983Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-56589\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-12-27T15:15:18.150\",\"lastModified\":\"2024-12-27T15:15:18.150\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nscsi: hisi_sas: Add cond_resched() for no forced preemption model\\n\\nFor no forced preemption model kernel, in the scenario where the\\nexpander is connected to 12 high performance SAS SSDs, the following\\ncall trace may occur:\\n\\n[  214.409199][  C240] watchdog: BUG: soft lockup - CPU#240 stuck for 22s! [irq/149-hisi_sa:3211]\\n[  214.568533][  C240] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--)\\n[  214.575224][  C240] pc : fput_many+0x8c/0xdc\\n[  214.579480][  C240] lr : fput+0x1c/0xf0\\n[  214.583302][  C240] sp : ffff80002de2b900\\n[  214.587298][  C240] x29: ffff80002de2b900 x28: ffff1082aa412000\\n[  214.593291][  C240] x27: ffff3062a0348c08 x26: ffff80003a9f6000\\n[  214.599284][  C240] x25: ffff1062bbac5c40 x24: 0000000000001000\\n[  214.605277][  C240] x23: 000000000000000a x22: 0000000000000001\\n[  214.611270][  C240] x21: 0000000000001000 x20: 0000000000000000\\n[  214.617262][  C240] x19: ffff3062a41ae580 x18: 0000000000010000\\n[  214.623255][  C240] x17: 0000000000000001 x16: ffffdb3a6efe5fc0\\n[  214.629248][  C240] x15: ffffffffffffffff x14: 0000000003ffffff\\n[  214.635241][  C240] x13: 000000000000ffff x12: 000000000000029c\\n[  214.641234][  C240] x11: 0000000000000006 x10: ffff80003a9f7fd0\\n[  214.647226][  C240] x9 : ffffdb3a6f0482fc x8 : 0000000000000001\\n[  214.653219][  C240] x7 : 0000000000000002 x6 : 0000000000000080\\n[  214.659212][  C240] x5 : ffff55480ee9b000 x4 : fffffde7f94c6554\\n[  214.665205][  C240] x3 : 0000000000000002 x2 : 0000000000000020\\n[  214.671198][  C240] x1 : 0000000000000021 x0 : ffff3062a41ae5b8\\n[  214.677191][  C240] Call trace:\\n[  214.680320][  C240]  fput_many+0x8c/0xdc\\n[  214.684230][  C240]  fput+0x1c/0xf0\\n[  214.687707][  C240]  aio_complete_rw+0xd8/0x1fc\\n[  214.692225][  C240]  blkdev_bio_end_io+0x98/0x140\\n[  214.696917][  C240]  bio_endio+0x160/0x1bc\\n[  214.701001][  C240]  blk_update_request+0x1c8/0x3bc\\n[  214.705867][  C240]  scsi_end_request+0x3c/0x1f0\\n[  214.710471][  C240]  scsi_io_completion+0x7c/0x1a0\\n[  214.715249][  C240]  scsi_finish_command+0x104/0x140\\n[  214.720200][  C240]  scsi_softirq_done+0x90/0x180\\n[  214.724892][  C240]  blk_mq_complete_request+0x5c/0x70\\n[  214.730016][  C240]  scsi_mq_done+0x48/0xac\\n[  214.734194][  C240]  sas_scsi_task_done+0xbc/0x16c [libsas]\\n[  214.739758][  C240]  slot_complete_v3_hw+0x260/0x760 [hisi_sas_v3_hw]\\n[  214.746185][  C240]  cq_thread_v3_hw+0xbc/0x190 [hisi_sas_v3_hw]\\n[  214.752179][  C240]  irq_thread_fn+0x34/0xa4\\n[  214.756435][  C240]  irq_thread+0xc4/0x130\\n[  214.760520][  C240]  kthread+0x108/0x13c\\n[  214.764430][  C240]  ret_from_fork+0x10/0x18\\n\\nThis is because in the hisi_sas driver, both the hardware interrupt\\nhandler and the interrupt thread are executed on the same CPU. In the\\nperformance test scenario, function irq_wait_for_interrupt() will always\\nreturn 0 if lots of interrupts occurs and the CPU will be continuously\\nconsumed. As a result, the CPU cannot run the watchdog thread. When the\\nwatchdog time exceeds the specified time, call trace occurs.\\n\\nTo fix it, add cond_resched() to execute the watchdog thread.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2174bbc235f79fce88ea71fd08cf836568fcad5f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/2233c4a0b948211743659b24c13d6bd059fa75fc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/2991a023896b79e6753813ed88fbc98979713c73\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3dd2c5cb2c698a02a4ed2ea0acb7c9909374a8bf\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/50ddf4b0e1a4cb5e9ca0aac3d0a73202b903c87f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/601f8001373fc3fbad498f9be427254908b7fcce\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.