CVE-2024-26627

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler<br /> <br /> Inside scsi_eh_wakeup(), scsi_host_busy() is called &amp; checked with host<br /> lock every time for deciding if error handler kthread needs to be waken up.<br /> <br /> This can be too heavy in case of recovery, such as:<br /> <br /> - N hardware queues<br /> <br /> - queue depth is M for each hardware queue<br /> <br /> - each scsi_host_busy() iterates over (N * M) tag/requests<br /> <br /> If recovery is triggered in case that all requests are in-flight, each<br /> scsi_eh_wakeup() is strictly serialized, when scsi_eh_wakeup() is called<br /> for the last in-flight request, scsi_host_busy() has been run for (N * M -<br /> 1) times, and request has been iterated for (N*M - 1) * (N * M) times.<br /> <br /> If both N and M are big enough, hard lockup can be triggered on acquiring<br /> host lock, and it is observed on mpi3mr(128 hw queues, queue depth 8169).<br /> <br /> Fix the issue by calling scsi_host_busy() outside the host lock. We don&amp;#39;t<br /> need the host lock for getting busy count because host the lock never<br /> covers that.<br /> <br /> [mkp: Drop unnecessary &amp;#39;busy&amp;#39; variables pointed out by Bart]