{"id":"CVE-2024-26627","summary":"scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Move scsi_host_busy() out of host lock for waking up EH handler\n\nInside scsi_eh_wakeup(), scsi_host_busy() is called & checked with host\nlock every time for deciding if error handler kthread needs to be waken up.\n\nThis can be too heavy in case of recovery, such as:\n\n - N hardware queues\n\n - queue depth is M for each hardware queue\n\n - each scsi_host_busy() iterates over (N * M) tag/requests\n\nIf recovery is triggered in case that all requests are in-flight, each\nscsi_eh_wakeup() is strictly serialized, when scsi_eh_wakeup() is called\nfor the last in-flight request, scsi_host_busy() has been run for (N * M -\n1) times, and request has been iterated for (N*M - 1) * (N * M) times.\n\nIf both N and M are big enough, hard lockup can be triggered on acquiring\nhost lock, and it is observed on mpi3mr(128 hw queues, queue depth 8169).\n\nFix the issue by calling scsi_host_busy() outside the host lock. We don't\nneed the host lock for getting busy count because host the lock never\ncovers that.\n\n[mkp: Drop unnecessary 'busy' variables pointed out by Bart]","modified":"2026-04-02T10:05:08.126833Z","published":"2024-03-06T06:45:34.339Z","related":["SUSE-SU-2024:1466-1","SUSE-SU-2024:1480-1","SUSE-SU-2024:1490-1","USN-6818-2","USN-6819-2"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26627.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/07e3ca0f17f579491b5f54e9ed05173d6c1d6fcb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4373534a9850627a2695317944898eb1283a2db0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/65ead8468c21c2676d4d06f50b46beffdea69df1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d37c1c81419fdef66ebd0747cf76fb8b7d979059"},{"type":"WEB","url":"https://git.kernel.org/stable/c/db6338f45971b4285ea368432a84033690eaf53c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f5944853f7a961fedc1227dc8f60393f8936d37c"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26627.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26627"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"6eb045e092efefafc6687409a6fa6d1dabf0fb69"},{"fixed":"f5944853f7a961fedc1227dc8f60393f8936d37c"},{"fixed":"d37c1c81419fdef66ebd0747cf76fb8b7d979059"},{"fixed":"db6338f45971b4285ea368432a84033690eaf53c"},{"fixed":"65ead8468c21c2676d4d06f50b46beffdea69df1"},{"fixed":"07e3ca0f17f579491b5f54e9ed05173d6c1d6fcb"},{"fixed":"4373534a9850627a2695317944898eb1283a2db0"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26627.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}