CVE-2021-47178 (GCVE-0-2021-47178)

Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2026-05-11 13:49
VLAI
Title
scsi: target: core: Avoid smp_processor_id() in preemptible code
Summary
In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Avoid smp_processor_id() in preemptible code The BUG message "BUG: using smp_processor_id() in preemptible [00000000] code" was observed for TCMU devices with kernel config DEBUG_PREEMPT. The message was observed when blktests block/005 was run on TCMU devices with fileio backend or user:zbc backend [1]. The commit 1130b499b4a7 ("scsi: target: tcm_loop: Use LIO wq cmd submission helper") triggered the symptom. The commit modified work queue to handle commands and changed 'current->nr_cpu_allowed' at smp_processor_id() call. The message was also observed at system shutdown when TCMU devices were not cleaned up [2]. The function smp_processor_id() was called in SCSI host work queue for abort handling, and triggered the BUG message. This symptom was observed regardless of the commit 1130b499b4a7 ("scsi: target: tcm_loop: Use LIO wq cmd submission helper"). To avoid the preemptible code check at smp_processor_id(), get CPU ID with raw_smp_processor_id() instead. The CPU ID is used for performance improvement then thread move to other CPU will not affect the code. [1] [ 56.468103] run blktests block/005 at 2021-05-12 14:16:38 [ 57.369473] check_preemption_disabled: 85 callbacks suppressed [ 57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511 [ 57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510 [ 57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506 [ 57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34 [ 57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018 [ 57.369617] Call Trace: [ 57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507 [ 57.369628] dump_stack+0x6d/0x89 [ 57.369642] check_preemption_disabled+0xc8/0xd0 [ 57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369655] __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369695] target_init_cmd+0x76/0x90 [target_core_mod] [ 57.369732] tcm_loop_queuecommand+0x109/0x210 [tcm_loop] [ 57.369744] scsi_queue_rq+0x38e/0xc40 [ 57.369761] __blk_mq_try_issue_directly+0x109/0x1c0 [ 57.369779] blk_mq_try_issue_directly+0x43/0x90 [ 57.369790] blk_mq_submit_bio+0x4e5/0x5d0 [ 57.369812] submit_bio_noacct+0x46e/0x4e0 [ 57.369830] __blkdev_direct_IO_simple+0x1a3/0x2d0 [ 57.369859] ? set_init_blocksize.isra.0+0x60/0x60 [ 57.369880] generic_file_read_iter+0x89/0x160 [ 57.369898] blkdev_read_iter+0x44/0x60 [ 57.369906] new_sync_read+0x102/0x170 [ 57.369929] vfs_read+0xd4/0x160 [ 57.369941] __x64_sys_pread64+0x6e/0xa0 [ 57.369946] ? lockdep_hardirqs_on+0x79/0x100 [ 57.369958] do_syscall_64+0x3a/0x70 [ 57.369965] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.369973] RIP: 0033:0x7f7ed4c1399f [ 57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b [ 57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011 [ 57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f [ 57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009 [ 57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001 [ 57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70 [ 57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568 [ 57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34 [ 57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018 [ 57.370039] Call Trace: [ 57.370045] dump_stack+0x6d/0x89 [ 57.370056] ch ---truncated---
Severity
No CVSS data available.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 008b936bbde3e87a611b3828a0d5d2a4f99026a0 , < a222d2794c53f8165de20aa91b39e35e4b72bce9 (git)
Affected: 1526d9f10c6184031e42afad0adbdde1213e8ad1 , < a20b6eaf4f35046a429cde57bee7eb5f13d6857f (git)
Affected: 1526d9f10c6184031e42afad0adbdde1213e8ad1 , < 70ca3c57ff914113f681e657634f7fbfa68e1ad1 (git)
Create a notification for this product.
Linux Linux Affected: 5.11
Unaffected: 0 , < 5.11 (semver)
Unaffected: 5.12.9 , ≤ 5.12.* (semver)
Unaffected: 5.13 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:24:39.944Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47178",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:54:21.876109Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:47.925Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/target/target_core_transport.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a222d2794c53f8165de20aa91b39e35e4b72bce9",
              "status": "affected",
              "version": "008b936bbde3e87a611b3828a0d5d2a4f99026a0",
              "versionType": "git"
            },
            {
              "lessThan": "a20b6eaf4f35046a429cde57bee7eb5f13d6857f",
              "status": "affected",
              "version": "1526d9f10c6184031e42afad0adbdde1213e8ad1",
              "versionType": "git"
            },
            {
              "lessThan": "70ca3c57ff914113f681e657634f7fbfa68e1ad1",
              "status": "affected",
              "version": "1526d9f10c6184031e42afad0adbdde1213e8ad1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/target/target_core_transport.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.11"
            },
            {
              "lessThan": "5.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12.9",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Avoid smp_processor_id() in preemptible code\n\nThe BUG message \"BUG: using smp_processor_id() in preemptible [00000000]\ncode\" was observed for TCMU devices with kernel config DEBUG_PREEMPT.\n\nThe message was observed when blktests block/005 was run on TCMU devices\nwith fileio backend or user:zbc backend [1]. The commit 1130b499b4a7\n(\"scsi: target: tcm_loop: Use LIO wq cmd submission helper\") triggered the\nsymptom. The commit modified work queue to handle commands and changed\n\u0027current-\u003enr_cpu_allowed\u0027 at smp_processor_id() call.\n\nThe message was also observed at system shutdown when TCMU devices were not\ncleaned up [2]. The function smp_processor_id() was called in SCSI host\nwork queue for abort handling, and triggered the BUG message. This symptom\nwas observed regardless of the commit 1130b499b4a7 (\"scsi: target:\ntcm_loop: Use LIO wq cmd submission helper\").\n\nTo avoid the preemptible code check at smp_processor_id(), get CPU ID with\nraw_smp_processor_id() instead. The CPU ID is used for performance\nimprovement then thread move to other CPU will not affect the code.\n\n[1]\n\n[   56.468103] run blktests block/005 at 2021-05-12 14:16:38\n[   57.369473] check_preemption_disabled: 85 callbacks suppressed\n[   57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511\n[   57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510\n[   57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506\n[   57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\n[   57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34\n[   57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\n[   57.369617] Call Trace:\n[   57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507\n[   57.369628]  dump_stack+0x6d/0x89\n[   57.369642]  check_preemption_disabled+0xc8/0xd0\n[   57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\n[   57.369655]  __target_init_cmd+0x157/0x170 [target_core_mod]\n[   57.369695]  target_init_cmd+0x76/0x90 [target_core_mod]\n[   57.369732]  tcm_loop_queuecommand+0x109/0x210 [tcm_loop]\n[   57.369744]  scsi_queue_rq+0x38e/0xc40\n[   57.369761]  __blk_mq_try_issue_directly+0x109/0x1c0\n[   57.369779]  blk_mq_try_issue_directly+0x43/0x90\n[   57.369790]  blk_mq_submit_bio+0x4e5/0x5d0\n[   57.369812]  submit_bio_noacct+0x46e/0x4e0\n[   57.369830]  __blkdev_direct_IO_simple+0x1a3/0x2d0\n[   57.369859]  ? set_init_blocksize.isra.0+0x60/0x60\n[   57.369880]  generic_file_read_iter+0x89/0x160\n[   57.369898]  blkdev_read_iter+0x44/0x60\n[   57.369906]  new_sync_read+0x102/0x170\n[   57.369929]  vfs_read+0xd4/0x160\n[   57.369941]  __x64_sys_pread64+0x6e/0xa0\n[   57.369946]  ? lockdep_hardirqs_on+0x79/0x100\n[   57.369958]  do_syscall_64+0x3a/0x70\n[   57.369965]  entry_SYSCALL_64_after_hwframe+0x44/0xae\n[   57.369973] RIP: 0033:0x7f7ed4c1399f\n[   57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b\n[   57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011\n[   57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f\n[   57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009\n[   57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001\n[   57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70\n[   57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568\n[   57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34\n[   57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\n[   57.370039] Call Trace:\n[   57.370045]  dump_stack+0x6d/0x89\n[   57.370056]  ch\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:49:29.203Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9"
        },
        {
          "url": "https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f"
        },
        {
          "url": "https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1"
        }
      ],
      "title": "scsi: target: core: Avoid smp_processor_id() in preemptible code",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47178",
    "datePublished": "2024-03-25T09:16:28.024Z",
    "dateReserved": "2024-03-25T09:12:14.112Z",
    "dateUpdated": "2026-05-11T13:49:29.203Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-47178",
      "date": "2026-06-06",
      "epss": "0.00018",
      "percentile": "0.04922"
    },
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nscsi: target: core: Avoid smp_processor_id() in preemptible code\\n\\nThe BUG message \\\"BUG: using smp_processor_id() in preemptible [00000000]\\ncode\\\" was observed for TCMU devices with kernel config DEBUG_PREEMPT.\\n\\nThe message was observed when blktests block/005 was run on TCMU devices\\nwith fileio backend or user:zbc backend [1]. The commit 1130b499b4a7\\n(\\\"scsi: target: tcm_loop: Use LIO wq cmd submission helper\\\") triggered the\\nsymptom. The commit modified work queue to handle commands and changed\\n\u0027current-\u003enr_cpu_allowed\u0027 at smp_processor_id() call.\\n\\nThe message was also observed at system shutdown when TCMU devices were not\\ncleaned up [2]. The function smp_processor_id() was called in SCSI host\\nwork queue for abort handling, and triggered the BUG message. This symptom\\nwas observed regardless of the commit 1130b499b4a7 (\\\"scsi: target:\\ntcm_loop: Use LIO wq cmd submission helper\\\").\\n\\nTo avoid the preemptible code check at smp_processor_id(), get CPU ID with\\nraw_smp_processor_id() instead. The CPU ID is used for performance\\nimprovement then thread move to other CPU will not affect the code.\\n\\n[1]\\n\\n[   56.468103] run blktests block/005 at 2021-05-12 14:16:38\\n[   57.369473] check_preemption_disabled: 85 callbacks suppressed\\n[   57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511\\n[   57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510\\n[   57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506\\n[   57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\\n[   57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34\\n[   57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\\n[   57.369617] Call Trace:\\n[   57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507\\n[   57.369628]  dump_stack+0x6d/0x89\\n[   57.369642]  check_preemption_disabled+0xc8/0xd0\\n[   57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\\n[   57.369655]  __target_init_cmd+0x157/0x170 [target_core_mod]\\n[   57.369695]  target_init_cmd+0x76/0x90 [target_core_mod]\\n[   57.369732]  tcm_loop_queuecommand+0x109/0x210 [tcm_loop]\\n[   57.369744]  scsi_queue_rq+0x38e/0xc40\\n[   57.369761]  __blk_mq_try_issue_directly+0x109/0x1c0\\n[   57.369779]  blk_mq_try_issue_directly+0x43/0x90\\n[   57.369790]  blk_mq_submit_bio+0x4e5/0x5d0\\n[   57.369812]  submit_bio_noacct+0x46e/0x4e0\\n[   57.369830]  __blkdev_direct_IO_simple+0x1a3/0x2d0\\n[   57.369859]  ? set_init_blocksize.isra.0+0x60/0x60\\n[   57.369880]  generic_file_read_iter+0x89/0x160\\n[   57.369898]  blkdev_read_iter+0x44/0x60\\n[   57.369906]  new_sync_read+0x102/0x170\\n[   57.369929]  vfs_read+0xd4/0x160\\n[   57.369941]  __x64_sys_pread64+0x6e/0xa0\\n[   57.369946]  ? lockdep_hardirqs_on+0x79/0x100\\n[   57.369958]  do_syscall_64+0x3a/0x70\\n[   57.369965]  entry_SYSCALL_64_after_hwframe+0x44/0xae\\n[   57.369973] RIP: 0033:0x7f7ed4c1399f\\n[   57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b\\n[   57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011\\n[   57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f\\n[   57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009\\n[   57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001\\n[   57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70\\n[   57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568\\n[   57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34\\n[   57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\\n[   57.370039] Call Trace:\\n[   57.370045]  dump_stack+0x6d/0x89\\n[   57.370056]  ch\\n---truncated---\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: target: core: Evite smp_processor_id() en c\\u00f3digo interrumpible Se observ\\u00f3 el mensaje de ERROR \\\"ERROR: usar smp_processor_id() en c\\u00f3digo interrumpible [00000000]\\\" para dispositivos TCMU con configuraci\\u00f3n de kernel DEBUG_PREEMPT. El mensaje se observ\\u00f3 cuando se ejecut\\u00f3 blktests block/005 en dispositivos TCMU con backend fileio o usuario:zbc [1]. La confirmaci\\u00f3n 1130b499b4a7 (\\\"scsi: target: tcm_loop: Use el asistente de env\\u00edo LIO wq cmd\\\") desencaden\\u00f3 el s\\u00edntoma. La confirmaci\\u00f3n modific\\u00f3 la cola de trabajo para manejar comandos y cambi\\u00f3 \u0027current-\u0026gt;nr_cpu_allowed\u0027 en la llamada a smp_processor_id(). El mensaje tambi\\u00e9n se observ\\u00f3 al apagar el sistema cuando los dispositivos TCMU no se limpiaron [2]. La funci\\u00f3n smp_processor_id() fue llamada en la cola de trabajo del host SCSI para el manejo de abortos y activ\\u00f3 el mensaje de ERROR. Este s\\u00edntoma se observ\\u00f3 independientemente de la confirmaci\\u00f3n 1130b499b4a7 (\\\"scsi: target: tcm_loop: Use el asistente de env\\u00edo LIO wq cmd\\\"). Para evitar la verificaci\\u00f3n del c\\u00f3digo interrumpible en smp_processor_id(), obtenga el ID de la CPU con raw_smp_processor_id() en su lugar. El ID de la CPU se utiliza para mejorar el rendimiento, luego el movimiento del subproceso a otra CPU no afectar\\u00e1 el c\\u00f3digo. [1] [56.468103] ejecute blktests block/005 el 2021-05-12 14:16:38 [57.369473] check_preemption_disabled: 85 devoluciones de llamada suprimidas [57.369480] ERROR: usar smp_processor_id() en c\\u00f3digo preferente [00000000]: fio/151 1 [ 57.369506] ERROR: usar smp_processor_id() en c\\u00f3digo interrumpible [00000000]: fio/1510 [57.369512] ERROR: usar smp_processor_id() en c\\u00f3digo interrumpible [00000000]: fio/1506 [57.369552] la persona que llama es __target_init_cmd+0 x157/0x170 [objetivo_core_mod] [ 57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34 [ 57.369613] Nombre del hardware: Fabricante del sistema Nombre del producto del sistema/PRIME Z270-A, BIOS 1302 15/03/2018 [ 57.369617] Seguimiento de llamadas : [57.369621] ERROR: usar smp_processor_id() en c\\u00f3digo interrumpible [00000000]: fio/1507 [57.369628] dump_stack+0x6d/0x89 [57.369642] check_preemption_disabled+0xc8/0xd0 [57.369628] la persona que llama es __ target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369655] __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369695] target_init_cmd+0x76/0x90 [target_core_mod] [ 57.369732] tcm_loop_queuecommand+0x109/0x210 [tcm_loop] [ 57 .369744] scsi_queue_rq+0x38e/0xc40 [ 57.369761] __blk_mq_try_issue_directly+0x109/0x1c0 [ 57.369779 ] blk_mq_try_issue_directly+0x43/0x90 [ 57.369790] blk_mq_submit_bio+0x4e5/0x5d0 [ 57.369812] submit_bio_noacct+0x46e/0x4e0 [ 57.369830] __blkdev_direct_IO_simple+0x1a3/0x2 d0 [57.369859]? set_init_blocksize.isra.0+0x60/0x60 [ 57.369880] generic_file_read_iter+0x89/0x160 [ 57.369898] blkdev_read_iter+0x44/0x60 [ 57.369906] new_sync_read+0x102/0x170 [ 57.369929 ] vfs_read+0xd4/0x160 [ 57.369941] __x64_sys_pread64+0x6e/0xa0 [ 57.369946] ? lockdep_hardirqs_on+0x79/0x100 [ 57.369958] do_syscall_64+0x3a/0x70 [ 57.369965] Entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.369973] RIP: 0033:0x7f7ed4c1399f [ 5 7.369979] C\\u00f3digo: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 \u0026lt;48\u0026gt; 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b [ 57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011 [ 57.369990] RAX: fffffffffffffffda RBX: 00000000015b4540 RCX: 00 007f7ed4c1399f [ 57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 000000000000000009 [ 57.369996] RBP: 00000000015b4540 R08: 000 0000000000000 R09: 0000000000000001 [ 57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70 [ 57.370002] R13: 00000000000000000 R14: 000000000000 1000 R15: 00000000015b4568 [57.370031] CPU: 7 PID: 1507 ---truncado---\"}]",
      "id": "CVE-2021-47178",
      "lastModified": "2024-11-21T06:35:33.900",
      "published": "2024-03-25T10:15:09.267",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Awaiting Analysis"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-47178\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-03-25T10:15:09.267\",\"lastModified\":\"2025-03-17T15:20:33.717\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nscsi: target: core: Avoid smp_processor_id() in preemptible code\\n\\nThe BUG message \\\"BUG: using smp_processor_id() in preemptible [00000000]\\ncode\\\" was observed for TCMU devices with kernel config DEBUG_PREEMPT.\\n\\nThe message was observed when blktests block/005 was run on TCMU devices\\nwith fileio backend or user:zbc backend [1]. The commit 1130b499b4a7\\n(\\\"scsi: target: tcm_loop: Use LIO wq cmd submission helper\\\") triggered the\\nsymptom. The commit modified work queue to handle commands and changed\\n\u0027current-\u003enr_cpu_allowed\u0027 at smp_processor_id() call.\\n\\nThe message was also observed at system shutdown when TCMU devices were not\\ncleaned up [2]. The function smp_processor_id() was called in SCSI host\\nwork queue for abort handling, and triggered the BUG message. This symptom\\nwas observed regardless of the commit 1130b499b4a7 (\\\"scsi: target:\\ntcm_loop: Use LIO wq cmd submission helper\\\").\\n\\nTo avoid the preemptible code check at smp_processor_id(), get CPU ID with\\nraw_smp_processor_id() instead. The CPU ID is used for performance\\nimprovement then thread move to other CPU will not affect the code.\\n\\n[1]\\n\\n[   56.468103] run blktests block/005 at 2021-05-12 14:16:38\\n[   57.369473] check_preemption_disabled: 85 callbacks suppressed\\n[   57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511\\n[   57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510\\n[   57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506\\n[   57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\\n[   57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34\\n[   57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\\n[   57.369617] Call Trace:\\n[   57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507\\n[   57.369628]  dump_stack+0x6d/0x89\\n[   57.369642]  check_preemption_disabled+0xc8/0xd0\\n[   57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\\n[   57.369655]  __target_init_cmd+0x157/0x170 [target_core_mod]\\n[   57.369695]  target_init_cmd+0x76/0x90 [target_core_mod]\\n[   57.369732]  tcm_loop_queuecommand+0x109/0x210 [tcm_loop]\\n[   57.369744]  scsi_queue_rq+0x38e/0xc40\\n[   57.369761]  __blk_mq_try_issue_directly+0x109/0x1c0\\n[   57.369779]  blk_mq_try_issue_directly+0x43/0x90\\n[   57.369790]  blk_mq_submit_bio+0x4e5/0x5d0\\n[   57.369812]  submit_bio_noacct+0x46e/0x4e0\\n[   57.369830]  __blkdev_direct_IO_simple+0x1a3/0x2d0\\n[   57.369859]  ? set_init_blocksize.isra.0+0x60/0x60\\n[   57.369880]  generic_file_read_iter+0x89/0x160\\n[   57.369898]  blkdev_read_iter+0x44/0x60\\n[   57.369906]  new_sync_read+0x102/0x170\\n[   57.369929]  vfs_read+0xd4/0x160\\n[   57.369941]  __x64_sys_pread64+0x6e/0xa0\\n[   57.369946]  ? lockdep_hardirqs_on+0x79/0x100\\n[   57.369958]  do_syscall_64+0x3a/0x70\\n[   57.369965]  entry_SYSCALL_64_after_hwframe+0x44/0xae\\n[   57.369973] RIP: 0033:0x7f7ed4c1399f\\n[   57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b\\n[   57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011\\n[   57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f\\n[   57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009\\n[   57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001\\n[   57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70\\n[   57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568\\n[   57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34\\n[   57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\\n[   57.370039] Call Trace:\\n[   57.370045]  dump_stack+0x6d/0x89\\n[   57.370056]  ch\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: target: core: Evite smp_processor_id() en c\u00f3digo interrumpible Se observ\u00f3 el mensaje de ERROR \\\"ERROR: usar smp_processor_id() en c\u00f3digo interrumpible [00000000]\\\" para dispositivos TCMU con configuraci\u00f3n de kernel DEBUG_PREEMPT. El mensaje se observ\u00f3 cuando se ejecut\u00f3 blktests block/005 en dispositivos TCMU con backend fileio o usuario:zbc [1]. La confirmaci\u00f3n 1130b499b4a7 (\\\"scsi: target: tcm_loop: Use el asistente de env\u00edo LIO wq cmd\\\") desencaden\u00f3 el s\u00edntoma. La confirmaci\u00f3n modific\u00f3 la cola de trabajo para manejar comandos y cambi\u00f3 \u0027current-\u0026gt;nr_cpu_allowed\u0027 en la llamada a smp_processor_id(). El mensaje tambi\u00e9n se observ\u00f3 al apagar el sistema cuando los dispositivos TCMU no se limpiaron [2]. La funci\u00f3n smp_processor_id() fue llamada en la cola de trabajo del host SCSI para el manejo de abortos y activ\u00f3 el mensaje de ERROR. Este s\u00edntoma se observ\u00f3 independientemente de la confirmaci\u00f3n 1130b499b4a7 (\\\"scsi: target: tcm_loop: Use el asistente de env\u00edo LIO wq cmd\\\"). Para evitar la verificaci\u00f3n del c\u00f3digo interrumpible en smp_processor_id(), obtenga el ID de la CPU con raw_smp_processor_id() en su lugar. El ID de la CPU se utiliza para mejorar el rendimiento, luego el movimiento del subproceso a otra CPU no afectar\u00e1 el c\u00f3digo. [1] [56.468103] ejecute blktests block/005 el 2021-05-12 14:16:38 [57.369473] check_preemption_disabled: 85 devoluciones de llamada suprimidas [57.369480] ERROR: usar smp_processor_id() en c\u00f3digo preferente [00000000]: fio/151 1 [ 57.369506] ERROR: usar smp_processor_id() en c\u00f3digo interrumpible [00000000]: fio/1510 [57.369512] ERROR: usar smp_processor_id() en c\u00f3digo interrumpible [00000000]: fio/1506 [57.369552] la persona que llama es __target_init_cmd+0 x157/0x170 [objetivo_core_mod] [ 57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34 [ 57.369613] Nombre del hardware: Fabricante del sistema Nombre del producto del sistema/PRIME Z270-A, BIOS 1302 15/03/2018 [ 57.369617] Seguimiento de llamadas : [57.369621] ERROR: usar smp_processor_id() en c\u00f3digo interrumpible [00000000]: fio/1507 [57.369628] dump_stack+0x6d/0x89 [57.369642] check_preemption_disabled+0xc8/0xd0 [57.369628] la persona que llama es __ target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369655] __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369695] target_init_cmd+0x76/0x90 [target_core_mod] [ 57.369732] tcm_loop_queuecommand+0x109/0x210 [tcm_loop] [ 57 .369744] scsi_queue_rq+0x38e/0xc40 [ 57.369761] __blk_mq_try_issue_directly+0x109/0x1c0 [ 57.369779 ] blk_mq_try_issue_directly+0x43/0x90 [ 57.369790] blk_mq_submit_bio+0x4e5/0x5d0 [ 57.369812] submit_bio_noacct+0x46e/0x4e0 [ 57.369830] __blkdev_direct_IO_simple+0x1a3/0x2 d0 [57.369859]? set_init_blocksize.isra.0+0x60/0x60 [ 57.369880] generic_file_read_iter+0x89/0x160 [ 57.369898] blkdev_read_iter+0x44/0x60 [ 57.369906] new_sync_read+0x102/0x170 [ 57.369929 ] vfs_read+0xd4/0x160 [ 57.369941] __x64_sys_pread64+0x6e/0xa0 [ 57.369946] ? lockdep_hardirqs_on+0x79/0x100 [ 57.369958] do_syscall_64+0x3a/0x70 [ 57.369965] Entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.369973] RIP: 0033:0x7f7ed4c1399f [ 5 7.369979] C\u00f3digo: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 \u0026lt;48\u0026gt; 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b [ 57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011 [ 57.369990] RAX: fffffffffffffffda RBX: 00000000015b4540 RCX: 00 007f7ed4c1399f [ 57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 000000000000000009 [ 57.369996] RBP: 00000000015b4540 R08: 000 0000000000000 R09: 0000000000000001 [ 57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70 [ 57.370002] R13: 00000000000000000 R14: 000000000000 1000 R15: 00000000015b4568 [57.370031] CPU: 7 PID: 1507 ---truncado---\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-459\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.12.9\",\"matchCriteriaId\":\"2C8A1D02-81A7-44E5-ACFD-CC6A6694F930\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"96AC23B2-D46A-49D9-8203-8E1BEDCA8532\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA610E30-717C-4700-9F77-A3C9244F3BFD\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T05:24:39.944Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-47178\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T15:54:21.876109Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:18.789Z\"}}], \"cna\": {\"title\": \"scsi: target: core: Avoid smp_processor_id() in preemptible code\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"008b936bbde3e87a611b3828a0d5d2a4f99026a0\", \"lessThan\": \"a222d2794c53f8165de20aa91b39e35e4b72bce9\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1526d9f10c6184031e42afad0adbdde1213e8ad1\", \"lessThan\": \"a20b6eaf4f35046a429cde57bee7eb5f13d6857f\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1526d9f10c6184031e42afad0adbdde1213e8ad1\", \"lessThan\": \"70ca3c57ff914113f681e657634f7fbfa68e1ad1\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/target/target_core_transport.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.11\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"5.11\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.12.9\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.12.*\"}, {\"status\": \"unaffected\", \"version\": \"5.13\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/target/target_core_transport.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9\"}, {\"url\": \"https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f\"}, {\"url\": \"https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1\"}], \"x_generator\": {\"engine\": \"bippy-5f407fcff5a0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nscsi: target: core: Avoid smp_processor_id() in preemptible code\\n\\nThe BUG message \\\"BUG: using smp_processor_id() in preemptible [00000000]\\ncode\\\" was observed for TCMU devices with kernel config DEBUG_PREEMPT.\\n\\nThe message was observed when blktests block/005 was run on TCMU devices\\nwith fileio backend or user:zbc backend [1]. The commit 1130b499b4a7\\n(\\\"scsi: target: tcm_loop: Use LIO wq cmd submission helper\\\") triggered the\\nsymptom. The commit modified work queue to handle commands and changed\\n\u0027current-\u003enr_cpu_allowed\u0027 at smp_processor_id() call.\\n\\nThe message was also observed at system shutdown when TCMU devices were not\\ncleaned up [2]. The function smp_processor_id() was called in SCSI host\\nwork queue for abort handling, and triggered the BUG message. This symptom\\nwas observed regardless of the commit 1130b499b4a7 (\\\"scsi: target:\\ntcm_loop: Use LIO wq cmd submission helper\\\").\\n\\nTo avoid the preemptible code check at smp_processor_id(), get CPU ID with\\nraw_smp_processor_id() instead. The CPU ID is used for performance\\nimprovement then thread move to other CPU will not affect the code.\\n\\n[1]\\n\\n[   56.468103] run blktests block/005 at 2021-05-12 14:16:38\\n[   57.369473] check_preemption_disabled: 85 callbacks suppressed\\n[   57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511\\n[   57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510\\n[   57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506\\n[   57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\\n[   57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34\\n[   57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\\n[   57.369617] Call Trace:\\n[   57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507\\n[   57.369628]  dump_stack+0x6d/0x89\\n[   57.369642]  check_preemption_disabled+0xc8/0xd0\\n[   57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\\n[   57.369655]  __target_init_cmd+0x157/0x170 [target_core_mod]\\n[   57.369695]  target_init_cmd+0x76/0x90 [target_core_mod]\\n[   57.369732]  tcm_loop_queuecommand+0x109/0x210 [tcm_loop]\\n[   57.369744]  scsi_queue_rq+0x38e/0xc40\\n[   57.369761]  __blk_mq_try_issue_directly+0x109/0x1c0\\n[   57.369779]  blk_mq_try_issue_directly+0x43/0x90\\n[   57.369790]  blk_mq_submit_bio+0x4e5/0x5d0\\n[   57.369812]  submit_bio_noacct+0x46e/0x4e0\\n[   57.369830]  __blkdev_direct_IO_simple+0x1a3/0x2d0\\n[   57.369859]  ? set_init_blocksize.isra.0+0x60/0x60\\n[   57.369880]  generic_file_read_iter+0x89/0x160\\n[   57.369898]  blkdev_read_iter+0x44/0x60\\n[   57.369906]  new_sync_read+0x102/0x170\\n[   57.369929]  vfs_read+0xd4/0x160\\n[   57.369941]  __x64_sys_pread64+0x6e/0xa0\\n[   57.369946]  ? lockdep_hardirqs_on+0x79/0x100\\n[   57.369958]  do_syscall_64+0x3a/0x70\\n[   57.369965]  entry_SYSCALL_64_after_hwframe+0x44/0xae\\n[   57.369973] RIP: 0033:0x7f7ed4c1399f\\n[   57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b\\n[   57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011\\n[   57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f\\n[   57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009\\n[   57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001\\n[   57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70\\n[   57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568\\n[   57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34\\n[   57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\\n[   57.370039] Call Trace:\\n[   57.370045]  dump_stack+0x6d/0x89\\n[   57.370056]  ch\\n---truncated---\"}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2024-12-19T07:36:52.635Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-47178\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-19T07:36:52.635Z\", \"dateReserved\": \"2024-03-25T09:12:14.112Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-03-25T09:16:28.024Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.