cve-2021-47178
Vulnerability from cvelistv5
Published
2024-03-25 09:16
Modified
2024-09-11 17:33
Severity
Summary
scsi: target: core: Avoid smp_processor_id() in preemptible code
References
SourceURLTags
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9
Impacted products
VendorProduct
LinuxLinux
LinuxLinux
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:24:39.944Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47178",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:54:21.876109Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:47.925Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/target/target_core_transport.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a222d2794c53",
              "status": "affected",
              "version": "008b936bbde3",
              "versionType": "git"
            },
            {
              "lessThan": "a20b6eaf4f35",
              "status": "affected",
              "version": "1526d9f10c61",
              "versionType": "git"
            },
            {
              "lessThan": "70ca3c57ff91",
              "status": "affected",
              "version": "1526d9f10c61",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/target/target_core_transport.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.11"
            },
            {
              "lessThan": "5.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.9",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Avoid smp_processor_id() in preemptible code\n\nThe BUG message \"BUG: using smp_processor_id() in preemptible [00000000]\ncode\" was observed for TCMU devices with kernel config DEBUG_PREEMPT.\n\nThe message was observed when blktests block/005 was run on TCMU devices\nwith fileio backend or user:zbc backend [1]. The commit 1130b499b4a7\n(\"scsi: target: tcm_loop: Use LIO wq cmd submission helper\") triggered the\nsymptom. The commit modified work queue to handle commands and changed\n\u0027current-\u003enr_cpu_allowed\u0027 at smp_processor_id() call.\n\nThe message was also observed at system shutdown when TCMU devices were not\ncleaned up [2]. The function smp_processor_id() was called in SCSI host\nwork queue for abort handling, and triggered the BUG message. This symptom\nwas observed regardless of the commit 1130b499b4a7 (\"scsi: target:\ntcm_loop: Use LIO wq cmd submission helper\").\n\nTo avoid the preemptible code check at smp_processor_id(), get CPU ID with\nraw_smp_processor_id() instead. The CPU ID is used for performance\nimprovement then thread move to other CPU will not affect the code.\n\n[1]\n\n[   56.468103] run blktests block/005 at 2021-05-12 14:16:38\n[   57.369473] check_preemption_disabled: 85 callbacks suppressed\n[   57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511\n[   57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510\n[   57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506\n[   57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\n[   57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34\n[   57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\n[   57.369617] Call Trace:\n[   57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507\n[   57.369628]  dump_stack+0x6d/0x89\n[   57.369642]  check_preemption_disabled+0xc8/0xd0\n[   57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\n[   57.369655]  __target_init_cmd+0x157/0x170 [target_core_mod]\n[   57.369695]  target_init_cmd+0x76/0x90 [target_core_mod]\n[   57.369732]  tcm_loop_queuecommand+0x109/0x210 [tcm_loop]\n[   57.369744]  scsi_queue_rq+0x38e/0xc40\n[   57.369761]  __blk_mq_try_issue_directly+0x109/0x1c0\n[   57.369779]  blk_mq_try_issue_directly+0x43/0x90\n[   57.369790]  blk_mq_submit_bio+0x4e5/0x5d0\n[   57.369812]  submit_bio_noacct+0x46e/0x4e0\n[   57.369830]  __blkdev_direct_IO_simple+0x1a3/0x2d0\n[   57.369859]  ? set_init_blocksize.isra.0+0x60/0x60\n[   57.369880]  generic_file_read_iter+0x89/0x160\n[   57.369898]  blkdev_read_iter+0x44/0x60\n[   57.369906]  new_sync_read+0x102/0x170\n[   57.369929]  vfs_read+0xd4/0x160\n[   57.369941]  __x64_sys_pread64+0x6e/0xa0\n[   57.369946]  ? lockdep_hardirqs_on+0x79/0x100\n[   57.369958]  do_syscall_64+0x3a/0x70\n[   57.369965]  entry_SYSCALL_64_after_hwframe+0x44/0xae\n[   57.369973] RIP: 0033:0x7f7ed4c1399f\n[   57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b\n[   57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011\n[   57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f\n[   57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009\n[   57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001\n[   57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70\n[   57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568\n[   57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34\n[   57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\n[   57.370039] Call Trace:\n[   57.370045]  dump_stack+0x6d/0x89\n[   57.370056]  ch\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T05:03:24.890Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9"
        },
        {
          "url": "https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f"
        },
        {
          "url": "https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1"
        }
      ],
      "title": "scsi: target: core: Avoid smp_processor_id() in preemptible code",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47178",
    "datePublished": "2024-03-25T09:16:28.024Z",
    "dateReserved": "2024-03-25T09:12:14.112Z",
    "dateUpdated": "2024-09-11T17:33:47.925Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-47178\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-03-25T10:15:09.267\",\"lastModified\":\"2024-04-04T14:15:08.850\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nscsi: target: core: Avoid smp_processor_id() in preemptible code\\n\\nThe BUG message \\\"BUG: using smp_processor_id() in preemptible [00000000]\\ncode\\\" was observed for TCMU devices with kernel config DEBUG_PREEMPT.\\n\\nThe message was observed when blktests block/005 was run on TCMU devices\\nwith fileio backend or user:zbc backend [1]. The commit 1130b499b4a7\\n(\\\"scsi: target: tcm_loop: Use LIO wq cmd submission helper\\\") triggered the\\nsymptom. The commit modified work queue to handle commands and changed\\n\u0027current-\u003enr_cpu_allowed\u0027 at smp_processor_id() call.\\n\\nThe message was also observed at system shutdown when TCMU devices were not\\ncleaned up [2]. The function smp_processor_id() was called in SCSI host\\nwork queue for abort handling, and triggered the BUG message. This symptom\\nwas observed regardless of the commit 1130b499b4a7 (\\\"scsi: target:\\ntcm_loop: Use LIO wq cmd submission helper\\\").\\n\\nTo avoid the preemptible code check at smp_processor_id(), get CPU ID with\\nraw_smp_processor_id() instead. The CPU ID is used for performance\\nimprovement then thread move to other CPU will not affect the code.\\n\\n[1]\\n\\n[   56.468103] run blktests block/005 at 2021-05-12 14:16:38\\n[   57.369473] check_preemption_disabled: 85 callbacks suppressed\\n[   57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511\\n[   57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510\\n[   57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506\\n[   57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\\n[   57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34\\n[   57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\\n[   57.369617] Call Trace:\\n[   57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507\\n[   57.369628]  dump_stack+0x6d/0x89\\n[   57.369642]  check_preemption_disabled+0xc8/0xd0\\n[   57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\\n[   57.369655]  __target_init_cmd+0x157/0x170 [target_core_mod]\\n[   57.369695]  target_init_cmd+0x76/0x90 [target_core_mod]\\n[   57.369732]  tcm_loop_queuecommand+0x109/0x210 [tcm_loop]\\n[   57.369744]  scsi_queue_rq+0x38e/0xc40\\n[   57.369761]  __blk_mq_try_issue_directly+0x109/0x1c0\\n[   57.369779]  blk_mq_try_issue_directly+0x43/0x90\\n[   57.369790]  blk_mq_submit_bio+0x4e5/0x5d0\\n[   57.369812]  submit_bio_noacct+0x46e/0x4e0\\n[   57.369830]  __blkdev_direct_IO_simple+0x1a3/0x2d0\\n[   57.369859]  ? set_init_blocksize.isra.0+0x60/0x60\\n[   57.369880]  generic_file_read_iter+0x89/0x160\\n[   57.369898]  blkdev_read_iter+0x44/0x60\\n[   57.369906]  new_sync_read+0x102/0x170\\n[   57.369929]  vfs_read+0xd4/0x160\\n[   57.369941]  __x64_sys_pread64+0x6e/0xa0\\n[   57.369946]  ? lockdep_hardirqs_on+0x79/0x100\\n[   57.369958]  do_syscall_64+0x3a/0x70\\n[   57.369965]  entry_SYSCALL_64_after_hwframe+0x44/0xae\\n[   57.369973] RIP: 0033:0x7f7ed4c1399f\\n[   57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b\\n[   57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011\\n[   57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f\\n[   57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009\\n[   57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001\\n[   57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70\\n[   57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568\\n[   57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34\\n[   57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\\n[   57.370039] Call Trace:\\n[   57.370045]  dump_stack+0x6d/0x89\\n[   57.370056]  ch\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: target: core: Evite smp_processor_id() en c\u00f3digo interrumpible Se observ\u00f3 el mensaje de ERROR \\\"ERROR: usar smp_processor_id() en c\u00f3digo interrumpible [00000000]\\\" para dispositivos TCMU con configuraci\u00f3n de kernel DEBUG_PREEMPT. El mensaje se observ\u00f3 cuando se ejecut\u00f3 blktests block/005 en dispositivos TCMU con backend fileio o usuario:zbc [1]. La confirmaci\u00f3n 1130b499b4a7 (\\\"scsi: target: tcm_loop: Use el asistente de env\u00edo LIO wq cmd\\\") desencaden\u00f3 el s\u00edntoma. La confirmaci\u00f3n modific\u00f3 la cola de trabajo para manejar comandos y cambi\u00f3 \u0027current-\u0026gt;nr_cpu_allowed\u0027 en la llamada a smp_processor_id(). El mensaje tambi\u00e9n se observ\u00f3 al apagar el sistema cuando los dispositivos TCMU no se limpiaron [2]. La funci\u00f3n smp_processor_id() fue llamada en la cola de trabajo del host SCSI para el manejo de abortos y activ\u00f3 el mensaje de ERROR. Este s\u00edntoma se observ\u00f3 independientemente de la confirmaci\u00f3n 1130b499b4a7 (\\\"scsi: target: tcm_loop: Use el asistente de env\u00edo LIO wq cmd\\\"). Para evitar la verificaci\u00f3n del c\u00f3digo interrumpible en smp_processor_id(), obtenga el ID de la CPU con raw_smp_processor_id() en su lugar. El ID de la CPU se utiliza para mejorar el rendimiento, luego el movimiento del subproceso a otra CPU no afectar\u00e1 el c\u00f3digo. [1] [56.468103] ejecute blktests block/005 el 2021-05-12 14:16:38 [57.369473] check_preemption_disabled: 85 devoluciones de llamada suprimidas [57.369480] ERROR: usar smp_processor_id() en c\u00f3digo preferente [00000000]: fio/151 1 [ 57.369506] ERROR: usar smp_processor_id() en c\u00f3digo interrumpible [00000000]: fio/1510 [57.369512] ERROR: usar smp_processor_id() en c\u00f3digo interrumpible [00000000]: fio/1506 [57.369552] la persona que llama es __target_init_cmd+0 x157/0x170 [objetivo_core_mod] [ 57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34 [ 57.369613] Nombre del hardware: Fabricante del sistema Nombre del producto del sistema/PRIME Z270-A, BIOS 1302 15/03/2018 [ 57.369617] Seguimiento de llamadas : [57.369621] ERROR: usar smp_processor_id() en c\u00f3digo interrumpible [00000000]: fio/1507 [57.369628] dump_stack+0x6d/0x89 [57.369642] check_preemption_disabled+0xc8/0xd0 [57.369628] la persona que llama es __ target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369655] __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369695] target_init_cmd+0x76/0x90 [target_core_mod] [ 57.369732] tcm_loop_queuecommand+0x109/0x210 [tcm_loop] [ 57 .369744] scsi_queue_rq+0x38e/0xc40 [ 57.369761] __blk_mq_try_issue_directly+0x109/0x1c0 [ 57.369779 ] blk_mq_try_issue_directly+0x43/0x90 [ 57.369790] blk_mq_submit_bio+0x4e5/0x5d0 [ 57.369812] submit_bio_noacct+0x46e/0x4e0 [ 57.369830] __blkdev_direct_IO_simple+0x1a3/0x2 d0 [57.369859]? set_init_blocksize.isra.0+0x60/0x60 [ 57.369880] generic_file_read_iter+0x89/0x160 [ 57.369898] blkdev_read_iter+0x44/0x60 [ 57.369906] new_sync_read+0x102/0x170 [ 57.369929 ] vfs_read+0xd4/0x160 [ 57.369941] __x64_sys_pread64+0x6e/0xa0 [ 57.369946] ? lockdep_hardirqs_on+0x79/0x100 [ 57.369958] do_syscall_64+0x3a/0x70 [ 57.369965] Entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.369973] RIP: 0033:0x7f7ed4c1399f [ 5 7.369979] C\u00f3digo: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 \u0026lt;48\u0026gt; 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b [ 57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011 [ 57.369990] RAX: fffffffffffffffda RBX: 00000000015b4540 RCX: 00 007f7ed4c1399f [ 57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 000000000000000009 [ 57.369996] RBP: 00000000015b4540 R08: 000 0000000000000 R09: 0000000000000001 [ 57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70 [ 57.370002] R13: 00000000000000000 R14: 000000000000 1000 R15: 00000000015b4568 [57.370031] CPU: 7 PID: 1507 ---truncado---\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.