CVE-2024-26671
- Source
- https://cve.org/CVERecord?id=CVE-2024-26671
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26671.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-26671
- Downstream
- Related
- Published
- 2024-04-02T06:49:13.834Z
- Modified
- 2026-03-13T07:51:56.331831Z
- Summary
- blk-mq: fix IO hang from sbitmap wakeup race
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
blk-mq: fix IO hang from sbitmap wakeup race
In blkmqmarktagwait(), __addwaitqueue() may be re-ordered with the following blkmqgetdrivertag() in case of getting driver tag failure.
Then in __sbitmapqueuewakeup(), waitqueueactive() may not observe the added waiter in blkmqmarktagwait() and wake up nothing, meantime blkmqmarktagwait() can't get driver tag successfully.
This issue can be reproduced by running the following test in loop, and fio hang can be observed in < 30min when running it on my test VM in laptop.
modprobe -r scsi_debug modprobe scsi_debug delay=0 dev_size_mb=4096 max_queue=1 host_max_queue=1 submit_queues=4 dev=`ls -d /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*/block/* | head -1 | xargs basename` fio --filename=/dev/"$dev" --direct=1 --rw=randrw --bs=4k --iodepth=1 \ --runtime=100 --numjobs=40 --time_based --name=test \ --ioengine=libaioFix the issue by adding one explicit barrier in blkmqmarktagwait(), which is just fine in case of running out of tag.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26671.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1d9c777d3e70bdc57dddf7a14a80059d65919e56
- https://git.kernel.org/stable/c/5266caaf5660529e3da53004b8b7174cab6374ed
- https://git.kernel.org/stable/c/6d8b01624a2540336a32be91f25187a433af53a0
- https://git.kernel.org/stable/c/7610ba1319253225a9ba8a9d28d472fc883b4e2f
- https://git.kernel.org/stable/c/89e0e66682e1538aeeaa3109503473663cd24c8b
- https://git.kernel.org/stable/c/9525b38180e2753f0daa1a522b7767a2aa969676
- https://git.kernel.org/stable/c/ecd7744a1446eb02ccc63e493e2eb6ede4ef1e10
- https://git.kernel.org/stable/c/f1bc0d8163f8ee84a8d5affdf624cfad657df1d2
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26671.json
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-26671
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedda55f2cc78418dee88400aafbbaed19d7ac8188eFixed9525b38180e2753f0daa1a522b7767a2aa969676Fixedecd7744a1446eb02ccc63e493e2eb6ede4ef1e10Fixed7610ba1319253225a9ba8a9d28d472fc883b4e2fFixed89e0e66682e1538aeeaa3109503473663cd24c8bFixed1d9c777d3e70bdc57dddf7a14a80059d65919e56Fixed6d8b01624a2540336a32be91f25187a433af53a0Fixedf1bc0d8163f8ee84a8d5affdf624cfad657df1d2Fixed5266caaf5660529e3da53004b8b7174cab6374ed