In the Linux kernel, the following vulnerability has been resolved:
scsi: core: ufs: Fix a hang in the error handler
ufshcderrhandlingprepare() calls ufshcdrpmgetsync(). The latter function can only succeed if UFSHCDEHINPROGRESS is not set because resuming involves submitting a SCSI command and ufshcdqueuecommand() returns SCSIMLQUEUEHOSTBUSY if UFSHCDEHINPROGRESS is set. Fix this hang by setting UFSHCDEHINPROGRESS after ufshcdrpmgetsync() has been called instead of before.
Backtrace: _switchto+0x174/0x338 _schedule+0x600/0x9e4 schedule+0x7c/0xe8 scheduletimeout+0xa4/0x1c8 ioscheduletimeout+0x48/0x70 waitforcommonio+0xa8/0x160 //waiting on STARTSTOP waitforcompletioniotimeout+0x10/0x20 blkexecuterq+0xe4/0x1e4 scsiexecutecmd+0x108/0x244 ufshcdsetdevpwrmode+0xe8/0x250 _ufshcdwlresume+0x94/0x354 ufshcdwlruntimeresume+0x3c/0x174 scsiruntimeresume+0x64/0xa4 rpmresume+0x15c/0xa1c _pmruntimeresume+0x4c/0x90 // Runtime resume ongoing ufshcderrhandler+0x1a0/0xd08 processonework+0x174/0x808 workerthread+0x15c/0x490 kthread+0xf4/0x1ec retfrom_fork+0x10/0x20
[ bvanassche: rewrote patch description ]