CVE-2025-68224

In the Linux kernel, the following vulnerability has been resolved:

scsi: core: Fix a regression triggered by scsihostbusy()

Commit 995412e23bb2 ("blk-mq: Replace tags->lock with SRCU for tag iterators") introduced the following regression:

Call trace: __srcureadlock+0x30/0x80 (P) blkmqtagsetbusyiter+0x44/0x300 scsihostbusy+0x38/0x70 ufshcdprinthoststate+0x34/0x1bc ufshcdlinkstartup.constprop.0+0xe4/0x2e0 ufshcdinit+0x944/0xf80 ufshcdpltfrminit+0x504/0x820 ufsrockchipprobe+0x2c/0x88 platformprobe+0x5c/0xa4 reallyprobe+0xc0/0x38c __driverprobedevice+0x7c/0x150 driverprobedevice+0x40/0x120 __driverattach+0xc8/0x1e0 busforeachdev+0x7c/0xdc driverattach+0x24/0x30 busadddriver+0x110/0x230 driverregister+0x68/0x130 __platformdriverregister+0x20/0x2c ufsrockchippltforminit+0x1c/0x28 dooneinitcall+0x60/0x1e0 kernelinitfreeable+0x248/0x2c4 kernelinit+0x20/0x140 retfromfork+0x10/0x20

Fix this regression by making scsihostbusy() check whether the SCSI host tag set has already been initialized. tagset->ops is set by scsimqsetuptags() just before blkmqalloctagset() is called. This fix is based on the assumption that scsihostbusy() and scsimqsetup_tags() calls are serialized. This is the case in the UFS driver.