Huawei EulerOS: CVE-2024-26873: kernel security update

Huawei EulerOS: CVE-2024-26873: kernel security update

Severity

5

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

04/17/2024

Created

10/10/2024

Added

10/09/2024

Modified

01/30/2025

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Fix a deadlock issue related to automatic dump If we issue a disabling PHY command, the device attached with it will go offline, if a 2 bit ECC error occurs at the same time, a hung task may be found: [ 4613.652388] INFO: task kworker/u256:0:165233 blocked for more than 120 seconds. [ 4613.666297] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 4613.674809] task:kworker/u256:0state:D stack:0 pid:165233 ppid: 2 flags:0x00000208 [ 4613.683959] Workqueue: 0000:74:02.0_disco_q sas_revalidate_domain [libsas] [ 4613.691518] Call trace: [ 4613.694678]__switch_to+0xf8/0x17c [ 4613.698872]__schedule+0x660/0xee0 [ 4613.703063]schedule+0xac/0x240 [ 4613.706994]schedule_timeout+0x500/0x610 [ 4613.711705]__down+0x128/0x36c [ 4613.715548]down+0x240/0x2d0 [ 4613.719221]hisi_sas_internal_abort_timeout+0x1bc/0x260 [hisi_sas_main] [ 4613.726618]sas_execute_internal_abort+0x144/0x310 [libsas] [ 4613.732976]sas_execute_internal_abort_dev+0x44/0x60 [libsas] [ 4613.739504]hisi_sas_internal_task_abort_dev.isra.0+0xbc/0x1b0 [hisi_sas_main] [ 4613.747499]hisi_sas_dev_gone+0x174/0x250 [hisi_sas_main] [ 4613.753682]sas_notify_lldd_dev_gone+0xec/0x2e0 [libsas] [ 4613.759781]sas_unregister_common_dev+0x4c/0x7a0 [libsas] [ 4613.765962]sas_destruct_devices+0xb8/0x120 [libsas] [ 4613.771709]sas_do_revalidate_domain.constprop.0+0x1b8/0x31c [libsas] [ 4613.778930]sas_revalidate_domain+0x60/0xa4 [libsas] [ 4613.784716]process_one_work+0x248/0x950 [ 4613.789424]worker_thread+0x318/0x934 [ 4613.793878]kthread+0x190/0x200 [ 4613.797810]ret_from_fork+0x10/0x18 [ 4613.802121] INFO: task kworker/u256:4:316722 blocked for more than 120 seconds. [ 4613.816026] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 4613.824538] task:kworker/u256:4state:D stack:0 pid:316722 ppid: 2 flags:0x00000208 [ 4613.833670] Workqueue: 0000:74:02.0 hisi_sas_rst_work_handler [hisi_sas_main] [ 4613.841491] Call trace: [ 4613.844647]__switch_to+0xf8/0x17c [ 4613.848852]__schedule+0x660/0xee0 [ 4613.853052]schedule+0xac/0x240 [ 4613.856984]schedule_timeout+0x500/0x610 [ 4613.861695]__down+0x128/0x36c [ 4613.865542]down+0x240/0x2d0 [ 4613.869216]hisi_sas_controller_prereset+0x58/0x1fc [hisi_sas_main] [ 4613.876324]hisi_sas_rst_work_handler+0x40/0x8c [hisi_sas_main] [ 4613.883019]process_one_work+0x248/0x950 [ 4613.887732]worker_thread+0x318/0x934 [ 4613.892204]kthread+0x190/0x200 [ 4613.896118]ret_from_fork+0x10/0x18 [ 4613.900423] INFO: task kworker/u256:1:348985 blocked for more than 121 seconds. [ 4613.914341] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 4613.922852] task:kworker/u256:1state:D stack:0 pid:348985 ppid: 2 flags:0x00000208 [ 4613.931984] Workqueue: 0000:74:02.0_event_q sas_port_event_worker [libsas] [ 4613.939549] Call trace: [ 4613.942702]__switch_to+0xf8/0x17c [ 4613.946892]__schedule+0x660/0xee0 [ 4613.951083]schedule+0xac/0x240 [ 4613.955015]schedule_timeout+0x500/0x610 [ 4613.959725]wait_for_common+0x200/0x610 [ 4613.964349]wait_for_completion+0x3c/0x5c [ 4613.969146]flush_workqueue+0x198/0x790 [ 4613.973776]sas_porte_broadcast_rcvd+0x1e8/0x320 [libsas] [ 4613.979960]sas_port_event_worker+0x54/0xa0 [libsas] [ 4613.985708]process_one_work+0x248/0x950 [ 4613.990420]worker_thread+0x318/0x934 [ 4613.994868]kthread+0x190/0x200 [ 4613.998800]ret_from_fork+0x10/0x18 This is because when the device goes offline, we obtain the hisi_hba semaphore and send the ABORT_DEV command to the device. However, the internal abort timed out due to the 2 bit ECC error and triggers automatic dump. In addition, since the hisi_hba semaphore has been obtained, the dump cannot be executed and the controller cannot be reset. Therefore, the deadlocks occur on the following circular dependencies ---truncated---

Solution(s)

• huawei-euleros-2_0_sp12-upgrade-bpftool
• huawei-euleros-2_0_sp12-upgrade-kernel
• huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists
• huawei-euleros-2_0_sp12-upgrade-kernel-tools
• huawei-euleros-2_0_sp12-upgrade-kernel-tools-libs
• huawei-euleros-2_0_sp12-upgrade-python3-perf

References

• https://attackerkb.com/topics/cve-2024-26873
• CVE - 2024-26873
• EulerOS-SA-2024-2544