Linux Kernel SCSI lpfc Deadlock Vulnerability During I/O Operations

A deadlock vulnerability has been identified in the Linux kernel's SCSI lpfc driver, specifically during high-stress I/O tests involving over 500 virtual ports. This deadlock occurs in the I/O completion and abort handling processes, leading to hard lockup call traces. The issue arises from improper locking order, where the command buffer lock and the host adapter lock are not managed correctly, causing a circular wait condition.

Impact

Exploitation of this vulnerability leads to a hard lockup, where the system becomes unresponsive due to a deadlock in the SCSI lpfc driver's I/O handling routines.

Remediation

The vulnerability has been addressed by reordering the locking mechanism in the lpfc_abort_handler routine, ensuring that the command buffer lock is acquired before the host adapter lock. Users should apply the latest patches available in the Linux kernel to mitigate this issue.