Linux Kernel SCSI Error Handler Wake-Up Race Condition Vulnerability

A race condition vulnerability has been identified in the Linux kernel's SCSI (Small Computer System Interface) subsystem. This vulnerability arises from a fragile ordering process when marking commands as completed or failed, which can disrupt the error handling mechanism. As a result, the error handler may not be properly awakened, leaving SCSI input/output operations stalled because the error state cannot progress. The issue is rooted in memory ordering problems within the 'scsi_dec_host_busy()' function, where the write operation clearing the 'SCMD_STATE_INFLIGHT' state can be reordered. This reordering may cause other CPUs to misinterpret the busy state of commands, leading to a failure in recognizing that the host is no longer busy. Additionally, the 'scsi_eh_inc_host_failed()' function can create further ordering issues by counting busy commands before incrementing the failed command count, potentially causing the error handler not to be notified when it should be.

Impact

The vulnerability can cause SCSI I/O operations to become unresponsive, as the error state fails to advance, leaving the system in a stalled condition.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.