CVE-2021-47178: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Avoid smp_processor_id() in preemptible code The BUG message "BUG: using smp_processor_id() in preemptible [00000000] code" was observed for TCMU devices with kernel config DEBUG_PREEMPT. The message was observed when blktests block/005 was run on TCMU devices with fileio backend or user:zbc backend [1]. The commit 1130b499b4a7 ("scsi: target: tcm_loop: Use LIO wq cmd submission helper") triggered the symptom. The commit modified work queue to handle commands and changed 'current->nr_cpu_allowed' at smp_processor_id() call. The message was also observed at system shutdown when TCMU devices were not cleaned up [2]. The function smp_processor_id() was called in SCSI host work queue for abort handling, and triggered the BUG message. This symptom was observed regardless of the commit 1130b499b4a7 ("scsi: target: tcm_loop: Use LIO wq cmd submission helper"). To avoid the preemptible code check at smp_processor_id(), get CPU ID with raw_smp_processor_id() instead. The CPU ID is used for performance improvement then thread move to other CPU will not affect the code. [1] [ 56.468103] run blktests block/005 at 2021-05-12 14:16:38 [ 57.369473] check_preemption_disabled: 85 callbacks suppressed [ 57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511 [ 57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510 [ 57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506 [ 57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34 [ 57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018 [ 57.369617] Call Trace: [ 57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507 [ 57.369628] dump_stack+0x6d/0x89 [ 57.369642] check_preemption_disabled+0xc8/0xd0 [ 57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369655] __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369695] target_init_cmd+0x76/0x90 [target_core_mod] [ 57.369732] tcm_loop_queuecommand+0x109/0x210 [tcm_loop] [ 57.369744] scsi_queue_rq+0x38e/0xc40 [ 57.369761] __blk_mq_try_issue_directly+0x109/0x1c0 [ 57.369779] blk_mq_try_issue_directly+0x43/0x90 [ 57.369790] blk_mq_submit_bio+0x4e5/0x5d0 [ 57.369812] submit_bio_noacct+0x46e/0x4e0 [ 57.369830] __blkdev_direct_IO_simple+0x1a3/0x2d0 [ 57.369859] ? set_init_blocksize.isra.0+0x60/0x60 [ 57.369880] generic_file_read_iter+0x89/0x160 [ 57.369898] blkdev_read_iter+0x44/0x60 [ 57.369906] new_sync_read+0x102/0x170 [ 57.369929] vfs_read+0xd4/0x160 [ 57.369941] __x64_sys_pread64+0x6e/0xa0 [ 57.369946] ? lockdep_hardirqs_on+0x79/0x100 [ 57.369958] do_syscall_64+0x3a/0x70 [ 57.369965] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.369973] RIP: 0033:0x7f7ed4c1399f [ 57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b [ 57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011 [ 57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f [ 57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009 [ 57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001 [ 57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70 [ 57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568 [ 57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34 [ 57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018 [ 57.370039] Call Trace: [ 57.370045] dump_stack+0x6d/0x89 [ 57.370056] ch ---truncated---
AI Analysis
Technical Summary
CVE-2021-47178 is a vulnerability in the Linux kernel related to improper use of the smp_processor_id() function within preemptible code sections in the SCSI target core module (target_core_mod). Specifically, the issue arises when smp_processor_id() is called in contexts where preemption is enabled, such as in TCMU (Target Core Modular Userspace) devices using fileio or user:zbc backends, and during system shutdown when TCMU devices are not properly cleaned up. The kernel BUG message "BUG: using smp_processor_id() in preemptible code" is triggered in these scenarios, indicating a violation of kernel preemption rules. The root cause is that smp_processor_id() is not safe to call in preemptible code because it can lead to inconsistent CPU ID readings if the thread is rescheduled on another CPU. The vulnerability was introduced or triggered by a commit (1130b499b4a7) that modified work queue command handling and altered CPU affinity checks. The fix involves replacing smp_processor_id() with raw_smp_processor_id(), which retrieves the CPU ID without preemption checks, thus avoiding the BUG message. This change is safe because the CPU ID is used only for performance optimizations, and thread migration between CPUs does not affect correctness. The vulnerability manifests as kernel BUG messages and potential instability or crashes in affected systems, particularly when running block device tests or during shutdown sequences involving TCMU devices. Although no direct exploit code or known exploits in the wild have been reported, the issue can cause system reliability problems and may impact storage-related workloads relying on the Linux SCSI target framework.
Potential Impact
For European organizations, especially those operating data centers, cloud infrastructure, or storage solutions based on Linux servers, this vulnerability could lead to system instability or crashes in environments using TCMU devices or SCSI target modules. This is particularly relevant for organizations deploying advanced storage virtualization or block device emulation using the Linux kernel's target core modules. Unplanned kernel BUGs can cause service interruptions, data access delays, or require system reboots, impacting availability and operational continuity. While the vulnerability does not directly expose confidentiality or integrity risks, the resulting instability could indirectly affect business operations, SLAs, and customer trust. Organizations with high-density Linux server deployments or those using custom kernel configurations with DEBUG_PREEMPT enabled for debugging or performance tuning are more susceptible. The lack of known exploits reduces immediate risk, but the potential for denial-of-service through kernel panics or crashes remains a concern. Additionally, the complexity of the Linux kernel and the specialized nature of the affected code path means that only a subset of Linux users are impacted, but those that are may experience significant operational disruption.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the official Linux kernel patches that replace smp_processor_id() with raw_smp_processor_id() in the target_core_mod and related modules as soon as they become available in their Linux distribution or kernel version. 2) Avoid running kernel configurations with DEBUG_PREEMPT enabled in production environments unless necessary for debugging, as this increases the likelihood of triggering the BUG message. 3) Conduct thorough testing of storage-related workloads, especially those involving TCMU devices or SCSI target modules, after kernel updates to ensure stability. 4) Implement robust monitoring for kernel BUG messages and system logs to detect early signs of this issue. 5) Ensure proper cleanup and shutdown procedures for TCMU devices to prevent residual states that trigger the bug. 6) Coordinate with Linux distribution vendors to receive timely updates and security advisories related to this vulnerability. 7) For critical systems, consider isolating or limiting the use of affected kernel modules until patches are applied. These steps go beyond generic advice by focusing on kernel configuration management, workload-specific testing, and operational monitoring tailored to the vulnerability's context.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Ireland
CVE-2021-47178: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Avoid smp_processor_id() in preemptible code The BUG message "BUG: using smp_processor_id() in preemptible [00000000] code" was observed for TCMU devices with kernel config DEBUG_PREEMPT. The message was observed when blktests block/005 was run on TCMU devices with fileio backend or user:zbc backend [1]. The commit 1130b499b4a7 ("scsi: target: tcm_loop: Use LIO wq cmd submission helper") triggered the symptom. The commit modified work queue to handle commands and changed 'current->nr_cpu_allowed' at smp_processor_id() call. The message was also observed at system shutdown when TCMU devices were not cleaned up [2]. The function smp_processor_id() was called in SCSI host work queue for abort handling, and triggered the BUG message. This symptom was observed regardless of the commit 1130b499b4a7 ("scsi: target: tcm_loop: Use LIO wq cmd submission helper"). To avoid the preemptible code check at smp_processor_id(), get CPU ID with raw_smp_processor_id() instead. The CPU ID is used for performance improvement then thread move to other CPU will not affect the code. [1] [ 56.468103] run blktests block/005 at 2021-05-12 14:16:38 [ 57.369473] check_preemption_disabled: 85 callbacks suppressed [ 57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511 [ 57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510 [ 57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506 [ 57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34 [ 57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018 [ 57.369617] Call Trace: [ 57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507 [ 57.369628] dump_stack+0x6d/0x89 [ 57.369642] check_preemption_disabled+0xc8/0xd0 [ 57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369655] __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369695] target_init_cmd+0x76/0x90 [target_core_mod] [ 57.369732] tcm_loop_queuecommand+0x109/0x210 [tcm_loop] [ 57.369744] scsi_queue_rq+0x38e/0xc40 [ 57.369761] __blk_mq_try_issue_directly+0x109/0x1c0 [ 57.369779] blk_mq_try_issue_directly+0x43/0x90 [ 57.369790] blk_mq_submit_bio+0x4e5/0x5d0 [ 57.369812] submit_bio_noacct+0x46e/0x4e0 [ 57.369830] __blkdev_direct_IO_simple+0x1a3/0x2d0 [ 57.369859] ? set_init_blocksize.isra.0+0x60/0x60 [ 57.369880] generic_file_read_iter+0x89/0x160 [ 57.369898] blkdev_read_iter+0x44/0x60 [ 57.369906] new_sync_read+0x102/0x170 [ 57.369929] vfs_read+0xd4/0x160 [ 57.369941] __x64_sys_pread64+0x6e/0xa0 [ 57.369946] ? lockdep_hardirqs_on+0x79/0x100 [ 57.369958] do_syscall_64+0x3a/0x70 [ 57.369965] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.369973] RIP: 0033:0x7f7ed4c1399f [ 57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b [ 57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011 [ 57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f [ 57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009 [ 57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001 [ 57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70 [ 57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568 [ 57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34 [ 57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018 [ 57.370039] Call Trace: [ 57.370045] dump_stack+0x6d/0x89 [ 57.370056] ch ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2021-47178 is a vulnerability in the Linux kernel related to improper use of the smp_processor_id() function within preemptible code sections in the SCSI target core module (target_core_mod). Specifically, the issue arises when smp_processor_id() is called in contexts where preemption is enabled, such as in TCMU (Target Core Modular Userspace) devices using fileio or user:zbc backends, and during system shutdown when TCMU devices are not properly cleaned up. The kernel BUG message "BUG: using smp_processor_id() in preemptible code" is triggered in these scenarios, indicating a violation of kernel preemption rules. The root cause is that smp_processor_id() is not safe to call in preemptible code because it can lead to inconsistent CPU ID readings if the thread is rescheduled on another CPU. The vulnerability was introduced or triggered by a commit (1130b499b4a7) that modified work queue command handling and altered CPU affinity checks. The fix involves replacing smp_processor_id() with raw_smp_processor_id(), which retrieves the CPU ID without preemption checks, thus avoiding the BUG message. This change is safe because the CPU ID is used only for performance optimizations, and thread migration between CPUs does not affect correctness. The vulnerability manifests as kernel BUG messages and potential instability or crashes in affected systems, particularly when running block device tests or during shutdown sequences involving TCMU devices. Although no direct exploit code or known exploits in the wild have been reported, the issue can cause system reliability problems and may impact storage-related workloads relying on the Linux SCSI target framework.
Potential Impact
For European organizations, especially those operating data centers, cloud infrastructure, or storage solutions based on Linux servers, this vulnerability could lead to system instability or crashes in environments using TCMU devices or SCSI target modules. This is particularly relevant for organizations deploying advanced storage virtualization or block device emulation using the Linux kernel's target core modules. Unplanned kernel BUGs can cause service interruptions, data access delays, or require system reboots, impacting availability and operational continuity. While the vulnerability does not directly expose confidentiality or integrity risks, the resulting instability could indirectly affect business operations, SLAs, and customer trust. Organizations with high-density Linux server deployments or those using custom kernel configurations with DEBUG_PREEMPT enabled for debugging or performance tuning are more susceptible. The lack of known exploits reduces immediate risk, but the potential for denial-of-service through kernel panics or crashes remains a concern. Additionally, the complexity of the Linux kernel and the specialized nature of the affected code path means that only a subset of Linux users are impacted, but those that are may experience significant operational disruption.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the official Linux kernel patches that replace smp_processor_id() with raw_smp_processor_id() in the target_core_mod and related modules as soon as they become available in their Linux distribution or kernel version. 2) Avoid running kernel configurations with DEBUG_PREEMPT enabled in production environments unless necessary for debugging, as this increases the likelihood of triggering the BUG message. 3) Conduct thorough testing of storage-related workloads, especially those involving TCMU devices or SCSI target modules, after kernel updates to ensure stability. 4) Implement robust monitoring for kernel BUG messages and system logs to detect early signs of this issue. 5) Ensure proper cleanup and shutdown procedures for TCMU devices to prevent residual states that trigger the bug. 6) Coordinate with Linux distribution vendors to receive timely updates and security advisories related to this vulnerability. 7) For critical systems, consider isolating or limiting the use of affected kernel modules until patches are applied. These steps go beyond generic advice by focusing on kernel configuration management, workload-specific testing, and operational monitoring tailored to the vulnerability's context.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-03-25T09:12:14.112Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9835c4522896dcbe9fa2
Added to database: 5/21/2025, 9:09:09 AM
Last enriched: 6/26/2025, 6:07:02 PM
Last updated: 8/11/2025, 2:51:39 AM
Views: 13
Related Threats
CVE-2025-47206: CWE-787 in QNAP Systems Inc. File Station 5
HighCVE-2025-5296: CWE-59 Improper Link Resolution Before File Access ('Link Following') in Schneider Electric SESU
HighCVE-2025-6625: CWE-20 Improper Input Validation in Schneider Electric Modicon M340
HighCVE-2025-57703: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Delta Electronics DIAEnergie
MediumCVE-2025-57702: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Delta Electronics DIAEnergie
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.