CVE-2022-49434
26.02.2025, 07:01
In the Linux kernel, the following vulnerability has been resolved:
PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
The sysfs sriov_numvfs_store() path acquires the device lock before the
config space access lock:
sriov_numvfs_store
device_lock # A (1) acquire device lock
sriov_configure
vfio_pci_sriov_configure # (for example)
vfio_pci_core_sriov_configure
pci_disable_sriov
sriov_disable
pci_cfg_access_lock
pci_wait_cfg # B (4) wait for dev->block_cfg_access == 0
Previously, pci_dev_lock() acquired the config space access lock before the
device lock:
pci_dev_lock
pci_cfg_access_lock
dev->block_cfg_access = 1 # B (2) set dev->block_cfg_access = 1
device_lock # A (3) wait for device lock
Any path that uses pci_dev_lock(), e.g., pci_reset_function(), may
deadlock with sriov_numvfs_store() if the operations occur in the sequence
(1) (2) (3) (4).
Avoid the deadlock by reversing the order in pci_dev_lock() so it acquires
the device lock before the config space access lock, the same as the
sriov_numvfs_store() path.
[bhelgaas: combined and adapted commit log from Jay Zhou's independent
subsequent posting:
https://lore.kernel.org/r/20220404062539.1710-1-jianjay.zhou@huawei.com]Enginsight| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 𝑥 < 4.9.318 |
| linux | linux_kernel | 4.10 ≤ 𝑥 < 4.14.283 |
| linux | linux_kernel | 4.15 ≤ 𝑥 < 4.19.247 |
| linux | linux_kernel | 4.20 ≤ 𝑥 < 5.4.198 |
| linux | linux_kernel | 5.5 ≤ 𝑥 < 5.10.121 |
| linux | linux_kernel | 5.11 ≤ 𝑥 < 5.15.46 |
| linux | linux_kernel | 5.16 ≤ 𝑥 < 5.17.14 |
| linux | linux_kernel | 5.18 ≤ 𝑥 < 5.18.3 |
𝑥
= Vulnerable software versions
Debian Releases
Common Weakness Enumeration
References