CVE-2021-47617

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> PCI: pciehp: Fix infinite loop in IRQ handler upon power fault<br /> <br /> The Power Fault Detected bit in the Slot Status register differs from<br /> all other hotplug events in that it is sticky: It can only be cleared<br /> after turning off slot power. Per PCIe r5.0, sec. 6.7.1.8:<br /> <br /> If a power controller detects a main power fault on the hot-plug slot,<br /> it must automatically set its internal main power fault latch [...].<br /> The main power fault latch is cleared when software turns off power to<br /> the hot-plug slot.<br /> <br /> The stickiness used to cause interrupt storms and infinite loops which<br /> were fixed in 2009 by commits 5651c48cfafe ("PCI pciehp: fix power fault<br /> interrupt storm problem") and 99f0169c17f3 ("PCI: pciehp: enable<br /> software notification on empty slots").<br /> <br /> Unfortunately in 2020 the infinite loop issue was inadvertently<br /> reintroduced by commit 8edf5332c393 ("PCI: pciehp: Fix MSI interrupt<br /> race"): The hardirq handler pciehp_isr() clears the PFD bit until<br /> pciehp&amp;#39;s power_fault_detected flag is set. That happens in the IRQ<br /> thread pciehp_ist(), which never learns of the event because the hardirq<br /> handler is stuck in an infinite loop. Fix by setting the<br /> power_fault_detected flag already in the hardirq handler.