CVE-2026-43147

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV"<br /> <br /> This reverts commit 05703271c3cd ("PCI/IOV: Add PCI rescan-remove locking<br /> when enabling/disabling SR-IOV"), which causes a deadlock by recursively<br /> taking pci_rescan_remove_lock when sriov_del_vfs() is called as part of<br /> pci_stop_and_remove_bus_device(). For example with the following sequence<br /> of commands:<br /> <br /> $ echo &gt; /sys/bus/pci/devices//sriov_numvfs<br /> $ echo 1 &gt; /sys/bus/pci/devices//remove<br /> <br /> A trimmed trace of the deadlock on a mlx5 device is as below:<br /> <br /> zsh/5715 is trying to acquire lock:<br /> 000002597926ef50 (pci_rescan_remove_lock){+.+.}-{3:3}, at: sriov_disable+0x34/0x140<br /> <br /> but task is already holding lock:<br /> 000002597926ef50 (pci_rescan_remove_lock){+.+.}-{3:3}, at: pci_stop_and_remove_bus_device_locked+0x24/0x80<br /> ...<br /> Call Trace:<br /> [] dump_stack_lvl+0xc0/0x110<br /> [] print_deadlock_bug+0x31e/0x330<br /> [] __lock_acquire+0x16c8/0x32f0<br /> [] lock_acquire+0x14c/0x350<br /> [] __mutex_lock_common+0xe6/0x1520<br /> [] mutex_lock_nested+0x3c/0x50<br /> [] sriov_disable+0x34/0x140<br /> [] mlx5_sriov_disable+0x50/0x80 [mlx5_core]<br /> [] remove_one+0x5e/0xf0 [mlx5_core]<br /> [] pci_device_remove+0x3c/0xa0<br /> [] device_release_driver_internal+0x18e/0x280<br /> [] pci_stop_bus_device+0x82/0xa0<br /> [] pci_stop_and_remove_bus_device_locked+0x5e/0x80<br /> [] remove_store+0x72/0x90<br /> [] kernfs_fop_write_iter+0x15a/0x200<br /> [] vfs_write+0x24c/0x300<br /> [] ksys_write+0x86/0x110<br /> [] __do_syscall+0x14c/0x400<br /> [] system_call+0x6e/0x90<br /> <br /> This alone is not a complete fix as it restores the issue the cited commit<br /> tried to solve. A new fix will be provided as a follow on.