CVE-2022-49434

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()<br /> <br /> The sysfs sriov_numvfs_store() path acquires the device lock before the<br /> config space access lock:<br /> <br /> sriov_numvfs_store<br /> device_lock # A (1) acquire device lock<br /> sriov_configure<br /> vfio_pci_sriov_configure # (for example)<br /> vfio_pci_core_sriov_configure<br /> pci_disable_sriov<br /> sriov_disable<br /> pci_cfg_access_lock<br /> pci_wait_cfg # B (4) wait for dev-&gt;block_cfg_access == 0<br /> <br /> Previously, pci_dev_lock() acquired the config space access lock before the<br /> device lock:<br /> <br /> pci_dev_lock<br /> pci_cfg_access_lock<br /> dev-&gt;block_cfg_access = 1 # B (2) set dev-&gt;block_cfg_access = 1<br /> device_lock # A (3) wait for device lock<br /> <br /> Any path that uses pci_dev_lock(), e.g., pci_reset_function(), may<br /> deadlock with sriov_numvfs_store() if the operations occur in the sequence<br /> (1) (2) (3) (4).<br /> <br /> Avoid the deadlock by reversing the order in pci_dev_lock() so it acquires<br /> the device lock before the config space access lock, the same as the<br /> sriov_numvfs_store() path.<br /> <br /> [bhelgaas: combined and adapted commit log from Jay Zhou&amp;#39;s independent<br /> subsequent posting:<br /> https://lore.kernel.org/r/20220404062539.1710-1-jianjay.zhou@huawei.com]