Linux Kernel PCI Hotplug Port Deadlock Vulnerability

A deadlock vulnerability has been identified in the Linux kernel's PCI hotplug port management. This issue arises during the hot-removal of nested PCI hotplug ports, creating a race condition that can lead to a deadlock situation. The problem occurs when a parent hotplug port acquires a lock to manage device removal, while simultaneously waiting for a child hotplug port to unbind. The child, in turn, attempts to acquire the same lock to remove its own devices, leading to a deadlock. This vulnerability is exacerbated by recent changes that increase the frequency of such deadlocks when multiple Thunderbolt devices are removed during system sleep.

Impact

Exploitation of this vulnerability can lead to a deadlock condition, causing the system to hang indefinitely while waiting for the locked resources to be released.

Remediation

A recent commit has been made to address this vulnerability by avoiding unnecessary checks for device replacement on hotplug ports that have already been removed. This fix is included in the latest stable version of the Linux kernel.