Linux Kernel PowerPC EEH Driver Hotplug Safety Vulnerability

A vulnerability in the Linux kernel's PowerPC architecture EEH (Error Event Handling) driver has been addressed. This issue involved multiple race conditions between the PCIe hotplug driver and the EEH driver, which led to various kernel oops errors. These errors generally followed a pattern of PCIe device unplugging, triggering the EEH driver, hotplug removal, PCIe tree reconfiguration, and subsequent EEH recovery steps, resulting in an oops during the EEH driver's bus iteration. Additionally, another class of oops occurred when the underlying bus disappeared during device recovery. The vulnerability has been resolved by refactoring the EEH module to be safe for PCI rescanning and removal, and by cleaning up some minor formatting and readability issues.

Impact

The vulnerability could lead to kernel oops errors, causing disruptions in the EEH driver's operation and potentially allowing for improper handling of PCIe devices during hotplug events.

Reproduction

The vulnerability can be reproduced by creating race conditions between the PCIe hotplug driver and the EEH driver. This can be done by unplugging a PCIe device while the EEH driver is triggered, followed by a hotplug removal, a PCIe tree reconfiguration, and an EEH recovery step, which will cause an oops in the EEH driver's bus iteration loop. Alternatively, the vulnerability can be reproduced by allowing the underlying bus to disappear during the EEH device recovery process.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.