Linux Kernel Surprise Plug Event Handling Vulnerability in PowerNV Hotplug Code

A vulnerability in the Linux kernel's PowerNV hotplug management can lead to a failure in detecting and recovering from surprise removal of devices. This issue, present in the PCI hotplug subsystem, causes the hotplug system to stall after a device is removed, requiring a reboot to recognize new devices. The problem arises because the hotplug code does not properly clear a 'freeze' state on the PCI host bridge, which is triggered by the removal of a device. This freeze prevents the kernel from receiving interrupt notifications about the hotplug event, halting all related operations on affected slots. Additionally, when a device is removed from a slot, the corresponding host bridge is left in a frozen state, which also needs a manual reset and a reboot to resolve.

Impact

The vulnerability disrupts the hotplug system, causing a complete failure in detecting and managing PCI devices after surprise removal. This requires a reboot to restore normal functionality, leading to potential downtime and disruption in system operations.

Reproduction

The vulnerability can be reproduced by surprise removing a PCI device from a slot managed by the PowerNV hotplug system. This will cause the upstream bridge to freeze the corresponding PCI host bridge, blocking hotplug event notifications to the kernel. As a result, the removed device will not be detected until the system is rebooted. Alternatively, the issue can also be observed by programmatically removing a device from a slot, which leaves the host bridge frozen and requires a reboot to clear the state and redetect the device.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability. Instructions for downloading the patched version can be found in the Linux kernel repository.