Linux Kernel PCI/IOV SR-IOV Locking Vulnerability

A vulnerability in the Linux kernel's PCI/IOV subsystem related to SR-IOV management has been addressed. The issue arose because the process of disabling SR-IOV did not properly synchronize with concurrent operations that could remove or rescan PCI devices. This lack of locking could lead to double removal and corruption of the device list, particularly on s390 architecture. The vulnerability was introduced when PCI device removal was factored out into a separate function without adding the necessary synchronization. Exploitation of this vulnerability could cause list corruption and unpredictable behavior in the device management system.

Impact

The vulnerability could lead to double removal of PCI devices and corruption of the device management list, causing instability in the system's handling of virtual functions.

Reproduction

The vulnerability can be reproduced by disabling SR-IOV on a PCI device without the proper locking mechanism in place. This can be done by accessing the device's configuration space through the parent physical function, which triggers the removal of virtual functions. The absence of synchronization allows for a race condition, where the removal process can be interrupted, leading to list corruption.

Remediation

The vulnerability has been fixed by adding the necessary locking mechanisms to the SR-IOV management functions, ensuring that device removals are properly synchronized with concurrent operations.