Linux Kernel PCI SR-IOV Deadlock Vulnerability

A deadlock vulnerability has been identified in the Linux kernel's PCI SR-IOV handling. This issue arises from the improper management of locking mechanisms when enabling or disabling SR-IOV, particularly with certain network devices. The vulnerability is present in the Linux kernel stable tree and affects various versions within this tree. The deadlock occurs because the 'pci_rescan_remove_lock' is recursively engaged, creating a conflict when virtual functions are removed as part of the device's shutdown process. This problem can be reproduced by manipulating the SR-IOV virtual function settings of a PCI device, such as a Mellanox ConnectX-5 network card.

Impact

Exploitation of this vulnerability leads to a deadlock condition, where the system becomes unresponsive due to conflicting lock management. This can cause significant disruptions, especially in environments that rely on dynamic PCI SR-IOV management.

Reproduction

The vulnerability can be reproduced by writing a value to the 'sriov_numvfs' file of a PCI device, followed by a command to remove the device. This sequence triggers the deadlock by causing the kernel to attempt to acquire a lock that is already held, leading to a stalled process.

Remediation

The vulnerability has been addressed in the Linux kernel stable tree. Users should upgrade to the latest version available in this branch.