CVE-2022-49434

In the Linux kernel, the following vulnerability has been resolved:

PCI: Avoid pcidevlock() AB/BA deadlock with sriovnumvfsstore()

The sysfs sriovnumvfsstore() path acquires the device lock before the config space access lock:

sriovnumvfsstore devicelock # A (1) acquire device lock sriovconfigure vfiopcisriovconfigure # (for example) vfiopcicoresriovconfigure pcidisablesriov sriovdisable pcicfgaccesslock pciwaitcfg # B (4) wait for dev->blockcfg_access == 0

Previously, pcidevlock() acquired the config space access lock before the device lock:

pcidevlock pcicfgaccesslock dev->blockcfgaccess = 1 # B (2) set dev->blockcfgaccess = 1 devicelock # A (3) wait for device lock

Any path that uses pcidevlock(), e.g., pciresetfunction(), may deadlock with sriovnumvfsstore() if the operations occur in the sequence (1) (2) (3) (4).

Avoid the deadlock by reversing the order in pcidevlock() so it acquires the device lock before the config space access lock, the same as the sriovnumvfsstore() path.

[bhelgaas: combined and adapted commit log from Jay Zhou's independent subsequent posting: https://lore.kernel.org/r/20220404062539.1710-1-jianjay.zhou@huawei.com]