CVE-2022-50636

In the Linux kernel, the following vulnerability has been resolved:

PCI: Fix pcideviceis_present() for VFs by checking PF

pcideviceis_present() previously didn't work for VFs because it reads the Vendor and Device ID, which are 0xffff for VFs, which looks like they aren't present. Check the PF instead.

Wei Gong reported that if virtio I/O is in progress when the driver is unbound or "0" is written to /sys/.../sriov_numvfs, the virtio I/O operation hangs, which may result in output like this:

task:bash state:D stack: 0 pid: 1773 ppid: 1241 flags:0x00004002 Call Trace: schedule+0x4f/0xc0 blkmqfreezequeuewait+0x69/0xa0 blkmqfreezequeue+0x1b/0x20 blkcleanupqueue+0x3d/0xd0 virtblkremove+0x3c/0xb0 [virtioblk] virtiodevremove+0x4b/0x80 ... deviceunregister+0x1b/0x60 unregistervirtiodevice+0x18/0x30 virtiopciremove+0x41/0x80 pcideviceremove+0x3e/0xb0

This happened because pcideviceispresent(VF) returned "false" in virtiopciremove(), so it called virtiobreakdevice(). The broken vq meant that vringinterrupt() skipped the vq.callback() that would have completed the virtio I/O operation via virtblk_done().

[bhelgaas: commit log, simplify to always use pci_physfn(), add stable tag]