In the Linux kernel, the following vulnerability has been resolved:
PCI: Add missing bridge lock to pcibuslock()
One of the true positives that the cfgaccesslock lockdep effort identified is this sequence:
WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pcibridgesecondarybusreset+0x5d/0x70 RIP: 0010:pcibridgesecondarybusreset+0x5d/0x70 Call Trace: <TASK> ? _warn+0x8c/0x190 ? pcibridgesecondarybusreset+0x5d/0x70 ? reportbug+0x1f8/0x200 ? handlebug+0x3c/0x70 ? excinvalidop+0x18/0x70 ? asmexcinvalidop+0x1a/0x20 ? pcibridgesecondarybusreset+0x5d/0x70 pciresetbus+0x1d8/0x270 vmdprobe+0x778/0xa10 pcidevice_probe+0x95/0x120
Where pciresetbus() users are triggering unlocked secondary bus resets. Ironically pcibusreset(), several calls down from pciresetbus(), uses pcibuslock() before issuing the reset which locks everything but the bridge itself.
For the same motivation as adding:
bridge = pciupstreambridge(dev); if (bridge) pcidevlock(bridge);
to pciresetfunction() for the "bus" and "cxlbus" reset cases, add pcidevlock() for @bus->self to pcibus_lock().
[bhelgaas: squash in recursive locking deadlock fix from Keith Busch: https://lore.kernel.org/r/20240711193650.701834-1-kbusch@meta.com]