Home

Description

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix pci_device_is_present() for VFs by checking PF pci_device_is_present() previously didn't work for VFs because it reads the Vendor and Device ID, which are 0xffff for VFs, which looks like they aren't present. Check the PF instead. Wei Gong reported that if virtio I/O is in progress when the driver is unbound or "0" is written to /sys/.../sriov_numvfs, the virtio I/O operation hangs, which may result in output like this: task:bash state:D stack: 0 pid: 1773 ppid: 1241 flags:0x00004002 Call Trace: schedule+0x4f/0xc0 blk_mq_freeze_queue_wait+0x69/0xa0 blk_mq_freeze_queue+0x1b/0x20 blk_cleanup_queue+0x3d/0xd0 virtblk_remove+0x3c/0xb0 [virtio_blk] virtio_dev_remove+0x4b/0x80 ... device_unregister+0x1b/0x60 unregister_virtio_device+0x18/0x30 virtio_pci_remove+0x41/0x80 pci_device_remove+0x3e/0xb0 This happened because pci_device_is_present(VF) returned "false" in virtio_pci_remove(), so it called virtio_break_device(). The broken vq meant that vring_interrupt() skipped the vq.callback() that would have completed the virtio I/O operation via virtblk_done(). [bhelgaas: commit log, simplify to always use pci_physfn(), add stable tag]

PUBLISHED Reserved 2025-12-08 | Published 2025-12-09 | Updated 2025-12-09 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before f4b44c7766dae2b8681f621941cabe9f14066d59
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 643d77fda08d06f863af35e80a7e517ea61d9629
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 65bd0962992abd42e77a05e68c7b40e7c73726d1
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 99ef6cc791584495987dd11b14769b450dfa5820
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 67fd41bbb0f51aa648a47f728b99e6f1fa2ccc34
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 81565e51ccaf6fff8910e997ee22e16b5e1dabc3
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 518573988a2f14f517403db2ece5ddaefba21e94
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 98b04dd0b4577894520493d96bc4623387767445
affected

Default status
affected

4.14.303 (semver)
unaffected

4.19.270 (semver)
unaffected

5.4.229 (semver)
unaffected

5.10.163 (semver)
unaffected

5.15.87 (semver)
unaffected

6.0.18 (semver)
unaffected

6.1.4 (semver)
unaffected

6.2 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/f4b44c7766dae2b8681f621941cabe9f14066d59

git.kernel.org/...c/643d77fda08d06f863af35e80a7e517ea61d9629

git.kernel.org/...c/65bd0962992abd42e77a05e68c7b40e7c73726d1

git.kernel.org/...c/99ef6cc791584495987dd11b14769b450dfa5820

git.kernel.org/...c/67fd41bbb0f51aa648a47f728b99e6f1fa2ccc34

git.kernel.org/...c/81565e51ccaf6fff8910e997ee22e16b5e1dabc3

git.kernel.org/...c/518573988a2f14f517403db2ece5ddaefba21e94

git.kernel.org/...c/98b04dd0b4577894520493d96bc4623387767445

cve.org (CVE-2022-50636)

nvd.nist.gov (CVE-2022-50636)

Download JSON