CVE-2022-49434: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49434 is a vulnerability in the Linux kernel related to a potential deadlock condition in the PCI subsystem. The issue specifically involves the interaction between sriov_numvfs_store() and pci_dev_lock() functions, where an AB/BA deadlock can occur due to incorrect lock ordering. This vulnerability was discovered and reported in 2022, affecting the Linux kernel's PCI driver implementation (Kernel Git).

The vulnerability stems from inconsistent lock acquisition ordering between two code paths. The sriov_numvfs_store() path acquires the device lock before the config space access lock, while pci_dev_lock() previously acquired them in the opposite order. This could lead to a deadlock when operations occur in the sequence: (1) acquire device lock, (2) set block_cfg_access, (3) wait for device lock, (4) wait for block_cfg_access to clear. The issue particularly affects paths that use pci_dev_lock(), such as pci_reset_function() (NVD).

The vulnerability can result in a system deadlock when specific PCI operations are performed simultaneously. This could affect system stability and availability, particularly in environments that heavily utilize SR-IOV (Single Root I/O Virtualization) functionality (Kernel Git).

The issue has been fixed by reversing the lock acquisition order in pci_dev_lock() to match the order used in sriov_numvfs_store(). The fix ensures that both paths acquire the device lock before the config space access lock, preventing the deadlock condition (Kernel Git).