CVE-2022-50045

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.0-yocto-standard+

Description A vulnerability in the Linux kernel has been resolved, related to the powerpc/pci component. The issue arises from the get phb number() function, which causes a DEBUG ATOMIC SLEEP warning on some systems due to incorrect locking. This warning occurs because pcibios alloc controller() holds the hose spinlock but of alias get id() takes the of mutex, which can sleep. The hose spinlock protects the phb bitmap and the hose list, but it does not need to be held while get phb number() calls the OF routines, as these only look up information in the device tree.

Recommendations For Linux kernel versions prior to 5.19.0-yocto-standard+, consider updating to a version that includes the fix for the get phb number() locking issue. As a temporary workaround, modifying the get phb number() function to take the hose spinlock itself only where required, and then dropping the lock before returning, may mitigate the issue. Additionally, pcibios alloc controller() should take the lock again before the list add() operation to ensure safety.