{"id":"CVE-2022-48840","summary":"iavf: Fix hang during reboot/shutdown","details":"In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix hang during reboot/shutdown\n\nRecent commit 974578017fc1 (\"iavf: Add waiting so the port is\ninitialized in remove\") adds a wait-loop at the beginning of\niavf_remove() to ensure that port initialization is finished\nprior unregistering net device. This causes a regression\nin reboot/shutdown scenario because in this case callback\niavf_shutdown() is called and this callback detaches the device,\nmakes it down if it is running and sets its state to __IAVF_REMOVE.\nLater shutdown callback of associated PF driver (e.g. ice_shutdown)\nis called. That callback calls among other things sriov_disable()\nthat calls indirectly iavf_remove() (see stack trace below).\nAs the adapter state is already __IAVF_REMOVE then the mentioned\nloop is end-less and shutdown process hangs.\n\nThe patch fixes this by checking adapter's state at the beginning\nof iavf_remove() and skips the rest of the function if the adapter\nis already in remove state (shutdown is in progress).\n\nReproducer:\n1. Create VF on PF driven by ice or i40e driver\n2. Ensure that the VF is bound to iavf driver\n3. Reboot\n\n[52625.981294] sysrq: SysRq : Show Blocked State\n[52625.988377] task:reboot          state:D stack:    0 pid:17359 ppid:     1 f2\n[52625.996732] Call Trace:\n[52625.999187]  __schedule+0x2d1/0x830\n[52626.007400]  schedule+0x35/0xa0\n[52626.010545]  schedule_hrtimeout_range_clock+0x83/0x100\n[52626.020046]  usleep_range+0x5b/0x80\n[52626.023540]  iavf_remove+0x63/0x5b0 [iavf]\n[52626.027645]  pci_device_remove+0x3b/0xc0\n[52626.031572]  device_release_driver_internal+0x103/0x1f0\n[52626.036805]  pci_stop_bus_device+0x72/0xa0\n[52626.040904]  pci_stop_and_remove_bus_device+0xe/0x20\n[52626.045870]  pci_iov_remove_virtfn+0xba/0x120\n[52626.050232]  sriov_disable+0x2f/0xe0\n[52626.053813]  ice_free_vfs+0x7c/0x340 [ice]\n[52626.057946]  ice_remove+0x220/0x240 [ice]\n[52626.061967]  ice_shutdown+0x16/0x50 [ice]\n[52626.065987]  pci_device_shutdown+0x34/0x60\n[52626.070086]  device_shutdown+0x165/0x1c5\n[52626.074011]  kernel_restart+0xe/0x30\n[52626.077593]  __do_sys_reboot+0x1d2/0x210\n[52626.093815]  do_syscall_64+0x5b/0x1a0\n[52626.097483]  entry_SYSCALL_64_after_hwframe+0x65/0xca","modified":"2026-04-11T12:43:07.875521Z","published":"2024-07-16T12:25:11.173Z","related":["SUSE-SU-2024:2894-1","SUSE-SU-2024:2902-1","SUSE-SU-2024:2929-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2947-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48840.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/4477b9a4193b35eb3a8afd2adf2d42add2f88d57"},{"type":"WEB","url":"https://git.kernel.org/stable/c/80974bb730270199c6fcb189af04d5945b87e813"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b04683ff8f0823b869c219c78ba0d974bddea0b5"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48840.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48840"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"85aa76066fef64de8a48d0da6b4071ceac455a94"},{"fixed":"80974bb730270199c6fcb189af04d5945b87e813"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"7b9515172ab4d4c6ac0eae4b71013ee6ce932205"},{"fixed":"4477b9a4193b35eb3a8afd2adf2d42add2f88d57"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"974578017fc1fdd06cea8afb9dfa32602e8529ed"},{"fixed":"b04683ff8f0823b869c219c78ba0d974bddea0b5"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48840.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.15.27"},{"fixed":"5.15.31"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.13"},{"fixed":"5.16.17"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48840.json"}}],"schema_version":"1.7.5"}