Vulnerability Details CVE-2026-45904
In the Linux kernel, the following vulnerability has been resolved:
powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling
The recent commit 1010b4c012b0 ("powerpc/eeh: Make EEH driver device
hotplug safe") restructured the EEH driver to improve synchronization
with the PCI hotplug layer.
However, it inadvertently moved pci_lock_rescan_remove() outside its
intended scope in eeh_handle_normal_event(), leading to broken PCI
error reporting and improper EEH event triggering. Specifically,
eeh_handle_normal_event() acquired pci_lock_rescan_remove() before
calling eeh_pe_bus_get(), but eeh_pe_bus_get() itself attempts to
acquire the same lock internally, causing nested locking and disrupting
normal EEH event handling paths.
This patch adds a boolean parameter do_lock to _eeh_pe_bus_get(),
with two public wrappers:
eeh_pe_bus_get() with locking enabled.
eeh_pe_bus_get_nolock() that skips locking.
Callers that already hold pci_lock_rescan_remove() now use
eeh_pe_bus_get_nolock() to avoid recursive lock acquisition.
Additionally, pci_lock_rescan_remove() calls are restored to the correct
position—after eeh_pe_bus_get() and immediately before iterating affected
PEs and devices. This ensures EEH-triggered PCI removes occur under proper
bus rescan locking without recursive lock contention.
The eeh_pe_loc_get() function has been split into two functions:
eeh_pe_loc_get(struct eeh_pe *pe) which retrieves the loc for given PE.
eeh_pe_loc_get_bus(struct pci_bus *bus) which retrieves the location
code for given bus.
This resolves lockdep warnings such as:
<snip>
[ 84.964298] [ T928] ============================================
[ 84.964304] [ T928] WARNING: possible recursive locking detected
[ 84.964311] [ T928] 6.18.0-rc3 #51 Not tainted
[ 84.964315] [ T928] --------------------------------------------
[ 84.964320] [ T928] eehd/928 is trying to acquire lock:
[ 84.964324] [ T928] c000000003b29d58 (pci_rescan_remove_lock){+.+.}-{3:3}, at: pci_lock_rescan_remove+0x28/0x40
[ 84.964342] [ T928]
but task is already holding lock:
[ 84.964347] [ T928] c000000003b29d58 (pci_rescan_remove_lock){+.+.}-{3:3}, at: pci_lock_rescan_remove+0x28/0x40
[ 84.964357] [ T928]
other info that might help us debug this:
[ 84.964363] [ T928] Possible unsafe locking scenario:
[ 84.964367] [ T928] CPU0
[ 84.964370] [ T928] ----
[ 84.964373] [ T928] lock(pci_rescan_remove_lock);
[ 84.964378] [ T928] lock(pci_rescan_remove_lock);
[ 84.964383] [ T928]
*** DEADLOCK ***
[ 84.964388] [ T928] May be due to missing lock nesting notation
[ 84.964393] [ T928] 1 lock held by eehd/928:
[ 84.964397] [ T928] #0: c000000003b29d58 (pci_rescan_remove_lock){+.+.}-{3:3}, at: pci_lock_rescan_remove+0x28/0x40
[ 84.964408] [ T928]
stack backtrace:
[ 84.964414] [ T928] CPU: 2 UID: 0 PID: 928 Comm: eehd Not tainted 6.18.0-rc3 #51 VOLUNTARY
[ 84.964417] [ T928] Hardware name: IBM,9080-HEX POWER10 (architected) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_022) hv:phyp pSeries
[ 84.964419] [ T928] Call Trace:
[ 84.964420] [ T928] [c0000011a7157990] [c000000001705de4] dump_stack_lvl+0xc8/0x130 (unreliable)
[ 84.964424] [ T928] [c0000011a71579d0] [c0000000002f66e0] print_deadlock_bug+0x430/0x440
[ 84.964428] [ T928] [c0000011a7157a70] [c0000000002fd0c0] __lock_acquire+0x1530/0x2d80
[ 84.964431] [ T928] [c0000011a7157ba0] [c0000000002fea54] lock_acquire+0x144/0x410
[ 84.964433] [ T928] [c0000011a7157cb0] [c0000011a7157cb0] __mutex_lock+0xf4/0x1050
[ 84.964436] [ T928] [c0000011a7157e00] [c000000000de21d8] pci_lock_rescan_remove+0x28/0x40
[ 84.964439] [ T928] [c0000011a7157e20] [c00000000004ed98] eeh_pe_bus_get+0x48/0xc0
[ 84.964442] [ T928] [c0000011a7157e50] [c00000
---truncated---
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 5.1%
CVSS Severity
CVSS v3 Score 5.5
Products affected by CVE-2026-45904
-
cpe:2.3:o:linux:linux_kernel:5.10.241
-
cpe:2.3:o:linux:linux_kernel:5.10.242
-
cpe:2.3:o:linux:linux_kernel:5.10.243
-
cpe:2.3:o:linux:linux_kernel:5.10.244
-
cpe:2.3:o:linux:linux_kernel:5.10.245
-
cpe:2.3:o:linux:linux_kernel:5.10.246
-
cpe:2.3:o:linux:linux_kernel:5.10.247
-
cpe:2.3:o:linux:linux_kernel:5.10.248
-
cpe:2.3:o:linux:linux_kernel:5.10.249
-
cpe:2.3:o:linux:linux_kernel:5.10.250
-
cpe:2.3:o:linux:linux_kernel:5.10.251
-
cpe:2.3:o:linux:linux_kernel:5.15.190
-
cpe:2.3:o:linux:linux_kernel:5.15.191
-
cpe:2.3:o:linux:linux_kernel:5.15.192
-
cpe:2.3:o:linux:linux_kernel:5.15.193
-
cpe:2.3:o:linux:linux_kernel:5.15.194
-
cpe:2.3:o:linux:linux_kernel:5.15.195
-
cpe:2.3:o:linux:linux_kernel:5.15.196
-
cpe:2.3:o:linux:linux_kernel:5.15.197
-
cpe:2.3:o:linux:linux_kernel:5.15.198
-
cpe:2.3:o:linux:linux_kernel:5.15.199
-
cpe:2.3:o:linux:linux_kernel:5.15.200
-
cpe:2.3:o:linux:linux_kernel:5.15.201
-
cpe:2.3:o:linux:linux_kernel:6.1.148
-
cpe:2.3:o:linux:linux_kernel:6.1.149
-
cpe:2.3:o:linux:linux_kernel:6.1.150
-
cpe:2.3:o:linux:linux_kernel:6.1.151
-
cpe:2.3:o:linux:linux_kernel:6.1.152
-
cpe:2.3:o:linux:linux_kernel:6.1.153
-
cpe:2.3:o:linux:linux_kernel:6.1.154
-
cpe:2.3:o:linux:linux_kernel:6.1.155
-
cpe:2.3:o:linux:linux_kernel:6.1.156
-
cpe:2.3:o:linux:linux_kernel:6.1.157
-
cpe:2.3:o:linux:linux_kernel:6.1.158
-
cpe:2.3:o:linux:linux_kernel:6.1.159
-
cpe:2.3:o:linux:linux_kernel:6.1.160
-
cpe:2.3:o:linux:linux_kernel:6.1.161
-
cpe:2.3:o:linux:linux_kernel:6.1.162
-
cpe:2.3:o:linux:linux_kernel:6.1.163
-
cpe:2.3:o:linux:linux_kernel:6.1.164
-
cpe:2.3:o:linux:linux_kernel:6.12.42
-
cpe:2.3:o:linux:linux_kernel:6.12.43
-
cpe:2.3:o:linux:linux_kernel:6.12.44
-
cpe:2.3:o:linux:linux_kernel:6.12.45
-
cpe:2.3:o:linux:linux_kernel:6.12.46
-
cpe:2.3:o:linux:linux_kernel:6.12.47
-
cpe:2.3:o:linux:linux_kernel:6.12.48
-
cpe:2.3:o:linux:linux_kernel:6.12.49
-
cpe:2.3:o:linux:linux_kernel:6.12.50
-
cpe:2.3:o:linux:linux_kernel:6.12.51
-
cpe:2.3:o:linux:linux_kernel:6.12.52
-
cpe:2.3:o:linux:linux_kernel:6.12.53
-
cpe:2.3:o:linux:linux_kernel:6.12.54
-
cpe:2.3:o:linux:linux_kernel:6.12.55
-
cpe:2.3:o:linux:linux_kernel:6.12.56
-
cpe:2.3:o:linux:linux_kernel:6.12.57
-
cpe:2.3:o:linux:linux_kernel:6.12.58
-
cpe:2.3:o:linux:linux_kernel:6.12.59
-
cpe:2.3:o:linux:linux_kernel:6.12.60
-
cpe:2.3:o:linux:linux_kernel:6.12.61
-
cpe:2.3:o:linux:linux_kernel:6.12.62
-
cpe:2.3:o:linux:linux_kernel:6.12.63
-
cpe:2.3:o:linux:linux_kernel:6.12.64
-
cpe:2.3:o:linux:linux_kernel:6.12.65
-
cpe:2.3:o:linux:linux_kernel:6.12.66
-
cpe:2.3:o:linux:linux_kernel:6.12.67
-
cpe:2.3:o:linux:linux_kernel:6.12.68
-
cpe:2.3:o:linux:linux_kernel:6.12.69
-
cpe:2.3:o:linux:linux_kernel:6.12.70
-
cpe:2.3:o:linux:linux_kernel:6.12.72
-
cpe:2.3:o:linux:linux_kernel:6.12.74
-
cpe:2.3:o:linux:linux_kernel:6.15.10
-
cpe:2.3:o:linux:linux_kernel:6.15.11
-
cpe:2.3:o:linux:linux_kernel:6.16.1
-
cpe:2.3:o:linux:linux_kernel:6.16.10
-
cpe:2.3:o:linux:linux_kernel:6.16.11
-
cpe:2.3:o:linux:linux_kernel:6.16.12
-
cpe:2.3:o:linux:linux_kernel:6.16.2
-
cpe:2.3:o:linux:linux_kernel:6.16.3
-
cpe:2.3:o:linux:linux_kernel:6.16.4
-
cpe:2.3:o:linux:linux_kernel:6.16.5
-
cpe:2.3:o:linux:linux_kernel:6.16.6
-
cpe:2.3:o:linux:linux_kernel:6.16.7
-
cpe:2.3:o:linux:linux_kernel:6.16.8
-
cpe:2.3:o:linux:linux_kernel:6.16.9
-
cpe:2.3:o:linux:linux_kernel:6.17
-
cpe:2.3:o:linux:linux_kernel:6.17.1
-
cpe:2.3:o:linux:linux_kernel:6.17.10
-
cpe:2.3:o:linux:linux_kernel:6.17.11
-
cpe:2.3:o:linux:linux_kernel:6.17.12
-
cpe:2.3:o:linux:linux_kernel:6.17.13
-
cpe:2.3:o:linux:linux_kernel:6.17.2
-
cpe:2.3:o:linux:linux_kernel:6.17.3
-
cpe:2.3:o:linux:linux_kernel:6.17.4
-
cpe:2.3:o:linux:linux_kernel:6.17.5
-
cpe:2.3:o:linux:linux_kernel:6.17.6
-
cpe:2.3:o:linux:linux_kernel:6.17.7
-
cpe:2.3:o:linux:linux_kernel:6.17.8
-
cpe:2.3:o:linux:linux_kernel:6.17.9
-
cpe:2.3:o:linux:linux_kernel:6.18
-
cpe:2.3:o:linux:linux_kernel:6.18.1
-
cpe:2.3:o:linux:linux_kernel:6.18.10
-
cpe:2.3:o:linux:linux_kernel:6.18.11
-
cpe:2.3:o:linux:linux_kernel:6.18.13
-
cpe:2.3:o:linux:linux_kernel:6.18.2
-
cpe:2.3:o:linux:linux_kernel:6.18.3
-
cpe:2.3:o:linux:linux_kernel:6.18.4
-
cpe:2.3:o:linux:linux_kernel:6.18.5
-
cpe:2.3:o:linux:linux_kernel:6.18.6
-
cpe:2.3:o:linux:linux_kernel:6.18.7
-
cpe:2.3:o:linux:linux_kernel:6.18.8
-
cpe:2.3:o:linux:linux_kernel:6.18.9
-
cpe:2.3:o:linux:linux_kernel:6.19
-
cpe:2.3:o:linux:linux_kernel:6.19.1
-
cpe:2.3:o:linux:linux_kernel:6.19.3
-
cpe:2.3:o:linux:linux_kernel:6.6.102
-
cpe:2.3:o:linux:linux_kernel:6.6.103
-
cpe:2.3:o:linux:linux_kernel:6.6.104
-
cpe:2.3:o:linux:linux_kernel:6.6.105
-
cpe:2.3:o:linux:linux_kernel:6.6.106
-
cpe:2.3:o:linux:linux_kernel:6.6.107
-
cpe:2.3:o:linux:linux_kernel:6.6.108
-
cpe:2.3:o:linux:linux_kernel:6.6.109
-
cpe:2.3:o:linux:linux_kernel:6.6.110
-
cpe:2.3:o:linux:linux_kernel:6.6.111
-
cpe:2.3:o:linux:linux_kernel:6.6.112
-
cpe:2.3:o:linux:linux_kernel:6.6.113
-
cpe:2.3:o:linux:linux_kernel:6.6.114
-
cpe:2.3:o:linux:linux_kernel:6.6.115
-
cpe:2.3:o:linux:linux_kernel:6.6.116
-
cpe:2.3:o:linux:linux_kernel:6.6.117
-
cpe:2.3:o:linux:linux_kernel:6.6.118
-
cpe:2.3:o:linux:linux_kernel:6.6.119
-
cpe:2.3:o:linux:linux_kernel:6.6.120
-
cpe:2.3:o:linux:linux_kernel:6.6.121
-
cpe:2.3:o:linux:linux_kernel:6.6.122
-
cpe:2.3:o:linux:linux_kernel:6.6.123
-
cpe:2.3:o:linux:linux_kernel:6.6.124
-
cpe:2.3:o:linux:linux_kernel:6.6.125
-
cpe:2.3:o:linux:linux_kernel:6.6.127