ACK: [SRU][O/N/J][PATCH 0/1] CVE-2025-21701
Koichiro Den
koichiro.den at canonical.com
Thu Feb 20 01:54:51 UTC 2025
On Tue, Feb 18, 2025 at 12:38:37PM GMT, Tim Whisonant wrote:
> [Impact]
>
> net: avoid race between device unregistration and ethnl ops
>
> A panic can occur if a device is being unregistered while its
> number of channels are being modified.
>
> This is because unregister_netdevice_many_notify might run
> before the rtnl lock section of ethnl operations, eg.
> set_channels. In this example the rss lock would be
> destroyed by the device unregistration path before being
> used again, but in general running ethnl operations while
> dismantle has started is not a good idea. Fix this by
> denying any operation on devices being unregistered.
>
> A check was already there in ethnl_ops_begin, but not wide
> enough. Note that the same issue cannot be seen on the ioctl
> version (__dev_ethtool) because the device reference is
> retrieved from within the rtnl lock section there. Once
> dismantle started, the net device is unlisted and no
> reference will be found.
>
> [Cherry Pick]
>
> The patch applied cleanly to Oracular, Noble, and Jammy.
>
> [Fix]
>
> Oracular: cherry picked from upstream
> Noble: applied Oracular patch
> Jammy: applied Oracular patch
> Focal: not affected
> Bionic: not affected
> Xenial: not affected
> Trusty: not affected
>
> [Test Plan]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> The change is isolated to the ethtool netlink driver. Regressions
> would manifest at op initiation time in close proximity to a device
> unregister request.
>
> Antoine Tenart (1):
> net: avoid race between device unregistration and ethnl ops
>
> net/ethtool/netlink.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
Acked-by: Koichiro Den <koichiro.den at canonical.com>
More information about the kernel-team
mailing list