[SRU][O/N/J][PATCH 0/1] CVE-2025-21701

[Tim Whisonant]

[Impact]

net: avoid race between device unregistration and ethnl ops

A panic can occur if a device is being unregistered while its
number of channels are being modified.

This is because unregister_netdevice_many_notify might run
before the rtnl lock section of ethnl operations, eg.
set_channels. In this example the rss lock would be
destroyed by the device unregistration path before being
used again, but in general running ethnl operations while
dismantle has started is not a good idea. Fix this by
denying any operation on devices being unregistered.

A check was already there in ethnl_ops_begin, but not wide
enough. Note that the same issue cannot be seen on the ioctl
version (__dev_ethtool) because the device reference is
retrieved from within the rtnl lock section there. Once
dismantle started, the net device is unlisted and no
reference will be found.

[Cherry Pick]

The patch applied cleanly to Oracular, Noble, and Jammy.

[Fix]

Oracular: cherry picked from upstream
Noble:    applied Oracular patch
Jammy:    applied Oracular patch
Focal:    not affected
Bionic:   not affected
Xenial:   not affected
Trusty:   not affected

[Test Plan]

Compile and boot tested.

[Where problems could occur]

The change is isolated to the ethtool netlink driver. Regressions
would manifest at op initiation time in close proximity to a device
unregister request.

Antoine Tenart (1):
  net: avoid race between device unregistration and ethnl ops

 net/ethtool/netlink.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

-- 
2.43.0