Wind River Support Network

Description

In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]idpf: convert control queue mutex to a spinlock[EOL][EOL]With VIRTCHNL2_CAP_MACFILTER enabled, the following warning is generated[EOL]on module load:[EOL][EOL][  324.701677] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578[EOL][  324.701684] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1582, name: NetworkManager[EOL][  324.701689] preempt_count: 201, expected: 0[EOL][  324.701693] RCU nest depth: 0, expected: 0[EOL][  324.701697] 2 locks held by NetworkManager/1582:[EOL][  324.701702]  #0: ffffffff9f7be770 (rtnl_mutex){....}-{3:3}, at: rtnl_newlink+0x791/0x21e0[EOL][  324.701730]  #1: ff1100216c380368 (_xmit_ETHER){....}-{2:2}, at: __dev_open+0x3f0/0x870[EOL][  324.701749] Preemption disabled at:[EOL][  324.701752] [<ffffffff9cd23b9d>] __dev_open+0x3dd/0x870[EOL][  324.701765] CPU: 30 UID: 0 PID: 1582 Comm: NetworkManager Not tainted 6.15.0-rc5+ #2 PREEMPT(voluntary)[EOL][  324.701771] Hardware name: Intel Corporation M50FCP2SBSTD/M50FCP2SBSTD, BIOS SE5C741.86B.01.01.0001.2211140926 11/14/2022[EOL][  324.701774] Call Trace:[EOL][  324.701777]  <TASK>[EOL][  324.701779]  dump_stack_lvl+0x5d/0x80[EOL][  324.701788]  ? __dev_open+0x3dd/0x870[EOL][  324.701793]  __might_resched.cold+0x1ef/0x23d[EOL]<..>[EOL][  324.701818]  __mutex_lock+0x113/0x1b80[EOL]<..>[EOL][  324.701917]  idpf_ctlq_clean_sq+0xad/0x4b0 [idpf][EOL][  324.701935]  ? kasan_save_track+0x14/0x30[EOL][  324.701941]  idpf_mb_clean+0x143/0x380 [idpf][EOL]<..>[EOL][  324.701991]  idpf_send_mb_msg+0x111/0x720 [idpf][EOL][  324.702009]  idpf_vc_xn_exec+0x4cc/0x990 [idpf][EOL][  324.702021]  ? rcu_is_watching+0x12/0xc0[EOL][  324.702035]  idpf_add_del_mac_filters+0x3ed/0xb50 [idpf][EOL]<..>[EOL][  324.702122]  __hw_addr_sync_dev+0x1cf/0x300[EOL][  324.702126]  ? find_held_lock+0x32/0x90[EOL][  324.702134]  idpf_set_rx_mode+0x317/0x390 [idpf][EOL][  324.702152]  __dev_open+0x3f8/0x870[EOL][  324.702159]  ? __pfx___dev_open+0x10/0x10[EOL][  324.702174]  __dev_change_flags+0x443/0x650[EOL]<..>[EOL][  324.702208]  netif_change_flags+0x80/0x160[EOL][  324.702218]  do_setlink.isra.0+0x16a0/0x3960[EOL]<..>[EOL][  324.702349]  rtnl_newlink+0x12fd/0x21e0[EOL][EOL]The sequence is as follows:[EOL]\trtnl_newlink()->[EOL]\t__dev_change_flags()->[EOL]\t__dev_open()->[EOL]\tdev_set_rx_mode() - >  # disables BH and grabs "dev->addr_list_lock"[EOL]\tidpf_set_rx_mode() ->  # proceed only if VIRTCHNL2_CAP_MACFILTER is ON[EOL]\t__dev_uc_sync() ->[EOL]\tidpf_add_mac_filter ->[EOL]\tidpf_add_del_mac_filters ->[EOL]\tidpf_send_mb_msg() ->[EOL]\tidpf_mb_clean() ->[EOL]\tidpf_ctlq_clean_sq()   # mutex_lock(cq_lock)[EOL][EOL]Fix by converting cq_lock to a spinlock. All operations under the new[EOL]lock are safe except freeing the DMA memory, which may use vunmap(). Fix[EOL]by requesting a contiguous physical memory for the DMA mapping.

CREATE(Triage):(User=admin) [CVE-2025-38392 (https://nvd.nist.gov/vuln/detail/CVE-2025-38392)