CVE-2025-40238

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Fix IPsec cleanup over MPV device

When we do mlx5edetachnetdev() we eventually disable blocking events notifier, among those events are IPsec MPV events from IB to core.

So before disabling those blocking events, make sure to also unregister the devcom device and mark all this device operations as complete, in order to prevent the other device from using invalid netdev during future devcom events which could cause the trace below.

BUG: kernel NULL pointer dereference, address: 0000000000000010 PGD 146427067 P4D 146427067 PUD 146488067 PMD 0 Oops: Oops: 0000 [#1] SMP CPU: 1 UID: 0 PID: 7735 Comm: devlink Tainted: GW 6.12.0-rc6forupstreammindebug202411080046 #1 Tainted: [W]=WARN Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:mlx5devcomcompsetready+0x5/0x40 [mlx5core] Code: 00 01 48 83 05 23 32 1e 00 01 41 b8 ed ff ff ff e9 60 ff ff ff 48 83 05 00 32 1e 00 01 eb e3 66 0f 1f 44 00 00 0f 1f 44 00 00 <48> 8b 47 10 48 83 05 5f 32 1e 00 01 48 8b 50 40 48 85 d2 74 05 40 RSP: 0018:ffff88811a5c35f8 EFLAGS: 00010206 RAX: ffff888106e8ab80 RBX: ffff888107d7e200 RCX: ffff88810d6f0a00 RDX: ffff88810d6f0a00 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffff88811a17e620 R08: 0000000000000040 R09: 0000000000000000 R10: ffff88811a5c3618 R11: 0000000de85d51bd R12: ffff88811a17e600 R13: ffff88810d6f0a00 R14: 0000000000000000 R15: ffff8881034bda80 FS: 00007f27bdf89180(0000) GS:ffff88852c880000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000010 CR3: 000000010f159005 CR4: 0000000000372eb0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? _die+0x20/0x60 ? pagefaultoops+0x150/0x3e0 ? excpagefault+0x74/0x130 ? asmexcpagefault+0x22/0x30 ? mlx5devcomcompsetready+0x5/0x40 [mlx5core] mlx5edevcomeventmpv+0x42/0x60 [mlx5core] mlx5devcomsendevent+0x8c/0x170 [mlx5core] blockingevent+0x17b/0x230 [mlx5core] notifiercallchain+0x35/0xa0 blockingnotifiercallchain+0x3d/0x60 mlx5blockingnotifiercallchain+0x22/0x30 [mlx5core] mlx5corempeventreplay+0x12/0x20 [mlx5core] mlx5ibbindslaveport+0x228/0x2c0 [mlx5ib] mlx5ibstageinitinit+0x664/0x9d0 [mlx5ib] ? idralloccyclic+0x50/0xb0 ? _kmalloccachenoprof+0x167/0x340 ? _kmallocnoprof+0x1a7/0x430 _mlx5ibadd+0x34/0xd0 [mlx5ib] mlx5rprobe+0xe9/0x310 [mlx5ib] ? kernfsaddone+0x107/0x150 ? _mlx5ibadd+0xd0/0xd0 [mlx5ib] auxiliarybusprobe+0x3e/0x90 reallyprobe+0xc5/0x3a0 ? driverprobedevice+0x90/0x90 _driverprobedevice+0x80/0x160 driverprobedevice+0x1e/0x90 _deviceattachdriver+0x7d/0x100 busforeachdrv+0x80/0xd0 _deviceattach+0xbc/0x1f0 busprobedevice+0x86/0xa0 deviceadd+0x62d/0x830 _auxiliarydeviceadd+0x3b/0xa0 ? auxiliarydeviceinit+0x41/0x90 addadev+0xd1/0x150 [mlx5core] mlx5rescandriverslocked+0x21c/0x300 [mlx5core] eswmodechange+0x6c/0xc0 [mlx5core] mlx5devlinkeswitchmodeset+0x21e/0x640 [mlx5core] devlinknleswitchsetdoit+0x60/0xe0 genlfamilyrcvmsgdoit+0xd0/0x120 genlrcvmsg+0x180/0x2b0 ? devlinkgetfromattrslock+0x170/0x170 ? devlinknleswitchgetdoit+0x290/0x290 ? devlinknlpredoitportoptional+0x50/0x50 ? genlfamilyrcvmsgdumpit+0xf0/0xf0 netlinkrcvskb+0x54/0x100 genlrcv+0x24/0x40 netlinkunicast+0x1fc/0x2d0 netlinksendmsg+0x1e4/0x410 _socksendmsg+0x38/0x60 ? sockfdlookuplight+0x12/0x60 _syssendto+0x105/0x160 ? _sysrecvmsg+0x4e/0x90 _x64syssendto+0x20/0x30 dosyscall64+0x4c/0x100 entrySYSCALL64afterhwframe+0x4b/0x53 RIP: 0033:0x7f27bc91b13a Code: bb 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 8b 05 fa 96 2c 00 45 89 c9 4c 63 d1 48 63 ff 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff ---truncated---