DEBIAN-CVE-2025-38372

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling _xastore() and _xaerase() were used without holding the proper lock, which led to a lockdep warning due to unsafe RCU usage. This patch replaces them with xastore() and xaerase(), which perform the necessary locking internally. ============================= WARNING: suspicious RCPU usage 6.14.0-rc7forupstreamdebug202503181501 #1 Not tainted ----------------------------- ./include/linux/xarray.h:1211 suspicious rcudereferenceprotected() usage! other info that might help us debug this: rcuscheduleractive = 2, debuglocks = 1 3 locks held by kworker/u136:0/219: at: processonework+0xbe4/0x15f0 processonework+0x75c/0x15f0 pagefaultmr+0x9a5/0x1390 [mlx5ib] stack backtrace: CPU: 14 UID: 0 PID: 219 Comm: kworker/u136:0 Not tainted 6.14.0-rc7forupstreamdebug202503181501 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 Workqueue: mlx5ibpagefault mlx5ibeqepfaction [mlx5ib] Call Trace: dumpstacklvl+0xa8/0xc0 lockdeprcususpicious+0x1e6/0x260 xascreate+0xb8a/0xee0 xasstore+0x73/0x14c0 _xastore+0x13c/0x220 ? xastorerange+0x390/0x390 ? spinbug+0x1d0/0x1d0 pagefaultmr+0xcb5/0x1390 [mlx5ib] ? rawspinunlock+0x1f/0x30 mlx5ibeqepfaction+0x3be/0x2620 [mlx5ib] ? lockdephardirqsonprepare+0x400/0x400 ? mlx5ibinvalidaterange+0xcb0/0xcb0 [mlx5ib] processonework+0x7db/0x15f0 ? pwqdecnrinflight+0xda0/0xda0 ? assignwork+0x168/0x240 workerthread+0x57d/0xcd0 ? rescuerthread+0xc40/0xc40 kthread+0x3b3/0x800 ? kthreadispercpu+0xb0/0xb0 ? lockdowngrade+0x680/0x680 ? dorawspinlock+0x12d/0x270 ? spinbug+0x1d0/0x1d0 ? finishtaskswitch.isra.0+0x284/0x9e0 ? lockdephardirqsonprepare+0x284/0x400 ? kthreadispercpu+0xb0/0xb0 retfromfork+0x2d/0x70 ? kthreadispercpu+0xb0/0xb0 retfromforkasm+0x11/0x20