CVE-2025-39908

In the Linux kernel, the following vulnerability has been resolved:

net: dev_ioctl: take ops lock in hwtstamp lower paths

ndo hwtstamp callbacks are expected to run under the per-device ops lock. Make the lower get/set paths consistent with the rest of ndo invocations.

Kernel log: WARNING: CPU: 13 PID: 51364 at ./include/net/netdev_lock.h:70 __netdevupdatefeatures+0x4bd/0xe60 ... RIP: 0010:__netdevupdatefeatures+0x4bd/0xe60 ... Call Trace: <TASK> netdevupdatefeatures+0x1f/0x60 mlx5hwtstampset+0x181/0x290 [mlx5core] mlx5ehwtstampset+0x19/0x30 [mlx5core] devsethwtstampphylib+0x9f/0x220 devsethwtstampphylib+0x9f/0x220 devsethwtstamp+0x13d/0x240 devioctl+0x12f/0x4b0 sockioctl+0x171/0x370 __x64sysioctl+0x3f7/0x900 ? _syssetsockopt+0x69/0xb0 dosyscall64+0x6f/0x2e0 entrySYSCALL64afterhwframe+0x4b/0x53 ... </TASK> .... ---[ end trace 0000000000000000 ]---

Note that the mlx5hwtstampset and mlx5ehwtstampset functions shown in the trace come from an in progress patch converting the legacy ioctl to ndohwtstampget/set and are not present in mainline.