CVE-2025-40219

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> PCI/IOV: Fix race between SR-IOV enable/disable and hotplug<br /> <br /> Commit 05703271c3cd ("PCI/IOV: Add PCI rescan-remove locking when<br /> enabling/disabling SR-IOV") tried to fix a race between the VF removal<br /> inside sriov_del_vfs() and concurrent hot unplug by taking the PCI<br /> rescan/remove lock in sriov_del_vfs(). Similarly the PCI rescan/remove lock<br /> was also taken in sriov_add_vfs() to protect addition of VFs.<br /> <br /> This approach however causes deadlock on trying to remove PFs with SR-IOV<br /> enabled because PFs disable SR-IOV during removal and this removal happens<br /> under the PCI rescan/remove lock. So the original fix had to be reverted.<br /> <br /> Instead of taking the PCI rescan/remove lock in sriov_add_vfs() and<br /> sriov_del_vfs(), fix the race that occurs with SR-IOV enable and disable vs<br /> hotplug higher up in the callchain by taking the lock in<br /> sriov_numvfs_store() before calling into the driver&amp;#39;s sriov_configure()<br /> callback.