CVE-2022-49175

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> PM: core: keep irq flags in device_pm_check_callbacks()<br /> <br /> The function device_pm_check_callbacks() can be called under the spin<br /> lock (in the reported case it happens from genpd_add_device() -&gt;<br /> dev_pm_domain_set(), when the genpd uses spinlocks rather than mutexes.<br /> <br /> However this function uncoditionally uses spin_lock_irq() /<br /> spin_unlock_irq(), thus not preserving the CPU flags. Use the<br /> irqsave/irqrestore instead.<br /> <br /> The backtrace for the reference:<br /> [ 2.752010] ------------[ cut here ]------------<br /> [ 2.756769] raw_local_irq_restore() called with IRQs enabled<br /> [ 2.762596] WARNING: CPU: 4 PID: 1 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x34/0x50<br /> [ 2.772338] Modules linked in:<br /> [ 2.775487] CPU: 4 PID: 1 Comm: swapper/0 Tainted: G S 5.17.0-rc6-00384-ge330d0d82eff-dirty #684<br /> [ 2.781384] Freeing initrd memory: 46024K<br /> [ 2.785839] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> [ 2.785841] pc : warn_bogus_irq_restore+0x34/0x50<br /> [ 2.785844] lr : warn_bogus_irq_restore+0x34/0x50<br /> [ 2.785846] sp : ffff80000805b7d0<br /> [ 2.785847] x29: ffff80000805b7d0 x28: 0000000000000000 x27: 0000000000000002<br /> [ 2.785850] x26: ffffd40e80930b18 x25: ffff7ee2329192b8 x24: ffff7edfc9f60800<br /> [ 2.785853] x23: ffffd40e80930b18 x22: ffffd40e80930d30 x21: ffff7edfc0dffa00<br /> [ 2.785856] x20: ffff7edfc09e3768 x19: 0000000000000000 x18: ffffffffffffffff<br /> [ 2.845775] x17: 6572206f74206465 x16: 6c696166203a3030 x15: ffff80008805b4f7<br /> [ 2.853108] x14: 0000000000000000 x13: ffffd40e809550b0 x12: 00000000000003d8<br /> [ 2.860441] x11: 0000000000000148 x10: ffffd40e809550b0 x9 : ffffd40e809550b0<br /> [ 2.867774] x8 : 00000000ffffefff x7 : ffffd40e809ad0b0 x6 : ffffd40e809ad0b0<br /> [ 2.875107] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000<br /> [ 2.882440] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff7edfc03a8000<br /> [ 2.889774] Call trace:<br /> [ 2.892290] warn_bogus_irq_restore+0x34/0x50<br /> [ 2.896770] _raw_spin_unlock_irqrestore+0x94/0xa0<br /> [ 2.901690] genpd_unlock_spin+0x20/0x30<br /> [ 2.905724] genpd_add_device+0x100/0x2d0<br /> [ 2.909850] __genpd_dev_pm_attach+0xa8/0x23c<br /> [ 2.914329] genpd_dev_pm_attach_by_id+0xc4/0x190<br /> [ 2.919167] genpd_dev_pm_attach_by_name+0x3c/0xd0<br /> [ 2.924086] dev_pm_domain_attach_by_name+0x24/0x30<br /> [ 2.929102] psci_dt_attach_cpu+0x24/0x90<br /> [ 2.933230] psci_cpuidle_probe+0x2d4/0x46c<br /> [ 2.937534] platform_probe+0x68/0xe0<br /> [ 2.941304] really_probe.part.0+0x9c/0x2fc<br /> [ 2.945605] __driver_probe_device+0x98/0x144<br /> [ 2.950085] driver_probe_device+0x44/0x15c<br /> [ 2.954385] __device_attach_driver+0xb8/0x120<br /> [ 2.958950] bus_for_each_drv+0x78/0xd0<br /> [ 2.962896] __device_attach+0xd8/0x180<br /> [ 2.966843] device_initial_probe+0x14/0x20<br /> [ 2.971144] bus_probe_device+0x9c/0xa4<br /> [ 2.975092] device_add+0x380/0x88c<br /> [ 2.978679] platform_device_add+0x114/0x234<br /> [ 2.983067] platform_device_register_full+0x100/0x190<br /> [ 2.988344] psci_idle_init+0x6c/0xb0<br /> [ 2.992113] do_one_initcall+0x74/0x3a0<br /> [ 2.996060] kernel_init_freeable+0x2fc/0x384<br /> [ 3.000543] kernel_init+0x28/0x130<br /> [ 3.004132] ret_from_fork+0x10/0x20<br /> [ 3.007817] irq event stamp: 319826<br /> [ 3.011404] hardirqs last enabled at (319825): [] __up_console_sem+0x78/0x84<br /> [ 3.020332] hardirqs last disabled at (319826): [] el1_dbg+0x24/0x8c<br /> [ 3.028458] softirqs last enabled at (318312): [] _stext+0x410/0x588<br /> [ 3.036678] softirqs last disabled at (318299): [] __irq_exit_rcu+0x158/0x174<br /> [ 3.045607] ---[ end trace 0000000000000000 ]---