CVE-2022-49175

In the Linux kernel, the following vulnerability has been resolved:

PM: core: keep irq flags in devicepmcheck_callbacks()

The function devicepmcheckcallbacks() can be called under the spin lock (in the reported case it happens from genpdadddevice() -> devpmdomainset(), when the genpd uses spinlocks rather than mutexes.

However this function uncoditionally uses spinlockirq() / spinunlockirq(), thus not preserving the CPU flags. Use the irqsave/irqrestore instead.

The backtrace for the reference: [ 2.752010] ------------[ cut here ]------------ [ 2.756769] rawlocalirqrestore() called with IRQs enabled [ 2.762596] WARNING: CPU: 4 PID: 1 at kernel/locking/irqflag-debug.c:10 warnbogusirqrestore+0x34/0x50 [ 2.772338] Modules linked in: [ 2.775487] CPU: 4 PID: 1 Comm: swapper/0 Tainted: G S 5.17.0-rc6-00384-ge330d0d82eff-dirty #684 [ 2.781384] Freeing initrd memory: 46024K [ 2.785839] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 2.785841] pc : warnbogusirqrestore+0x34/0x50 [ 2.785844] lr : warnbogusirqrestore+0x34/0x50 [ 2.785846] sp : ffff80000805b7d0 [ 2.785847] x29: ffff80000805b7d0 x28: 0000000000000000 x27: 0000000000000002 [ 2.785850] x26: ffffd40e80930b18 x25: ffff7ee2329192b8 x24: ffff7edfc9f60800 [ 2.785853] x23: ffffd40e80930b18 x22: ffffd40e80930d30 x21: ffff7edfc0dffa00 [ 2.785856] x20: ffff7edfc09e3768 x19: 0000000000000000 x18: ffffffffffffffff [ 2.845775] x17: 6572206f74206465 x16: 6c696166203a3030 x15: ffff80008805b4f7 [ 2.853108] x14: 0000000000000000 x13: ffffd40e809550b0 x12: 00000000000003d8 [ 2.860441] x11: 0000000000000148 x10: ffffd40e809550b0 x9 : ffffd40e809550b0 [ 2.867774] x8 : 00000000ffffefff x7 : ffffd40e809ad0b0 x6 : ffffd40e809ad0b0 [ 2.875107] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000 [ 2.882440] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff7edfc03a8000 [ 2.889774] Call trace: [ 2.892290] warnbogusirqrestore+0x34/0x50 [ 2.896770] _rawspinunlockirqrestore+0x94/0xa0 [ 2.901690] genpdunlockspin+0x20/0x30 [ 2.905724] genpdadddevice+0x100/0x2d0 [ 2.909850] _genpddevpmattach+0xa8/0x23c [ 2.914329] genpddevpmattachbyid+0xc4/0x190 [ 2.919167] genpddevpmattachbyname+0x3c/0xd0 [ 2.924086] devpmdomainattachbyname+0x24/0x30 [ 2.929102] pscidtattachcpu+0x24/0x90 [ 2.933230] pscicpuidleprobe+0x2d4/0x46c [ 2.937534] platformprobe+0x68/0xe0 [ 2.941304] reallyprobe.part.0+0x9c/0x2fc [ 2.945605] _driverprobedevice+0x98/0x144 [ 2.950085] driverprobedevice+0x44/0x15c [ 2.954385] _deviceattachdriver+0xb8/0x120 [ 2.958950] busforeachdrv+0x78/0xd0 [ 2.962896] _deviceattach+0xd8/0x180 [ 2.966843] deviceinitialprobe+0x14/0x20 [ 2.971144] busprobedevice+0x9c/0xa4 [ 2.975092] deviceadd+0x380/0x88c [ 2.978679] platformdeviceadd+0x114/0x234 [ 2.983067] platformdeviceregisterfull+0x100/0x190 [ 2.988344] psciidleinit+0x6c/0xb0 [ 2.992113] dooneinitcall+0x74/0x3a0 [ 2.996060] kernelinitfreeable+0x2fc/0x384 [ 3.000543] kernelinit+0x28/0x130 [ 3.004132] retfromfork+0x10/0x20 [ 3.007817] irq event stamp: 319826 [ 3.011404] hardirqs last enabled at (319825): [<ffffd40e7eda0268>] _upconsolesem+0x78/0x84 [ 3.020332] hardirqs last disabled at (319826): [<ffffd40e7fd6d9d8>] el1dbg+0x24/0x8c [ 3.028458] softirqs last enabled at (318312): [<ffffd40e7ec90410>] stext+0x410/0x588 [ 3.036678] softirqs last disabled at (318299): [<ffffd40e7ed1bf68>] _irqexitrcu+0x158/0x174 [ 3.045607] ---[ end trace 0000000000000000 ]---