fkie_cve-2022-49175
Vulnerability from fkie_nvd
Published
2025-02-26 07:00
Modified
2025-02-26 07:00
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: PM: core: keep irq flags in device_pm_check_callbacks() The function device_pm_check_callbacks() can be called under the spin lock (in the reported case it happens from genpd_add_device() -> dev_pm_domain_set(), when the genpd uses spinlocks rather than mutexes. However this function uncoditionally uses spin_lock_irq() / spin_unlock_irq(), thus not preserving the CPU flags. Use the irqsave/irqrestore instead. The backtrace for the reference: [ 2.752010] ------------[ cut here ]------------ [ 2.756769] raw_local_irq_restore() called with IRQs enabled [ 2.762596] WARNING: CPU: 4 PID: 1 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x34/0x50 [ 2.772338] Modules linked in: [ 2.775487] CPU: 4 PID: 1 Comm: swapper/0 Tainted: G S 5.17.0-rc6-00384-ge330d0d82eff-dirty #684 [ 2.781384] Freeing initrd memory: 46024K [ 2.785839] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 2.785841] pc : warn_bogus_irq_restore+0x34/0x50 [ 2.785844] lr : warn_bogus_irq_restore+0x34/0x50 [ 2.785846] sp : ffff80000805b7d0 [ 2.785847] x29: ffff80000805b7d0 x28: 0000000000000000 x27: 0000000000000002 [ 2.785850] x26: ffffd40e80930b18 x25: ffff7ee2329192b8 x24: ffff7edfc9f60800 [ 2.785853] x23: ffffd40e80930b18 x22: ffffd40e80930d30 x21: ffff7edfc0dffa00 [ 2.785856] x20: ffff7edfc09e3768 x19: 0000000000000000 x18: ffffffffffffffff [ 2.845775] x17: 6572206f74206465 x16: 6c696166203a3030 x15: ffff80008805b4f7 [ 2.853108] x14: 0000000000000000 x13: ffffd40e809550b0 x12: 00000000000003d8 [ 2.860441] x11: 0000000000000148 x10: ffffd40e809550b0 x9 : ffffd40e809550b0 [ 2.867774] x8 : 00000000ffffefff x7 : ffffd40e809ad0b0 x6 : ffffd40e809ad0b0 [ 2.875107] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000 [ 2.882440] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff7edfc03a8000 [ 2.889774] Call trace: [ 2.892290] warn_bogus_irq_restore+0x34/0x50 [ 2.896770] _raw_spin_unlock_irqrestore+0x94/0xa0 [ 2.901690] genpd_unlock_spin+0x20/0x30 [ 2.905724] genpd_add_device+0x100/0x2d0 [ 2.909850] __genpd_dev_pm_attach+0xa8/0x23c [ 2.914329] genpd_dev_pm_attach_by_id+0xc4/0x190 [ 2.919167] genpd_dev_pm_attach_by_name+0x3c/0xd0 [ 2.924086] dev_pm_domain_attach_by_name+0x24/0x30 [ 2.929102] psci_dt_attach_cpu+0x24/0x90 [ 2.933230] psci_cpuidle_probe+0x2d4/0x46c [ 2.937534] platform_probe+0x68/0xe0 [ 2.941304] really_probe.part.0+0x9c/0x2fc [ 2.945605] __driver_probe_device+0x98/0x144 [ 2.950085] driver_probe_device+0x44/0x15c [ 2.954385] __device_attach_driver+0xb8/0x120 [ 2.958950] bus_for_each_drv+0x78/0xd0 [ 2.962896] __device_attach+0xd8/0x180 [ 2.966843] device_initial_probe+0x14/0x20 [ 2.971144] bus_probe_device+0x9c/0xa4 [ 2.975092] device_add+0x380/0x88c [ 2.978679] platform_device_add+0x114/0x234 [ 2.983067] platform_device_register_full+0x100/0x190 [ 2.988344] psci_idle_init+0x6c/0xb0 [ 2.992113] do_one_initcall+0x74/0x3a0 [ 2.996060] kernel_init_freeable+0x2fc/0x384 [ 3.000543] kernel_init+0x28/0x130 [ 3.004132] ret_from_fork+0x10/0x20 [ 3.007817] irq event stamp: 319826 [ 3.011404] hardirqs last enabled at (319825): [<ffffd40e7eda0268>] __up_console_sem+0x78/0x84 [ 3.020332] hardirqs last disabled at (319826): [<ffffd40e7fd6d9d8>] el1_dbg+0x24/0x8c [ 3.028458] softirqs last enabled at (318312): [<ffffd40e7ec90410>] _stext+0x410/0x588 [ 3.036678] softirqs last disabled at (318299): [<ffffd40e7ed1bf68>] __irq_exit_rcu+0x158/0x174 [ 3.045607] ---[ end trace 0000000000000000 ]---
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0cccf9d4fb45f1acbc0bbf6d7e4d8d0fb7a10416
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2add538e57a2825c61d639260386f385c75e4166
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3ec80d52b9b74b9e691997632a543c73eddfeba0
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/524bb1da785a7ae43dd413cd392b5071c6c367f8
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/78c4d68b952f5f537788dbd454031ea9bf50f642
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/be8bc05f38d667eda1e820bc6f69234795be7809
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c29642ba72f87c0a3d7449f7db5d6d76a7ed53c3
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c7c0ec5a1dcc3eaa1e85c804c2ccf46e457788a3
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ede1ef1a7de973321699736ef96d01a4b9a6fe9e
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM: core: keep irq flags in device_pm_check_callbacks()\n\nThe function device_pm_check_callbacks() can be called under the spin\nlock (in the reported case it happens from genpd_add_device() -\u003e\ndev_pm_domain_set(), when the genpd uses spinlocks rather than mutexes.\n\nHowever this function uncoditionally uses spin_lock_irq() /\nspin_unlock_irq(), thus not preserving the CPU flags. Use the\nirqsave/irqrestore instead.\n\nThe backtrace for the reference:\n[    2.752010] ------------[ cut here ]------------\n[    2.756769] raw_local_irq_restore() called with IRQs enabled\n[    2.762596] WARNING: CPU: 4 PID: 1 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x34/0x50\n[    2.772338] Modules linked in:\n[    2.775487] CPU: 4 PID: 1 Comm: swapper/0 Tainted: G S                5.17.0-rc6-00384-ge330d0d82eff-dirty #684\n[    2.781384] Freeing initrd memory: 46024K\n[    2.785839] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[    2.785841] pc : warn_bogus_irq_restore+0x34/0x50\n[    2.785844] lr : warn_bogus_irq_restore+0x34/0x50\n[    2.785846] sp : ffff80000805b7d0\n[    2.785847] x29: ffff80000805b7d0 x28: 0000000000000000 x27: 0000000000000002\n[    2.785850] x26: ffffd40e80930b18 x25: ffff7ee2329192b8 x24: ffff7edfc9f60800\n[    2.785853] x23: ffffd40e80930b18 x22: ffffd40e80930d30 x21: ffff7edfc0dffa00\n[    2.785856] x20: ffff7edfc09e3768 x19: 0000000000000000 x18: ffffffffffffffff\n[    2.845775] x17: 6572206f74206465 x16: 6c696166203a3030 x15: ffff80008805b4f7\n[    2.853108] x14: 0000000000000000 x13: ffffd40e809550b0 x12: 00000000000003d8\n[    2.860441] x11: 0000000000000148 x10: ffffd40e809550b0 x9 : ffffd40e809550b0\n[    2.867774] x8 : 00000000ffffefff x7 : ffffd40e809ad0b0 x6 : ffffd40e809ad0b0\n[    2.875107] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000\n[    2.882440] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff7edfc03a8000\n[    2.889774] Call trace:\n[    2.892290]  warn_bogus_irq_restore+0x34/0x50\n[    2.896770]  _raw_spin_unlock_irqrestore+0x94/0xa0\n[    2.901690]  genpd_unlock_spin+0x20/0x30\n[    2.905724]  genpd_add_device+0x100/0x2d0\n[    2.909850]  __genpd_dev_pm_attach+0xa8/0x23c\n[    2.914329]  genpd_dev_pm_attach_by_id+0xc4/0x190\n[    2.919167]  genpd_dev_pm_attach_by_name+0x3c/0xd0\n[    2.924086]  dev_pm_domain_attach_by_name+0x24/0x30\n[    2.929102]  psci_dt_attach_cpu+0x24/0x90\n[    2.933230]  psci_cpuidle_probe+0x2d4/0x46c\n[    2.937534]  platform_probe+0x68/0xe0\n[    2.941304]  really_probe.part.0+0x9c/0x2fc\n[    2.945605]  __driver_probe_device+0x98/0x144\n[    2.950085]  driver_probe_device+0x44/0x15c\n[    2.954385]  __device_attach_driver+0xb8/0x120\n[    2.958950]  bus_for_each_drv+0x78/0xd0\n[    2.962896]  __device_attach+0xd8/0x180\n[    2.966843]  device_initial_probe+0x14/0x20\n[    2.971144]  bus_probe_device+0x9c/0xa4\n[    2.975092]  device_add+0x380/0x88c\n[    2.978679]  platform_device_add+0x114/0x234\n[    2.983067]  platform_device_register_full+0x100/0x190\n[    2.988344]  psci_idle_init+0x6c/0xb0\n[    2.992113]  do_one_initcall+0x74/0x3a0\n[    2.996060]  kernel_init_freeable+0x2fc/0x384\n[    3.000543]  kernel_init+0x28/0x130\n[    3.004132]  ret_from_fork+0x10/0x20\n[    3.007817] irq event stamp: 319826\n[    3.011404] hardirqs last  enabled at (319825): [\u003cffffd40e7eda0268\u003e] __up_console_sem+0x78/0x84\n[    3.020332] hardirqs last disabled at (319826): [\u003cffffd40e7fd6d9d8\u003e] el1_dbg+0x24/0x8c\n[    3.028458] softirqs last  enabled at (318312): [\u003cffffd40e7ec90410\u003e] _stext+0x410/0x588\n[    3.036678] softirqs last disabled at (318299): [\u003cffffd40e7ed1bf68\u003e] __irq_exit_rcu+0x158/0x174\n[    3.045607] ---[ end trace 0000000000000000 ]---"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PM: n\u00facleo: mantener indicadores irq en device_pm_check_callbacks() La funci\u00f3n device_pm_check_callbacks() se puede llamar bajo el bloqueo de giro (en el caso informado, ocurre desde genpd_add_device() -\u0026gt; dev_pm_domain_set(), cuando genpd usa bloqueos de giro en lugar de mutexes. Sin embargo, esta funci\u00f3n usa spin_lock_irq() / spin_unlock_irq() de manera incondicional, por lo que no conserva los indicadores de la CPU. Use irqsave/irqrestore en su lugar. El backtrace para la referencia: [ 2.752010] ------------[ corte aqu\u00ed ]------------ [ 2.756769] raw_local_irq_restore() llamado con IRQ habilitados [ 2.762596] ADVERTENCIA: CPU: 4 PID: 1 en kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x34/0x50 [ 2.772338] M\u00f3dulos vinculados en: [ 2.775487] CPU: 4 PID: 1 Comm: swapper/0 Contaminado: GS 5.17.0-rc6-00384-ge330d0d82eff-dirty #684 [ 2.781384] Liberando memoria initrd: 46024K [ 2.785839] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 2.785841] pc : warn_bogus_irq_restore+0x34/0x50 [ 2.785844] lr : warn_bogus_irq_restore+0x34/0x50 [ 2.785846] sp : ffff80000805b7d0 [ 2.785847] x29: ffff80000805b7d0 x28: 0000000000000000 x27: 0000000000000002 [ 2.785850] x26: ffffd40e80930b18 x25: ffff7ee2329192b8 x24: ffff7edfc9f60800 [ 2.785853] x23: ffffd40e80930b18 x22: ffffd40e80930d30 x21: ffff7edfc0dffa00 [ 2.785856] x20: ffff7edfc09e3768 x19: 0000000000000000 x18: ffffffffffffffff [ 2.845775] x17: 6572206f74206465 x16: 6c696166203a3030 x15: ffff80008805b4f7 [ 2.853108] x14: 000000000000000 x13: ffffd40e809550b0 x12: 00000000000003d8 [ 2.860441] x11: 00000000000000148 x10: ffffd40e809550b0 x9 : ffffd40e809550b0 [ 2.867774] x8 : 00000000ffffefff x7 : ffffd40e809ad0b0 x6 : ffffd40e809ad0b0 [ 2.875107] x5 : 000000000000bff4 x4 : 000000000000000 x3 : 000000000000000 [ 2.882440] x2 : 000000000000000 x1 : 0000000000000000 x0 : ffff7edfc03a8000 [ 2.889774] Rastreo de llamadas: [ 2.892290] warn_bogus_irq_restore+0x34/0x50 [ 2.896770] _raw_spin_unlock_irqrestore+0x94/0xa0 [ 2.901690] genpd_unlock_spin+0x20/0x30 [ 2.905724] genpd_add_device+0x100/0x2d0 [ 2.909850] __genpd_dev_pm_attach+0xa8/0x23c [ 2.914329] genpd_dev_pm_attach_by_id+0xc4/0x190 [ 2.919167] genpd_dev_pm_attach_by_name+0x3c/0xd0 [ 2.924086] dev_pm_domain_attach_by_name+0x24/0x30 [ 2.929102] psci_dt_attach_cpu+0x24/0x90 [ 2.933230] psci_cpuidle_probe+0x2d4/0x46c [ 2.937534] platform_probe+0x68/0xe0 [ 2.941304] really_probe.part.0+0x9c/0x2fc [ 2.945605] __driver_probe_device+0x98/0x144 [ 2.950085] driver_probe_device+0x44/0x15c [ 2.954385] __device_attach_driver+0xb8/0x120 [ 2.958950] bus_for_each_drv+0x78/0xd0 [ 2.962896] __device_attach+0xd8/0x180 [ 2.966843] device_initial_probe+0x14/0x20 [ 2.971144] bus_probe_device+0x9c/0xa4 [ 2.975092] device_add+0x380/0x88c [ 2.978679] platform_device_add+0x114/0x234 [ 2.983067] platform_device_register_full+0x100/0x190 [ 2.988344] psci_idle_init+0x6c/0xb0 [ 2.992113] do_one_initcall+0x74/0x3a0 [ 2.996060] kernel_init_freeable+0x2fc/0x384 [ 3.000543] kernel_init+0x28/0x130 [ 3.004132] ret_from_fork+0x10/0x20 [ 3.007817] marca de evento irq: 319826 [ 3.011404] hardirqs se habilit\u00f3 por \u00faltima vez en (319825): [] __up_console_sem+0x78/0x84 [ 3.020332] hardirqs se desactiv\u00f3 por \u00faltima vez en (319826): [] el1_dbg+0x24/0x8c [ 3.028458] softirqs se habilit\u00f3 por \u00faltima vez en (318312): [] _stext+0x410/0x588 [ 3.036678] softirqs se deshabilit\u00f3 por \u00faltima vez en (318299): [] __irq_exit_rcu+0x158/0x174 [ 3.045607] ---[ fin de seguimiento 0000000000000000 ]---"
    }
  ],
  "id": "CVE-2022-49175",
  "lastModified": "2025-02-26T07:00:54.600",
  "metrics": {},
  "published": "2025-02-26T07:00:54.600",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0cccf9d4fb45f1acbc0bbf6d7e4d8d0fb7a10416"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/2add538e57a2825c61d639260386f385c75e4166"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/3ec80d52b9b74b9e691997632a543c73eddfeba0"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/524bb1da785a7ae43dd413cd392b5071c6c367f8"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/78c4d68b952f5f537788dbd454031ea9bf50f642"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/be8bc05f38d667eda1e820bc6f69234795be7809"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/c29642ba72f87c0a3d7449f7db5d6d76a7ed53c3"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/c7c0ec5a1dcc3eaa1e85c804c2ccf46e457788a3"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ede1ef1a7de973321699736ef96d01a4b9a6fe9e"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.