ghsa-cqjr-x55g-2j6v
Vulnerability from github
Published
2025-04-01 18:30
Modified
2025-04-15 18:31
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

gpio: rcar: Use raw_spinlock to protect register access

Use raw_spinlock in order to fix spurious messages about invalid context when spinlock debugging is enabled. The lock is only used to serialize register access.

[    4.239592] =============================
[    4.239595] [ BUG: Invalid wait context ]
[    4.239599] 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 Not tainted
[    4.239603] -----------------------------
[    4.239606] kworker/u8:5/76 is trying to lock:
[    4.239609] ffff0000091898a0 (&p->lock){....}-{3:3}, at: gpio_rcar_config_interrupt_input_mode+0x34/0x164
[    4.239641] other info that might help us debug this:
[    4.239643] context-{5:5}
[    4.239646] 5 locks held by kworker/u8:5/76:
[    4.239651]  #0: ffff0000080fb148 ((wq_completion)async){+.+.}-{0:0}, at: process_one_work+0x190/0x62c
[    4.250180] OF: /soc/sound@ec500000/ports/port@0/endpoint: Read of boolean property 'frame-master' with a value.
[    4.254094]  #1: ffff80008299bd80 ((work_completion)(&entry->work)){+.+.}-{0:0}, at: process_one_work+0x1b8/0x62c
[    4.254109]  #2: ffff00000920c8f8
[    4.258345] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property 'bitclock-master' with a value.
[    4.264803]  (&dev->mutex){....}-{4:4}, at: __device_attach_async_helper+0x3c/0xdc
[    4.264820]  #3: ffff00000a50ca40 (request_class#2){+.+.}-{4:4}, at: __setup_irq+0xa0/0x690
[    4.264840]  #4:
[    4.268872] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property 'frame-master' with a value.
[    4.273275] ffff00000a50c8c8 (lock_class){....}-{2:2}, at: __setup_irq+0xc4/0x690
[    4.296130] renesas_sdhi_internal_dmac ee100000.mmc: mmc1 base at 0x00000000ee100000, max clock rate 200 MHz
[    4.304082] stack backtrace:
[    4.304086] CPU: 1 UID: 0 PID: 76 Comm: kworker/u8:5 Not tainted 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35
[    4.304092] Hardware name: Renesas Salvator-X 2nd version board based on r8a77965 (DT)
[    4.304097] Workqueue: async async_run_entry_fn
[    4.304106] Call trace:
[    4.304110]  show_stack+0x14/0x20 (C)
[    4.304122]  dump_stack_lvl+0x6c/0x90
[    4.304131]  dump_stack+0x14/0x1c
[    4.304138]  __lock_acquire+0xdfc/0x1584
[    4.426274]  lock_acquire+0x1c4/0x33c
[    4.429942]  _raw_spin_lock_irqsave+0x5c/0x80
[    4.434307]  gpio_rcar_config_interrupt_input_mode+0x34/0x164
[    4.440061]  gpio_rcar_irq_set_type+0xd4/0xd8
[    4.444422]  __irq_set_trigger+0x5c/0x178
[    4.448435]  __setup_irq+0x2e4/0x690
[    4.452012]  request_threaded_irq+0xc4/0x190
[    4.456285]  devm_request_threaded_irq+0x7c/0xf4
[    4.459398] ata1: link resume succeeded after 1 retries
[    4.460902]  mmc_gpiod_request_cd_irq+0x68/0xe0
[    4.470660]  mmc_start_host+0x50/0xac
[    4.474327]  mmc_add_host+0x80/0xe4
[    4.477817]  tmio_mmc_host_probe+0x2b0/0x440
[    4.482094]  renesas_sdhi_probe+0x488/0x6f4
[    4.486281]  renesas_sdhi_internal_dmac_probe+0x60/0x78
[    4.491509]  platform_probe+0x64/0xd8
[    4.495178]  really_probe+0xb8/0x2a8
[    4.498756]  __driver_probe_device+0x74/0x118
[    4.503116]  driver_probe_device+0x3c/0x154
[    4.507303]  __device_attach_driver+0xd4/0x160
[    4.511750]  bus_for_each_drv+0x84/0xe0
[    4.515588]  __device_attach_async_helper+0xb0/0xdc
[    4.520470]  async_run_entry_fn+0x30/0xd8
[    4.524481]  process_one_work+0x210/0x62c
[    4.528494]  worker_thread+0x1ac/0x340
[    4.532245]  kthread+0x10c/0x110
[    4.535476]  ret_from_fork+0x10/0x20
Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-21912"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-667"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-01T16:15:21Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: rcar: Use raw_spinlock to protect register access\n\nUse raw_spinlock in order to fix spurious messages about invalid context\nwhen spinlock debugging is enabled. The lock is only used to serialize\nregister access.\n\n    [    4.239592] =============================\n    [    4.239595] [ BUG: Invalid wait context ]\n    [    4.239599] 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 Not tainted\n    [    4.239603] -----------------------------\n    [    4.239606] kworker/u8:5/76 is trying to lock:\n    [    4.239609] ffff0000091898a0 (\u0026p-\u003elock){....}-{3:3}, at: gpio_rcar_config_interrupt_input_mode+0x34/0x164\n    [    4.239641] other info that might help us debug this:\n    [    4.239643] context-{5:5}\n    [    4.239646] 5 locks held by kworker/u8:5/76:\n    [    4.239651]  #0: ffff0000080fb148 ((wq_completion)async){+.+.}-{0:0}, at: process_one_work+0x190/0x62c\n    [    4.250180] OF: /soc/sound@ec500000/ports/port@0/endpoint: Read of boolean property \u0027frame-master\u0027 with a value.\n    [    4.254094]  #1: ffff80008299bd80 ((work_completion)(\u0026entry-\u003ework)){+.+.}-{0:0}, at: process_one_work+0x1b8/0x62c\n    [    4.254109]  #2: ffff00000920c8f8\n    [    4.258345] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property \u0027bitclock-master\u0027 with a value.\n    [    4.264803]  (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach_async_helper+0x3c/0xdc\n    [    4.264820]  #3: ffff00000a50ca40 (request_class#2){+.+.}-{4:4}, at: __setup_irq+0xa0/0x690\n    [    4.264840]  #4:\n    [    4.268872] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property \u0027frame-master\u0027 with a value.\n    [    4.273275] ffff00000a50c8c8 (lock_class){....}-{2:2}, at: __setup_irq+0xc4/0x690\n    [    4.296130] renesas_sdhi_internal_dmac ee100000.mmc: mmc1 base at 0x00000000ee100000, max clock rate 200 MHz\n    [    4.304082] stack backtrace:\n    [    4.304086] CPU: 1 UID: 0 PID: 76 Comm: kworker/u8:5 Not tainted 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35\n    [    4.304092] Hardware name: Renesas Salvator-X 2nd version board based on r8a77965 (DT)\n    [    4.304097] Workqueue: async async_run_entry_fn\n    [    4.304106] Call trace:\n    [    4.304110]  show_stack+0x14/0x20 (C)\n    [    4.304122]  dump_stack_lvl+0x6c/0x90\n    [    4.304131]  dump_stack+0x14/0x1c\n    [    4.304138]  __lock_acquire+0xdfc/0x1584\n    [    4.426274]  lock_acquire+0x1c4/0x33c\n    [    4.429942]  _raw_spin_lock_irqsave+0x5c/0x80\n    [    4.434307]  gpio_rcar_config_interrupt_input_mode+0x34/0x164\n    [    4.440061]  gpio_rcar_irq_set_type+0xd4/0xd8\n    [    4.444422]  __irq_set_trigger+0x5c/0x178\n    [    4.448435]  __setup_irq+0x2e4/0x690\n    [    4.452012]  request_threaded_irq+0xc4/0x190\n    [    4.456285]  devm_request_threaded_irq+0x7c/0xf4\n    [    4.459398] ata1: link resume succeeded after 1 retries\n    [    4.460902]  mmc_gpiod_request_cd_irq+0x68/0xe0\n    [    4.470660]  mmc_start_host+0x50/0xac\n    [    4.474327]  mmc_add_host+0x80/0xe4\n    [    4.477817]  tmio_mmc_host_probe+0x2b0/0x440\n    [    4.482094]  renesas_sdhi_probe+0x488/0x6f4\n    [    4.486281]  renesas_sdhi_internal_dmac_probe+0x60/0x78\n    [    4.491509]  platform_probe+0x64/0xd8\n    [    4.495178]  really_probe+0xb8/0x2a8\n    [    4.498756]  __driver_probe_device+0x74/0x118\n    [    4.503116]  driver_probe_device+0x3c/0x154\n    [    4.507303]  __device_attach_driver+0xd4/0x160\n    [    4.511750]  bus_for_each_drv+0x84/0xe0\n    [    4.515588]  __device_attach_async_helper+0xb0/0xdc\n    [    4.520470]  async_run_entry_fn+0x30/0xd8\n    [    4.524481]  process_one_work+0x210/0x62c\n    [    4.528494]  worker_thread+0x1ac/0x340\n    [    4.532245]  kthread+0x10c/0x110\n    [    4.535476]  ret_from_fork+0x10/0x20",
  "id": "GHSA-cqjr-x55g-2j6v",
  "modified": "2025-04-15T18:31:42Z",
  "published": "2025-04-01T18:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21912"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3e300913c42041e81c5b17a970c4e078086ff2d1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/51ef3073493e2a25dced05fdd59dfb059e7e284d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7c1f36f9c9aca507d317479a3d3388150ae40a87"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b42c84f9e4ec5bc2885e7fd80c79ec0352f5d2af"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c10365031f16514a29c812cd909085a6e4ea4b61"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f02c41f87cfe61440c18bf77d1ef0a884b9ee2b5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.