2315198 – (CVE-2024-46846) CVE-2024-46846 kernel: spi: rockchip: Resolve unbalanced runtime PM / system PM handling

Bug 2315198 (CVE-2024-46846) - CVE-2024-46846 kernel: spi: rockchip: Resolve unbalanced runtime PM / system PM handling

Summary: CVE-2024-46846 kernel: spi: rockchip: Resolve unbalanced runtime PM / system ...

Keywords:
Status:	NEW
Alias:	CVE-2024-46846
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2315260
Blocks:
TreeView+	depends on / blocked

Reported:	2024-09-27 13:22 UTC by OSIDB Bzimport
Modified:	2024-09-27 18:05 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-09-27 13:22:40 UTC

In the Linux kernel, the following vulnerability has been resolved:

spi: rockchip: Resolve unbalanced runtime PM / system PM handling

Commit e882575efc77 ("spi: rockchip: Suspend and resume the bus during
NOIRQ_SYSTEM_SLEEP_PM ops") stopped respecting runtime PM status and
simply disabled clocks unconditionally when suspending the system. This
causes problems when the device is already runtime suspended when we go
to sleep -- in which case we double-disable clocks and produce a
WARNing.

Switch back to pm_runtime_force_{suspend,resume}(), because that still
seems like the right thing to do, and the aforementioned commit makes no
explanation why it stopped using it.

Also, refactor some of the resume() error handling, because it's not
actually a good idea to re-disable clocks on failure.

Comment 1 Robb Gatica 2024-09-27 14:51:36 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46846-f264@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.