Description
In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend Enabling runtime PM before attaching the QPHY instance as driver data can lead to a NULL pointer dereference in runtime PM callbacks that expect valid driver data. There is a small window where the suspend callback may run after PM runtime enabling and before runtime forbid. This causes a sporadic crash during boot: ``` Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a1 [...] CPU: 0 UID: 0 PID: 11 Comm: kworker/0:1 Not tainted 6.16.7+ #116 PREEMPT Workqueue: pm pm_runtime_work pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : qusb2_phy_runtime_suspend+0x14/0x1e0 [phy_qcom_qusb2] lr : pm_generic_runtime_suspend+0x2c/0x44 [...] ``` Attach the QPHY instance as driver data before enabling runtime PM to prevent NULL pointer dereference in runtime PM callbacks. Reorder pm_runtime_enable() and pm_runtime_forbid() to prevent a short window where an unnecessary runtime suspend can occur. Use the devres-managed version to ensure PM runtime is symmetrically disabled during driver removal for proper cleanup.
Product status
891a96f65ac3b12883ddbc6d1a9adf6e54dc903c (git) before beba460a299150b5d8dcbe3474a8f4bdf0205180
891a96f65ac3b12883ddbc6d1a9adf6e54dc903c (git) before d50a9b7fd07296a1ab81c49ceba14cae3d31df86
891a96f65ac3b12883ddbc6d1a9adf6e54dc903c (git) before 4ac15caa27ff842b068a54f1c6a8ff8b31f658e7
891a96f65ac3b12883ddbc6d1a9adf6e54dc903c (git) before 1ca52c0983c34fca506921791202ed5bdafd5306
4.17
Any version before 4.17
6.6.122 (semver)
6.12.67 (semver)
6.18.7 (semver)
6.19 (original_commit_for_fix)
References
git.kernel.org/...c/beba460a299150b5d8dcbe3474a8f4bdf0205180
git.kernel.org/...c/d50a9b7fd07296a1ab81c49ceba14cae3d31df86
git.kernel.org/...c/4ac15caa27ff842b068a54f1c6a8ff8b31f658e7
git.kernel.org/...c/1ca52c0983c34fca506921791202ed5bdafd5306