Wind River Support Network

Description

In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]usb: renesas_usbhs: Reorder clock handling and power management in probe[EOL][EOL]Reorder the initialization sequence in `usbhs_probe()` to enable runtime[EOL]PM before accessing registers, preventing potential crashes due to[EOL]uninitialized clocks.[EOL][EOL]Currently, in the probe path, registers are accessed before enabling the[EOL]clocks, leading to a synchronous external abort on the RZ/V2H SoC.[EOL]The problematic call flow is as follows:[EOL][EOL]    usbhs_probe()[EOL]        usbhs_sys_clock_ctrl()[EOL]            usbhs_bset()[EOL]                usbhs_write()[EOL]                    iowrite16()  <-- Register access before enabling clocks[EOL][EOL]Since `iowrite16()` is performed without ensuring the required clocks are[EOL]enabled, this can lead to access errors. To fix this, enable PM runtime[EOL]early in the probe function and ensure clocks are acquired before register[EOL]access, preventing crashes like the following on RZ/V2H:[EOL][EOL][13.272640] Internal error: synchronous external abort: 0000000096000010 [#1] PREEMPT SMP[EOL][13.280814] Modules linked in: cec renesas_usbhs(+) drm_kms_helper fuse drm backlight ipv6[EOL][13.289088] CPU: 1 UID: 0 PID: 195 Comm: (udev-worker) Not tainted 6.14.0-rc7+ #98[EOL][13.296640] Hardware name: Renesas RZ/V2H EVK Board based on r9a09g057h44 (DT)[EOL][13.303834] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)[EOL][13.310770] pc : usbhs_bset+0x14/0x4c [renesas_usbhs][EOL][13.315831] lr : usbhs_probe+0x2e4/0x5ac [renesas_usbhs][EOL][13.321138] sp : ffff8000827e3850[EOL][13.324438] x29: ffff8000827e3860 x28: 0000000000000000 x27: ffff8000827e3ca0[EOL][13.331554] x26: ffff8000827e3ba0 x25: ffff800081729668 x24: 0000000000000025[EOL][13.338670] x23: ffff0000c0f08000 x22: 0000000000000000 x21: ffff0000c0f08010[EOL][13.345783] x20: 0000000000000000 x19: ffff0000c3b52080 x18: 00000000ffffffff[EOL][13.352895] x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000827e36ce[EOL][13.360009] x14: 00000000000003d7 x13: 00000000000003d7 x12: 0000000000000000[EOL][13.367122] x11: 0000000000000000 x10: 0000000000000aa0 x9 : ffff8000827e3750[EOL][13.374235] x8 : ffff0000c1850b00 x7 : 0000000003826060 x6 : 000000000000001c[EOL][13.381347] x5 : 000000030d5fcc00 x4 : ffff8000825c0000 x3 : 0000000000000000[EOL][13.388459] x2 : 0000000000000400 x1 : 0000000000000000 x0 : ffff0000c3b52080[EOL][13.395574] Call trace:[EOL][13.398013]  usbhs_bset+0x14/0x4c [renesas_usbhs] (P)[EOL][13.403076]  platform_probe+0x68/0xdc[EOL][13.406738]  really_probe+0xbc/0x2c0[EOL][13.410306]  __driver_probe_device+0x78/0x120[EOL][13.414653]  driver_probe_device+0x3c/0x154[EOL][13.418825]  __driver_attach+0x90/0x1a0[EOL][13.422647]  bus_for_each_dev+0x7c/0xe0[EOL][13.426470]  driver_attach+0x24/0x30[EOL][13.430032]  bus_add_driver+0xe4/0x208[EOL][13.433766]  driver_register+0x68/0x130[EOL][13.437587]  __platform_driver_register+0x24/0x30[EOL][13.442273]  renesas_usbhs_driver_init+0x20/0x1000 [renesas_usbhs][EOL][13.448450]  do_one_initcall+0x60/0x1d4[EOL][13.452276]  do_init_module+0x54/0x1f8[EOL][13.456014]  load_module+0x1754/0x1c98[EOL][13.459750]  init_module_from_file+0x88/0xcc[EOL][13.464004]  __arm64_sys_finit_module+0x1c4/0x328[EOL][13.468689]  invoke_syscall+0x48/0x104[EOL][13.472426]  el0_svc_common.constprop.0+0xc0/0xe0[EOL][13.477113]  do_el0_svc+0x1c/0x28[EOL][13.480415]  el0_svc+0x30/0xcc[EOL][13.483460]  el0t_64_sync_handler+0x10c/0x138[EOL][13.487800]  el0t_64_sync+0x198/0x19c[EOL][13.491453] Code: 2a0103e1 12003c42 12003c63 8b010084 (79400084)[EOL][13.497522] ---[ end trace 0000000000000000 ]---

CREATE(Triage):(User=lchen-cn) [CVE-2025-38136 (https://nvd.nist.gov/vuln/detail/CVE-2025-38136)