CVE-2025-71193: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend

[Greg Kroah-Hartman <gregkh@linuxfoundation.org>]

From: Greg Kroah-Hartman <gregkh@kernel.org>

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

phy: qcom-qusb2: Fix NULL pointer dereference on early suspend

Enabling runtime PM before attaching the QPHY instance as driver data
can lead to a NULL pointer dereference in runtime PM callbacks that
expect valid driver data. There is a small window where the suspend
callback may run after PM runtime enabling and before runtime forbid.
This causes a sporadic crash during boot:

```
Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a1
[...]
CPU: 0 UID: 0 PID: 11 Comm: kworker/0:1 Not tainted 6.16.7+ #116 PREEMPT
Workqueue: pm pm_runtime_work
pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : qusb2_phy_runtime_suspend+0x14/0x1e0 [phy_qcom_qusb2]
lr : pm_generic_runtime_suspend+0x2c/0x44
[...]
```

Attach the QPHY instance as driver data before enabling runtime PM to
prevent NULL pointer dereference in runtime PM callbacks.

Reorder pm_runtime_enable() and pm_runtime_forbid() to prevent a
short window where an unnecessary runtime suspend can occur.

Use the devres-managed version to ensure PM runtime is symmetrically
disabled during driver removal for proper cleanup.

The Linux kernel CVE team has assigned CVE-2025-71193 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 4.17 with commit 891a96f65ac3b12883ddbc6d1a9adf6e54dc903c and fixed in 6.6.122 with commit beba460a299150b5d8dcbe3474a8f4bdf0205180
	Issue introduced in 4.17 with commit 891a96f65ac3b12883ddbc6d1a9adf6e54dc903c and fixed in 6.12.67 with commit d50a9b7fd07296a1ab81c49ceba14cae3d31df86
	Issue introduced in 4.17 with commit 891a96f65ac3b12883ddbc6d1a9adf6e54dc903c and fixed in 6.18.7 with commit 4ac15caa27ff842b068a54f1c6a8ff8b31f658e7
	Issue introduced in 4.17 with commit 891a96f65ac3b12883ddbc6d1a9adf6e54dc903c and fixed in 6.19-rc6 with commit 1ca52c0983c34fca506921791202ed5bdafd5306

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2025-71193
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	drivers/phy/qualcomm/phy-qcom-qusb2.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/beba460a299150b5d8dcbe3474a8f4bdf0205180
	https://git.kernel.org/stable/c/d50a9b7fd07296a1ab81c49ceba14cae3d31df86
	https://git.kernel.org/stable/c/4ac15caa27ff842b068a54f1c6a8ff8b31f658e7
	https://git.kernel.org/stable/c/1ca52c0983c34fca506921791202ed5bdafd5306