CVE-2024-56621

In the Linux kernel, the following vulnerability has been resolved:

scsi: ufs: core: Cancel RTC work during ufshcd_remove()

Currently, RTC work is only cancelled during _ufshcdwlsuspend(). When ufshcd is removed in ufshcdremove(), RTC work is not cancelled. Due to this, any further trigger of the RTC work after ufshcd_remove() would result in a NULL pointer dereference as below:

Unable to handle kernel NULL pointer dereference at virtual address 00000000000002a4 Workqueue: events ufshcdrtcwork Call trace: rawspinlockirqsave+0x34/0x8c pmruntimegetifactive+0x24/0xb4 ufshcdrtcwork+0x124/0x19c processscheduledworks+0x18c/0x2d8 workerthread+0x144/0x280 kthread+0x11c/0x128 retfrom_fork+0x10/0x20

Since RTC work accesses the ufshcd internal structures, it should be cancelled when ufshcd is removed. So do that in ufshcdremove(), as per the order in ufshcdinit().