CVE-2025-40317

In the Linux kernel, the following vulnerability has been resolved:

regmap: slimbus: fix bus_context pointer in regmap init calls

Commit 4e65bda8273c ("ASoC: wcd934x: fix error handling in wcd934xcodecparse_data()") revealed the problem in the slimbus regmap. That commit breaks audio playback, for instance, on sdm845 Thundercomm Dragonboard 845c board:

Unable to handle kernel paging request at virtual address ffff8000847cbad4 ... CPU: 5 UID: 0 PID: 776 Comm: aplay Not tainted 6.18.0-rc1-00028-g7ea30958b305 #11 PREEMPT Hardware name: Thundercomm Dragonboard 845c (DT) ... Call trace: slimxfermsg+0x24/0x1ac [slimbus] (P) slimread+0x48/0x74 [slimbus] regmapslimbusread+0x18/0x24 [regmapslimbus] regmaprawread+0xe8/0x174 regmapbusread+0x44/0x80 regmapread+0x60/0xd8 regmapupdatebits+0xf4/0x140 regmapselectpage+0xa8/0x124 regmaprawwriteimpl+0x3b8/0x65c regmapbusrawwrite+0x60/0x80 regmapwrite+0x58/0xc0 regmapwrite+0x4c/0x80 wcd934xhwparams+0x494/0x8b8 [sndsocwcd934x] sndsocdaihwparams+0x3c/0x7c [sndsoc_core] __socpcmhwparams+0x22c/0x634 [sndsoccore] dpcmbedaihwparams+0x1d4/0x38c [sndsoccore] dpcmfedaihwparams+0x9c/0x17c [sndsoccore] sndpcmhwparams+0x124/0x464 [sndpcm] sndpcmcommonioctl+0x110c/0x1820 [sndpcm] sndpcmioctl+0x34/0x4c [sndpcm] _arm64sysioctl+0xac/0x104 invokesyscall+0x48/0x104 el0svccommon.constprop.0+0x40/0xe0 doel0svc+0x1c/0x28 el0svc+0x34/0xec el0t64synchandler+0xa0/0xf0 el0t64sync+0x198/0x19c

The __devmregmapinit_slimbus() started to be used instead of __regmapinitslimbus() after the commit mentioned above and turns out the incorrect bus_context pointer (3rd argument) was used in __devmregmapinitslimbus(). It should be just "slimbus" (which is equal to &slimbus->dev). Correct it. The wcd934x codec seems to be the only or the first user of devmregmapinitslimbus() but we should fix it till the point where _devmregmapinitslimbus() was introduced therefore two "Fixes" tags.

While at this, also correct the same argument in __regmapinitslimbus().