| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking\n\nIf a device uses MCP23xxx IO expander to receive IRQs, the following\nbug can happen:\n\n BUG: sleeping function called from invalid context\n at kernel/locking/mutex.c:283\n in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...\n preempt_count: 1, expected: 0\n ...\n Call Trace:\n ...\n __might_resched+0x104/0x10e\n __might_sleep+0x3e/0x62\n mutex_lock+0x20/0x4c\n regmap_lock_mutex+0x10/0x18\n regmap_update_bits_base+0x2c/0x66\n mcp23s08_irq_set_type+0x1ae/0x1d6\n __irq_set_trigger+0x56/0x172\n __setup_irq+0x1e6/0x646\n request_threaded_irq+0xb6/0x160\n ...\n\nWe observed the problem while experimenting with a touchscreen driver which\nused MCP23017 IO expander (I2C).\n\nThe regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from\nconcurrent accesses, which is the default for regmaps without .fast_io,\n.disable_locking, etc.\n\nmcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter\nlocks the mutex.\n\nHowever, __setup_irq() locks desc->lock spinlock before calling these\nfunctions. As a result, the system tries to lock the mutex whole holding\nthe spinlock.\n\nIt seems, the internal regmap locks are not needed in this driver at all.\nmcp->lock seems to protect the regmap from concurrent accesses already,\nexcept, probably, in mcp_pinconf_get/set.\n\nmcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under\nchip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes\nmcp->lock and enables regmap caching, so that the potentially slow I2C\naccesses are deferred until chip_bus_unlock().\n\nThe accesses to the regmap from mcp23s08_probe_one() do not need additional\nlocking.\n\nIn all remaining places where the regmap is accessed, except\nmcp_pinconf_get/set(), the driver already takes mcp->lock.\n\nThis patch adds locking in mcp_pinconf_get/set() and disables internal\nlocking in the regmap config. Among other things, it fixes the sleeping\nin atomic context described above." |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "drivers/pinctrl/pinctrl-mcp23s08.c" |
| ], |
| "versions": [ |
| { |
| "version": "8f38910ba4f662222157ce07a0d5becc4328c46a", |
| "lessThan": "788d9e9a41b81893d6bb8faa05f045c975278318", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "8f38910ba4f662222157ce07a0d5becc4328c46a", |
| "lessThan": "c55d186376a87b468c9ee30f2195e0f3857f61a0", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "8f38910ba4f662222157ce07a0d5becc4328c46a", |
| "lessThan": "9372e160d8211a7e17f2abff8370794f182df785", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "8f38910ba4f662222157ce07a0d5becc4328c46a", |
| "lessThan": "0310cbad163a908d09d99c26827859365cd71fcb", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "8f38910ba4f662222157ce07a0d5becc4328c46a", |
| "lessThan": "8c6fd5803b988a5e78c9b9e42c70a936d7cfc6ec", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "8f38910ba4f662222157ce07a0d5becc4328c46a", |
| "lessThan": "830f838589522404cd7c2f0f540602f25034af61", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "8f38910ba4f662222157ce07a0d5becc4328c46a", |
| "lessThan": "a37eecb705f33726f1fb7cd2a67e514a15dfe693", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "drivers/pinctrl/pinctrl-mcp23s08.c" |
| ], |
| "versions": [ |
| { |
| "version": "4.13", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "4.13", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.4.289", |
| "lessThanOrEqual": "5.4.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.10.233", |
| "lessThanOrEqual": "5.10.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.15.176", |
| "lessThanOrEqual": "5.15.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.1.124", |
| "lessThanOrEqual": "6.1.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.6.70", |
| "lessThanOrEqual": "6.6.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.12.9", |
| "lessThanOrEqual": "6.12.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.13", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.13", |
| "versionEndExcluding": "5.4.289" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.13", |
| "versionEndExcluding": "5.10.233" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.13", |
| "versionEndExcluding": "5.15.176" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.13", |
| "versionEndExcluding": "6.1.124" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.13", |
| "versionEndExcluding": "6.6.70" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.13", |
| "versionEndExcluding": "6.12.9" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.13", |
| "versionEndExcluding": "6.13" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/788d9e9a41b81893d6bb8faa05f045c975278318" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/c55d186376a87b468c9ee30f2195e0f3857f61a0" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/9372e160d8211a7e17f2abff8370794f182df785" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/0310cbad163a908d09d99c26827859365cd71fcb" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/8c6fd5803b988a5e78c9b9e42c70a936d7cfc6ec" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/830f838589522404cd7c2f0f540602f25034af61" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/a37eecb705f33726f1fb7cd2a67e514a15dfe693" |
| } |
| ], |
| "title": "pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2024-57889", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
