CVE - CVE-2024-57889

CVE-ID
CVE-2024-57889	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking If a device uses MCP23xxx IO expander to receive IRQs, the following bug can happen: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ... preempt_count: 1, expected: 0 ... Call Trace: ... __might_resched+0x104/0x10e __might_sleep+0x3e/0x62 mutex_lock+0x20/0x4c regmap_lock_mutex+0x10/0x18 regmap_update_bits_base+0x2c/0x66 mcp23s08_irq_set_type+0x1ae/0x1d6 __irq_set_trigger+0x56/0x172 __setup_irq+0x1e6/0x646 request_threaded_irq+0xb6/0x160 ... We observed the problem while experimenting with a touchscreen driver which used MCP23017 IO expander (I2C). The regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from concurrent accesses, which is the default for regmaps without .fast_io, .disable_locking, etc. mcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter locks the mutex. However, __setup_irq() locks desc->lock spinlock before calling these functions. As a result, the system tries to lock the mutex whole holding the spinlock. It seems, the internal regmap locks are not needed in this driver at all. mcp->lock seems to protect the regmap from concurrent accesses already, except, probably, in mcp_pinconf_get/set. mcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under chip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes mcp->lock and enables regmap caching, so that the potentially slow I2C accesses are deferred until chip_bus_unlock(). The accesses to the regmap from mcp23s08_probe_one() do not need additional locking. In all remaining places where the regmap is accessed, except mcp_pinconf_get/set(), the driver already takes mcp->lock. This patch adds locking in mcp_pinconf_get/set() and disables internal locking in the regmap config. Among other things, it fixes the sleeping in atomic context described above.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/0310cbad163a908d09d99c26827859365cd71fcb URL:https://git.kernel.org/stable/c/0310cbad163a908d09d99c26827859365cd71fcb MISC:https://git.kernel.org/stable/c/788d9e9a41b81893d6bb8faa05f045c975278318 URL:https://git.kernel.org/stable/c/788d9e9a41b81893d6bb8faa05f045c975278318 MISC:https://git.kernel.org/stable/c/830f838589522404cd7c2f0f540602f25034af61 URL:https://git.kernel.org/stable/c/830f838589522404cd7c2f0f540602f25034af61 MISC:https://git.kernel.org/stable/c/8c6fd5803b988a5e78c9b9e42c70a936d7cfc6ec URL:https://git.kernel.org/stable/c/8c6fd5803b988a5e78c9b9e42c70a936d7cfc6ec MISC:https://git.kernel.org/stable/c/9372e160d8211a7e17f2abff8370794f182df785 URL:https://git.kernel.org/stable/c/9372e160d8211a7e17f2abff8370794f182df785 MISC:https://git.kernel.org/stable/c/a37eecb705f33726f1fb7cd2a67e514a15dfe693 URL:https://git.kernel.org/stable/c/a37eecb705f33726f1fb7cd2a67e514a15dfe693 MISC:https://git.kernel.org/stable/c/c55d186376a87b468c9ee30f2195e0f3857f61a0 URL:https://git.kernel.org/stable/c/c55d186376a87b468c9ee30f2195e0f3857f61a0
Assigning CNA
kernel.org
Date Record Created
20250111	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250111)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)