CVE-2024-57889— pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-57889
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking If a device uses MCP23xxx IO expander to receive IRQs, the following bug can happen: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ... preempt_count: 1, expected: 0 ... Call Trace: ... __might_resched+0x104/0x10e __might_sleep+0x3e/0x62 mutex_lock+0x20/0x4c regmap_lock_mutex+0x10/0x18 regmap_update_bits_base+0x2c/0x66 mcp23s08_irq_set_type+0x1ae/0x1d6 __irq_set_trigger+0x56/0x172 __setup_irq+0x1e6/0x646 request_threaded_irq+0xb6/0x160 ... We observed the problem while experimenting with a touchscreen driver which used MCP23017 IO expander (I2C). The regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from concurrent accesses, which is the default for regmaps without .fast_io, .disable_locking, etc. mcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter locks the mutex. However, __setup_irq() locks desc->lock spinlock before calling these functions. As a result, the system tries to lock the mutex whole holding the spinlock. It seems, the internal regmap locks are not needed in this driver at all. mcp->lock seems to protect the regmap from concurrent accesses already, except, probably, in mcp_pinconf_get/set. mcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under chip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes mcp->lock and enables regmap caching, so that the potentially slow I2C accesses are deferred until chip_bus_unlock(). The accesses to the regmap from mcp23s08_probe_one() do not need additional locking. In all remaining places where the regmap is accessed, except mcp_pinconf_get/set(), the driver already takes mcp->lock. This patch adds locking in mcp_pinconf_get/set() and disables internal locking in the regmap config. Among other things, it fixes the sleeping in atomic context described above.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于regmap锁定导致原子环境中休眠。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2024-57889
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-57889
请登录查看更多情报信息。
Same Patch Batch · Linux · 2025-01-15 · 32 CVEs total
| CVE-2024-57899 | wifi: mac80211: fix mbss changed flags corruption on 32 bit systems | |
| CVE-2024-57857 | RDMA/siw: Remove direct link to net_device | |
| CVE-2024-57844 | drm/xe: Fix fault on fd close after unbind | |
| CVE-2024-57841 | net: fix memory leak in tcp_conn_request() | |
| CVE-2024-57802 | netrom: check buffer length before accessing it | |
| CVE-2024-57801 | net/mlx5e: Skip restore TC rules for vport rep without loaded flag | |
| CVE-2024-57795 | RDMA/rxe: Remove the direct link to net_device | |
| CVE-2024-54031 | netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext | |
| CVE-2024-53681 | nvmet: Don't overflow subsysnqn | |
| CVE-2024-39282 | net: wwan: t7xx: Fix FSM command timeout issue | |
| CVE-2024-36476 | RDMA/rtrs: Ensure 'ib_sge list' is accessible | |
| CVE-2025-21629 | net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets | |
| CVE-2024-57903 | net: restrict SO_REUSEPORT to inet sockets | |
| CVE-2024-57901 | af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK | |
| CVE-2024-57902 | af_packet: fix vlan_get_tci() vs MSG_PEEK | |
| CVE-2024-57900 | ila: serialize calls to nf_register_net_hooks() | |
| CVE-2024-57882 | mptcp: fix TCP options overflow. | |
| CVE-2024-57898 | wifi: cfg80211: clear link ID from bitmap during link delete after clean up | |
| CVE-2024-57897 | drm/amdkfd: Correct the migration DMA map direction | |
| CVE-2024-57896 | btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount |
Showing top 20 of 32 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-46333
ptrace: slightly saner 'get_dumpable()' logic - CVE-2026-43490
ksmbd: validate inherited ACE SID length - CVE-2026-43489
liveupdate: luo_file: remember retrieve() status - CVE-2026-43487
ata: libata-core: Disable LPM on ST1000DM010-2EP102 - CVE-2026-43488
usb: xhci: Prevent interrupt storm on host controller error
Same vendor: Linux
- CVE-2026-46333
ptrace: slightly saner 'get_dumpable()' logic - CVE-2026-43490
ksmbd: validate inherited ACE SID length - CVE-2026-43489
liveupdate: luo_file: remember retrieve() status - CVE-2026-43487
ata: libata-core: Disable LPM on ST1000DM010-2EP102 - CVE-2026-43488
usb: xhci: Prevent interrupt storm on host controller error
V. Comments for CVE-2024-57889
No comments yet