We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)
Bugpilot (Bug tracking)

Ok

THREATINT CVE Home CVE Diag Help
PUBLISHED

CVE-2024-26806

spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks

Reserved:2024-02-19
Published:2024-04-04
Updated:2024-04-04

Description

In the Linux kernel, the following vulnerability has been resolved: spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks The ->runtime_suspend() and ->runtime_resume() callbacks are not expected to call spi_controller_suspend() and spi_controller_resume(). Remove calls to those in the cadence-qspi driver. Those helpers have two roles currently: - They stop/start the queue, including dealing with the kworker. - They toggle the SPI controller SPI_CONTROLLER_SUSPENDED flag. It requires acquiring ctlr->bus_lock_mutex. Step one is irrelevant because cadence-qspi is not queued. Step two however has two implications: - A deadlock occurs, because ->runtime_resume() is called in a context where the lock is already taken (in the ->exec_op() callback, where the usage count is incremented). - It would disallow all operations once the device is auto-suspended. Here is a brief call tree highlighting the mutex deadlock: spi_mem_exec_op() ... spi_mem_access_start() mutex_lock(&ctlr->bus_lock_mutex) cqspi_exec_mem_op() pm_runtime_resume_and_get() cqspi_resume() spi_controller_resume() mutex_lock(&ctlr->bus_lock_mutex) ... spi_mem_access_end() mutex_unlock(&ctlr->bus_lock_mutex) ...

Product status

Default status
unaffected

0578a6dbfe75 before 041562ebc475
affected

0578a6dbfe75 before 959043afe53a
affected

Default status
affected

6.7
affected

Any version before 6.7
unaffected

6.7.9
unaffected

6.8
unaffected

References

https://git.kernel.org/stable/c/041562ebc4759c9932b59a06527f8753b86da365

https://git.kernel.org/stable/c/959043afe53ae80633e810416cee6076da6e91c6

cve.org CVE-2024-26806

nvd.nist.gov CVE-2024-26806

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-26806