{"id":"CVE-2024-26806","summary":"spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks\n\nThe -\u003eruntime_suspend() and -\u003eruntime_resume() callbacks are not\nexpected to call spi_controller_suspend() and spi_controller_resume().\nRemove calls to those in the cadence-qspi driver.\n\nThose helpers have two roles currently:\n - They stop/start the queue, including dealing with the kworker.\n - They toggle the SPI controller SPI_CONTROLLER_SUSPENDED flag. It\n   requires acquiring ctlr-\u003ebus_lock_mutex.\n\nStep one is irrelevant because cadence-qspi is not queued. Step two\nhowever has two implications:\n - A deadlock occurs, because -\u003eruntime_resume() is called in a context\n   where the lock is already taken (in the -\u003eexec_op() callback, where\n   the usage count is incremented).\n - It would disallow all operations once the device is auto-suspended.\n\nHere is a brief call tree highlighting the mutex deadlock:\n\nspi_mem_exec_op()\n        ...\n        spi_mem_access_start()\n                mutex_lock(&ctlr-\u003ebus_lock_mutex)\n\n        cqspi_exec_mem_op()\n                pm_runtime_resume_and_get()\n                        cqspi_resume()\n                                spi_controller_resume()\n                                        mutex_lock(&ctlr-\u003ebus_lock_mutex)\n                ...\n\n        spi_mem_access_end()\n                mutex_unlock(&ctlr-\u003ebus_lock_mutex)\n        ...","modified":"2026-04-02T10:06:01.442241Z","published":"2024-04-04T08:20:33.512Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26806.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/041562ebc4759c9932b59a06527f8753b86da365"},{"type":"WEB","url":"https://git.kernel.org/stable/c/959043afe53ae80633e810416cee6076da6e91c6"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26806.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26806"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0578a6dbfe7514db7134501cf93acc21cf13e479"},{"fixed":"041562ebc4759c9932b59a06527f8753b86da365"},{"fixed":"959043afe53ae80633e810416cee6076da6e91c6"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26806.json"}}],"schema_version":"1.7.5"}