{"id":"CVE-2024-57889","summary":"pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking","details":"In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking\n\nIf a device uses MCP23xxx IO expander to receive IRQs, the following\nbug can happen:\n\n  BUG: sleeping function called from invalid context\n    at kernel/locking/mutex.c:283\n  in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...\n  preempt_count: 1, expected: 0\n  ...\n  Call Trace:\n  ...\n  __might_resched+0x104/0x10e\n  __might_sleep+0x3e/0x62\n  mutex_lock+0x20/0x4c\n  regmap_lock_mutex+0x10/0x18\n  regmap_update_bits_base+0x2c/0x66\n  mcp23s08_irq_set_type+0x1ae/0x1d6\n  __irq_set_trigger+0x56/0x172\n  __setup_irq+0x1e6/0x646\n  request_threaded_irq+0xb6/0x160\n  ...\n\nWe observed the problem while experimenting with a touchscreen driver which\nused MCP23017 IO expander (I2C).\n\nThe regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from\nconcurrent accesses, which is the default for regmaps without .fast_io,\n.disable_locking, etc.\n\nmcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter\nlocks the mutex.\n\nHowever, __setup_irq() locks desc-\u003elock spinlock before calling these\nfunctions. As a result, the system tries to lock the mutex whole holding\nthe spinlock.\n\nIt seems, the internal regmap locks are not needed in this driver at all.\nmcp-\u003elock seems to protect the regmap from concurrent accesses already,\nexcept, probably, in mcp_pinconf_get/set.\n\nmcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under\nchip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes\nmcp-\u003elock and enables regmap caching, so that the potentially slow I2C\naccesses are deferred until chip_bus_unlock().\n\nThe accesses to the regmap from mcp23s08_probe_one() do not need additional\nlocking.\n\nIn all remaining places where the regmap is accessed, except\nmcp_pinconf_get/set(), the driver already takes mcp-\u003elock.\n\nThis patch adds locking in mcp_pinconf_get/set() and disables internal\nlocking in the regmap config. Among other things, it fixes the sleeping\nin atomic context described above.","modified":"2026-04-16T04:33:21.733162890Z","published":"2025-01-15T13:05:41.769Z","related":["SUSE-SU-2025:0784-1","SUSE-SU-2025:0847-1","SUSE-SU-2025:0856-1","SUSE-SU-2025:0955-1","SUSE-SU-2025:20190-1","SUSE-SU-2025:20192-1","SUSE-SU-2025:20260-1","SUSE-SU-2025:20270-1","USN-7379-2","USN-7380-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/57xxx/CVE-2024-57889.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0310cbad163a908d09d99c26827859365cd71fcb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/788d9e9a41b81893d6bb8faa05f045c975278318"},{"type":"WEB","url":"https://git.kernel.org/stable/c/830f838589522404cd7c2f0f540602f25034af61"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8c6fd5803b988a5e78c9b9e42c70a936d7cfc6ec"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9372e160d8211a7e17f2abff8370794f182df785"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a37eecb705f33726f1fb7cd2a67e514a15dfe693"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c55d186376a87b468c9ee30f2195e0f3857f61a0"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/57xxx/CVE-2024-57889.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-57889"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8f38910ba4f662222157ce07a0d5becc4328c46a"},{"fixed":"788d9e9a41b81893d6bb8faa05f045c975278318"},{"fixed":"c55d186376a87b468c9ee30f2195e0f3857f61a0"},{"fixed":"9372e160d8211a7e17f2abff8370794f182df785"},{"fixed":"0310cbad163a908d09d99c26827859365cd71fcb"},{"fixed":"8c6fd5803b988a5e78c9b9e42c70a936d7cfc6ec"},{"fixed":"830f838589522404cd7c2f0f540602f25034af61"},{"fixed":"a37eecb705f33726f1fb7cd2a67e514a15dfe693"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-57889.json"}}],"schema_version":"1.7.5"}