CVE-2024-26806

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks<br /> <br /> The -&gt;runtime_suspend() and -&gt;runtime_resume() callbacks are not<br /> expected to call spi_controller_suspend() and spi_controller_resume().<br /> Remove calls to those in the cadence-qspi driver.<br /> <br /> Those helpers have two roles currently:<br /> - They stop/start the queue, including dealing with the kworker.<br /> - They toggle the SPI controller SPI_CONTROLLER_SUSPENDED flag. It<br /> requires acquiring ctlr-&gt;bus_lock_mutex.<br /> <br /> Step one is irrelevant because cadence-qspi is not queued. Step two<br /> however has two implications:<br /> - A deadlock occurs, because -&gt;runtime_resume() is called in a context<br /> where the lock is already taken (in the -&gt;exec_op() callback, where<br /> the usage count is incremented).<br /> - It would disallow all operations once the device is auto-suspended.<br /> <br /> Here is a brief call tree highlighting the mutex deadlock:<br /> <br /> spi_mem_exec_op()<br /> ...<br /> spi_mem_access_start()<br /> mutex_lock(&amp;ctlr-&gt;bus_lock_mutex)<br /> <br /> cqspi_exec_mem_op()<br /> pm_runtime_resume_and_get()<br /> cqspi_resume()<br /> spi_controller_resume()<br /> mutex_lock(&amp;ctlr-&gt;bus_lock_mutex)<br /> ...<br /> <br /> spi_mem_access_end()<br /> mutex_unlock(&amp;ctlr-&gt;bus_lock_mutex)<br /> ...