Linux Kernel MCP23S08 Pinctrl Driver Sleeping in Atomic Context Vulnerability

A vulnerability in the Linux kernel's pinctrl MCP23S08 driver can lead to sleeping functions being called from an invalid context, causing potential disruptions in IRQ handling for devices using MCP23xxx IO expanders. This issue arises because the driver’s regmap locking mechanism, which employs a mutex to prevent concurrent access, conflicts with the IRQ setup process that requires locking a spinlock. The vulnerability has been addressed by modifying the regmap configuration to disable internal locking and by adding appropriate synchronization in the driver's pin configuration functions.

Impact

Exploiting this vulnerability can cause IRQ handling issues, leading to improper device behavior or responsiveness.

Reproduction

The vulnerability can be reproduced by using a device that employs the MCP23xxx IO expander to manage interrupts. When the pinctrl MCP23S08 driver is active, the regmap locking can inadvertently cause sleeping functions to be called in an atomic context, particularly during the IRQ setup process. This conflict can be observed when the driver is used with a touchscreen application that relies on the MCP23017 IO expander over I2C.

Remediation

The vulnerability has been fixed in the Linux kernel by adjusting the MCP23S08 pinctrl driver's regmap locking behavior. Users should upgrade to the latest kernel version where this patch is applied.