-

CVE-2026-53331

slimbus: qcom-ngd-ctrl: Avoid ABBA on tx_lock/ctrl->lock

In the Linux kernel, the following vulnerability has been resolved:

slimbus: qcom-ngd-ctrl: Avoid ABBA on tx_lock/ctrl->lock

During the SSR/PDR down notification the tx_lock is taken with the
intent to provide synchronization with active DMA transfers.

But during this period qcom_slim_ngd_down() is invoked, which ends up in
slim_report_absent(), which takes the slim_controller lock. In multiple
other codepaths these two locks are taken in the opposite order (i.e.
slim_controller then tx_lock).

The result is a lockdep splat, and a possible deadlock:

  rprocctl/449 is trying to acquire lock:
  ffff00009793e620 (&ctrl->lock){+.+.}-{4:4}, at: slim_report_absent (drivers/slimbus/core.c:322) slimbus

  but task is already holding lock:
  ffff00009793fb50 (&ctrl->tx_lock){+.+.}-{4:4}, at: qcom_slim_ngd_ssr_pdr_notify (drivers/slimbus/qcom-ngd-ctrl.c:1475) slim_qcom_ngd_ctrl

  which lock already depends on the new lock.

  Possible unsafe locking scenario:

        CPU0                    CPU1
        ----                    ----
   lock(&ctrl->tx_lock);
                                lock(&ctrl->lock);
                                lock(&ctrl->tx_lock);
   lock(&ctrl->lock);

The assumption is that the comment refers to the desire to not call
qcom_slim_ngd_exit_dma() while we have an ongoing DMA TX transaction.
But any such transaction is initiated and completed within a single
qcom_slim_ngd_xfer_msg().

Prior to calling qcom_slim_ngd_exit_dma() the slim_controller is torn
down, all child devices are notified that the slimbus is gone and the
child devices are removed.

Stop taking the tx_lock in qcom_slim_ngd_ssr_pdr_notify() to avoid the
deadlock.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version a899d324863a3d15ce0eea513884e1b73a758c58
Version < 3d1561537237c6cc1db76155183d8bbdac2339f0
Status affected
Version a899d324863a3d15ce0eea513884e1b73a758c58
Version < dc4d5c57e012c2c669793deb1515a57bbc6bf5dd
Status affected
Version a899d324863a3d15ce0eea513884e1b73a758c58
Version < d54a221b0f3cd9e1f03f18104be34e02a8258fae
Status affected
Version a899d324863a3d15ce0eea513884e1b73a758c58
Version < aad4337a21b9ad3ae8d668fa8678d05e26ecbaa8
Status affected
Version a899d324863a3d15ce0eea513884e1b73a758c58
Version < 9f0d45d509b434c54da10e01f4ef8086e4583401
Status affected
Version a899d324863a3d15ce0eea513884e1b73a758c58
Version < 9708eb50fd7343145b422be852f890212155d845
Status affected
Version a899d324863a3d15ce0eea513884e1b73a758c58
Version < 55f2ea9ff83cc27a85526b14bc9b32f96a08d6ec
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 5.11
Status affected
Version 0
Version < 5.11
Status unaffected
Version <= 5.15.*
Version 5.15.210
Status unaffected
Version <= 6.1.*
Version 6.1.176
Status unaffected
Version <= 6.6.*
Version 6.6.143
Status unaffected
Version <= 6.12.*
Version 6.12.94
Status unaffected
Version <= 6.18.*
Version 6.18.36
Status unaffected
Version <= 7.0.*
Version 7.0.13
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.069
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/3d1561537237c6cc1db76155183d8bbdac2339f0
https://git.kernel.org/stable/c/dc4d5c57e012c2c669793deb1515a57bbc6bf5dd
https://git.kernel.org/stable/c/d54a221b0f3cd9e1f03f18104be34e02a8258fae
https://git.kernel.org/stable/c/aad4337a21b9ad3ae8d668fa8678d05e26ecbaa8
https://git.kernel.org/stable/c/9f0d45d509b434c54da10e01f4ef8086e4583401
https://git.kernel.org/stable/c/9708eb50fd7343145b422be852f890212155d845
https://git.kernel.org/stable/c/55f2ea9ff83cc27a85526b14bc9b32f96a08d6ec