CVE-2025-21821

In the Linux kernel, the following vulnerability has been resolved:

fbdev: omap: use threaded IRQ for LCD DMA

When using touchscreen and framebuffer, Nokia 770 crashes easily with:

BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000
Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd
CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2
Hardware name: Nokia 770
Call trace:
 unwind_backtrace from show_stack+0x10/0x14
 show_stack from dump_stack_lvl+0x54/0x5c
 dump_stack_lvl from __schedule_bug+0x50/0x70
 __schedule_bug from __schedule+0x4d4/0x5bc
 __schedule from schedule+0x34/0xa0
 schedule from schedule_preempt_disabled+0xc/0x10
 schedule_preempt_disabled from __mutex_lock.constprop.0+0x218/0x3b4
 __mutex_lock.constprop.0 from clk_prepare_lock+0x38/0xe4
 clk_prepare_lock from clk_set_rate+0x18/0x154
 clk_set_rate from sossi_read_data+0x4c/0x168
 sossi_read_data from hwa742_read_reg+0x5c/0x8c
 hwa742_read_reg from send_frame_handler+0xfc/0x300
 send_frame_handler from process_pending_requests+0x74/0xd0
 process_pending_requests from lcd_dma_irq_handler+0x50/0x74
 lcd_dma_irq_handler from __handle_irq_event_percpu+0x44/0x130
 __handle_irq_event_percpu from handle_irq_event+0x28/0x68
 handle_irq_event from handle_level_irq+0x9c/0x170
 handle_level_irq from generic_handle_domain_irq+0x2c/0x3c
 generic_handle_domain_irq from omap1_handle_irq+0x40/0x8c
 omap1_handle_irq from generic_handle_arch_irq+0x28/0x3c
 generic_handle_arch_irq from call_with_stack+0x1c/0x24
 call_with_stack from __irq_svc+0x94/0xa8
Exception stack(0xc5255da0 to 0xc5255de8)
5da0: 00000001 c22fc620 00000000 00000000 c08384a8 c106fc00 00000000 c240c248
5dc0: c113a600 c3f6ec30 00000001 00000000 c22fc620 c5255df0 c22fc620 c0279a94
5de0: 60000013 ffffffff
 __irq_svc from clk_prepare_lock+0x4c/0xe4
 clk_prepare_lock from clk_get_rate+0x10/0x74
 clk_get_rate from uwire_setup_transfer+0x40/0x180
 uwire_setup_transfer from spi_bitbang_transfer_one+0x2c/0x9c
 spi_bitbang_transfer_one from spi_transfer_one_message+0x2d0/0x664
 spi_transfer_one_message from __spi_pump_transfer_message+0x29c/0x498
 __spi_pump_transfer_message from __spi_sync+0x1f8/0x2e8
 __spi_sync from spi_sync+0x24/0x40
 spi_sync from ads7846_halfd_read_state+0x5c/0x1c0
 ads7846_halfd_read_state from ads7846_irq+0x58/0x348
 ads7846_irq from irq_thread_fn+0x1c/0x78
 irq_thread_fn from irq_thread+0x120/0x228
 irq_thread from kthread+0xc8/0xe8
 kthread from ret_from_fork+0x14/0x28

As a quick fix, switch to a threaded IRQ which provides a stable system.