In the Linux kernel, the following vulnerability has been resolved:
drivers: usb: host: Fix deadlock in oxubussuspend()
There is a deadlock in oxubussuspend(), which is shown below:
(Thread 1) | (Thread 2) | timeraction() oxubussuspend() | modtimer() spinlockirq() //(1) | (wait a time) ... | oxuwatchdog() deltimersync() | spinlock_irq() //(2) (wait timer to stop) | ...
We hold oxu->lock in position (1) of thread 1, and use deltimersync() to wait timer to stop, but timer handler also need oxu->lock in position (2) of thread 2. As a result, oxubussuspend() will block forever.
This patch extracts deltimersync() from the protection of spinlockirq(), which could let timer handler to obtain the needed lock.