Linux Kernel DWC2 Gadget Spin Lock Mismatch Vulnerability

A vulnerability in the Linux kernel's USB DWC2 gadget driver has been addressed. The issue arose from a spin lock and unlock mismatch in the function `dwc2_hsotg_udc_stop()`. This function called `dwc2_gadget_exit_clock_gating()` without holding the necessary lock, leading to undefined behavior by unlocking a lock that was not held and causing a deadlock when `spin_lock_irqsave()` was called later in the function. The vulnerability affected several versions of the Linux kernel.

Impact

The vulnerability could lead to a deadlock situation, where the system becomes unresponsive because a locked resource is not released, potentially causing a failure in USB gadget operations.

Reproduction

The vulnerability can be reproduced by invoking the `dwc2_hsotg_udc_stop()` function in the USB DWC2 gadget driver without the proper lock being held. This can be done by stopping the USB device controller while the bus is suspended, without exiting the clock gating first.

Remediation

The vulnerability has been fixed by modifying the `dwc2_hsotg_udc_stop()` function to acquire the necessary lock before calling `dwc2_gadget_exit_clock_gating()` and to release it afterwards. Users should update to the latest version of the Linux kernel where this fix has been applied.