1. Patchew
  2. linux
  3. View series

[PATCH] usb: typec: displayport: Fix potential deadlock

Andrei Kuchynski posted 1 patch 3 months, 2 weeks ago 
drivers/usb/typec/altmodes/displayport.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
[PATCH] usb: typec: displayport: Fix potential deadlock
Posted by Andrei Kuchynski 3 months, 2 weeks ago 
The deadlock can occur due to a recursive lock acquisition of
`cros_typec_altmode_data::mutex`.
The call chain is as follows:
1. cros_typec_altmode_work() acquires the mutex
2. typec_altmode_vdm() -> dp_altmode_vdm() ->
3. typec_altmode_exit() -> cros_typec_altmode_exit()
4. cros_typec_altmode_exit() attempts to acquire the mutex again

To prevent this, defer the `typec_altmode_exit()` call by scheduling
it rather than calling it directly from within the mutex-protected
context.

Cc: stable@vger.kernel.org
Fixes: b4b38ffb38c9 ("usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode")
Signed-off-by: Andrei Kuchynski <akuchynski@chromium.org>
---
 drivers/usb/typec/altmodes/displayport.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/usb/typec/altmodes/displayport.c b/drivers/usb/typec/altmodes/displayport.c
index b09b58d7311d..2abbe4de3216 100644
--- a/drivers/usb/typec/altmodes/displayport.c
+++ b/drivers/usb/typec/altmodes/displayport.c
@@ -394,8 +394,7 @@ static int dp_altmode_vdm(struct typec_altmode *alt,
 	case CMDT_RSP_NAK:
 		switch (cmd) {
 		case DP_CMD_STATUS_UPDATE:
-			if (typec_altmode_exit(alt))
-				dev_err(&dp->alt->dev, "Exit Mode Failed!\n");
+			dp->state = DP_STATE_EXIT;
 			break;
 		case DP_CMD_CONFIGURE:
 			dp->data.conf = 0;
-- 
2.50.0.rc2.761.g2dc52ea45b-goog
Re: [PATCH] usb: typec: displayport: Fix potential deadlock
Posted by Heikki Krogerus 3 months, 2 weeks ago 
On Tue, Jun 24, 2025 at 01:32:46PM +0000, Andrei Kuchynski wrote:
> The deadlock can occur due to a recursive lock acquisition of
> `cros_typec_altmode_data::mutex`.
> The call chain is as follows:
> 1. cros_typec_altmode_work() acquires the mutex
> 2. typec_altmode_vdm() -> dp_altmode_vdm() ->
> 3. typec_altmode_exit() -> cros_typec_altmode_exit()
> 4. cros_typec_altmode_exit() attempts to acquire the mutex again
> 
> To prevent this, defer the `typec_altmode_exit()` call by scheduling
> it rather than calling it directly from within the mutex-protected
> context.
> 
> Cc: stable@vger.kernel.org
> Fixes: b4b38ffb38c9 ("usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode")
> Signed-off-by: Andrei Kuchynski <akuchynski@chromium.org>

Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>

> ---
>  drivers/usb/typec/altmodes/displayport.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/drivers/usb/typec/altmodes/displayport.c b/drivers/usb/typec/altmodes/displayport.c
> index b09b58d7311d..2abbe4de3216 100644
> --- a/drivers/usb/typec/altmodes/displayport.c
> +++ b/drivers/usb/typec/altmodes/displayport.c
> @@ -394,8 +394,7 @@ static int dp_altmode_vdm(struct typec_altmode *alt,
>  	case CMDT_RSP_NAK:
>  		switch (cmd) {
>  		case DP_CMD_STATUS_UPDATE:
> -			if (typec_altmode_exit(alt))
> -				dev_err(&dp->alt->dev, "Exit Mode Failed!\n");
> +			dp->state = DP_STATE_EXIT;
>  			break;
>  		case DP_CMD_CONFIGURE:
>  			dp->data.conf = 0;

-- 
heikki

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.