diff mbox series

[v2,05/15] usb: typec: tcpm: fix the PD disabled case

Message ID 20240113-pmi632-typec-v2-5-182d9aa0a5b3@linaro.org (mailing list archive)
State Superseded
Commit f2e5d3de7e1fbf24483e7f996e519b3ebc3935a1
Headers show
Series usb: typec: qcom-pmic-typec: enable support for PMI632 PMIC | expand

Commit Message

Dmitry Baryshkov Jan. 13, 2024, 8:55 p.m. UTC
If the PD is disabled for the port, port->pds will be left as NULL,
which causes the following crash during caps intilisation. Fix the
crash.

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
Call trace:
 tcpm_register_port+0xaec/0xc44
 qcom_pmic_typec_probe+0x1a4/0x254
 platform_probe+0x68/0xc0
 really_probe+0x148/0x2ac
 __driver_probe_device+0x78/0x12c
 driver_probe_device+0xd8/0x160
Bluetooth: hci0: QCA Product ID   :0x0000000a
 __device_attach_driver+0xb8/0x138
 bus_for_each_drv+0x80/0xdc
Bluetooth: hci0: QCA SOC Version  :0x40020150
 __device_attach+0x9c/0x188
 device_initial_probe+0x14/0x20
 bus_probe_device+0xac/0xb0
 deferred_probe_work_func+0x8c/0xc8
 process_one_work+0x1ec/0x51c
 worker_thread+0x1ec/0x3e4
 kthread+0x120/0x124
 ret_from_fork+0x10/0x20

Fixes: cd099cde4ed2 ("usb: typec: tcpm: Support multiple capabilities")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
---
 drivers/usb/typec/tcpm/tcpm.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Alexander Stein Jan. 15, 2024, 9 a.m. UTC | #1
Hi Dmitry,

Am Samstag, 13. Januar 2024, 21:55:48 CET schrieb Dmitry Baryshkov:
> If the PD is disabled for the port, port->pds will be left as NULL,
> which causes the following crash during caps intilisation. Fix the
> crash.
> 
> Unable to handle kernel NULL pointer dereference at virtual address
> 0000000000000000 Call trace:
>  tcpm_register_port+0xaec/0xc44
>  qcom_pmic_typec_probe+0x1a4/0x254
>  platform_probe+0x68/0xc0
>  really_probe+0x148/0x2ac
>  __driver_probe_device+0x78/0x12c
>  driver_probe_device+0xd8/0x160
> Bluetooth: hci0: QCA Product ID   :0x0000000a
>  __device_attach_driver+0xb8/0x138
>  bus_for_each_drv+0x80/0xdc
> Bluetooth: hci0: QCA SOC Version  :0x40020150
>  __device_attach+0x9c/0x188
>  device_initial_probe+0x14/0x20
>  bus_probe_device+0xac/0xb0
>  deferred_probe_work_func+0x8c/0xc8
>  process_one_work+0x1ec/0x51c
>  worker_thread+0x1ec/0x3e4
>  kthread+0x120/0x124
>  ret_from_fork+0x10/0x20
> 
> Fixes: cd099cde4ed2 ("usb: typec: tcpm: Support multiple capabilities")
> Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
> ---
>  drivers/usb/typec/tcpm/tcpm.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c
> index 5945e3a2b0f7..a0978ed1a257 100644
> --- a/drivers/usb/typec/tcpm/tcpm.c
> +++ b/drivers/usb/typec/tcpm/tcpm.c
> @@ -6848,7 +6848,8 @@ struct tcpm_port *tcpm_register_port(struct device
> *dev, struct tcpc_dev *tcpc) if (err)
>  		goto out_role_sw_put;
> 
> -	port->typec_caps.pd = port->pds[0];
> +	if (port->pds)

I'm wondering if the check should be for port->pd_supported instead.
Nevertheless this works on my "pd-disable" platform as well.

Best regards,
Alexander

> +		port->typec_caps.pd = port->pds[0];
> 
>  	port->typec_port = typec_register_port(port->dev, &port-
>typec_caps);
>  	if (IS_ERR(port->typec_port)) {
Heikki Krogerus Jan. 18, 2024, 9:53 a.m. UTC | #2
On Sat, Jan 13, 2024 at 10:55:48PM +0200, Dmitry Baryshkov wrote:
> If the PD is disabled for the port, port->pds will be left as NULL,
> which causes the following crash during caps intilisation. Fix the
> crash.
> 
> Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
> Call trace:
>  tcpm_register_port+0xaec/0xc44
>  qcom_pmic_typec_probe+0x1a4/0x254
>  platform_probe+0x68/0xc0
>  really_probe+0x148/0x2ac
>  __driver_probe_device+0x78/0x12c
>  driver_probe_device+0xd8/0x160
> Bluetooth: hci0: QCA Product ID   :0x0000000a
>  __device_attach_driver+0xb8/0x138
>  bus_for_each_drv+0x80/0xdc
> Bluetooth: hci0: QCA SOC Version  :0x40020150
>  __device_attach+0x9c/0x188
>  device_initial_probe+0x14/0x20
>  bus_probe_device+0xac/0xb0
>  deferred_probe_work_func+0x8c/0xc8
>  process_one_work+0x1ec/0x51c
>  worker_thread+0x1ec/0x3e4
>  kthread+0x120/0x124
>  ret_from_fork+0x10/0x20
> 
> Fixes: cd099cde4ed2 ("usb: typec: tcpm: Support multiple capabilities")
> Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>

Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>

> ---
>  drivers/usb/typec/tcpm/tcpm.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c
> index 5945e3a2b0f7..a0978ed1a257 100644
> --- a/drivers/usb/typec/tcpm/tcpm.c
> +++ b/drivers/usb/typec/tcpm/tcpm.c
> @@ -6848,7 +6848,8 @@ struct tcpm_port *tcpm_register_port(struct device *dev, struct tcpc_dev *tcpc)
>  	if (err)
>  		goto out_role_sw_put;
>  
> -	port->typec_caps.pd = port->pds[0];
> +	if (port->pds)
> +		port->typec_caps.pd = port->pds[0];
>  
>  	port->typec_port = typec_register_port(port->dev, &port->typec_caps);
>  	if (IS_ERR(port->typec_port)) {
> 
> -- 
> 2.39.2
diff mbox series

Patch

diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c
index 5945e3a2b0f7..a0978ed1a257 100644
--- a/drivers/usb/typec/tcpm/tcpm.c
+++ b/drivers/usb/typec/tcpm/tcpm.c
@@ -6848,7 +6848,8 @@  struct tcpm_port *tcpm_register_port(struct device *dev, struct tcpc_dev *tcpc)
 	if (err)
 		goto out_role_sw_put;
 
-	port->typec_caps.pd = port->pds[0];
+	if (port->pds)
+		port->typec_caps.pd = port->pds[0];
 
 	port->typec_port = typec_register_port(port->dev, &port->typec_caps);
 	if (IS_ERR(port->typec_port)) {