1. Patchew
  2. linux
  3. [PATCH 0/8] Thunderbolt and DP altmode support for cros-ec-typec
  4. View patch

[PATCH 3/8] usb: typec: intel_pmc_mux: Null check before use

Abhishek Pandit-Subedi posted 8 patches 1 year, 4 months ago
There is a newer version of this series
[PATCH 3/8] usb: typec: intel_pmc_mux: Null check before use
Posted by Abhishek Pandit-Subedi 1 year, 4 months ago 
Make sure the data pointer in typec_mux_state is not null before
accessing it.

Signed-off-by: Abhishek Pandit-Subedi <abhishekpandit@chromium.org>
---

 drivers/usb/typec/mux/intel_pmc_mux.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/typec/mux/intel_pmc_mux.c b/drivers/usb/typec/mux/intel_pmc_mux.c
index 56989a0d0f43..4283fead9a69 100644
--- a/drivers/usb/typec/mux/intel_pmc_mux.c
+++ b/drivers/usb/typec/mux/intel_pmc_mux.c
@@ -331,14 +331,19 @@ static int
 pmc_usb_mux_tbt(struct pmc_usb_port *port, struct typec_mux_state *state)
 {
 	struct typec_thunderbolt_data *data = state->data;
-	u8 cable_rounded = TBT_CABLE_ROUNDED_SUPPORT(data->cable_mode);
-	u8 cable_speed = TBT_CABLE_SPEED(data->cable_mode);
+	u8 cable_rounded, cable_speed;
 	struct altmode_req req = { };
 
+	if (!data)
+		return 0;
+
 	if (IOM_PORT_ACTIVITY_IS(port->iom_status, TBT) ||
 	    IOM_PORT_ACTIVITY_IS(port->iom_status, ALT_MODE_TBT_USB))
 		return 0;
 
+	cable_rounded = TBT_CABLE_ROUNDED_SUPPORT(data->cable_mode);
+	cable_speed = TBT_CABLE_SPEED(data->cable_mode);
+
 	req.usage = PMC_USB_ALT_MODE;
 	req.usage |= port->usb3_port << PMC_USB_MSG_USB3_PORT_SHIFT;
 	req.mode_type = PMC_USB_MODE_TYPE_TBT << PMC_USB_MODE_TYPE_SHIFT;
-- 
2.46.0.792.g87dc391469-goog
Re: [PATCH 3/8] usb: typec: intel_pmc_mux: Null check before use
Posted by Heikki Krogerus 1 year, 4 months ago 
On Wed, Sep 25, 2024 at 09:25:04AM -0700, Abhishek Pandit-Subedi wrote:
> Make sure the data pointer in typec_mux_state is not null before
> accessing it.

This really should not be necessary.

> Signed-off-by: Abhishek Pandit-Subedi <abhishekpandit@chromium.org>
> ---
> 
>  drivers/usb/typec/mux/intel_pmc_mux.c | 9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/usb/typec/mux/intel_pmc_mux.c b/drivers/usb/typec/mux/intel_pmc_mux.c
> index 56989a0d0f43..4283fead9a69 100644
> --- a/drivers/usb/typec/mux/intel_pmc_mux.c
> +++ b/drivers/usb/typec/mux/intel_pmc_mux.c
> @@ -331,14 +331,19 @@ static int
>  pmc_usb_mux_tbt(struct pmc_usb_port *port, struct typec_mux_state *state)
>  {
>  	struct typec_thunderbolt_data *data = state->data;
> -	u8 cable_rounded = TBT_CABLE_ROUNDED_SUPPORT(data->cable_mode);
> -	u8 cable_speed = TBT_CABLE_SPEED(data->cable_mode);
> +	u8 cable_rounded, cable_speed;
>  	struct altmode_req req = { };
>  
> +	if (!data)
> +		return 0;
> +
>  	if (IOM_PORT_ACTIVITY_IS(port->iom_status, TBT) ||
>  	    IOM_PORT_ACTIVITY_IS(port->iom_status, ALT_MODE_TBT_USB))
>  		return 0;
>  
> +	cable_rounded = TBT_CABLE_ROUNDED_SUPPORT(data->cable_mode);
> +	cable_speed = TBT_CABLE_SPEED(data->cable_mode);
> +
>  	req.usage = PMC_USB_ALT_MODE;
>  	req.usage |= port->usb3_port << PMC_USB_MSG_USB3_PORT_SHIFT;
>  	req.mode_type = PMC_USB_MODE_TYPE_TBT << PMC_USB_MODE_TYPE_SHIFT;
> -- 
> 2.46.0.792.g87dc391469-goog

-- 
heikki
Re: [PATCH 3/8] usb: typec: intel_pmc_mux: Null check before use
Posted by Dmitry Baryshkov 1 year, 4 months ago 
On Wed, Sep 25, 2024 at 09:25:04AM GMT, Abhishek Pandit-Subedi wrote:
> Make sure the data pointer in typec_mux_state is not null before
> accessing it.
> 
> Signed-off-by: Abhishek Pandit-Subedi <abhishekpandit@chromium.org>

Is the a fix for an actual issue or just good-to-have thing? In the
former case it lacks a description of how the issue can be triggered and
a Fixes tag.

> ---
> 
>  drivers/usb/typec/mux/intel_pmc_mux.c | 9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/usb/typec/mux/intel_pmc_mux.c b/drivers/usb/typec/mux/intel_pmc_mux.c
> index 56989a0d0f43..4283fead9a69 100644
> --- a/drivers/usb/typec/mux/intel_pmc_mux.c
> +++ b/drivers/usb/typec/mux/intel_pmc_mux.c
> @@ -331,14 +331,19 @@ static int
>  pmc_usb_mux_tbt(struct pmc_usb_port *port, struct typec_mux_state *state)
>  {
>  	struct typec_thunderbolt_data *data = state->data;
> -	u8 cable_rounded = TBT_CABLE_ROUNDED_SUPPORT(data->cable_mode);
> -	u8 cable_speed = TBT_CABLE_SPEED(data->cable_mode);
> +	u8 cable_rounded, cable_speed;
>  	struct altmode_req req = { };
>  
> +	if (!data)
> +		return 0;
> +
>  	if (IOM_PORT_ACTIVITY_IS(port->iom_status, TBT) ||
>  	    IOM_PORT_ACTIVITY_IS(port->iom_status, ALT_MODE_TBT_USB))
>  		return 0;
>  
> +	cable_rounded = TBT_CABLE_ROUNDED_SUPPORT(data->cable_mode);
> +	cable_speed = TBT_CABLE_SPEED(data->cable_mode);
> +
>  	req.usage = PMC_USB_ALT_MODE;
>  	req.usage |= port->usb3_port << PMC_USB_MSG_USB3_PORT_SHIFT;
>  	req.mode_type = PMC_USB_MODE_TYPE_TBT << PMC_USB_MODE_TYPE_SHIFT;
> -- 
> 2.46.0.792.g87dc391469-goog
> 

-- 
With best wishes
Dmitry
Re: [PATCH 3/8] usb: typec: intel_pmc_mux: Null check before use
Posted by Abhishek Pandit-Subedi 1 year, 4 months ago 
On Wed, Sep 25, 2024 at 9:54 AM Dmitry Baryshkov
<dmitry.baryshkov@linaro.org> wrote:
>
> On Wed, Sep 25, 2024 at 09:25:04AM GMT, Abhishek Pandit-Subedi wrote:
> > Make sure the data pointer in typec_mux_state is not null before
> > accessing it.
> >
> > Signed-off-by: Abhishek Pandit-Subedi <abhishekpandit@chromium.org>
>
> Is the a fix for an actual issue or just good-to-have thing? In the
> former case it lacks a description of how the issue can be triggered and
> a Fixes tag.

This fixes a segfault that occurs when the new Thunderbolt driver is
used because it calls `typec_altmode_notify` with null data. I'm not
sure if that needs a `Fixes` since what's currently running upstream
doesn't actually trigger this error.

I'll update the description with why this is needed. i.e.
---
Make sure the data pointer in typec_mux_state is not null before
accessing it. The new Thunderbolt driver calls typec_altmode_notify
with a NULL pointer for data which can cause this mux configuration
to crash.

>
> > ---
> >
> >  drivers/usb/typec/mux/intel_pmc_mux.c | 9 +++++++--
> >  1 file changed, 7 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/usb/typec/mux/intel_pmc_mux.c b/drivers/usb/typec/mux/intel_pmc_mux.c
> > index 56989a0d0f43..4283fead9a69 100644
> > --- a/drivers/usb/typec/mux/intel_pmc_mux.c
> > +++ b/drivers/usb/typec/mux/intel_pmc_mux.c
> > @@ -331,14 +331,19 @@ static int
> >  pmc_usb_mux_tbt(struct pmc_usb_port *port, struct typec_mux_state *state)
> >  {
> >       struct typec_thunderbolt_data *data = state->data;
> > -     u8 cable_rounded = TBT_CABLE_ROUNDED_SUPPORT(data->cable_mode);
> > -     u8 cable_speed = TBT_CABLE_SPEED(data->cable_mode);
> > +     u8 cable_rounded, cable_speed;
> >       struct altmode_req req = { };
> >
> > +     if (!data)
> > +             return 0;
> > +
> >       if (IOM_PORT_ACTIVITY_IS(port->iom_status, TBT) ||
> >           IOM_PORT_ACTIVITY_IS(port->iom_status, ALT_MODE_TBT_USB))
> >               return 0;
> >
> > +     cable_rounded = TBT_CABLE_ROUNDED_SUPPORT(data->cable_mode);
> > +     cable_speed = TBT_CABLE_SPEED(data->cable_mode);
> > +
> >       req.usage = PMC_USB_ALT_MODE;
> >       req.usage |= port->usb3_port << PMC_USB_MSG_USB3_PORT_SHIFT;
> >       req.mode_type = PMC_USB_MODE_TYPE_TBT << PMC_USB_MODE_TYPE_SHIFT;
> > --
> > 2.46.0.792.g87dc391469-goog
> >
>
> --
> With best wishes
> Dmitry

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.