From nobody Fri Oct 3 20:55:18 2025 Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D47DB2E7F25 for ; Mon, 25 Aug 2025 11:52:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.180.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756122739; cv=none; b=p1V8IQIuB80neb+KUiXH5EmXQAwcxXim/jXOLwpBfE1U9s4JmuKpANr3vKSHOGQFJY95VcZtnF66lmywrGlz+NJRSpQ0dzLjY5AvhtHYtyga4oFPhsS9rTvBYWT1IQICbafXDaOLo8uc3AU2JsEPQBtWOQ0spOOIIybxVWS2A00= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756122739; c=relaxed/simple; bh=y5Bq2C2XFu4tjzarifro/c1pTg5lvkE0QF25A4Uh1EY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=k+WUObXWzgCZaRsJYD0aQ74VwADKWMy6+BQux+RZ1B4BTvZ6b3ZjqcfxJQ4MDIYkNNGgEokAoDIlJ2Q1sMfWmtrE10m8t25peWN13/WxUY0xqTJnoWL9ugn3xcyMvdib/vn+LOjmzO9jtKaQz6jET9ooaPpGTMcCq4XDKfie7bU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com; spf=pass smtp.mailfrom=oss.qualcomm.com; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b=U7jazKps; arc=none smtp.client-ip=205.220.180.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b="U7jazKps" Received: from pps.filterd (m0279871.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 57P8PUtu024070 for ; Mon, 25 Aug 2025 11:52:17 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= HpYASGZZmsu81nylw1xU5enO2W10dco2kzYUMmfi47I=; b=U7jazKpsZDXXnFpp bpXf9dA3wQ3+RLo6cy5nsIr9jH0A+fZJu9ecSGUclxGo4pep2aUhDXYsFI9Nno2f AasAc7WhtKeezpxohqPF3VhAhmBoh4bBXWim2yokuGTwt2RyO2fp19l/7IqLN7Cq oNNGTojrzGVTrxvYs71ZL7obyuBaRrAgigpOnuhu71SIxRl4PEETqUj7cIKo+HrM fdRQWLH5KfKRwtYS2CTHtC1dkdzRNNoU4D5fMXt8S6b1DQ0qKs1F+wF3+0nE8NTY xNx0VwOFjeTxXcDhB2i717xVtrXaIuPvsG++veTrcKD7lVGw3peagHF3p5ulQhYO 9CtOOQ== Received: from mail-pl1-f198.google.com (mail-pl1-f198.google.com [209.85.214.198]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 48q5uc4ub8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Mon, 25 Aug 2025 11:52:16 +0000 (GMT) Received: by mail-pl1-f198.google.com with SMTP id d9443c01a7336-24458264c5aso47415955ad.3 for ; Mon, 25 Aug 2025 04:52:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756122735; x=1756727535; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HpYASGZZmsu81nylw1xU5enO2W10dco2kzYUMmfi47I=; b=RumYXyrf4+4ZCY/LCU4zo5+bkrbur6tkkhN/Lp5AMGKpGxbvVQmu1PEpuFVqiTmpza 97nJfCRGTGdFQNhhAYbLZ3ZmHYjm/UOA6aQYRVk54BI4iRW46aqpze0YNGpk4siM5PHn wlNTyouzUiXT+H743YzSnPhpvm4J7ypIa2I2taxmzvA8XWpdWV8qZdWSfAft7pHZBaed oC2vxLkYr9et9yLWGnx92DMstQLZukWNt9nHXwihzN+kP2MUuYnJ6JlIwlfo82PBys8C qtfaOtdEkNFciIpKtPJ+XUskMG4piMVK50XxjlRbtJHPXVOJkdwhkLLgQ39mIQ9ZA5i+ Rjbw== X-Forwarded-Encrypted: i=1; AJvYcCVFqrlnX4gyLX+u/7f69f+I745boXhkKC1/ixCL3PW50zq9MPACW2XtYWb+KdCdQe9DMTLCYiO3gtOaRhw=@vger.kernel.org X-Gm-Message-State: AOJu0Yxs82eIQWSn7ll9RjEqcmtsKosjUa64RowMkfCaqJsCzyouvoqn yi1TjqbBTzcU0yxRWGIASBKK6P6zZHppWw/MMupK/0oqzxGK74HSIpJyi/x1Nadd6CGM/Q55sl/ jb/eRQwhowwLvP5SzY24VDH7tpRrGRqW3Z0knbAC3nHcn0rqkubGA1gEmMnQDOIbHKNk= X-Gm-Gg: ASbGncv9Ol6oTp+DjyGNhBJ04C13EvE9Y++fyH15aptTjeRax6EfFsz1hriY1fPtPzQ hfaIbGCpTxKknVee9Lg3rAOu9exDoghvLj20xs+xbVJ/y8bCgTOVU5YdrGmribzf4qJ36SOHpr2 R0ntAz+8GmEXaSO7TXtoFjImu7iNP+/MXYVQVc2pfIZQXpith3xO4XXAZ5gky79jqnjJtbTASku nm5cKGIGGJbPKLDnN3+wE3fIR9YJOyUWoeSkW9RIbtKvp7osrWVGTY/ru9WrM2lz0vvbVxFUj1x LPRQxSlqzIaoeueXSfLWAbNTN5FUJC1vrOCdfbAIf6C3M+tbwpwyERUTrqqgLQRcF1ypeMNONUT BAxjwd9IrEzTE9a+OR++Di1C7spL0E2Q6FH5ZC/wYoYGOq6BWgw7HtxzUkdJWOmBJLNVKSGCRpb Q= X-Received: by 2002:a17:902:d603:b0:246:a42b:a31d with SMTP id d9443c01a7336-246a42ba453mr73367025ad.44.1756122734547; Mon, 25 Aug 2025 04:52:14 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHf+8bmXr8Korpvwp3mX4WK/6McGdstI2tyTFrLp1MRPj7QLOOcYirhdLAQzg0QNUqxZUKcpA== X-Received: by 2002:a17:902:d603:b0:246:a42b:a31d with SMTP id d9443c01a7336-246a42ba453mr73366755ad.44.1756122734086; Mon, 25 Aug 2025 04:52:14 -0700 (PDT) Received: from hu-kathirav-blr.qualcomm.com (blr-bdr-fw-01_GlobalNAT_AllZones-Outside.qualcomm.com. [103.229.18.19]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-246687b521bsm67081015ad.60.2025.08.25.04.52.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Aug 2025 04:52:13 -0700 (PDT) From: Kathiravan Thirumoorthy Date: Mon, 25 Aug 2025 17:22:02 +0530 Subject: [PATCH 1/3] phy: qcom-qmp-usb: fix NULL pointer dereference in PM callbacks Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250825-qmp-null-deref-on-pm-v1-1-bbd3ca330849@oss.qualcomm.com> References: <20250825-qmp-null-deref-on-pm-v1-0-bbd3ca330849@oss.qualcomm.com> In-Reply-To: <20250825-qmp-null-deref-on-pm-v1-0-bbd3ca330849@oss.qualcomm.com> To: Vinod Koul , Kishon Vijay Abraham I , Dmitry Baryshkov , Bjorn Andersson , Konrad Dybcio Cc: linux-arm-msm@vger.kernel.org, linux-phy@lists.infradead.org, linux-kernel@vger.kernel.org, Kathiravan Thirumoorthy , Poovendhan Selvaraj , stable@vger.kernel.org X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1756122727; l=2291; i=kathiravan.thirumoorthy@oss.qualcomm.com; s=20230906; h=from:subject:message-id; bh=5tHHmTTWnCLhPgSdJhVTTRMV12QfK1s/7g0qLan1GPM=; b=+4h5dOsKc93rJTyxtpkASa9VdaD7psJ6QMS6m9i1mhrHVmyUqXzUcMpMjcXA2aa3vT7uXpa0F VdoBdRAqnuNDB1vN7nu0jdjIoAsFEZ+3XsCh4rwsmmT8F4sKZ2dsDpl X-Developer-Key: i=kathiravan.thirumoorthy@oss.qualcomm.com; a=ed25519; pk=xWsR7pL6ch+vdZ9MoFGEaP61JUaRf0XaZYWztbQsIiM= X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwODIzMDAzMiBTYWx0ZWRfXziw5SBVrorVQ IP93hWMn3h2Nlwcy22PcrxSpjK507HNX4SQrJYE8uMRb9FRihrPRNbKMSn4Xkk6Tl6gctf8ledx LHRrk/myYUnVprZK8IPLcje0A7Pt9b0nCzfSUdTo9yndM6idhBxSQr5d/MszqpXbu31SyCzS9SJ fGq/9T7me431oa5fIWAdiR4pNZQ7OM+75eUwB+unnN+UqkvGy0qISfsxE7q4EmSxYfZ9k6KRrAG 1YIz7SfcjY4iqcAb3vwQ3mKwoRWO7HDM1ivVFjAJNaymfqqj1KUBga3Jd03RzSdK56ZOG14yGu/ 1UTashc/sgK7sa1ka8a9X+miC4kIHoi5rweowTKFhsiw2HDrQ9/Xy3UnBm4XZb26B0Q6fyVhD+k 1khaXLMX X-Proofpoint-ORIG-GUID: X0NiaxaWyDrya60BsH9xEdXJLynrDmZC X-Authority-Analysis: v=2.4 cv=I85lRMgg c=1 sm=1 tr=0 ts=68ac4e70 cx=c_pps a=MTSHoo12Qbhz2p7MsH1ifg==:117 a=Ou0eQOY4+eZoSc0qltEV5Q==:17 a=IkcTkHD0fZMA:10 a=2OwXVqhp2XgA:10 a=COk6AnOGAAAA:8 a=VwQbUJbxAAAA:8 a=EUspDBNiAAAA:8 a=qjlM38Vp9SSmJgUIidoA:9 a=QEXdDO2ut3YA:10 a=GvdueXVYPmCkWapjIL-Q:22 a=TjNXssC_j7lpFel5tvFf:22 X-Proofpoint-GUID: X0NiaxaWyDrya60BsH9xEdXJLynrDmZC X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.1.9,FMLib:17.12.80.40 definitions=2025-08-25_05,2025-08-20_03,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 spamscore=0 adultscore=0 bulkscore=0 malwarescore=0 suspectscore=0 phishscore=0 clxscore=1015 impostorscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2507300000 definitions=main-2508230032 From: Poovendhan Selvaraj The pm ops are enabled before qmp phy create which causes a NULL pointer dereference when accessing qmp->phy->init_count in the qmp_usb_runtime_suspend. So if qmp->phy is NULL, bail out early in suspend / resume callbacks to avoid the NULL pointer dereference in qmp_usb_runtime_suspend and qmp_usb_runtime_resume. Below is the stacktrace for reference: [<818381a0>] (qmp_usb_runtime_suspend [phy_qcom_qmp_usb]) from [<4051d1d8>]= (__rpm_callback+0x3c/0x110) [<4051d1d8>] (__rpm_callback) from [<4051d2fc>] (rpm_callback+0x50/0x54) [<4051d2fc>] (rpm_callback) from [<4051d940>] (rpm_suspend+0x23c/0x428) [<4051d940>] (rpm_suspend) from [<4051e808>] (pm_runtime_work+0x74/0x8c) [<4051e808>] (pm_runtime_work) from [<401311f4>] (process_scheduled_works+0= x1d0/0x2c8) [<401311f4>] (process_scheduled_works) from [<40131d48>] (worker_thread+0x2= 60/0x2e4) [<40131d48>] (worker_thread) from [<40138970>] (kthread+0x118/0x12c) [<40138970>] (kthread) from [<4010013c>] (ret_from_fork+0x14/0x38) Cc: stable@vger.kernel.org # v6.0 Fixes: 65753f38f530 ("phy: qcom-qmp-usb: drop multi-PHY support") Signed-off-by: Poovendhan Selvaraj Signed-off-by: Kathiravan Thirumoorthy --- drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-usb.c b/drivers/phy/qualcomm= /phy-qcom-qmp-usb.c index ed646a7e705ba3259708775ed5fedbbbada13735..cd04e8f22a0fe81b086b308d027= 13222aa95cae3 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-usb.c +++ b/drivers/phy/qualcomm/phy-qcom-qmp-usb.c @@ -1940,7 +1940,7 @@ static int __maybe_unused qmp_usb_runtime_suspend(str= uct device *dev) =20 dev_vdbg(dev, "Suspending QMP phy, mode:%d\n", qmp->mode); =20 - if (!qmp->phy->init_count) { + if (!qmp->phy || !qmp->phy->init_count) { dev_vdbg(dev, "PHY not initialized, bailing out\n"); return 0; } @@ -1960,7 +1960,7 @@ static int __maybe_unused qmp_usb_runtime_resume(stru= ct device *dev) =20 dev_vdbg(dev, "Resuming QMP phy, mode:%d\n", qmp->mode); =20 - if (!qmp->phy->init_count) { + if (!qmp->phy || !qmp->phy->init_count) { dev_vdbg(dev, "PHY not initialized, bailing out\n"); return 0; } --=20 2.34.1 From nobody Fri Oct 3 20:55:18 2025 Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9C8C32D0C88 for ; Mon, 25 Aug 2025 11:52:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.180.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756122742; cv=none; b=X3PvR6kbKHsnRFs6r4Q6Y2ExjSp9OgFNHUUuyaDSjrSEflqXfcsAnC3+0wYR0tgApLaK2TPMazqcdeysd9H7OJtTV6hUvCqHZvCsDb4J+xwDo+ElA8uWQW914DXvU0cXGgo9Ahnjk/YcXASXqQYc7bOfWvkdX+jugC4fEWf5fq8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756122742; c=relaxed/simple; bh=QRUHF590CJTXODjs7DSRBmvWmre1qQeoCo95qiT9cFo=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=TZtsm8CB/yJ/TdQt1P8jeaIpGMjQf8F4vc4czDa/lxvSmIx/MrE/Hz5+R4hdI4hC+V8TocPrN3E6Xg0lpwyblAmR77tIw2T7g9a8a7UpOgSZ/rAXs5dKAqbzspZIbo8weArk8ka4kBVOe7WizHKS3FOvLmGqu4hk3voGyiW8+sk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com; spf=pass smtp.mailfrom=oss.qualcomm.com; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b=Y75BQMgk; arc=none smtp.client-ip=205.220.180.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b="Y75BQMgk" Received: from pps.filterd (m0279872.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 57P5nJEv021344 for ; Mon, 25 Aug 2025 11:52:19 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= SXrtefYV/rer8ZU996F+Maf3mwsdsfGt4Sxy4lj7V/0=; b=Y75BQMgkquYZ+pgg F2ynAc8+RMPiKmquViVF2QxHh70CDJXLrJzJ86Y3bfXYQUtOGypUjMLrc7/zVgFv qlQpEj48Y6FKRm7QF1h+vgQniFpMRjJASqPsE5ex9MXfjTjO0mhgTG3C92uNrxvu 714JBAhq/dgicuPZhNbVSHqob3gRxydW7Atcnk89vRF/hZxNb0pgJntqKew876Wr bKtELG4f3A/fCQaD8mxHzaQ+GNhmyQwAcM4VRIvmgPjxDhjMI8t4SGeFf/NkFGCj 0K/Pt+iHn7i7G92LccGN/F92mK+0gaIh1gZxTzSrZqA6h9POdKiLWhn/7J3zeW+M wUj7Lg== Received: from mail-pl1-f198.google.com (mail-pl1-f198.google.com [209.85.214.198]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 48q615cvw9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Mon, 25 Aug 2025 11:52:19 +0000 (GMT) Received: by mail-pl1-f198.google.com with SMTP id d9443c01a7336-246bcd0a112so8673965ad.1 for ; Mon, 25 Aug 2025 04:52:19 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756122738; x=1756727538; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=SXrtefYV/rer8ZU996F+Maf3mwsdsfGt4Sxy4lj7V/0=; b=nXWJawtcESMcMnw0IpUT3RtiV8QjDCNX34ko4a6TaIqNi7e9efOAvaZDzQNffydlKJ r+l+IJogfQw/bOAyAtA3Klq0oasvjRF+lJBu7qpNvb2XQ2UUTMmFTDofrYzF+IojP3Ud oRZsdv8uz3XShdZKhaiSk5eHMpL6UPfQcsC0z9RsR7ZGCrMCqdGHk22qUljogwxaIdVi RYpd2wB9KRaOmEkQ7kHI0BmoY7foKdaI464gPXiuV14BudjAtAHtOKXk6DU7k4csFUqG v3s2GTe0JFDVL3Hl99a45Dhej85+jiEX1pf3EOxtSeAneyXEJcmzVOJgC9Fm5bgWVpPx vMYA== X-Forwarded-Encrypted: i=1; AJvYcCWocxFvjm6o6kbV++HlD4P+3PoztwYGh3wqJvbnQaNXDVlR4iy4hoIoYCpY/c2ADYQhZioVerzGTJpRmpw=@vger.kernel.org X-Gm-Message-State: AOJu0YxQLzvTOygNBb+sxObYr/Cw/rY3Pm1slG1QGgMkC/ydD3KlH0Ew BA4EvuRGZ1278tRFVdrwouWBOwFg9p9lPzPQAoOZSbgO8R7T6Z9BMlm7IQlJXvTYK5qh4/RNI81 MZr7ZI4cDRLbrVfMLkqzVe/mJL9zXgT2e9x11i4KphG76s0sBF/3hC6QvuqjJN4Wla/5Syjvjyi I= X-Gm-Gg: ASbGncvzjFWjXv1EFDfL8IREiHvWhrtFIHKaSeyfmnqhegXB8ebKnlWG4+WXJaqTgVF QB3RjiRFzr7oojN91VCRKWIk3fSeNtuUCBhgq0lzGGGUm/k7xmcB+mnyf5prgkgeDOWUdTFtJU3 uWudcNeI/yCWOLFq4buMYrp+KKqCq6ENAhqGpdRVeVxnG7mvzoyndYtpF1Nh6nwBU+O8ksodhIu wv/cZj+4Y7uDP7iKCKZVcS8a7KMg2HwtZ1gvbiWD/mtF2HSOZdMs3rRsW5G5It+RMJXXa36DbU2 kzbgwdTwhh3O7ndIZi0ios4lW1BYoJocZ9r6W4gqygwmKeWhwn+6Sw7qnWCC2pJ2j5wS4VB0BCI A1kneLfqU6V4z04VCPgSNEEzhgL9hJQXwKjeQHWqnxddp/e+/17/EvSLgxTZdVoNMncCzz0EVso 4= X-Received: by 2002:a17:903:3843:b0:240:44a6:5027 with SMTP id d9443c01a7336-2462ee86251mr166388065ad.15.1756122737946; Mon, 25 Aug 2025 04:52:17 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGZOHnBfa/nKEGaRv/PuhU1McCgGtecSv7aj2G8enwYdVtrs96Wb/j+o1Dlu9hGwpL3t7LJBw== X-Received: by 2002:a17:903:3843:b0:240:44a6:5027 with SMTP id d9443c01a7336-2462ee86251mr166387635ad.15.1756122737478; Mon, 25 Aug 2025 04:52:17 -0700 (PDT) Received: from hu-kathirav-blr.qualcomm.com (blr-bdr-fw-01_GlobalNAT_AllZones-Outside.qualcomm.com. [103.229.18.19]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-246687b521bsm67081015ad.60.2025.08.25.04.52.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Aug 2025 04:52:17 -0700 (PDT) From: Kathiravan Thirumoorthy Date: Mon, 25 Aug 2025 17:22:03 +0530 Subject: [PATCH 2/3] phy: qcom-qmp-usb-legacy: fix NULL pointer dereference in PM callbacks Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250825-qmp-null-deref-on-pm-v1-2-bbd3ca330849@oss.qualcomm.com> References: <20250825-qmp-null-deref-on-pm-v1-0-bbd3ca330849@oss.qualcomm.com> In-Reply-To: <20250825-qmp-null-deref-on-pm-v1-0-bbd3ca330849@oss.qualcomm.com> To: Vinod Koul , Kishon Vijay Abraham I , Dmitry Baryshkov , Bjorn Andersson , Konrad Dybcio Cc: linux-arm-msm@vger.kernel.org, linux-phy@lists.infradead.org, linux-kernel@vger.kernel.org, Kathiravan Thirumoorthy , Poovendhan Selvaraj , stable@vger.kernel.org X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1756122727; l=1673; i=kathiravan.thirumoorthy@oss.qualcomm.com; s=20230906; h=from:subject:message-id; bh=6HKGGM9psY0kba5AoS6bL64REDMzFHyQyl4L0oj0wGs=; b=t9gbOuOWuPqyzh7BJf8Tkb8XTnTkURC0r0G+IhLlOAg1S8ZTgM4215mON2iWWPFN0bRGo3D0s QNu3E9YWadHBLCgGCGnNoYtvIMzJK02K+1zZ+Way7rxOPfGgKP7DGPj X-Developer-Key: i=kathiravan.thirumoorthy@oss.qualcomm.com; a=ed25519; pk=xWsR7pL6ch+vdZ9MoFGEaP61JUaRf0XaZYWztbQsIiM= X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwODIzMDAzNCBTYWx0ZWRfX2zR3UzDzVfqL 7OnoleSJQrrE87f1c0sI10hTOmELrcoqHWgoDuzspB35wQvgg5UGvM/bTlh/d3uep72YifzzQSJ 6lpH5UxEk9M6F2MmseBERnuMVy76rQAXWYnRa63mQWEi7K6caU1QTQzcDDWfD98mrtjj+cdY9Os oaHrsrP9GR1UKMkYNSpzLCEovZBwP9SUwz8gGYxjPiPJAJbWBoQs347k0e1KvWpsJELnxb21+Sm HUwMjIpsl2E/8UyeOwPIjGtMUoKsuJIFe15s0bKQZKNr2oD9o76UQ5Zb1KNad1k1AfzOq1Nq8hV 7vgm5WsYw+T9VVpgMnMGVj0q/MblPjnDSa51K5C5Qjd2DmDU2C6bTDTAogO/Z7+Gbh8dUawWRMv G6bwVnU7 X-Proofpoint-GUID: 5Fx-FBrWDjW0YnEC4lcNyptu7oJ7GzE- X-Authority-Analysis: v=2.4 cv=K+AiHzWI c=1 sm=1 tr=0 ts=68ac4e73 cx=c_pps a=MTSHoo12Qbhz2p7MsH1ifg==:117 a=Ou0eQOY4+eZoSc0qltEV5Q==:17 a=IkcTkHD0fZMA:10 a=2OwXVqhp2XgA:10 a=COk6AnOGAAAA:8 a=VwQbUJbxAAAA:8 a=EUspDBNiAAAA:8 a=Jvf624gE4dKDwD2Vql8A:9 a=QEXdDO2ut3YA:10 a=GvdueXVYPmCkWapjIL-Q:22 a=TjNXssC_j7lpFel5tvFf:22 X-Proofpoint-ORIG-GUID: 5Fx-FBrWDjW0YnEC4lcNyptu7oJ7GzE- X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.1.9,FMLib:17.12.80.40 definitions=2025-08-25_05,2025-08-20_03,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 suspectscore=0 bulkscore=0 clxscore=1015 adultscore=0 impostorscore=0 priorityscore=1501 phishscore=0 spamscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2507300000 definitions=main-2508230034 From: Poovendhan Selvaraj The pm ops are enabled before qmp phy create which causes a NULL pointer dereference when accessing qmp->phy->init_count in the qmp_usb_runtime_suspend. So if qmp->phy is NULL, bail out early in suspend / resume callbacks to avoid the NULL pointer dereference in qmp_usb_runtime_suspend and qmp_usb_runtime_resume. Cc: stable@vger.kernel.org # v6.6 Fixes: e464a3180a43 ("phy: qcom-qmp-usb: split off the legacy USB+dp_com su= pport") Signed-off-by: Poovendhan Selvaraj Signed-off-by: Kathiravan Thirumoorthy --- drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c b/drivers/phy/q= ualcomm/phy-qcom-qmp-usb-legacy.c index 8bf951b0490cfd811635df8940de1b789e21b46c..ef28e59ffd58a12d6d416a553a3= a478e9691b8c5 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c +++ b/drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c @@ -988,7 +988,7 @@ static int __maybe_unused qmp_usb_legacy_runtime_suspen= d(struct device *dev) =20 dev_vdbg(dev, "Suspending QMP phy, mode:%d\n", qmp->mode); =20 - if (!qmp->phy->init_count) { + if (!qmp->phy || !qmp->phy->init_count) { dev_vdbg(dev, "PHY not initialized, bailing out\n"); return 0; } @@ -1009,7 +1009,7 @@ static int __maybe_unused qmp_usb_legacy_runtime_resu= me(struct device *dev) =20 dev_vdbg(dev, "Resuming QMP phy, mode:%d\n", qmp->mode); =20 - if (!qmp->phy->init_count) { + if (!qmp->phy || !qmp->phy->init_count) { dev_vdbg(dev, "PHY not initialized, bailing out\n"); return 0; } --=20 2.34.1 From nobody Fri Oct 3 20:55:18 2025 Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B60872DF6EA for ; Mon, 25 Aug 2025 11:52:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.180.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756122745; cv=none; b=vAOJhX9kUmLePfZ8B2tlsJbRo4GDi/lV0dpnOHOPKssKxYGyA62jWqsbbeQEQI34r6FT1fzn8mh+EPgpn7qOfp3WQIwMqn2/SfYk7KL/AiseJ7Hx6YSo9i+Lhw9SdE4rY+2DbOudndRx5mbyF/0222pUmzasBiNAYddwDNB425o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756122745; c=relaxed/simple; bh=WrQJ8y2wkRh0Pm9UxftV2Jxk1mcEkUib4bVXH4a+nuE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=XbDSCB7NEL+wwoRObcATQCX17XuTyAHv8wTLj1+sDAUB6hBR99paYjz99EyPIsc2FyXhS5ug81RTtaKyVFC/89Ro/nXeZp5LRfHvRJFG5ufCL0ZsxNkAkB5zeDGDzkKFePyawMlvPGQhrt1cl5+gdoTPsmpGmgNdmWW6IwCEd60= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com; spf=pass smtp.mailfrom=oss.qualcomm.com; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b=hDCU99zf; arc=none smtp.client-ip=205.220.180.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oss.qualcomm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com header.b="hDCU99zf" Received: from pps.filterd (m0279868.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 57P8iLbB008776 for ; Mon, 25 Aug 2025 11:52:22 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=qcppdkim1; bh= 1RD0fxwdT+wj1xPAjqTg5MEtJTG2YBJSBCyvEzZQyeE=; b=hDCU99zfPOpo3lqc QnzIA0HfHXmMAQ9o6m0PoOm0e+5yfXdqKA68kB3DdltalXW6KJmqdWKAp+YdIXH+ OwcN6qpBJDO4LGhjBRhol2CJve6gU8Em/7q2rvJZ88WxmyGflnHavNxTPdKaw0dZ jtf2p+dBHZ8uIUYctm1cELUA22Ho9dNM9Twy05FhkMzfbXaLCuNy4/oosJX/dAIf P+fCseuEvx91k2V3xsBW3FnTLhIy4ar87C4dmfLvyZdEDjwZS56mlKxRdjdRSm8k KXmTiw9KR02c25TtJm+cDxbWeVGfpiD9HPsUDHlvSv82tEYE9gVFd/IfjRcSydYZ 09bc6g== Received: from mail-pg1-f200.google.com (mail-pg1-f200.google.com [209.85.215.200]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 48q5y5cuuh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Mon, 25 Aug 2025 11:52:22 +0000 (GMT) Received: by mail-pg1-f200.google.com with SMTP id 41be03b00d2f7-b474b68cff7so3551883a12.1 for ; Mon, 25 Aug 2025 04:52:22 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756122741; x=1756727541; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1RD0fxwdT+wj1xPAjqTg5MEtJTG2YBJSBCyvEzZQyeE=; b=gQlVrsANzQ6MuviDJugjczvDzGUuhDthCero0+2BWiHrzQXQ18w8kNaE38ZEEAfPid QNr7a/DRocTV8GjzQhZmrQsZ+YKEMG/4M3dH7sF8MPuX9FaPCcZZjnx9fuhm76LbDoyk l8YNTwRtPsvBgf+UGj2dt9Kn4lBt/KwJhrW1B2SSnC/1OuY/vBrK8xJh6oEFNZP3XBXN 4t0aTa9iA9oJmoM4e1tNurdqrb+RZ18u0XlIxqrK4yWiLDBDE84KPh5aZTPZmk4P4SwX AnsqT/bMkINsVRW99EyXYJFRRRd4qfKRbHA+PT7JXAp+n5DE1rlKg0jR1IV7P4OrqdP6 sQ9g== X-Forwarded-Encrypted: i=1; AJvYcCVHGAUxlXcBxD4ac9WxUQljv2jiX7wdv6vu/+Tm0tB3rW5feFPA78/ZKRTVm+Go4Hrw35vVK3iPTIqRYGc=@vger.kernel.org X-Gm-Message-State: AOJu0Yyq+s26bKVjFoCh4awbXSrOPQNQMKbcXsvjJHpCoDKMoGLeiWXV sSgHiaWKqjtySgWbx69Lm/z4KneImGgRo/SMv5UaTJR4to8tFXvA+KmoOMR9bUxFOi+gR1DqAnt KaCD8rgI4xn9hFGzwsJnzq8bkeSSkBZk8QKiCoT1HAXapQZtn8wDKC1zyBa19lLw3/Tg= X-Gm-Gg: ASbGncudh3pMcC5hNS/MhH5wm2Wcp/raCDEakezvLwNHAIUTw3M+PIIu1HCwSkaPMTN jop6jG3iGsShR8sdOLS82TzTxZrg4N9o6s9ystO/3ZW0jTBhDnQJuq86Sp9MkWfUL3SHbozUbLB Ao5M8QY/ORXH+cZOKHsL9wvXBCOnpGMjzYpA1H/6te1ZhPHCXXKFQR5QX4eGwFLDkdnv1QVDgB2 MhEDQE9x2v0M+ZTF1s5kKnCm0CL6Ak/tF0+9Ch8a6fBb74t38xPK8chydp2mH3+jS38QMOCc2lx Dt2BJ/kroJX/+u0RZSk43NtNlWyIsbhbMtHd3pAOQYu/9QQ++k3id8ZErrZ3SBvBIBJoxwQZDIb KOhPYII/DIbR6fK/G3qzGrZlYjE6LsPMz+/bq3KFH9r2uNy9Ns7REQ2aJhZZdbwC0yGPlzXfHVT Y= X-Received: by 2002:a17:902:d48c:b0:246:96bf:c919 with SMTP id d9443c01a7336-24696bfd54amr85187615ad.10.1756122741417; Mon, 25 Aug 2025 04:52:21 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGaLDyLIvMkQiJKdMioGfxMs/33mkrUVT35+uXH7WGxzy1geJK0Zer8Luo6lAcRhKMl1HXryA== X-Received: by 2002:a17:902:d48c:b0:246:96bf:c919 with SMTP id d9443c01a7336-24696bfd54amr85187225ad.10.1756122740912; Mon, 25 Aug 2025 04:52:20 -0700 (PDT) Received: from hu-kathirav-blr.qualcomm.com (blr-bdr-fw-01_GlobalNAT_AllZones-Outside.qualcomm.com. [103.229.18.19]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-246687b521bsm67081015ad.60.2025.08.25.04.52.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Aug 2025 04:52:20 -0700 (PDT) From: Kathiravan Thirumoorthy Date: Mon, 25 Aug 2025 17:22:04 +0530 Subject: [PATCH 3/3] phy: qcom-qmp-usbc: fix NULL pointer dereference in PM callbacks Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250825-qmp-null-deref-on-pm-v1-3-bbd3ca330849@oss.qualcomm.com> References: <20250825-qmp-null-deref-on-pm-v1-0-bbd3ca330849@oss.qualcomm.com> In-Reply-To: <20250825-qmp-null-deref-on-pm-v1-0-bbd3ca330849@oss.qualcomm.com> To: Vinod Koul , Kishon Vijay Abraham I , Dmitry Baryshkov , Bjorn Andersson , Konrad Dybcio Cc: linux-arm-msm@vger.kernel.org, linux-phy@lists.infradead.org, linux-kernel@vger.kernel.org, Kathiravan Thirumoorthy , Poovendhan Selvaraj , stable@vger.kernel.org X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1756122727; l=1613; i=kathiravan.thirumoorthy@oss.qualcomm.com; s=20230906; h=from:subject:message-id; bh=gZlFwG2FsBtPkQDUxJ9WIqEJzQC4A40Ol48lNH0eyzE=; b=D6EbEOJZPQ86Rzpamaut1ppVk09TGRn58vCjBk8qVEa2c4cjy4SEham80Ams0Yh1KNdQlocGr ggkfCvnjmIQBBnRZyJ6QA+WIQiSf623Aq6EZmfjH4CwGqa0rTbtvRrp X-Developer-Key: i=kathiravan.thirumoorthy@oss.qualcomm.com; a=ed25519; pk=xWsR7pL6ch+vdZ9MoFGEaP61JUaRf0XaZYWztbQsIiM= X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwODIzMDAzMyBTYWx0ZWRfXzL5pD7kZGUhx Al7YeNvMYj8fOyhsIIxKnloxfJal9TB38TFnBL+OkvealXR8TS67THqG8CzlwFYczqg9hING64R jSd+nK9CI/d10W+lIecz2J4Vh4nYiLfwUxG8U7EaWQ0ACrimRdDx2btVkl6n+4WTrJ6QiHWLA// 6C1L92fVhF3WPU8Bny+QfF8y4FCAvKHBT9jv67oW14ChFqetPM0dkI3pbwEbnmouo/Mor74hA5C gYBJaH57QiKuMQTiQCBm2Kt4k+BlWmID2B3FOOk52F9jjxd7TDwNi7g88a9M+7NuFnqsYkmQ0wl EkwkyTqWXR2iWD0FnlynCMBlm3tOSzzEUO1BVwdgIGJ8fYSlgnA3AP6dKzmfEQprhAX/2qcunXX b9WfPqRn X-Authority-Analysis: v=2.4 cv=Lco86ifi c=1 sm=1 tr=0 ts=68ac4e76 cx=c_pps a=oF/VQ+ItUULfLr/lQ2/icg==:117 a=Ou0eQOY4+eZoSc0qltEV5Q==:17 a=IkcTkHD0fZMA:10 a=2OwXVqhp2XgA:10 a=COk6AnOGAAAA:8 a=VwQbUJbxAAAA:8 a=EUspDBNiAAAA:8 a=lFmJHyBsCXrKv0U1x8cA:9 a=QEXdDO2ut3YA:10 a=3WC7DwWrALyhR5TkjVHa:22 a=TjNXssC_j7lpFel5tvFf:22 X-Proofpoint-GUID: DJ_75JAuFWrW625AXoH1Cb-5SvV0BNcy X-Proofpoint-ORIG-GUID: DJ_75JAuFWrW625AXoH1Cb-5SvV0BNcy X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.1.9,FMLib:17.12.80.40 definitions=2025-08-25_05,2025-08-20_03,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 adultscore=0 clxscore=1015 malwarescore=0 spamscore=0 suspectscore=0 phishscore=0 priorityscore=1501 bulkscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2507300000 definitions=main-2508230033 From: Poovendhan Selvaraj The pm ops are enabled before qmp phy create which causes a NULL pointer dereference when accessing qmp->phy->init_count in the qmp_usb_runtime_suspend. So if qmp->phy is NULL, bail out early in suspend / resume callbacks to avoid the NULL pointer dereference in qmp_usb_runtime_suspend and qmp_usb_runtime_resume. Cc: stable@vger.kernel.org # v6.9 Fixes: 19281571a4d5 ("phy: qcom: qmp-usb: split USB-C PHY driver") Signed-off-by: Poovendhan Selvaraj Signed-off-by: Kathiravan Thirumoorthy --- drivers/phy/qualcomm/phy-qcom-qmp-usbc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-usbc.c b/drivers/phy/qualcom= m/phy-qcom-qmp-usbc.c index 5e7fcb26744a4401c3076960df9c0dcbec7fdef7..640f6520f7c1cd78f9e79843a07= 78c1bee790f64 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-usbc.c +++ b/drivers/phy/qualcomm/phy-qcom-qmp-usbc.c @@ -690,7 +690,7 @@ static int __maybe_unused qmp_usbc_runtime_suspend(stru= ct device *dev) =20 dev_vdbg(dev, "Suspending QMP phy, mode:%d\n", qmp->mode); =20 - if (!qmp->phy->init_count) { + if (!qmp->phy || !qmp->phy->init_count) { dev_vdbg(dev, "PHY not initialized, bailing out\n"); return 0; } @@ -710,7 +710,7 @@ static int __maybe_unused qmp_usbc_runtime_resume(struc= t device *dev) =20 dev_vdbg(dev, "Resuming QMP phy, mode:%d\n", qmp->mode); =20 - if (!qmp->phy->init_count) { + if (!qmp->phy || !qmp->phy->init_count) { dev_vdbg(dev, "PHY not initialized, bailing out\n"); return 0; } --=20 2.34.1