The DisplayPort driver's sysfs nodes may be present to the userspace before
typec_altmode_set_drvdata() completes in dp_altmode_probe. This means that
a sysfs read can trigger a NULL pointer error by deferencing dp->hpd in
hpd_show or dp->lock in pin_assignment_show, as dev_get_drvdata() returns
NULL in those cases.
Verify dp drvdata is present in sysfs reads and writes before proceeding.
Fixes: 0e3bb7d6894d ("usb: typec: Add driver for DisplayPort alternate mode")
Cc: [email protected]
Signed-off-by: RD Babiera <[email protected]>
---
drivers/usb/typec/altmodes/displayport.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/drivers/usb/typec/altmodes/displayport.c b/drivers/usb/typec/altmodes/displayport.c
index 5a80776c7255..0423326219d8 100644
--- a/drivers/usb/typec/altmodes/displayport.c
+++ b/drivers/usb/typec/altmodes/displayport.c
@@ -518,6 +518,9 @@ configuration_store(struct device *dev, struct device_attribute *attr,
int con;
int ret = 0;
+ if (!dp)
+ return -ENODEV;
+
con = sysfs_match_string(configurations, buf);
if (con < 0)
return con;
@@ -563,6 +566,9 @@ static ssize_t configuration_show(struct device *dev,
u8 cur;
int i;
+ if (!dp)
+ return -ENODEV;
+
mutex_lock(&dp->lock);
cap = DP_CAP_CAPABILITY(dp->alt->vdo);
@@ -615,6 +621,9 @@ pin_assignment_store(struct device *dev, struct device_attribute *attr,
u32 conf;
int ret;
+ if (!dp)
+ return -ENODEV;
+
ret = sysfs_match_string(pin_assignments, buf);
if (ret < 0)
return ret;
@@ -666,6 +675,9 @@ static ssize_t pin_assignment_show(struct device *dev,
u8 cur;
int i;
+ if (!dp)
+ return -ENODEV;
+
mutex_lock(&dp->lock);
cur = get_count_order(DP_CONF_GET_PIN_ASSIGN(dp->data.conf));
@@ -698,6 +710,9 @@ static ssize_t hpd_show(struct device *dev, struct device_attribute *attr, char
{
struct dp_altmode *dp = dev_get_drvdata(dev);
+ if (!dp)
+ return -ENODEV;
+
return sysfs_emit(buf, "%d\n", dp->hpd);
}
static DEVICE_ATTR_RO(hpd);
base-commit: f1a27f081c1fa1eeebf38406e45f29636114470f
--
2.43.0.429.g432eaa2c6b-goog
On Tue, Jan 30, 2024 at 07:26:39PM +0000, RD Babiera wrote:
> The DisplayPort driver's sysfs nodes may be present to the userspace before
> typec_altmode_set_drvdata() completes in dp_altmode_probe. This means that
> a sysfs read can trigger a NULL pointer error by deferencing dp->hpd in
> hpd_show or dp->lock in pin_assignment_show, as dev_get_drvdata() returns
> NULL in those cases.
>
> Verify dp drvdata is present in sysfs reads and writes before proceeding.
Why not populate the sysfs nodes after the assigment happens? That's
the normal way to do this, otherwise your change looks odd because:
>
> Fixes: 0e3bb7d6894d ("usb: typec: Add driver for DisplayPort alternate mode")
> Cc: [email protected]
> Signed-off-by: RD Babiera <[email protected]>
> ---
> drivers/usb/typec/altmodes/displayport.c | 15 +++++++++++++++
> 1 file changed, 15 insertions(+)
>
> diff --git a/drivers/usb/typec/altmodes/displayport.c b/drivers/usb/typec/altmodes/displayport.c
> index 5a80776c7255..0423326219d8 100644
> --- a/drivers/usb/typec/altmodes/displayport.c
> +++ b/drivers/usb/typec/altmodes/displayport.c
> @@ -518,6 +518,9 @@ configuration_store(struct device *dev, struct device_attribute *attr,
> int con;
> int ret = 0;
>
> + if (!dp)
> + return -ENODEV;
> +
> con = sysfs_match_string(configurations, buf);
there's nothing keeping dp from being an invalid pointer right after you
check it. Really that might not happen, but it's hard to tell that
here.
thanks,
greg k-h
Sorry for the delay,
On Tue, Jan 30, 2024 at 3:08 PM Greg KH <[email protected]> wrote:
> Why not populate the sysfs nodes after the assigment happens? That's
> the normal way to do this, otherwise your change looks odd because:
That works a lot better. I must've psyched myself out of touching the
current probe sequence and ended up overcomplicating it, sorry about that.
Thanks for the guidance,
RD