Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp4626473ybi; Tue, 30 Jul 2019 05:25:56 -0700 (PDT) X-Google-Smtp-Source: APXvYqx70seq8metxGhbMZcJfxUCQ0vCDftbRzFLQfnaqfKWyeXPdc9YN6MT6ZjxYknkTYbrf8uz X-Received: by 2002:a17:90a:9a83:: with SMTP id e3mr114652344pjp.105.1564489556012; Tue, 30 Jul 2019 05:25:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564489556; cv=none; d=google.com; s=arc-20160816; b=YzLxkzU/TuKmZHqm8EoF3SJx93C9yh1wQoZzeLhw6jvmcb8RZHuVTCgDNt12w3Te6H E09DLV+E9Ls5resI6oGBptu0RylgOuo502oYYs2IVR58cQcZr0VCDrn18uAs904vnJmD 8hxOycHp6u4gqbgs1kLOqdEd1X8zYHDNdb6RHOrvpEcFaKeBgLs5p8VWNMvdyNG1fPWg OE9VijjQ3MxfE73cbignYASscWOIygZSo6nL4ukmE20u4x+vOj6+2wTmDCtTZu+kBpLm Rjpy6Dz5QUFsyu+QGLclbZPGU/miIHzh42BEXM0LJmMBG/jgwsgjAX2hvonMy4hFyc1l zYDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:reply-to; bh=FMmBSI0AwRG5E1vS2EXctB1Ka1TCTs792CQGrzlvtSA=; b=Om0SDnT8O+mVYkttySwkL4n76jInJRHzEkR+2JRMdseigjPV6zR9onvHtqLVsz8bqS 7mcn0ARL70cAAihOvXM8LvY+9IzKIHVr2z0063XJiHAFjYj11Po6oJOfXoZ2awf6Y29n O/ABv0N20oJHTTfcjGAOQY2SHHby5ct4/24nNf2cUThv7ZuqqRY5qUdtiJ1102vpG6ow tnyJYe3JdEjnuBpVYwwA9S6Q0qjmTd8WobzaayXm2ldM8+ZC/FxxImyDQAB3t1SFhRrS QLPevywRN+Kp54Q24AnndVq4gmRt5s0gCgB21LaBlQ8aOIWB1H+YTIwx5BMj4Zov6b54 5yTg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p8si25853752plq.53.2019.07.30.05.25.40; Tue, 30 Jul 2019 05:25:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730047AbfG3MRH (ORCPT + 99 others); Tue, 30 Jul 2019 08:17:07 -0400 Received: from smtp.infotech.no ([82.134.31.41]:39395 "EHLO smtp.infotech.no" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729205AbfG3MRG (ORCPT ); Tue, 30 Jul 2019 08:17:06 -0400 Received: from localhost (localhost [127.0.0.1]) by smtp.infotech.no (Postfix) with ESMTP id 0F0CD204165; Tue, 30 Jul 2019 14:17:04 +0200 (CEST) X-Virus-Scanned: by amavisd-new-2.6.6 (20110518) (Debian) at infotech.no Received: from smtp.infotech.no ([127.0.0.1]) by localhost (smtp.infotech.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J3twQyiY8KbP; Tue, 30 Jul 2019 14:17:03 +0200 (CEST) Received: from [82.134.31.183] (unknown [82.134.31.183]) by smtp.infotech.no (Postfix) with ESMTPA id DA3CF20414E; Tue, 30 Jul 2019 14:17:03 +0200 (CEST) Reply-To: dgilbert@interlog.com Subject: Re: [RFC PATCH] usb: typec: tcpm: Ignore unsupported/unknown alternate mode requests To: Heikki Krogerus , Guenter Roeck Cc: Greg Kroah-Hartman , linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org References: <1564029037-22929-1-git-send-email-linux@roeck-us.net> <20190729140457.GC28600@kuha.fi.intel.com> <20190729173104.GA32556@roeck-us.net> <20190730120747.GL28600@kuha.fi.intel.com> From: Douglas Gilbert Message-ID: Date: Tue, 30 Jul 2019 14:17:03 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <20190730120747.GL28600@kuha.fi.intel.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-CA Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019-07-30 2:07 p.m., Heikki Krogerus wrote: > On Mon, Jul 29, 2019 at 10:31:04AM -0700, Guenter Roeck wrote: >> On Mon, Jul 29, 2019 at 05:04:57PM +0300, Heikki Krogerus wrote: >>> Hi, >>> >>> On Wed, Jul 24, 2019 at 09:30:37PM -0700, Guenter Roeck wrote: >>>> TCPM may receive PD messages associated with unknown or unsupported >>>> alternate modes. If that happens, calls to typec_match_altmode() >>>> will return NULL. The tcpm code does not currently take this into >>>> account. This results in crashes. >>>> >>>> Unable to handle kernel NULL pointer dereference at virtual address 000001f0 >>>> pgd = 41dad9a1 >>>> [000001f0] *pgd=00000000 >>>> Internal error: Oops: 5 [#1] THUMB2 >>>> Modules linked in: tcpci tcpm >>>> CPU: 0 PID: 2338 Comm: kworker/u2:0 Not tainted 5.1.18-sama5-armv7-r2 #6 >>>> Hardware name: Atmel SAMA5 >>>> Workqueue: 2-0050 tcpm_pd_rx_handler [tcpm] >>>> PC is at typec_altmode_attention+0x0/0x14 >>>> LR is at tcpm_pd_rx_handler+0xa3b/0xda0 [tcpm] >>>> ... >>>> [] (typec_altmode_attention) from [] >>>> (tcpm_pd_rx_handler+0xa3b/0xda0 [tcpm]) >>>> [] (tcpm_pd_rx_handler [tcpm]) from [] >>>> (process_one_work+0x123/0x2a8) >>>> [] (process_one_work) from [] >>>> (worker_thread+0xbd/0x3b0) >>>> [] (worker_thread) from [] (kthread+0xcf/0xf4) >>>> [] (kthread) from [] (ret_from_fork+0x11/0x38) >>>> >>>> Ignore PD messages if the asociated alternate mode is not supported. >>>> >>>> Reported-by: Douglas Gilbert >>>> Cc: Douglas Gilbert >>>> Fixes: e9576fe8e605c ("usb: typec: tcpm: Support for Alternate Modes") >>>> Signed-off-by: Guenter Roeck >>>> --- >>>> Taking a stab at the problem. I don't really know if this is the correct >>>> fix, or even if my understanding of the problem is correct, thus marking >>>> the patch as RFC. >>> >>> My guess is that typec_match_altmode() is the real culprit. We can't >>> rely on the partner mode index number when identifying the port alt >>> mode. >>> >>> Douglas, can you test the attached hack instead of this patch? >>> >>> >>> thanks, >>> >>> -- >>> heikki >> >>> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c >>> index ec525811a9eb..033dc097ba83 100644 >>> --- a/drivers/usb/typec/tcpm/tcpm.c >>> +++ b/drivers/usb/typec/tcpm/tcpm.c >>> @@ -1067,12 +1067,11 @@ static int tcpm_pd_svdm(struct tcpm_port *port, const __le32 *payload, int cnt, >>> >>> modep = &port->mode_data; >>> >>> - adev = typec_match_altmode(port->port_altmode, ALTMODE_DISCOVERY_MAX, >>> - PD_VDO_VID(p[0]), PD_VDO_OPOS(p[0])); >>> - >>> pdev = typec_match_altmode(port->partner_altmode, ALTMODE_DISCOVERY_MAX, >>> PD_VDO_VID(p[0]), PD_VDO_OPOS(p[0])); >>> >>> + adev = (void *)typec_altmode_get_partner(pdev); >>> + >> >> I understand that typec_altmode_get_partner() returns a const *; >> maybe adev should be declared as const struct typec_altmode * >> instead of using a typecast. > > Yes... > >> Also, typec_altmode_get_partner() can return NULL as well if pdev is NULL. >> Is it guaranteed that typec_match_altmode() never returns NULL for pdev ? > > ...and probable no. But I don't think we can receive Attention to a > mode that hasn't been entered. > > I'm not proposing that as a patch. It's just a hunch. That's why I'm > calling it a "hack". Before we prepare anything finalized, I would > like to here from Douglas if he's able to test that or not? Hi, I'm an ocean away from my test rig at the moment, won't be back home till after August 10. Maybe I can set up something here as I have one OM13588. Will try later today. Also, switching from an sama5d2_xplained to an Acme Systems Arietta which is at91sam9g25 based to run Linux. So it won't be exactly the same hardware. Doug Gilbert