Received: by 2002:a05:7412:f690:b0:e2:908c:2ebd with SMTP id ej16csp724416rdb; Thu, 19 Oct 2023 18:25:28 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEq0Ftm2Ozy1sFy5edPYDOe53RLoiN7bdpi3nyl3KawNQrXvXCPkw3bo9ihB1bKFuPq3vpT X-Received: by 2002:a05:6a21:778d:b0:17b:3438:cf92 with SMTP id bd13-20020a056a21778d00b0017b3438cf92mr513999pzc.5.1697765128195; Thu, 19 Oct 2023 18:25:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697765128; cv=none; d=google.com; s=arc-20160816; b=0HmfO9X6v/VYPkJwGOe14GFGaJ6XFB/p2kdv0klvqpYTFfzo7QtqwHTxIb6SyL3ATS XiVUTNTDQpEb8JFixBRVKpFCX7dhrwtDX1sbrYpbJmM/eRuaSeiNRZa+k9e5rzwuA4+r /YS8n8RqgukG02X5SahEcyRQ9pdy+HsG9sbwlEqji1v3yx9yp7+kNEckHaienuNz/jYp /WhqfJjttRsuygEHyLuL3YEQkaQpvF1p3oBV9BA7KvfP7s1aC1ApXIcQyUDCMomfSNxE zbSBGLMkvxa9xpkWiiiZznWMEzHTFf1El9hjpIl4IhF3oQfvk9mhpxauDEKg2adkrksx gvZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=n4DExfMJZyf4aub9XNoOU1WM28O8RsrlbIYK7IDLbi4=; fh=yMV03/gPrGZhx1Ml+8XD+/YfHhmFZ7qpl47QAB8gDcw=; b=VyDTM6JO1Zl0IOE+MyUamZiuysZVzDebPPaDnRzFt5ATFuUQGxa9GKhpbWEW0zNAKD G+cDrKzj5NB/pIVYa8OZ4T3rYB9/LqQsDQky+EfbGwGh1qA7H0Mmhk9zUbS0+Nz3yr0b MJjO61wiusngCzcReVOvrCh13U4iMylaWSSAZ4OlV2fVj++HqFMjb+OJ81DGRwI7rLhe gN8p8NJ2yKi1LdCby4X4RIi2Acp6Nv+6mlS7Gacpr5OW7LvGFAs6Wzi3/VIdcyphR2pr Agc1svDz1GSketW/8oFTh9YE2PV+jr5X8vYsBE84BrD09PCAsxpsJ0+NpAne12RBlA3U A6dQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=C3ObjXIz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id x8-20020a170902ec8800b001c9d37ed06csi719650plg.389.2023.10.19.18.25.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Oct 2023 18:25:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=C3ObjXIz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id EC64382CC45A; Thu, 19 Oct 2023 18:25:25 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346768AbjJTBZJ (ORCPT + 99 others); Thu, 19 Oct 2023 21:25:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48026 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233387AbjJTBZI (ORCPT ); Thu, 19 Oct 2023 21:25:08 -0400 Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5A453116 for ; Thu, 19 Oct 2023 18:25:06 -0700 (PDT) Received: by mail-wm1-x329.google.com with SMTP id 5b1f17b1804b1-4078fe6a063so16605e9.1 for ; Thu, 19 Oct 2023 18:25:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1697765105; x=1698369905; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=n4DExfMJZyf4aub9XNoOU1WM28O8RsrlbIYK7IDLbi4=; b=C3ObjXIzBZuc4epknE1jFRfQT1tRGHfDRWsGFBTNdq4Z2yKOIsmQTobeXLGaP2RJbk F+gFpRWM62b5AXMvllnDqXVhwdbzmjObcRu7K7xrrU6Vew3nUZR43/iUFBGqwzGa+FSm xvoG9SIRxDckjJY2hpLGG64qEC1osrdiEAn7AWjfCgfkVAfmVINd1Su038z2qQLFJRDb p+AYQBXIlpniztPmfATub7Er91B80rU8+JmT4swiMNQQTaX6NdHzGEwUE9loak7YUM0y kVYjwvNR4tuQCKM17iYA78t0ix2n/h5f/BIkNL33tbW6vHhw8LCV/+fsH+tmrIMHxw1t vHuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697765105; x=1698369905; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=n4DExfMJZyf4aub9XNoOU1WM28O8RsrlbIYK7IDLbi4=; b=irDytw3+fLp1dpKTMefzISCQeSqdlBGq1nbm6uEAEoOXbAieHXFVd4QznT1hSFvVnq H54Txz3pBuIUjy9cDwePlpzRWjvZNPhLuidDxGd0hUzoxtKDpPJXxendzs0DmOKvipZO jcgatyISZqF3Ceq/UAa9Y7ERTK4cmNPcD9kbBZbA21UJgd0v1G+Lw1txEKIyb+oRf8F3 +lDwpASmYNZezakgY2gOSbzBxuvRR2VrOIh4UTH5oizwx2OHbFTyIvzafYK8uQ2L+Xn+ hxL+yhUtMYNJPIe3O2yQhGAmYpDhsZPpViAx0MNaTfeU3K0XxG16CTfQRFdquPLqDiPM n2XQ== X-Gm-Message-State: AOJu0YzYXDwuu6OY45cFQGArodkSyH5K6LfiFSMo7u5zgSzMYZGMnRj6 GEHLuMaugVH3elDUs3uTdSg7xEYoC6zDeUnIZnAFsw== X-Received: by 2002:a05:600c:4e49:b0:404:7462:1f87 with SMTP id e9-20020a05600c4e4900b0040474621f87mr46010wmq.6.1697765104601; Thu, 19 Oct 2023 18:25:04 -0700 (PDT) MIME-Version: 1.0 References: <20231019060616.1988631-1-hhhuuu@google.com> In-Reply-To: From: Jimmy Hu Date: Fri, 20 Oct 2023 09:24:53 +0800 Message-ID: Subject: Re: [PATCH] usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() To: Heikki Krogerus Cc: linux@roeck-us.net, gregkh@linuxfoundation.org, kyletso@google.com, badhri@google.com, linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-8.4 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Thu, 19 Oct 2023 18:25:26 -0700 (PDT) On Thu, Oct 19, 2023 at 4:24=E2=80=AFPM Heikki Krogerus wrote: > > On Thu, Oct 19, 2023 at 06:06:16AM +0000, Jimmy Hu wrote: > > It is possible that typec_register_partner() returns ERR_PTR on failure= . > > When port->partner is an error, a NULL pointer dereference may occur as > > shown below. > > > > [91222.095236][ T319] typec port0: failed to register partner (-17) > > ... > > [91225.061491][ T319] Unable to handle kernel NULL pointer dereference > > at virtual address 000000000000039f > > [91225.274642][ T319] pc : tcpm_pd_data_request+0x310/0x13fc > > [91225.274646][ T319] lr : tcpm_pd_data_request+0x298/0x13fc > > [91225.308067][ T319] Call trace: > > [91225.308070][ T319] tcpm_pd_data_request+0x310/0x13fc > > [91225.308073][ T319] tcpm_pd_rx_handler+0x100/0x9e8 > > [91225.355900][ T319] kthread_worker_fn+0x178/0x58c > > [91225.355902][ T319] kthread+0x150/0x200 > > [91225.355905][ T319] ret_from_fork+0x10/0x30 > > > > Add a check for port->partner to avoid dereferencing a NULL pointer. > > > > Fixes: 5e1d4c49fbc8 ("usb: typec: tcpm: Determine common SVDM Version") > > Signed-off-by: Jimmy Hu > > No CC stable...? Added in patch v2. > > > --- > > drivers/usb/typec/tcpm/tcpm.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcp= m.c > > index 6e843c511b85..792ec4ac7d8d 100644 > > --- a/drivers/usb/typec/tcpm/tcpm.c > > +++ b/drivers/usb/typec/tcpm/tcpm.c > > @@ -1625,6 +1625,9 @@ static int tcpm_pd_svdm(struct tcpm_port *port, s= truct typec_altmode *adev, > > if (PD_VDO_VID(p[0]) !=3D USB_SID_PD) > > break; > > > > + if (IS_ERR_OR_NULL(port->partner)) > > + break; > > + > > if (PD_VDO_SVDM_VER(p[0]) < svdm_version) { > > typec_partner_set_svdm_version(port->part= ner, > > PD_VDO_SVD= M_VER(p[0])); > > -- > heikki