From: "Christian A. Ehrhardt" <lk@c--e.de>
To: Jameson Thies <jthies@google.com>
Cc: heikki.krogerus@linux.intel.com, linux-usb@vger.kernel.org,
pmalani@chromium.org, bleung@google.com,
abhishekpandit@chromium.org, andersson@kernel.org,
dmitry.baryshkov@linaro.org, fabrice.gasnier@foss.st.com,
gregkh@linuxfoundation.org, hdegoede@redhat.com,
neil.armstrong@linaro.org, rajaram.regupathy@intel.com,
saranya.gopal@intel.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v1 1/4] usb: typec: ucsi: Fix null deref in trace
Date: Sun, 21 Apr 2024 11:30:17 +0200 [thread overview]
Message-ID: <ZiTcqZYS53ITwNLy@cae.in-ulm.de> (raw)
In-Reply-To: <20240419211650.2657096-2-jthies@google.com>
Hi Jameson,
On Fri, Apr 19, 2024 at 09:16:47PM +0000, Jameson Thies wrote:
> From: Abhishek Pandit-Subedi <abhishekpandit@chromium.org>
>
> ucsi_register_altmode checks IS_ERR on returned pointer and treats
> NULL as valid. This results in a null deref when
> trace_ucsi_register_altmode is called.
>
> Signed-off-by: Abhishek Pandit-Subedi <abhishekpandit@chromium.org>
> ---
> drivers/usb/typec/ucsi/ucsi.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h
> index c4d103db9d0f8..c663dce0659ee 100644
> --- a/drivers/usb/typec/ucsi/ucsi.h
> +++ b/drivers/usb/typec/ucsi/ucsi.h
> @@ -496,7 +496,7 @@ ucsi_register_displayport(struct ucsi_connector *con,
> bool override, int offset,
> struct typec_altmode_desc *desc)
> {
> - return NULL;
> + return ERR_PTR(-EOPNOTSUPP);
> }
Hm. This does not look correct to me. Ignoring trace the old code
would have returned success if displayport is not compiled in and
all altmodes (except for display port) would be registered.
With your code ucsi_register_altmodes will always fail and abort
altmode registration if it finds a displayport altmode and
CONFIG_TYPEC_DP_ALTMODE is not set. I don't think this is what we want.
Maybe it is better to guard the trace call with an if?
Am I missing something?
Best regards,
Christian
next prev parent reply other threads:[~2024-04-21 9:37 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-19 21:16 [PATCH v1 0/4] usb: typec: ucsi: Update UCSI alternate mode Jameson Thies
2024-04-19 21:16 ` [PATCH v1 1/4] usb: typec: ucsi: Fix null deref in trace Jameson Thies
2024-04-20 13:15 ` [PATCH " Markus Elfring
2024-04-20 13:20 ` Greg Kroah-Hartman
2024-04-21 9:30 ` Christian A. Ehrhardt [this message]
2024-04-24 0:29 ` [PATCH v1 " Jameson Thies
2024-04-19 21:16 ` [PATCH v1 2/4] usb: typec: Update sysfs when setting ops Jameson Thies
2024-04-22 11:38 ` Heikki Krogerus
2024-04-23 15:35 ` Benson Leung
2024-04-19 21:16 ` [PATCH v1 3/4] usb: typec: ucsi: Delay alternate mode discovery Jameson Thies
2024-04-22 12:39 ` Heikki Krogerus
2024-04-23 15:36 ` Benson Leung
2024-04-19 21:16 ` [PATCH v1 4/4] usb: typec: ucsi: Always set number of alternate modes Jameson Thies
2024-04-22 12:41 ` Heikki Krogerus
2024-04-23 15:37 ` Benson Leung
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZiTcqZYS53ITwNLy@cae.in-ulm.de \
--to=lk@c--e.de \
--cc=abhishekpandit@chromium.org \
--cc=andersson@kernel.org \
--cc=bleung@google.com \
--cc=dmitry.baryshkov@linaro.org \
--cc=fabrice.gasnier@foss.st.com \
--cc=gregkh@linuxfoundation.org \
--cc=hdegoede@redhat.com \
--cc=heikki.krogerus@linux.intel.com \
--cc=jthies@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=neil.armstrong@linaro.org \
--cc=pmalani@chromium.org \
--cc=rajaram.regupathy@intel.com \
--cc=saranya.gopal@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.