[PATCH 3/5] usb: dwc3: qcom: Fix null ptr access during runtime_suspend()
From: Manivannan Sadhasivam
Date: Sat Mar 25 2023 - 12:52:56 EST
When runtime PM is enabled during probe, the PM core suspends this driver
before probing the dwc3 driver. Due to this, the dwc3_qcom_is_host()
function dereferences the driver data of the dwc platform device which
will only be set if the dwc driver has been probed. This causes null
pointer dereference during boot time.
So let's add a check for dwc drvdata in the callers of dwc3_qcom_is_host()
such as dwc3_qcom_suspend() and dwc3_qcom_resume() functions. There is no
need to add the same check in another caller dwc3_qcom_resume_irq() as the
wakeup IRQs will only be enabled at the end of dwc3_qcom_suspend().
Note that the check should not be added to dwc3_qcom_is_host() function
itself, as there is no provision to pass the context to callers.
Fixes: a872ab303d5d ("usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup")
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@xxxxxxxxxx>
---
drivers/usb/dwc3/dwc3-qcom.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/dwc3/dwc3-qcom.c b/drivers/usb/dwc3/dwc3-qcom.c
index 959fc925ca7c..bbf67f705d0d 100644
--- a/drivers/usb/dwc3/dwc3-qcom.c
+++ b/drivers/usb/dwc3/dwc3-qcom.c
@@ -411,10 +411,11 @@ static void dwc3_qcom_enable_interrupts(struct dwc3_qcom *qcom)
static int dwc3_qcom_suspend(struct dwc3_qcom *qcom, bool wakeup)
{
+ struct dwc3 *dwc = platform_get_drvdata(qcom->dwc3);
u32 val;
int i, ret;
- if (qcom->is_suspended)
+ if (qcom->is_suspended || !dwc)
return 0;
val = readl(qcom->qscratch_base + PWR_EVNT_IRQ_STAT_REG);
@@ -444,10 +445,11 @@ static int dwc3_qcom_suspend(struct dwc3_qcom *qcom, bool wakeup)
static int dwc3_qcom_resume(struct dwc3_qcom *qcom, bool wakeup)
{
+ struct dwc3 *dwc = platform_get_drvdata(qcom->dwc3);
int ret;
int i;
- if (!qcom->is_suspended)
+ if (!qcom->is_suspended || !dwc)
return 0;
if (dwc3_qcom_is_host(qcom) && wakeup)
--
2.25.1