Re: [PATCH 1/2] usb: typec: qcom-pmic: fix use-after-free on late probe errors
From: Heikki Krogerus
Date: Mon Apr 22 2024 - 07:14:09 EST
On Thu, Apr 18, 2024 at 04:57:29PM +0200, Johan Hovold wrote:
> Make sure to stop and deregister the port in case of late probe errors
> to avoid use-after-free issues when the underlying memory is released by
> devres.
>
> Fixes: a4422ff22142 ("usb: typec: qcom: Add Qualcomm PMIC Type-C driver")
> Cc: stable@xxxxxxxxxxxxxxx # 6.5
> Cc: Bryan O'Donoghue <bryan.odonoghue@xxxxxxxxxx>
> Signed-off-by: Johan Hovold <johan+linaro@xxxxxxxxxx>
Reviewed-by: Heikki Krogerus <heikki.krogerus@xxxxxxxxxxxxxxx>
> ---
> drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c b/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c
> index e48412cdcb0f..d3958c061a97 100644
> --- a/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c
> +++ b/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c
> @@ -104,14 +104,18 @@ static int qcom_pmic_typec_probe(struct platform_device *pdev)
>
> ret = tcpm->port_start(tcpm, tcpm->tcpm_port);
> if (ret)
> - goto fwnode_remove;
> + goto port_unregister;
>
> ret = tcpm->pdphy_start(tcpm, tcpm->tcpm_port);
> if (ret)
> - goto fwnode_remove;
> + goto port_stop;
>
> return 0;
>
> +port_stop:
> + tcpm->port_stop(tcpm);
> +port_unregister:
> + tcpm_unregister_port(tcpm->tcpm_port);
> fwnode_remove:
> fwnode_remove_software_node(tcpm->tcpc.fwnode);
>
> --
> 2.43.2
--
heikki