From 17cf9de8ffaccfd1e19b3b3bc88acbba9c4373c6 Mon Sep 17 00:00:00 2001 From: Johan Hovold Date: Tue, 25 Feb 2025 22:59:22 +0900 Subject: [PATCH] phy: qcom: qmp-usbc: fix NULL-deref on runtime suspend BugLink: https://bugs.launchpad.net/bugs/2099996 commit 34c21f94fa1e147a19b54b6adf0c93a623b70dd8 upstream. Commit 413db06c05e7 ("phy: qcom-qmp-usb: clean up probe initialisation") removed most users of the platform device driver data from the qcom-qmp-usb driver, but mistakenly also removed the initialisation despite the data still being used in the runtime PM callbacks. This bug was later reproduced when the driver was copied to create the qmp-usbc driver. Restore the driver data initialisation at probe to avoid a NULL-pointer dereference on runtime suspend. Apparently no one uses runtime PM, which currently needs to be enabled manually through sysfs, with these drivers. Fixes: 19281571a4d5 ("phy: qcom: qmp-usb: split USB-C PHY driver") Cc: stable@vger.kernel.org # 6.9 Signed-off-by: Johan Hovold Reviewed-by: Dmitry Baryshkov Link: https://lore.kernel.org/r/20240911115253.10920-4-johan+linaro@kernel.org Signed-off-by: Vinod Koul Signed-off-by: Greg Kroah-Hartman CVE-2024-50238 Signed-off-by: Koichiro Den Signed-off-by: Stefan Bader --- drivers/phy/qualcomm/phy-qcom-qmp-usbc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-usbc.c b/drivers/phy/qualcomm/phy-qcom-qmp-usbc.c index 3a4b4849db0f..d67e2cd70186 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-usbc.c +++ b/drivers/phy/qualcomm/phy-qcom-qmp-usbc.c @@ -1098,6 +1098,7 @@ static int qmp_usbc_probe(struct platform_device *pdev) return -ENOMEM; qmp->dev = dev; + dev_set_drvdata(dev, qmp); qmp->orientation = TYPEC_ORIENTATION_NORMAL;