From 5307731445bcb56552ea7bf38db3a9cc2ea6e22f Mon Sep 17 00:00:00 2001 From: Johan Hovold Date: Tue, 25 Feb 2025 22:59:22 +0900 Subject: [PATCH] phy: qcom: qmp-usb-legacy: fix NULL-deref on runtime suspend BugLink: https://bugs.launchpad.net/bugs/2099996 commit 29240130ab77c80bea1464317ae2a5fd29c16a0c upstream. Commit 413db06c05e7 ("phy: qcom-qmp-usb: clean up probe initialisation") removed most users of the platform device driver data from the qcom-qmp-usb driver, but mistakenly also removed the initialisation despite the data still being used in the runtime PM callbacks. This bug was later reproduced when the driver was copied to create the qmp-usb-legacy driver. Restore the driver data initialisation at probe to avoid a NULL-pointer dereference on runtime suspend. Apparently no one uses runtime PM, which currently needs to be enabled manually through sysfs, with these drivers. Fixes: e464a3180a43 ("phy: qcom-qmp-usb: split off the legacy USB+dp_com support") Cc: stable@vger.kernel.org # 6.6 Signed-off-by: Johan Hovold Reviewed-by: Dmitry Baryshkov Link: https://lore.kernel.org/r/20240911115253.10920-3-johan+linaro@kernel.org Signed-off-by: Vinod Koul Signed-off-by: Greg Kroah-Hartman CVE-2024-50239 Signed-off-by: Koichiro Den Signed-off-by: Stefan Bader --- drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c b/drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c index cf466f6df94d..65d2923f83b3 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c +++ b/drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c @@ -1302,6 +1302,7 @@ static int qmp_usb_legacy_probe(struct platform_device *pdev) return -ENOMEM; qmp->dev = dev; + dev_set_drvdata(dev, qmp); qmp->cfg = of_device_get_match_data(dev); if (!qmp->cfg)