On Mon, 19 Aug 2024 at 04:47, Bjorn Andersson quic_bjorande@quicinc.com wrote:
Amit and Johan both reported a NULL pointer dereference in the pmic_glink client code during initialization, and Stephen Boyd pointed out the problem (race condition).
While investigating, and writing the fix, I noticed that ucsi_unregister() is called in atomic context but tries to sleep, and I also noticed that the condition for when to inform the pmic_glink client drivers when the remote has gone down is just wrong.
So, let's fix all three.
As mentioned in the commit message for the UCSI fix, I have a series in the works that makes the GLINK callback happen in a sleepable context, which would remove the need for the clients list to be protected by a spinlock, and removing the work scheduling. This is however not -rc material...
In addition to the NULL pointer dereference, there is the -ECANCELED issue reported here: https://lore.kernel.org/all/Zqet8iInnDhnxkT9@hovoldconsulting.com/ I have not yet been able to either reproduce this or convince myself that this is the same issue.
Thank you for the fixes Bjorn. I'm not able to reproduce that pmic_glink kernel panic on SM8550-HDK anymore.
Tested-by: Amit Pundir amit.pundir@linaro.org
Signed-off-by: Bjorn Andersson quic_bjorande@quicinc.com
Bjorn Andersson (3): soc: qcom: pmic_glink: Fix race during initialization usb: typec: ucsi: Move unregister out of atomic section soc: qcom: pmic_glink: Actually communicate with remote goes down
drivers/power/supply/qcom_battmgr.c | 16 ++++++++----- drivers/soc/qcom/pmic_glink.c | 40 +++++++++++++++++++++---------- drivers/soc/qcom/pmic_glink_altmode.c | 17 +++++++++----- drivers/usb/typec/ucsi/ucsi_glink.c | 44 ++++++++++++++++++++++++++--------- include/linux/soc/qcom/pmic_glink.h | 11 +++++---- 5 files changed, 88 insertions(+), 40 deletions(-)
base-commit: 296c871d2904cff2b4742702ef94512ab467a8e3 change-id: 20240818-pmic-glink-v6-11-races-363f5964c339
Best regards,
Bjorn Andersson quic_bjorande@quicinc.com