Hi Greg,
On Mon, Apr 01, 2024 at 05:47:21PM +0200, Greg Kroah-Hartman wrote:
6.1-stable review patch. If anyone has any objections, please let me know.
From: Christian A. Ehrhardt lk@c--e.de
commit 808a8b9e0b87bbc72bcc1f7ddfe5d04746e7ce56 upstream.
The completion notification for the final SET_NOTIFICATION_ENABLE command during initialization can include a connector change notification. However, at the time this completion notification is processed, the ucsi struct is not ready to handle this notification. As a result the notification is ignored and the controller never sends an interrupt again.
Re-check CCI for a pending connector state change after initialization is complete. Adjust the corresponding debug message accordingly.
Fixes: 71a1fa0df2a3 ("usb: typec: ucsi: Store the notification mask") Cc: stable@vger.kernel.org Signed-off-by: Christian A. Ehrhardt lk@c--e.de Reviewed-by: Heikki Krogerus heikki.krogerus@linux.intel.com Tested-by: Neil Armstrong neil.armstrong@linaro.org # on SM8550-QRD Link: https://lore.kernel.org/r/20240320073927.1641788-3-lk@c--e.de Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
drivers/usb/typec/ucsi/ucsi.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-)
This change has an out of bounds memory access. Please drop it from the stable trees until a fix is available.
Sorry for the inconvenience!
--- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -851,7 +851,7 @@ void ucsi_connector_change(struct ucsi * struct ucsi_connector *con = &ucsi->connector[num - 1]; if (!(ucsi->ntfy & UCSI_ENABLE_NTFY_CONNECTOR_CHANGE)) {
dev_dbg(ucsi->dev, "Bogus connector change event\n");
dev_dbg(ucsi->dev, "Early connector change event\n");@@ -1210,6 +1210,7 @@ static int ucsi_init(struct ucsi *ucsi) { struct ucsi_connector *con, *connector; u64 command, ntfy;
- u32 cci; int ret; int i;
@@ -1262,6 +1263,13 @@ static int ucsi_init(struct ucsi *ucsi) ucsi->connector = connector; ucsi->ntfy = ntfy;
- ret = ucsi->ops->read(ucsi, UCSI_CCI, &cci, sizeof(cci));
- if (ret)
return ret;- if (UCSI_CCI_CONNECTOR(READ_ONCE(cci)))
ucsi_connector_change(ucsi, cci);- return 0;
err_unregister:
Best regards Christian