On Fri, Nov 15, 2024 at 02:45:45PM +0530, Krishna Kurapati wrote:
Commit [1] introduced DP support to QMP driver. While doing so, the dp and usb configuration structures were added to a combo_phy_cfg structure. During probe, the match data is used to parse and identify the dp and usb configs separately. While doing so, the usb_cfg variable represents the configuration parameters for USB part of the phy (whether it is DP-Cobo or Uni). during probe, one corner case of parsing usb_cfg for Uni PHYs is left incomplete and it is left as NULL. This NULL variable further percolates down to qmp_phy_create() call essentially getting de-referenced and causing a crash.
The UNI PHY platforms don't have usb3-phy subnode. As such the usb_cfg variable should not be used in the for_each_available_child_of_node() loop.
Please provide details for the platform on which you observe the crash and the backtrace.
Subsequently, commit [2] split the driver into multiple files, each handling a specific PHY type (USB, DP-Combo, UFS, PCIe). During this refactoring, the probing process was modified, and the NULL pointer dereference issue no longer showed up.
Fixes: 52e013d0bffa ("phy: qcom-qmp: Add support for DP in USB3+DP combo phy") Cc: stable@vger.kernel.org # 5.15.y Signed-off-by: Krishna Kurapati quic_kriskura@quicinc.com
drivers/phy/qualcomm/phy-qcom-qmp.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/drivers/phy/qualcomm/phy-qcom-qmp.c b/drivers/phy/qualcomm/phy-qcom-qmp.c index eef863108bfe..e22ee71aa060 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp.c +++ b/drivers/phy/qualcomm/phy-qcom-qmp.c @@ -5714,6 +5714,8 @@ static int qcom_qmp_phy_probe(struct platform_device *pdev) usb_cfg = combo_cfg->usb_cfg; cfg = usb_cfg; /* Setup clks and regulators */
- } else {
usb_cfg = cfg;/* per PHY serdes; usually located at base address */ -- 2.34.1