tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

usb: typec: tcpm: fix SOP' sequences in tcpm_pd_svdm

The Smatch checker flags svdm_version being uninitialized for Discover
Identity Messages within tcpm_pd_svdm for the CMDT_INIT case. Cable plugs
cannot initialize SVDM commands, however a port partner that isn't allowed
to communicate over SOP' could, which would result in the CMDT_INIT block
running for a received SOP' message.

First, initialize svdm_version for the TCPC_TX_SOP_PRIME case. If the
svdm_version returns as an error, we expect the received svdm to be the
result of Discover Identity that updates the value accordingly.

Next, drop all SOP' messages of type CMDT_INIT within tcpm_pd_svdm.

Finally, remove redundant call that assigns modep and pdev. Smatch will
raise an uninitialized symbol error over modep_prime and pdev_prime, but
both the assignment and use of these variables are guarded behind
a check for rx_sop_type == TCPC_TX_SOP_PRIME.

Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/all/a432603b-b801-4001-b309-247dded707d3@moroto.mountain/
Fixes: fb7ff25ae433 ("usb: typec: tcpm: add discover identity support for SOP'")
Signed-off-by: RD Babiera <rdbabiera@google.com>
Acked-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Link: https://lore.kernel.org/r/20240223002233.3936275-2-rdbabiera@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

RD Babiera and committed by
Greg Kroah-Hartman 0e287901 f3ac348e

+16 -10
+16 -10
drivers/usb/typec/tcpm/tcpm.c
··· 1878 1878 tcpm_log(port, "Rx VDM cmd 0x%x type %d cmd %d len %d", 1879 1879 p[0], cmd_type, cmd, cnt); 1880 1880 1881 - modep = &port->mode_data; 1882 - 1883 - pdev = typec_match_altmode(port->partner_altmode, ALTMODE_DISCOVERY_MAX, 1884 - PD_VDO_VID(p[0]), PD_VDO_OPOS(p[0])); 1885 - 1886 1881 switch (rx_sop_type) { 1887 1882 case TCPC_TX_SOP_PRIME: 1888 1883 modep_prime = &port->mode_data_prime; ··· 1885 1890 ALTMODE_DISCOVERY_MAX, 1886 1891 PD_VDO_VID(p[0]), 1887 1892 PD_VDO_OPOS(p[0])); 1888 - if (!IS_ERR_OR_NULL(port->cable)) { 1889 - svdm_version = typec_get_cable_svdm_version(typec); 1890 - if (PD_VDO_SVDM_VER(p[0]) < svdm_version) 1891 - typec_cable_set_svdm_version(port->cable, svdm_version); 1892 - } 1893 + svdm_version = typec_get_cable_svdm_version(typec); 1894 + /* 1895 + * Update SVDM version if cable was discovered before port partner. 1896 + */ 1897 + if (!IS_ERR_OR_NULL(port->cable) && 1898 + PD_VDO_SVDM_VER(p[0]) < svdm_version) 1899 + typec_cable_set_svdm_version(port->cable, svdm_version); 1893 1900 break; 1894 1901 case TCPC_TX_SOP: 1895 1902 modep = &port->mode_data; ··· 1917 1920 1918 1921 switch (cmd_type) { 1919 1922 case CMDT_INIT: 1923 + /* 1924 + * Only the port or port partner is allowed to initialize SVDM 1925 + * commands over SOP'. In case the port partner initializes a 1926 + * sequence when it is not allowed to send SOP' messages, drop 1927 + * the message should the TCPM port try to process it. 1928 + */ 1929 + if (rx_sop_type == TCPC_TX_SOP_PRIME) 1930 + return 0; 1931 + 1920 1932 switch (cmd) { 1921 1933 case CMD_DISCOVER_IDENT: 1922 1934 if (PD_VDO_VID(p[0]) != USB_SID_PD)