[PATCH] phy: qcom-qusb2: Fix NULL pointer dereference on early suspend
Loic Poulain
loic.poulain at oss.qualcomm.com
Mon Dec 8 13:12:22 PST 2025
On Fri, Dec 5, 2025 at 9:12 PM Dmitry Baryshkov
<dmitry.baryshkov at oss.qualcomm.com> wrote:
>
> On Fri, Dec 05, 2025 at 05:04:37PM +0100, Loic Poulain wrote:
> > Reorder runtime PM setup to ensure pm_runtime_forbid() is applied before
> > enabling runtime PM. This avoids possible early autosuspend and prevents
> > qusb2_phy_runtime_suspend() from being called before driver data is
> > initialized, which could otherwise lead to a NULL pointer dereference:
> >
> > ```
> > Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a1
> > [...]
> > CPU: 0 UID: 0 PID: 11 Comm: kworker/0:1 Not tainted 6.16.7+ #116 PREEMPT
> > Workqueue: pm pm_runtime_work
> > pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
> > pc : qusb2_phy_runtime_suspend+0x14/0x1e0 [phy_qcom_qusb2]
> > lr : pm_generic_runtime_suspend+0x2c/0x44
> > [...]
> > ```
> >
> > Fixes: 891a96f65ac3 ("phy: qcom-qusb2: Add support for runtime PM")
> > Signed-off-by: Loic Poulain <loic.poulain at oss.qualcomm.com>
> > ---
> > drivers/phy/qualcomm/phy-qcom-qusb2.c | 9 +++++----
> > 1 file changed, 5 insertions(+), 4 deletions(-)
> >
> > diff --git a/drivers/phy/qualcomm/phy-qcom-qusb2.c b/drivers/phy/qualcomm/phy-qcom-qusb2.c
> > index b5514a32ff8f..97bc3755a390 100644
> > --- a/drivers/phy/qualcomm/phy-qcom-qusb2.c
> > +++ b/drivers/phy/qualcomm/phy-qcom-qusb2.c
> > @@ -1093,13 +1093,14 @@ static int qusb2_phy_probe(struct platform_device *pdev)
> > or->hsdisc_trim.override = true;
> > }
> >
> > - pm_runtime_set_active(dev);
> > - pm_runtime_enable(dev);
> > +
> > /*
> > - * Prevent runtime pm from being ON by default. Users can enable
> > - * it using power/control in sysfs.
> > + * Enable runtime PM support, but forbid it by default.
> > + * Users can allow it again via the power/control attribute in sysfs.
> > */
> > + pm_runtime_set_active(dev);
> > pm_runtime_forbid(dev);
> > + pm_runtime_enable(dev);
>
> I'd like to point out that the pm_runtime_enable() here isn't followed
> up by the pm_runtime_disable() in the remove path (there is none). Would
> you mind sending a followup, changing it to use
> devm_pm_runtime_enable()?
Yes ok, I will.
Loic
More information about the linux-phy
mailing list