[PATCH v3 3/5] phy: qcom: qmp-usb-legacy: Fix possible NULL-deref on early runtime suspend
Johan Hovold
johan at kernel.org
Fri Feb 13 01:02:44 PST 2026
On Thu, Feb 05, 2026 at 05:02:38PM +0100, Loic Poulain wrote:
> There is a small window where the runtime suspend callback may run
> after pm_runtime_enable() and before pm_runtime_forbid(). In this
> case, a crash occurs because runtime suspend/resume dereferences
> qmp->phy pointer, which is not yet initialized:
> `if (!qmp->phy->init_count) {`
So here too, what would trigger a suspend in this window? (Except
possibly user space disabling and reenabling runtime pm, which can't
happen in practice).
> This can also happen if user re-enables runtime-pm via the sysfs
> attribute before qmp phy is initialized.
This I guess can happen in theory, but you'd need to try pretty hard.
But I think the commit message should better reflect this is all mostly
theoretical (currently it sounds like something you've actually hit).
Johan
More information about the linux-phy
mailing list