[PATCH 2/4] phy: qcom: qmp-usbc: Fix possible NULL-deref on early runtime suspend
Dmitry Baryshkov
dmitry.baryshkov at oss.qualcomm.com
Fri Jan 9 04:50:40 PST 2026
On Fri, Jan 09, 2026 at 12:26:58PM +0100, Konrad Dybcio wrote:
> On 1/8/26 4:49 PM, Loic Poulain wrote:
> > There is a small window where the runtime suspend callback may run
> > after pm_runtime_enable() and before pm_runtime_forbid(). In this
> > case, a crash occurs because runtime suspend/resume dereferences
> > qmp->phy pointer, which is not yet initialized:
> > `if (!qmp->phy->init_count) {`
> >
> > Use qmp->usb_init_count instead of qmp->phy->init_count to avoid
> > depending on the possibly uninitialized phy pointer.
> >
> > Also reorder pm_runtime_enable() and pm_runtime_forbid() to prevent
> > the window where an unnecessary runtime suspend can occur.
> >
> > Fixes: 19281571a4d5 ("phy: qcom: qmp-usb: split USB-C PHY driver")
> > Signed-off-by: Loic Poulain <loic.poulain at oss.qualcomm.com>
> > ---
> > drivers/phy/qualcomm/phy-qcom-qmp-usbc.c | 14 +++++++-------
> > 1 file changed, 7 insertions(+), 7 deletions(-)
> >
> > diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-usbc.c b/drivers/phy/qualcomm/phy-qcom-qmp-usbc.c
> > index 5e7fcb26744a..05717ca85c5b 100644
> > --- a/drivers/phy/qualcomm/phy-qcom-qmp-usbc.c
> > +++ b/drivers/phy/qualcomm/phy-qcom-qmp-usbc.c
> > @@ -690,7 +690,7 @@ static int __maybe_unused qmp_usbc_runtime_suspend(struct device *dev)
> >
> > dev_vdbg(dev, "Suspending QMP phy, mode:%d\n", qmp->mode);
> >
> > - if (!qmp->phy->init_count) {
> > + if (!qmp->usb_init_count) {
> > dev_vdbg(dev, "PHY not initialized, bailing out\n");
>
> FWIW this effectively says "if in DP mode, the PHY can't runtime suspend"
> which I'm not sure is what should happen.
>
> In USB3 mode, there's definitely a register in PCS_USB to put it into
> "autonomous mode", where I believe all the hw does it listen for link
> sleep (U3 in USB3 spec) exit requests
>
> In DP, I suppose we can't just yank the power until the controller
> decides to suspend the link, at which point we just power off the PHY..
> would that be right, Dmitry?
I think so.
>
> Konrad
>
> --
> linux-phy mailing list
> linux-phy at lists.infradead.org
> https://lists.infradead.org/mailman/listinfo/linux-phy
--
With best wishes
Dmitry
More information about the linux-phy
mailing list