[PATCH v2 1/2] usb: typec: ucsi: displayport: Fix deadlock

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH v2 1/2] usb: typec: ucsi: displayport: Fix deadlock
       [not found] <20250424084429.3220757-1-akuchynski@chromium.org>
@ 2025-04-24  8:44 ` Andrei Kuchynski
  2025-04-28 13:23   ` Heikki Krogerus
  2025-04-24  8:44 ` [PATCH v2 2/2] usb: typec: ucsi: displayport: Fix NULL pointer access Andrei Kuchynski
  1 sibling, 1 reply; 4+ messages in thread
From: Andrei Kuchynski @ 2025-04-24  8:44 UTC (permalink / raw)
  To: Heikki Krogerus, Greg Kroah-Hartman, Jameson Thies,
	Abhishek Pandit-Subedi, Benson Leung, Dmitry Baryshkov, Diogo Ivo,
	Pooja Katiyar, Madhu M
  Cc: linux-usb, linux-kernel, Andrei Kuchynski, stable

This patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlock
functions to the UCSI driver. ucsi_con_mutex_lock ensures the connector
mutex is only locked if a connection is established and the partner pointer
is valid. This resolves a deadlock scenario where
ucsi_displayport_remove_partner holds con->mutex waiting for
dp_altmode_work to complete while dp_altmode_work attempts to acquire it.

Cc: stable@vger.kernel.org
Fixes: af8622f6a585 ("usb: typec: ucsi: Support for DisplayPort alt mode")
Signed-off-by: Andrei Kuchynski <akuchynski@chromium.org>
---
 drivers/usb/typec/ucsi/displayport.c | 19 +++++++++-------
 drivers/usb/typec/ucsi/ucsi.c        | 34 ++++++++++++++++++++++++++++
 drivers/usb/typec/ucsi/ucsi.h        |  2 ++
 3 files changed, 47 insertions(+), 8 deletions(-)

diff --git a/drivers/usb/typec/ucsi/displayport.c b/drivers/usb/typec/ucsi/displayport.c
index 420af5139c70..acd053d4e38c 100644
--- a/drivers/usb/typec/ucsi/displayport.c
+++ b/drivers/usb/typec/ucsi/displayport.c
@@ -54,7 +54,8 @@ static int ucsi_displayport_enter(struct typec_altmode *alt, u32 *vdo)
 	u8 cur = 0;
 	int ret;
 
-	mutex_lock(&dp->con->lock);
+	if (!ucsi_con_mutex_lock(dp->con))
+		return -ENOTCONN;
 
 	if (!dp->override && dp->initialized) {
 		const struct typec_altmode *p = typec_altmode_get_partner(alt);
@@ -100,7 +101,7 @@ static int ucsi_displayport_enter(struct typec_altmode *alt, u32 *vdo)
 	schedule_work(&dp->work);
 	ret = 0;
 err_unlock:
-	mutex_unlock(&dp->con->lock);
+	ucsi_con_mutex_unlock(dp->con);
 
 	return ret;
 }
@@ -112,7 +113,8 @@ static int ucsi_displayport_exit(struct typec_altmode *alt)
 	u64 command;
 	int ret = 0;
 
-	mutex_lock(&dp->con->lock);
+	if (!ucsi_con_mutex_lock(dp->con))
+		return -ENOTCONN;
 
 	if (!dp->override) {
 		const struct typec_altmode *p = typec_altmode_get_partner(alt);
@@ -144,7 +146,7 @@ static int ucsi_displayport_exit(struct typec_altmode *alt)
 	schedule_work(&dp->work);
 
 out_unlock:
-	mutex_unlock(&dp->con->lock);
+	ucsi_con_mutex_unlock(dp->con);
 
 	return ret;
 }
@@ -202,20 +204,21 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt,
 	int cmd = PD_VDO_CMD(header);
 	int svdm_version;
 
-	mutex_lock(&dp->con->lock);
+	if (!ucsi_con_mutex_lock(dp->con))
+		return -ENOTCONN;
 
 	if (!dp->override && dp->initialized) {
 		const struct typec_altmode *p = typec_altmode_get_partner(alt);
 
 		dev_warn(&p->dev,
 			 "firmware doesn't support alternate mode overriding\n");
-		mutex_unlock(&dp->con->lock);
+		ucsi_con_mutex_unlock(dp->con);
 		return -EOPNOTSUPP;
 	}
 
 	svdm_version = typec_altmode_get_svdm_version(alt);
 	if (svdm_version < 0) {
-		mutex_unlock(&dp->con->lock);
+		ucsi_con_mutex_unlock(dp->con);
 		return svdm_version;
 	}
 
@@ -259,7 +262,7 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt,
 		break;
 	}
 
-	mutex_unlock(&dp->con->lock);
+	ucsi_con_mutex_unlock(dp->con);
 
 	return 0;
 }
diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c
index e8c7e9dc4930..01ce858a1a2b 100644
--- a/drivers/usb/typec/ucsi/ucsi.c
+++ b/drivers/usb/typec/ucsi/ucsi.c
@@ -1922,6 +1922,40 @@ void ucsi_set_drvdata(struct ucsi *ucsi, void *data)
 }
 EXPORT_SYMBOL_GPL(ucsi_set_drvdata);
 
+/**
+ * ucsi_con_mutex_lock - Acquire the connector mutex
+ * @con: The connector interface to lock
+ *
+ * Returns true on success, false if the connector is disconnected
+ */
+bool ucsi_con_mutex_lock(struct ucsi_connector *con)
+{
+	bool mutex_locked = false;
+	bool connected = true;
+
+	while (connected && !mutex_locked) {
+		mutex_locked = mutex_trylock(&con->lock) != 0;
+		connected = UCSI_CONSTAT(con, CONNECTED);
+		if (connected && !mutex_locked)
+			msleep(20);
+	}
+
+	connected = connected && con->partner;
+	if (!connected && mutex_locked)
+		mutex_unlock(&con->lock);
+
+	return connected;
+}
+
+/**
+ * ucsi_con_mutex_unlock - Release the connector mutex
+ * @con: The connector interface to unlock
+ */
+void ucsi_con_mutex_unlock(struct ucsi_connector *con)
+{
+	mutex_unlock(&con->lock);
+}
+
 /**
  * ucsi_create - Allocate UCSI instance
  * @dev: Device interface to the PPM (Platform Policy Manager)
diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h
index 3a2c1762bec1..9c5278a0c5d4 100644
--- a/drivers/usb/typec/ucsi/ucsi.h
+++ b/drivers/usb/typec/ucsi/ucsi.h
@@ -94,6 +94,8 @@ int ucsi_register(struct ucsi *ucsi);
 void ucsi_unregister(struct ucsi *ucsi);
 void *ucsi_get_drvdata(struct ucsi *ucsi);
 void ucsi_set_drvdata(struct ucsi *ucsi, void *data);
+bool ucsi_con_mutex_lock(struct ucsi_connector *con);
+void ucsi_con_mutex_unlock(struct ucsi_connector *con);
 
 void ucsi_connector_change(struct ucsi *ucsi, u8 num);
 
-- 
2.49.0.805.g082f7c87e0-goog


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH v2 1/2] usb: typec: ucsi: displayport: Fix deadlock
  2025-04-24  8:44 ` [PATCH v2 1/2] usb: typec: ucsi: displayport: Fix deadlock Andrei Kuchynski
@ 2025-04-28 13:23   ` Heikki Krogerus
  0 siblings, 0 replies; 4+ messages in thread
From: Heikki Krogerus @ 2025-04-28 13:23 UTC (permalink / raw)
  To: Andrei Kuchynski
  Cc: Greg Kroah-Hartman, Jameson Thies, Abhishek Pandit-Subedi,
	Benson Leung, Dmitry Baryshkov, Diogo Ivo, Pooja Katiyar, Madhu M,
	linux-usb, linux-kernel, stable

On Thu, Apr 24, 2025 at 08:44:28AM +0000, Andrei Kuchynski wrote:
> This patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlock
> functions to the UCSI driver. ucsi_con_mutex_lock ensures the connector
> mutex is only locked if a connection is established and the partner pointer
> is valid. This resolves a deadlock scenario where
> ucsi_displayport_remove_partner holds con->mutex waiting for
> dp_altmode_work to complete while dp_altmode_work attempts to acquire it.
> 
> Cc: stable@vger.kernel.org
> Fixes: af8622f6a585 ("usb: typec: ucsi: Support for DisplayPort alt mode")
> Signed-off-by: Andrei Kuchynski <akuchynski@chromium.org>

Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>

> ---
>  drivers/usb/typec/ucsi/displayport.c | 19 +++++++++-------
>  drivers/usb/typec/ucsi/ucsi.c        | 34 ++++++++++++++++++++++++++++
>  drivers/usb/typec/ucsi/ucsi.h        |  2 ++
>  3 files changed, 47 insertions(+), 8 deletions(-)
> 
> diff --git a/drivers/usb/typec/ucsi/displayport.c b/drivers/usb/typec/ucsi/displayport.c
> index 420af5139c70..acd053d4e38c 100644
> --- a/drivers/usb/typec/ucsi/displayport.c
> +++ b/drivers/usb/typec/ucsi/displayport.c
> @@ -54,7 +54,8 @@ static int ucsi_displayport_enter(struct typec_altmode *alt, u32 *vdo)
>  	u8 cur = 0;
>  	int ret;
>  
> -	mutex_lock(&dp->con->lock);
> +	if (!ucsi_con_mutex_lock(dp->con))
> +		return -ENOTCONN;
>  
>  	if (!dp->override && dp->initialized) {
>  		const struct typec_altmode *p = typec_altmode_get_partner(alt);
> @@ -100,7 +101,7 @@ static int ucsi_displayport_enter(struct typec_altmode *alt, u32 *vdo)
>  	schedule_work(&dp->work);
>  	ret = 0;
>  err_unlock:
> -	mutex_unlock(&dp->con->lock);
> +	ucsi_con_mutex_unlock(dp->con);
>  
>  	return ret;
>  }
> @@ -112,7 +113,8 @@ static int ucsi_displayport_exit(struct typec_altmode *alt)
>  	u64 command;
>  	int ret = 0;
>  
> -	mutex_lock(&dp->con->lock);
> +	if (!ucsi_con_mutex_lock(dp->con))
> +		return -ENOTCONN;
>  
>  	if (!dp->override) {
>  		const struct typec_altmode *p = typec_altmode_get_partner(alt);
> @@ -144,7 +146,7 @@ static int ucsi_displayport_exit(struct typec_altmode *alt)
>  	schedule_work(&dp->work);
>  
>  out_unlock:
> -	mutex_unlock(&dp->con->lock);
> +	ucsi_con_mutex_unlock(dp->con);
>  
>  	return ret;
>  }
> @@ -202,20 +204,21 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt,
>  	int cmd = PD_VDO_CMD(header);
>  	int svdm_version;
>  
> -	mutex_lock(&dp->con->lock);
> +	if (!ucsi_con_mutex_lock(dp->con))
> +		return -ENOTCONN;
>  
>  	if (!dp->override && dp->initialized) {
>  		const struct typec_altmode *p = typec_altmode_get_partner(alt);
>  
>  		dev_warn(&p->dev,
>  			 "firmware doesn't support alternate mode overriding\n");
> -		mutex_unlock(&dp->con->lock);
> +		ucsi_con_mutex_unlock(dp->con);
>  		return -EOPNOTSUPP;
>  	}
>  
>  	svdm_version = typec_altmode_get_svdm_version(alt);
>  	if (svdm_version < 0) {
> -		mutex_unlock(&dp->con->lock);
> +		ucsi_con_mutex_unlock(dp->con);
>  		return svdm_version;
>  	}
>  
> @@ -259,7 +262,7 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt,
>  		break;
>  	}
>  
> -	mutex_unlock(&dp->con->lock);
> +	ucsi_con_mutex_unlock(dp->con);
>  
>  	return 0;
>  }
> diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c
> index e8c7e9dc4930..01ce858a1a2b 100644
> --- a/drivers/usb/typec/ucsi/ucsi.c
> +++ b/drivers/usb/typec/ucsi/ucsi.c
> @@ -1922,6 +1922,40 @@ void ucsi_set_drvdata(struct ucsi *ucsi, void *data)
>  }
>  EXPORT_SYMBOL_GPL(ucsi_set_drvdata);
>  
> +/**
> + * ucsi_con_mutex_lock - Acquire the connector mutex
> + * @con: The connector interface to lock
> + *
> + * Returns true on success, false if the connector is disconnected
> + */
> +bool ucsi_con_mutex_lock(struct ucsi_connector *con)
> +{
> +	bool mutex_locked = false;
> +	bool connected = true;
> +
> +	while (connected && !mutex_locked) {
> +		mutex_locked = mutex_trylock(&con->lock) != 0;
> +		connected = UCSI_CONSTAT(con, CONNECTED);
> +		if (connected && !mutex_locked)
> +			msleep(20);
> +	}
> +
> +	connected = connected && con->partner;
> +	if (!connected && mutex_locked)
> +		mutex_unlock(&con->lock);
> +
> +	return connected;
> +}
> +
> +/**
> + * ucsi_con_mutex_unlock - Release the connector mutex
> + * @con: The connector interface to unlock
> + */
> +void ucsi_con_mutex_unlock(struct ucsi_connector *con)
> +{
> +	mutex_unlock(&con->lock);
> +}
> +
>  /**
>   * ucsi_create - Allocate UCSI instance
>   * @dev: Device interface to the PPM (Platform Policy Manager)
> diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h
> index 3a2c1762bec1..9c5278a0c5d4 100644
> --- a/drivers/usb/typec/ucsi/ucsi.h
> +++ b/drivers/usb/typec/ucsi/ucsi.h
> @@ -94,6 +94,8 @@ int ucsi_register(struct ucsi *ucsi);
>  void ucsi_unregister(struct ucsi *ucsi);
>  void *ucsi_get_drvdata(struct ucsi *ucsi);
>  void ucsi_set_drvdata(struct ucsi *ucsi, void *data);
> +bool ucsi_con_mutex_lock(struct ucsi_connector *con);
> +void ucsi_con_mutex_unlock(struct ucsi_connector *con);
>  
>  void ucsi_connector_change(struct ucsi *ucsi, u8 num);
>  
> -- 
> 2.49.0.805.g082f7c87e0-goog

-- 
heikki

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH v2 2/2] usb: typec: ucsi: displayport: Fix NULL pointer access
       [not found] <20250424084429.3220757-1-akuchynski@chromium.org>
  2025-04-24  8:44 ` [PATCH v2 1/2] usb: typec: ucsi: displayport: Fix deadlock Andrei Kuchynski
@ 2025-04-24  8:44 ` Andrei Kuchynski
  2025-04-24 16:20   ` Benson Leung
  1 sibling, 1 reply; 4+ messages in thread
From: Andrei Kuchynski @ 2025-04-24  8:44 UTC (permalink / raw)
  To: Heikki Krogerus, Greg Kroah-Hartman, Jameson Thies,
	Abhishek Pandit-Subedi, Benson Leung, Dmitry Baryshkov, Diogo Ivo,
	Pooja Katiyar, Madhu M
  Cc: linux-usb, linux-kernel, Andrei Kuchynski, stable

This patch ensures that the UCSI driver waits for all pending tasks in the
ucsi_displayport_work workqueue to finish executing before proceeding with
the partner removal.

Cc: stable@vger.kernel.org
Fixes: af8622f6a585 ("usb: typec: ucsi: Support for DisplayPort alt mode")
Signed-off-by: Andrei Kuchynski <akuchynski@chromium.org>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
---
 drivers/usb/typec/ucsi/displayport.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/usb/typec/ucsi/displayport.c b/drivers/usb/typec/ucsi/displayport.c
index acd053d4e38c..8aae80b457d7 100644
--- a/drivers/usb/typec/ucsi/displayport.c
+++ b/drivers/usb/typec/ucsi/displayport.c
@@ -299,6 +299,8 @@ void ucsi_displayport_remove_partner(struct typec_altmode *alt)
 	if (!dp)
 		return;
 
+	cancel_work_sync(&dp->work);
+
 	dp->data.conf = 0;
 	dp->data.status = 0;
 	dp->initialized = false;
-- 
2.49.0.805.g082f7c87e0-goog


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH v2 2/2] usb: typec: ucsi: displayport: Fix NULL pointer access
  2025-04-24  8:44 ` [PATCH v2 2/2] usb: typec: ucsi: displayport: Fix NULL pointer access Andrei Kuchynski
@ 2025-04-24 16:20   ` Benson Leung
  0 siblings, 0 replies; 4+ messages in thread
From: Benson Leung @ 2025-04-24 16:20 UTC (permalink / raw)
  To: Andrei Kuchynski
  Cc: Heikki Krogerus, Greg Kroah-Hartman, Jameson Thies,
	Abhishek Pandit-Subedi, Benson Leung, Dmitry Baryshkov, Diogo Ivo,
	Pooja Katiyar, Madhu M, linux-usb, linux-kernel, stable

[-- Attachment #1: Type: text/plain, Size: 1142 bytes --]

On Thu, Apr 24, 2025 at 08:44:29AM +0000, Andrei Kuchynski wrote:
> This patch ensures that the UCSI driver waits for all pending tasks in the
> ucsi_displayport_work workqueue to finish executing before proceeding with
> the partner removal.
> 
> Cc: stable@vger.kernel.org
> Fixes: af8622f6a585 ("usb: typec: ucsi: Support for DisplayPort alt mode")
> Signed-off-by: Andrei Kuchynski <akuchynski@chromium.org>
> Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>

Reviewed-by: Benson Leung <bleung@chromium.org>

> ---
>  drivers/usb/typec/ucsi/displayport.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/usb/typec/ucsi/displayport.c b/drivers/usb/typec/ucsi/displayport.c
> index acd053d4e38c..8aae80b457d7 100644
> --- a/drivers/usb/typec/ucsi/displayport.c
> +++ b/drivers/usb/typec/ucsi/displayport.c
> @@ -299,6 +299,8 @@ void ucsi_displayport_remove_partner(struct typec_altmode *alt)
>  	if (!dp)
>  		return;
>  
> +	cancel_work_sync(&dp->work);
> +
>  	dp->data.conf = 0;
>  	dp->data.status = 0;
>  	dp->initialized = false;
> -- 
> 2.49.0.805.g082f7c87e0-goog
> 

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2025-04-28 13:23 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <20250424084429.3220757-1-akuchynski@chromium.org>
2025-04-24  8:44 ` [PATCH v2 1/2] usb: typec: ucsi: displayport: Fix deadlock Andrei Kuchynski
2025-04-28 13:23   ` Heikki Krogerus
2025-04-24  8:44 ` [PATCH v2 2/2] usb: typec: ucsi: displayport: Fix NULL pointer access Andrei Kuchynski
2025-04-24 16:20   ` Benson Leung

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).