 
            Hi Sasha,
On Sun, Apr 07, 2024 at 08:53:40AM -0400, Sasha Levin wrote:
This is a note to let you know that I've just added the patch titled
usb: typec: ucsi: Check for notifications after initto the 6.8-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
This patch contains an out of bounds memory access and should not be included in the stable backports until a fix is available.
A fix is already queued in Greg's usb-linus branch.
Please drop the above patch from all stable trees for now.
Sorry for the inconvenience.
The filename of the patch is: usb-typec-ucsi-check-for-notifications-after-init.patch and it can be found in the queue-6.8 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree, please let stable@vger.kernel.org know about it.
commit 903bfed719f3e87b607956bbe4d855c71831a43a Author: Christian A. Ehrhardt lk@c--e.de Date: Wed Mar 20 08:39:23 2024 +0100
usb: typec: ucsi: Check for notifications after init[ Upstream commit 808a8b9e0b87bbc72bcc1f7ddfe5d04746e7ce56 ] The completion notification for the final SET_NOTIFICATION_ENABLE command during initialization can include a connector change notification. However, at the time this completion notification is processed, the ucsi struct is not ready to handle this notification. As a result the notification is ignored and the controller never sends an interrupt again. Re-check CCI for a pending connector state change after initialization is complete. Adjust the corresponding debug message accordingly. Fixes: 71a1fa0df2a3 ("usb: typec: ucsi: Store the notification mask") Cc: stable@vger.kernel.org Signed-off-by: Christian A. Ehrhardt lk@c--e.de Reviewed-by: Heikki Krogerus heikki.krogerus@linux.intel.com Tested-by: Neil Armstrong neil.armstrong@linaro.org # on SM8550-QRD Link: https://lore.kernel.org/r/20240320073927.1641788-3-lk@c--e.de Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Signed-off-by: Sasha Levin sashal@kernel.org
diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index 0bfe5e906e543..96da828f556a9 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -962,7 +962,7 @@ void ucsi_connector_change(struct ucsi *ucsi, u8 num) struct ucsi_connector *con = &ucsi->connector[num - 1]; if (!(ucsi->ntfy & UCSI_ENABLE_NTFY_CONNECTOR_CHANGE)) {
dev_dbg(ucsi->dev, "Bogus connector change event\n");
return; }
dev_dbg(ucsi->dev, "Early connector change event\n");@@ -1393,6 +1393,7 @@ static int ucsi_init(struct ucsi *ucsi) { struct ucsi_connector *con, *connector; u64 command, ntfy;
- u32 cci; int ret; int i;
@@ -1445,6 +1446,13 @@ static int ucsi_init(struct ucsi *ucsi) ucsi->connector = connector; ucsi->ntfy = ntfy;
- ret = ucsi->ops->read(ucsi, UCSI_CCI, &cci, sizeof(cci));
- if (ret)
return ret;- if (UCSI_CCI_CONNECTOR(READ_ONCE(cci)))
ucsi_connector_change(ucsi, cci);- return 0;
err_unregister:
Best regards Christian