From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Douglas Gilbert <dgilbert@interlog.com>,
Guenter Roeck <linux@roeck-us.net>
Subject: [PATCH 5.4 44/78] USB-PD tcpm: bad warning+size, PPS adapters
Date: Tue, 14 Jan 2020 11:01:18 +0100 [thread overview]
Message-ID: <20200114094359.462572888@linuxfoundation.org> (raw)
In-Reply-To: <20200114094352.428808181@linuxfoundation.org>
From: Douglas Gilbert <dgilbert@interlog.com>
commit c215e48e97d232249a33849fc46fc50311043e11 upstream.
Augmented Power Delivery Objects (A)PDO_s are used by USB-C
PD power adapters to advertize the voltages and currents
they support. There can be up to 7 PDO_s but before PPS
(programmable power supply) there were seldom more than 4
or 5. Recently Samsung released an optional PPS 45 Watt power
adapter (EP-TA485) that has 7 PDO_s. It is for the Galaxy 10+
tablet and charges it quicker than the adapter supplied at
purchase. The EP-TA485 causes an overzealous WARN_ON to soil
the log plus it miscalculates the number of bytes to read.
So this bug has been there for some time but goes
undetected for the majority of USB-C PD power adapters on
the market today that have 6 or less PDO_s. That may soon
change as more USB-C PD adapters with PPS come to market.
Tested on a EP-TA485 and an older Lenovo PN: SA10M13950
USB-C 65 Watt adapter (without PPS and has 4 PDO_s) plus
several other PD power adapters.
Signed-off-by: Douglas Gilbert <dgilbert@interlog.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20191230033544.1809-1-dgilbert@interlog.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/typec/tcpm/tcpci.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
--- a/drivers/usb/typec/tcpm/tcpci.c
+++ b/drivers/usb/typec/tcpm/tcpci.c
@@ -432,20 +432,30 @@ irqreturn_t tcpci_irq(struct tcpci *tcpc
if (status & TCPC_ALERT_RX_STATUS) {
struct pd_message msg;
- unsigned int cnt;
+ unsigned int cnt, payload_cnt;
u16 header;
regmap_read(tcpci->regmap, TCPC_RX_BYTE_CNT, &cnt);
+ /*
+ * 'cnt' corresponds to READABLE_BYTE_COUNT in section 4.4.14
+ * of the TCPCI spec [Rev 2.0 Ver 1.0 October 2017] and is
+ * defined in table 4-36 as one greater than the number of
+ * bytes received. And that number includes the header. So:
+ */
+ if (cnt > 3)
+ payload_cnt = cnt - (1 + sizeof(msg.header));
+ else
+ payload_cnt = 0;
tcpci_read16(tcpci, TCPC_RX_HDR, &header);
msg.header = cpu_to_le16(header);
- if (WARN_ON(cnt > sizeof(msg.payload)))
- cnt = sizeof(msg.payload);
+ if (WARN_ON(payload_cnt > sizeof(msg.payload)))
+ payload_cnt = sizeof(msg.payload);
- if (cnt > 0)
+ if (payload_cnt > 0)
regmap_raw_read(tcpci->regmap, TCPC_RX_DATA,
- &msg.payload, cnt);
+ &msg.payload, payload_cnt);
/* Read complete, clear RX status alert bit */
tcpci_write16(tcpci, TCPC_ALERT, TCPC_ALERT_RX_STATUS);
next prev parent reply other threads:[~2020-01-14 10:19 UTC|newest]
Thread overview: 106+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-14 10:00 [PATCH 5.4 00/78] 5.4.12-stable review Greg Kroah-Hartman
2020-01-14 10:00 ` [PATCH 5.4 01/78] chardev: Avoid potential use-after-free in chrdev_open() Greg Kroah-Hartman
2020-01-14 10:00 ` [PATCH 5.4 02/78] i2c: fix bus recovery stop mode timing Greg Kroah-Hartman
2020-01-14 10:00 ` [PATCH 5.4 03/78] powercap: intel_rapl: add NULL pointer check to rapl_mmio_cpu_online() Greg Kroah-Hartman
2020-01-14 10:00 ` [PATCH 5.4 04/78] usb: chipidea: host: Disable port power only if previously enabled Greg Kroah-Hartman
2020-01-14 10:00 ` [PATCH 5.4 05/78] ALSA: usb-audio: Apply the sample rate quirk for Bose Companion 5 Greg Kroah-Hartman
2020-01-14 10:00 ` [PATCH 5.4 06/78] ALSA: hda/realtek - Add new codec supported for ALCS1200A Greg Kroah-Hartman
2020-01-14 10:00 ` [PATCH 5.4 07/78] ALSA: hda/realtek - Set EAPD control to default for ALC222 Greg Kroah-Hartman
2020-01-14 10:00 ` [PATCH 5.4 08/78] ALSA: hda/realtek - Add quirk for the bass speaker on Lenovo Yoga X1 7th gen Greg Kroah-Hartman
2020-01-14 10:00 ` [PATCH 5.4 09/78] tpm: Revert "tpm_tis: reserve chip for duration of tpm_tis_core_init" Greg Kroah-Hartman
2020-01-14 10:00 ` [PATCH 5.4 10/78] tpm: Revert "tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts" Greg Kroah-Hartman
2020-01-14 10:00 ` [PATCH 5.4 11/78] tpm: Revert "tpm_tis_core: Turn on the TPM before probing IRQs" Greg Kroah-Hartman
2020-01-14 10:00 ` [PATCH 5.4 12/78] tpm: Handle negative priv->response_len in tpm_common_read() Greg Kroah-Hartman
2020-01-14 10:00 ` [PATCH 5.4 13/78] rtc: sun6i: Add support for RTC clocks on R40 Greg Kroah-Hartman
2020-01-14 10:00 ` [PATCH 5.4 14/78] kernel/trace: Fix do not unregister tracepoints when register sched_migrate_task fail Greg Kroah-Hartman
2020-01-14 10:00 ` [PATCH 5.4 15/78] tracing: Have stack tracer compile when MCOUNT_INSN_SIZE is not defined Greg Kroah-Hartman
2020-01-14 10:00 ` [PATCH 5.4 16/78] tracing: Change offset type to s32 in preempt/irq tracepoints Greg Kroah-Hartman
2020-01-14 10:00 ` [PATCH 5.4 17/78] HID: Fix slab-out-of-bounds read in hid_field_extract Greg Kroah-Hartman
2020-02-05 7:12 ` [PATCH 5.4 17/78] HID: Fix slab-out-of-bounds read in hid_field_extract (Broken!) peter enderborg
2020-02-05 9:32 ` Greg Kroah-Hartman
2020-02-05 9:49 ` Enderborg, Peter
2020-02-05 9:54 ` Jiri Kosina
2020-02-05 15:00 ` Alan Stern
2020-02-06 7:00 ` Enderborg, Peter
2020-02-06 15:14 ` Alan Stern
2020-02-07 8:11 ` Enderborg, Peter
2020-02-07 15:22 ` Alan Stern
2020-02-10 12:08 ` [PATCH] HID: Extend report buffer size Peter Enderborg
2020-02-10 12:21 ` Greg Kroah-Hartman
2020-02-10 12:40 ` Peter Enderborg
2020-02-10 13:43 ` Greg Kroah-Hartman
2020-02-10 15:01 ` Alan Stern
2020-02-11 8:35 ` peter enderborg
2020-02-11 14:54 ` Alan Stern
2020-02-11 15:01 ` Jiri Kosina
2020-01-14 10:00 ` [PATCH 5.4 18/78] HID: uhid: Fix returning EPOLLOUT from uhid_char_poll Greg Kroah-Hartman
2020-01-14 10:00 ` [PATCH 5.4 19/78] HID: hidraw: Fix returning EPOLLOUT from hidraw_poll Greg Kroah-Hartman
2020-01-14 10:00 ` [PATCH 5.4 20/78] HID: hid-input: clear unmapped usages Greg Kroah-Hartman
2020-01-14 10:00 ` [PATCH 5.4 21/78] Input: add safety guards to input_set_keycode() Greg Kroah-Hartman
2020-01-14 10:00 ` [PATCH 5.4 22/78] Input: input_event - fix struct padding on sparc64 Greg Kroah-Hartman
2020-01-14 10:00 ` [PATCH 5.4 23/78] drm/i915: Add Wa_1408615072 and Wa_1407596294 to icl,ehl Greg Kroah-Hartman
2020-01-14 10:00 ` [PATCH 5.4 24/78] drm/amdgpu: add DRIVER_SYNCOBJ_TIMELINE to amdgpu Greg Kroah-Hartman
2020-01-14 14:31 ` Deucher, Alexander
2020-01-14 14:39 ` Greg Kroah-Hartman
2020-01-14 10:00 ` [PATCH 5.4 25/78] Revert "drm/amdgpu: Set no-retry as default." Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 26/78] drm/sun4i: tcon: Set RGB DCLK min. divider based on hardware model Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 27/78] drm/fb-helper: Round up bits_per_pixel if possible Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 28/78] drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 29/78] drm/i915: Add Wa_1407352427:icl,ehl Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 30/78] drm/i915/gt: Mark up virtual engine uabi_instance Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 31/78] IB/hfi1: Adjust flow PSN with the correct resync_psn Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 32/78] can: kvaser_usb: fix interface sanity check Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 33/78] can: gs_usb: gs_usb_probe(): use descriptors of current altsetting Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 34/78] can: tcan4x5x: tcan4x5x_can_probe(): get the device out of standby before register access Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 35/78] can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling to irq mode Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 36/78] can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 37/78] gpiolib: acpi: Turn dmi_system_id table into a generic quirk table Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 38/78] gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 39/78] pstore/ram: Regularize prz label allocation lifetime Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 40/78] staging: vt6656: set usb_set_intfdata on driver fail Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 41/78] staging: vt6656: Fix non zero logical return of, usb_control_msg Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 42/78] usb: cdns3: should not use the same dev_id for shared interrupt handler Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 43/78] usb: ohci-da8xx: ensure error return on variable error is set Greg Kroah-Hartman
2020-01-14 10:01 ` Greg Kroah-Hartman [this message]
2020-01-14 10:01 ` [PATCH 5.4 45/78] USB: serial: option: add ZLP support for 0x1bc7/0x9010 Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 46/78] usb: musb: fix idling for suspend after disconnect interrupt Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 47/78] usb: musb: Disable pullup at init Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 48/78] usb: musb: dma: Correct parameter passed to IRQ handler Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 49/78] staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713 Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 50/78] staging: vt6656: correct return of vnt_init_registers Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 51/78] staging: vt6656: limit reg output to block size Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 52/78] staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21 Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 53/78] serdev: Dont claim unsupported ACPI serial devices Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 54/78] iommu/vt-d: Fix adding non-PCI devices to Intel IOMMU Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 55/78] tty: link tty and port before configuring it as console Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 56/78] tty: always relink the port Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 57/78] arm64: Move __ARCH_WANT_SYS_CLONE3 definition to uapi headers Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 58/78] arm64: Implement copy_thread_tls Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 59/78] arm: " Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 60/78] parisc: " Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 61/78] riscv: " Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 62/78] xtensa: " Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 63/78] clone3: ensure copy_thread_tls is implemented Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 64/78] um: Implement copy_thread_tls Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 65/78] staging: vt6656: remove bool from vnt_radio_power_on ret Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 66/78] mwifiex: fix possible heap overflow in mwifiex_process_country_ie() Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 67/78] mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 68/78] rpmsg: char: release allocated memory Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 69/78] scsi: bfa: release allocated memory in case of error Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 70/78] rtl8xxxu: prevent leaking urb Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 71/78] ath10k: fix memory leak Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 72/78] HID: hiddev: fix mess in hiddev_open() Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 73/78] USB: Fix: Dont skip endpoint descriptors with maxpacket=0 Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 74/78] phy: cpcap-usb: Fix error path when no host driver is loaded Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 75/78] phy: cpcap-usb: Fix flakey host idling and enumerating of devices Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 76/78] netfilter: arp_tables: init netns pointer in xt_tgchk_param struct Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 77/78] netfilter: conntrack: dccp, sctp: handle null timeout argument Greg Kroah-Hartman
2020-01-14 10:01 ` [PATCH 5.4 78/78] netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present Greg Kroah-Hartman
2020-01-14 15:02 ` [PATCH 5.4 00/78] 5.4.12-stable review Jon Hunter
2020-01-14 15:18 ` Greg Kroah-Hartman
2020-01-14 18:17 ` Guenter Roeck
2020-01-14 18:53 ` Greg Kroah-Hartman
2020-01-14 20:19 ` shuah
2020-01-14 21:55 ` Greg Kroah-Hartman
2020-01-15 2:09 ` Daniel Díaz
2020-01-15 8:12 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200114094359.462572888@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dgilbert@interlog.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@roeck-us.net \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).