| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20251003002044.2944497-3-anjelique.melendez@oss.qualcomm.com>
Date: Thu, 2 Oct 2025 17:20:44 -0700
From: Anjelique Melendez <anjelique.melendez@....qualcomm.com>
To: heikki.krogerus@...ux.intel.com, gregkh@...uxfoundation.org
Cc: lumag@...nel.org, neil.armstrong@...aro.org, johan+linaro@...nel.org,
quic_bjorande@...cinc.com, linux-usb@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-arm-msm@...r.kernel.org
Subject: [PATCH v5 2/2] usb: typec: ucsi_glink: Increase buffer size to support UCSI v2
UCSI v2 specification has increased the MSG_IN and MSG_OUT size from
16 bytes to 256 bytes each for the message exchange between OPM and PPM
This makes the total buffer size increase from 48 bytes to 528 bytes.
Update the buffer size to support this increase.
Signed-off-by: Anjelique Melendez <anjelique.melendez@....qualcomm.com>
---
drivers/usb/typec/ucsi/ucsi_glink.c | 76 +++++++++++++++++++++++++----
1 file changed, 66 insertions(+), 10 deletions(-)
diff --git a/drivers/usb/typec/ucsi/ucsi_glink.c b/drivers/usb/typec/ucsi/ucsi_glink.c
index 1f9f0d942c1a..a324fadb4e11 100644
--- a/drivers/usb/typec/ucsi/ucsi_glink.c
+++ b/drivers/usb/typec/ucsi/ucsi_glink.c
@@ -16,10 +16,10 @@
#define PMIC_GLINK_MAX_PORTS 3
-#define UCSI_BUF_SIZE 48
+#define UCSI_BUF_V1_SIZE (UCSI_MESSAGE_OUT + (UCSI_MESSAGE_OUT - UCSI_MESSAGE_IN))
+#define UCSI_BUF_V2_SIZE (UCSIv2_MESSAGE_OUT + (UCSIv2_MESSAGE_OUT - UCSI_MESSAGE_IN))
#define MSG_TYPE_REQ_RESP 1
-#define UCSI_BUF_SIZE 48
#define UC_NOTIFY_RECEIVER_UCSI 0x0
#define UC_UCSI_READ_BUF_REQ 0x11
@@ -32,13 +32,19 @@ struct ucsi_read_buf_req_msg {
struct __packed ucsi_read_buf_resp_msg {
struct pmic_glink_hdr hdr;
- u8 buf[UCSI_BUF_SIZE];
+ union {
+ u8 v2_buf[UCSI_BUF_V2_SIZE];
+ u8 v1_buf[UCSI_BUF_V1_SIZE];
+ } buf;
u32 ret_code;
};
struct __packed ucsi_write_buf_req_msg {
struct pmic_glink_hdr hdr;
- u8 buf[UCSI_BUF_SIZE];
+ union {
+ u8 v2_buf[UCSI_BUF_V2_SIZE];
+ u8 v1_buf[UCSI_BUF_V1_SIZE];
+ } buf;
u32 reserved;
};
@@ -72,7 +78,7 @@ struct pmic_glink_ucsi {
bool ucsi_registered;
bool pd_running;
- u8 read_buf[UCSI_BUF_SIZE];
+ u8 read_buf[UCSI_BUF_V2_SIZE];
};
static int pmic_glink_ucsi_read(struct ucsi *__ucsi, unsigned int offset,
@@ -132,17 +138,35 @@ static int pmic_glink_ucsi_locked_write(struct pmic_glink_ucsi *ucsi, unsigned i
const void *val, size_t val_len)
{
struct ucsi_write_buf_req_msg req = {};
+ size_t req_len, buf_len;
unsigned long left;
int ret;
+ u8 *buf;
req.hdr.owner = PMIC_GLINK_OWNER_USBC;
req.hdr.type = MSG_TYPE_REQ_RESP;
req.hdr.opcode = UC_UCSI_WRITE_BUF_REQ;
- memcpy(&req.buf[offset], val, val_len);
+
+ if (ucsi->ucsi->version >= UCSI_VERSION_2_0) {
+ buf_len = UCSI_BUF_V2_SIZE;
+ buf = req.buf.v2_buf;
+ } else if (ucsi->ucsi->version) {
+ buf_len = UCSI_BUF_V1_SIZE;
+ buf = req.buf.v1_buf;
+ } else {
+ dev_err(ucsi->dev, "UCSI version unknown\n");
+ return -EINVAL;
+ }
+ req_len = sizeof(struct pmic_glink_hdr) + buf_len + sizeof(u32);
+
+ if (offset + val_len > buf_len)
+ return -EINVAL;
+
+ memcpy(&buf[offset], val, val_len);
reinit_completion(&ucsi->write_ack);
- ret = pmic_glink_send(ucsi->client, &req, sizeof(req));
+ ret = pmic_glink_send(ucsi->client, &req, req_len);
if (ret < 0) {
dev_err(ucsi->dev, "failed to send UCSI write request: %d\n", ret);
return ret;
@@ -216,12 +240,44 @@ static const struct ucsi_operations pmic_glink_ucsi_ops = {
static void pmic_glink_ucsi_read_ack(struct pmic_glink_ucsi *ucsi, const void *data, int len)
{
- const struct ucsi_read_buf_resp_msg *resp = data;
+ u32 ret_code, resp_len, buf_len = 0;
+ u8 *buf;
+
+ if (ucsi->ucsi->version) {
+ if (ucsi->ucsi->version >= UCSI_VERSION_2_0) {
+ buf = ((struct ucsi_read_buf_resp_msg *)data)->buf.v2_buf;
+ buf_len = UCSI_BUF_V2_SIZE;
+ } else {
+ buf = ((struct ucsi_read_buf_resp_msg *)data)->buf.v1_buf;
+ buf_len = UCSI_BUF_V1_SIZE;
+ }
+ } else if (!ucsi->ucsi_registered) {
+ /*
+ * If UCSI version is not known yet because device is not registered, choose buffer
+ * size which best fits incoming data
+ */
+ if (len > sizeof(struct pmic_glink_hdr) + UCSI_BUF_V2_SIZE) {
+ buf = ((struct ucsi_read_buf_resp_msg *)data)->buf.v2_buf;
+ buf_len = UCSI_BUF_V2_SIZE;
+ } else {
+ buf = ((struct ucsi_read_buf_resp_msg *)data)->buf.v1_buf;
+ buf_len = UCSI_BUF_V1_SIZE;
+ }
+ }
+ resp_len = sizeof(struct pmic_glink_hdr) + buf_len + sizeof(u32);
- if (resp->ret_code)
+ if (len > resp_len)
+ return;
+
+ /* Ensure that buffer_len leaves space for ret_code to be read back from memory */
+ if (buf_len > len - sizeof(struct pmic_glink_hdr) - sizeof(u32))
+ buf_len = len - sizeof(struct pmic_glink_hdr) - sizeof(u32);
+
+ memcpy(&ret_code, buf + buf_len, sizeof(u32));
+ if (ret_code)
return;
- memcpy(ucsi->read_buf, resp->buf, UCSI_BUF_SIZE);
+ memcpy(ucsi->read_buf, buf, buf_len);
complete(&ucsi->read_ack);
}
--
2.34.1
Powered by blists - more mailing lists