drivers/base/arch_topology.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Fix incorrect use of PTR_ERR_OR_ZERO() in topology_parse_cpu_capacity()
which causes the code to proceed with NULL clock pointers. The current
logic uses !PTR_ERR_OR_ZERO(cpu_clk) which evaluates to true for both
valid pointers and NULL, leading to potential NULL pointer dereference
in clk_get_rate().
Per include/linux/err.h documentation, PTR_ERR_OR_ZERO(ptr) returns:
"The error code within @ptr if it is an error pointer; 0 otherwise."
This means PTR_ERR_OR_ZERO() returns 0 for both valid pointers AND NULL
pointers. Therefore !PTR_ERR_OR_ZERO(cpu_clk) evaluates to true (proceed)
when cpu_clk is either valid or NULL, causing clk_get_rate(NULL) to be
called when of_clk_get() returns NULL.
Replace with !IS_ERR_OR_NULL(cpu_clk) which only proceeds for valid
pointers, preventing potential NULL pointer dereference in clk_get_rate().
Fixes: b8fe128dad8f ("arch_topology: Adjust initial CPU capacities with current freq")
Cc: stable@vger.kernel.org
Signed-off-by: Kaushlendra Kumar <kaushlendra.kumar@intel.com>
---
Changes in v4:
- recipient list adjustment as per kernel patch review process
Changes in v3:
- Used accurate "function call properties" terminology in commit description
(suggested by Markus Elfring)
- Added stable backport justification
- Removed duplicate marker line per kernel documentation
Changes in v2:
- Refined description based on documented macro properties (suggested by Markus Elfring)
- Added proper Fixes
drivers/base/arch_topology.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/base/arch_topology.c b/drivers/base/arch_topology.c
index 1037169abb45..e1eff05bea4a 100644
--- a/drivers/base/arch_topology.c
+++ b/drivers/base/arch_topology.c
@@ -292,7 +292,7 @@ bool __init topology_parse_cpu_capacity(struct device_node *cpu_node, int cpu)
* frequency (by keeping the initial capacity_freq_ref value).
*/
cpu_clk = of_clk_get(cpu_node, 0);
- if (!PTR_ERR_OR_ZERO(cpu_clk)) {
+ if (!IS_ERR_OR_NULL(cpu_clk)) {
per_cpu(capacity_freq_ref, cpu) =
clk_get_rate(cpu_clk) / HZ_PER_KHZ;
clk_put(cpu_clk);
--
2.34.1On Tue, Sep 23, 2025 at 11:13:08PM +0530, Kaushlendra Kumar wrote: > Fix incorrect use of PTR_ERR_OR_ZERO() in topology_parse_cpu_capacity() > which causes the code to proceed with NULL clock pointers. The current > logic uses !PTR_ERR_OR_ZERO(cpu_clk) which evaluates to true for both > valid pointers and NULL, leading to potential NULL pointer dereference > in clk_get_rate(). > > Per include/linux/err.h documentation, PTR_ERR_OR_ZERO(ptr) returns: > "The error code within @ptr if it is an error pointer; 0 otherwise." > > This means PTR_ERR_OR_ZERO() returns 0 for both valid pointers AND NULL > pointers. Therefore !PTR_ERR_OR_ZERO(cpu_clk) evaluates to true (proceed) > when cpu_clk is either valid or NULL, causing clk_get_rate(NULL) to be > called when of_clk_get() returns NULL. > > Replace with !IS_ERR_OR_NULL(cpu_clk) which only proceeds for valid > pointers, preventing potential NULL pointer dereference in clk_get_rate(). > For the 3rd and final time 😄, Reviewed-by: Sudeep Holla <sudeep.holla@arm.com> Greg, Can you please pick this up ? Not urgent for v6.17 -- Regards, Sudeep
© 2016 - 2025 Red Hat, Inc.