1. Patchew
  2. linux
  3. View series

[PATCH] powerpc/pseries/msi: Fix NULL pointer dereference at irq domain teardown

Nam Cao posted 1 patch 3 months, 4 weeks ago 
arch/powerpc/platforms/pseries/msi.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
[PATCH] powerpc/pseries/msi: Fix NULL pointer dereference at irq domain teardown
Posted by Nam Cao 3 months, 4 weeks ago 
pseries_msi_ops_teardown() reads pci_dev* from msi_alloc_info_t. However,
pseries_msi_ops_prepare() does not populate this structure, thus it is all
zeros. Consequently, pseries_msi_ops_teardown() triggers a NULL pointer
dereference crash.

struct pci_dev is available in struct irq_domain. Read it there instead.

Reported-by: Venkat Rao Bagalkote <venkat88@linux.ibm.com>
Closes: https://lore.kernel.org/linuxppc-dev/878d7651-433a-46fe-a28b-1b7e893fcbe0@linux.ibm.com/
Tested-by: Venkat Rao Bagalkote <venkat88@linux.ibm.com>
Signed-off-by: Nam Cao <namcao@linutronix.de>
---
 arch/powerpc/platforms/pseries/msi.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/arch/powerpc/platforms/pseries/msi.c b/arch/powerpc/platforms/pseries/msi.c
index 825f9432e03d..a82aaa786e9e 100644
--- a/arch/powerpc/platforms/pseries/msi.c
+++ b/arch/powerpc/platforms/pseries/msi.c
@@ -443,8 +443,7 @@ static int pseries_msi_ops_prepare(struct irq_domain *domain, struct device *dev
  */
 static void pseries_msi_ops_teardown(struct irq_domain *domain, msi_alloc_info_t *arg)
 {
-	struct msi_desc *desc = arg->desc;
-	struct pci_dev *pdev = msi_desc_to_pci_dev(desc);
+	struct pci_dev *pdev = to_pci_dev(domain->dev);
 
 	rtas_disable_msi(pdev);
 }
-- 
2.51.0
Re: [PATCH] powerpc/pseries/msi: Fix NULL pointer dereference at irq domain teardown
Posted by Madhavan Srinivasan 3 months, 3 weeks ago 
On Fri, 10 Oct 2025 12:03:07 +0000, Nam Cao wrote:
> pseries_msi_ops_teardown() reads pci_dev* from msi_alloc_info_t. However,
> pseries_msi_ops_prepare() does not populate this structure, thus it is all
> zeros. Consequently, pseries_msi_ops_teardown() triggers a NULL pointer
> dereference crash.
> 
> struct pci_dev is available in struct irq_domain. Read it there instead.
> 
> [...]

Applied to powerpc/fixes.

[1/1] powerpc/pseries/msi: Fix NULL pointer dereference at irq domain teardown
      https://git.kernel.org/powerpc/c/ef3e73a917ec7d080e0fb0e4015098a4fb0f1cff

Thanks

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.