From nobody Wed Feb 11 15:46:10 2026 Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 607D121B9C5 for ; Tue, 9 Dec 2025 10:31:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765276289; cv=none; b=lNO79fBMZBVlnAX1HEuf2cGVUZur7E6xXSHbF90wVGc7UlKVHLPoN6laRfUOd2LFgUuw0oJHtbkLQmPGjDZmqgiviFFXHyZB4HmXcPREJRv3il3dYJfqwxSZ1HmMpFdKoqcbeCESitHN9VhWKHsyLoK3VflJkCZWe7qblN0Bnb8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765276289; c=relaxed/simple; bh=/aEq0x6MLRV/L6sOD9HPYDQFVJxKO9BW6KJrWnDuYm4=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=mcmfDGvO/DDf7vqo8YYAelFY6pD5fON1nZYxZW2Z24wtUsFmozqpU3ClEvYByYJi9GBfpaeR8BEM0AUjBEY5FNx4ARXo54K1tslO+pPZqoU+pTWZ9FZe22iFlwCzIlBAKWK6d9sJKYQVyRDKEK8MfNaVRrXQwkYjZwuIrrcw59w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=BD8Ii3EU; arc=none smtp.client-ip=209.85.214.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="BD8Ii3EU" Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-2956d816c10so63301305ad.1 for ; Tue, 09 Dec 2025 02:31:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1765276288; x=1765881088; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=/yj0w8fdlKkFDRy9220y5hCmadloVvp4/iXerUe4NDE=; b=BD8Ii3EUXU/i5X6wPGHDQEu3rezl/BSR/C3Wm6sB1kvRAkfJvfsf0SXwlS2/NZjl7a YIPwQX+qFuig/YfDI3C+NQzhjAVe4Uwj4u170nongvBScdDTMB+3M3q6/L3t0VmzwruT 6TLGyopwkoMgsvr+m+5VYL8LnVM3xhGdd/lKTUyRn1DAAVBXmQIR0IpKoE+rMuQ3bZBV mzn3E3FHxQSaESmDQR4mZg6F5lG/NuSQ8p0NFNc0Bmjwrkd1OI4wXLA6Gvl/AeeubjEA 1AUdv3qrXvIiwbeyj6Wg87FsXSRVThsiSC0hMrUtUKTnCf28NjTuTz5z7d7F9usCryLy SjXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1765276288; x=1765881088; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=/yj0w8fdlKkFDRy9220y5hCmadloVvp4/iXerUe4NDE=; b=Zpj+3BqvrI0tY+JMM6OS0BcPpw9plAsBHWD7vVQAUKkUVGWnMCyxSHqt55XvFPdepu IZ0G2bheiDA69C/tEGwEX2mWaZSPKwA3VuTmKBv+N6BsUxDJeEBIsKeboFIQzuUfCpeC NZ76+UG6c91cfvxtNca9bh8bFJaiEZTDKHAlcTTqrfUfBSShadm1bh4KTxJUPbi45v8R 1/IP72J2optmxJEYCKof3UUz3p/n131Z2EDWLB+1hoQEXMXOI9MAouoDyBGSE8A6bX2x wspsf6i11ySMZFyowhECmgstAY0O5KDja6HvW0eXOoxcyutqX3bLi2zFIJ5tcI+WDBaH emkg== X-Forwarded-Encrypted: i=1; AJvYcCXtIFfHkn/dybqV9dqM/QKClQhGiJ0muOIfbIqV2pJRxu7YvF5XK6miDH2Zi/ivyonRMQvEqk/x1xC1mis=@vger.kernel.org X-Gm-Message-State: AOJu0YzuN3p0wFAxZxFw7foSGDYQ8110oJZm42fVnu/Ay2G5/TeGAXCS 62Hjp1Szf1jg0vZKgVYwhytI5ykv8k+63DTI24e4AqAzqipYAed+G5Q/ X-Gm-Gg: AY/fxX7/TUHn+auWogBSQoCU4VUKSJppdKR77abomQ5CJK5xZnfQo2fyN25bKf1hLvp OqWbwgYvl08tSGoDKzeqp4VwpoShxXMhk+RHk542NvZBfaqfGLZLkVAM394CnjG/SQnLxwjMIYe kfZ/smtUSt3ko/ZGmcTgyMnlETedVswdSnRpb4vFb8GKWtNvf+SS6uVmJulSZOX9zcPtx65i2jE w1jvdhViu35BBLDG2o0n3idZocRB4S3xZ95Yg1sp0gxiTpi5kF7Tg9NGCuRr4IKUBelv5iizEBk cWVy9JMsSEHHz3KfALnRRmJXRgugqn4FrGxdjtXQl51Z1wIW8BS5Z81WmaMrCLhuWVPpPSn0ubg qUgBn8IKBVNTEs0fmfexRnXGce2GyG5di2MqPwbi4uoWSsKbig0qFCGEmktWCuHo6CHiWeFcapx 82nlm4pzn+3Rc= X-Google-Smtp-Source: AGHT+IGT96A1erd61gvFmTe3P8AK62zWKkju7VS5bZ29xeGcMHMfsVoc7tZR2o3bVREg1cKHPPBc6Q== X-Received: by 2002:a17:903:19e3:b0:29d:7b9b:515b with SMTP id d9443c01a7336-29df5791cb1mr77431165ad.20.1765276287542; Tue, 09 Dec 2025 02:31:27 -0800 (PST) Received: from oslab.. ([2402:f000:4:1006:809:ffff:fffe:18ea]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-29dae99f20bsm149111715ad.46.2025.12.09.02.31.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Dec 2025 02:31:27 -0800 (PST) From: Tuo Li To: rafael@kernel.org, lenb@kernel.org Cc: linux-acpi@vger.kernel.org, linux-kernel@vger.kernel.org, Tuo Li Subject: [PATCH] ACPI: processor: Fix a possible null-pointer dereference in acpi_processor_errata_piix4() when debug messages are enabled Date: Tue, 9 Dec 2025 18:31:13 +0800 Message-ID: <20251209103114.3964322-1-islituo@gmail.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In acpi_processor_errata_piix4(), the pointer dev is first assigned an IDE device and then reassigned an ISA device: dev =3D pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB, ...); dev =3D pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB_0, ...); If the first lookup succeeds but the second fails, dev becomes NULL. This leads to a potential null-pointer dereference when dev_dbg() is called: if (errata.piix4.bmisx) dev_dbg(&dev->dev, ...); To prevent this, use two temporary pointers and retrieve each device independently, avoiding overwriting dev with a possible NULL value. Signed-off-by: Tuo Li --- drivers/acpi/acpi_processor.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/drivers/acpi/acpi_processor.c b/drivers/acpi/acpi_processor.c index 7ec1dc04fd11..ddd7081430f7 100644 --- a/drivers/acpi/acpi_processor.c +++ b/drivers/acpi/acpi_processor.c @@ -50,6 +50,7 @@ static int acpi_processor_errata_piix4(struct pci_dev *de= v) { u8 value1 =3D 0; u8 value2 =3D 0; + struct pci_dev *ide_dev, *isa_dev; =20 =20 if (!dev) @@ -107,12 +108,12 @@ static int acpi_processor_errata_piix4(struct pci_dev= *dev) * each IDE controller's DMA status to make sure we catch all * DMA activity. */ - dev =3D pci_get_subsys(PCI_VENDOR_ID_INTEL, + ide_dev =3D pci_get_subsys(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82371AB, PCI_ANY_ID, PCI_ANY_ID, NULL); - if (dev) { - errata.piix4.bmisx =3D pci_resource_start(dev, 4); - pci_dev_put(dev); + if (ide_dev) { + errata.piix4.bmisx =3D pci_resource_start(ide_dev, 4); + pci_dev_put(ide_dev); } =20 /* @@ -124,24 +125,24 @@ static int acpi_processor_errata_piix4(struct pci_dev= *dev) * disable C3 support if this is enabled, as some legacy * devices won't operate well if fast DMA is disabled. */ - dev =3D pci_get_subsys(PCI_VENDOR_ID_INTEL, + isa_dev =3D pci_get_subsys(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82371AB_0, PCI_ANY_ID, PCI_ANY_ID, NULL); - if (dev) { - pci_read_config_byte(dev, 0x76, &value1); - pci_read_config_byte(dev, 0x77, &value2); + if (isa_dev) { + pci_read_config_byte(isa_dev, 0x76, &value1); + pci_read_config_byte(isa_dev, 0x77, &value2); if ((value1 & 0x80) || (value2 & 0x80)) errata.piix4.fdma =3D 1; - pci_dev_put(dev); + pci_dev_put(isa_dev); } =20 break; } =20 if (errata.piix4.bmisx) - dev_dbg(&dev->dev, "Bus master activity detection (BM-IDE) erratum enabl= ed\n"); + dev_dbg(&ide_dev->dev, "Bus master activity detection (BM-IDE) erratum e= nabled\n"); if (errata.piix4.fdma) - dev_dbg(&dev->dev, "Type-F DMA livelock erratum (C3 disabled)\n"); + dev_dbg(&isa_dev->dev, "Type-F DMA livelock erratum (C3 disabled)\n"); =20 return 0; } --=20 2.43.0