From nobody Sun Feb 8 11:45:45 2026 Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DEC0133F8AE for ; Sun, 11 Jan 2026 16:32:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768149160; cv=none; b=a5iNKM4Tc7JFlfTWF3lKmiHAws75l+X9bPlYlSW9y4JyHY3Am2NgB3wsesdJHBagvTVhmXcblPUhlbzsmJJSw23JmN/+cxYvYhkVbaaXpaKLwd2SSDQ/DRU2bTik0gtnodpddA/kSsGG5DliDDriDuz4XjXeZC+Lat4nO3u/Fgo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768149160; c=relaxed/simple; bh=bCuarnFNRCnr39J2usARL/W3Wz8m2zhoLrFZ1H028Og=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=CejOLYqZd3ZEpdT/YIQhXFLf7v31S8acjPn89Lgm0vuLGhIhwh/ACab6lpEYw3gWQuFYoYM0A02W5ClHYiSkK+WSrRmp2aMlJ+BU3velL6UVYNEdgnDGon3ko7y8IKoYMR1qA4bh4CGgH11gIS+/y8MJ/9/waVPynw9xYEHP/pk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=NLVvp0oq; arc=none smtp.client-ip=209.85.210.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="NLVvp0oq" Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-81f39438187so504091b3a.2 for ; Sun, 11 Jan 2026 08:32:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768149158; x=1768753958; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=s4TpFVNLEQuYiPG1Qe8WVzTpZhAqoRthypQE7fqDUSY=; b=NLVvp0oqZK7GAWM8WRC22EAw0EVoHK+I0R3+O0drYKagTDg3BMq8tLz2O0Wa8PN7Xu Nj2bSW4rj6w2GgsV9ef524+5DqqnTjb34KbuSeDTyyoKKBlXjhsuGTmP5LJjfgzTFSTl hnEXQRbZEa2fI0YvGD8zBrSIe+NxP5qsRhVPOuldI1GuOAhs0nxqJUQzFFXn49Kn/RqV PTiJE3vc8ibETXulKDZSSL1jl7gnZ/fVB/zikJtH499VthrhdtDjUAxxXssQV+mn+v3h SeEP9bm51VO1BmxFZXWoGHliOsIxKj7jI/6e8rYAGhw/ZyQKvsELddPo9RSi0vBiVLmt tACg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768149158; x=1768753958; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=s4TpFVNLEQuYiPG1Qe8WVzTpZhAqoRthypQE7fqDUSY=; b=cGLGj/9ckHYjXYwhHgRHiQT7SRn+tLgVO3bklT5GYfS4FnfRq7iqFJCJNRm12RhEi4 GJmXeC40VJWF/EdSyxrMau9/Zrz3ZmcjnLT9HV3CNuRwaJrJDmecSwLTKbTi/53cb5Wo idt2dxoMg+Naob5cdwXcB9oL9QygIOyfKEzPPr0ZvFqkRbjEyHg5+vjAKEGfW7gG5vdX eNgaER0e7qsOgL+wMuzHcnb0X9r4491QfhE60dn5h3i+6gim1qMvmf2o79fJaQrjkB7u Ur/wqLA1IymA3O+Z0cZ3yV8sd/nE7bm6BTbg0uKofYCwsw9cBy32yckvhq5xuIjHb/oo badg== X-Forwarded-Encrypted: i=1; AJvYcCWF9bZiBttF2BnBvV0UqSOD3xIl4ZksKwAC4/d0Pnur5zVcrfC3etOf7NjSnB0M6fAIqxqeAgstMS79I4E=@vger.kernel.org X-Gm-Message-State: AOJu0Yy2CPVqsFNJJWRbaAwGQfmzpJRpcrod79aXY+BAhy+D7NxbfcZr pzZ1abfcPYCORkaTIR8R5mBAsF9nBDR9f1g0AnVE9wQRTmjprpPd8Eio X-Gm-Gg: AY/fxX6nXTIk0mx7fJLLkjo0OYW6Wvhy8CiWF0k43lwb9b9HqZneN7OWySIZmmb7vUi A9zGin/h2uOB+g5gOZT1KpBtEuZJmzPFMdldctvTL66Jaoj3Np+/92SxypWBDlyKAmzOa/6+3Te XjZePAuBEQpRWZGMR765DEhMAxIvCJBrhgHPn/GNUQfQK4SiG/EOZ3spytKwt54qGPU23f9xt93 e4vCYloakLY73TGgCuhLVgfsOgRx0mj+ahog/uG5Fio4McaptqZT509B6e4MqI6C0YC7Kxjc9A+ YrkBNCHUtUBX1gXsKnE8/P85j0mcQnKYZcCV38f/3V/jFUNaBIiiQ4K2nFVNpSlhv1UBvm3co0V 5bAEA3tH9/yK60eHnKO4Pq66q3UYYC/cEK9/n8FerNKH+pBt7dz5UsH2tLXLCPkRUB4vYMa0= X-Google-Smtp-Source: AGHT+IFhjfp8iUng3rZnb8udZDChBCD1uV+dGKPvnYGBapEk1VRy0GFtinohxmXmzl6POzntYUhTjA== X-Received: by 2002:a05:6a00:428e:b0:7a2:7458:7fc8 with SMTP id d2e1a72fcca58-81b7d862d52mr12814023b3a.13.1768149158173; Sun, 11 Jan 2026 08:32:38 -0800 (PST) Received: from oslab.. ([2402:f000:4:1006:809:0:a77:18ea]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-c4cca06b6d9sm15456865a12.34.2026.01.11.08.32.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 11 Jan 2026 08:32:37 -0800 (PST) From: Tuo Li To: rafael@kernel.org, lenb@kernel.org Cc: linux-acpi@vger.kernel.org, linux-kernel@vger.kernel.org, Tuo Li Subject: [PATCH v3] ACPI: processor: Fix a possible null-pointer dereference in acpi_processor_errata_piix4() when debug messages are enabled Date: Mon, 12 Jan 2026 00:32:14 +0800 Message-ID: <20260111163214.202262-1-islituo@gmail.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In acpi_processor_errata_piix4(), the pointer dev is first assigned an IDE device and then reassigned an ISA device: dev =3D pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB, ...); dev =3D pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB_0, ...); If the first lookup succeeds but the second fails, dev becomes NULL. This leads to a potential null-pointer dereference when dev_dbg() is called: if (errata.piix4.bmisx) dev_dbg(&dev->dev, ...); To prevent this, use two temporary pointers and retrieve each device independently, avoiding overwriting dev with a possible NULL value. Signed-off-by: Tuo Li --- v3: * Initialize the new variables to NULL and drop redundant checks. Thanks Rafael J. Wysocki for helpful advice. v2: * Add checks for ide_dev and isa_dev before dev_dbg() Thanks Rafael J. Wysocki for helpful advice. --- drivers/acpi/acpi_processor.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/drivers/acpi/acpi_processor.c b/drivers/acpi/acpi_processor.c index 7ec1dc04fd11..de256e3adeed 100644 --- a/drivers/acpi/acpi_processor.c +++ b/drivers/acpi/acpi_processor.c @@ -50,6 +50,7 @@ static int acpi_processor_errata_piix4(struct pci_dev *de= v) { u8 value1 =3D 0; u8 value2 =3D 0; + struct pci_dev *ide_dev =3D NULL, *isa_dev =3D NULL; =20 =20 if (!dev) @@ -107,12 +108,12 @@ static int acpi_processor_errata_piix4(struct pci_dev= *dev) * each IDE controller's DMA status to make sure we catch all * DMA activity. */ - dev =3D pci_get_subsys(PCI_VENDOR_ID_INTEL, + ide_dev =3D pci_get_subsys(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82371AB, PCI_ANY_ID, PCI_ANY_ID, NULL); - if (dev) { - errata.piix4.bmisx =3D pci_resource_start(dev, 4); - pci_dev_put(dev); + if (ide_dev) { + errata.piix4.bmisx =3D pci_resource_start(ide_dev, 4); + pci_dev_put(ide_dev); } =20 /* @@ -124,24 +125,24 @@ static int acpi_processor_errata_piix4(struct pci_dev= *dev) * disable C3 support if this is enabled, as some legacy * devices won't operate well if fast DMA is disabled. */ - dev =3D pci_get_subsys(PCI_VENDOR_ID_INTEL, + isa_dev =3D pci_get_subsys(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82371AB_0, PCI_ANY_ID, PCI_ANY_ID, NULL); - if (dev) { - pci_read_config_byte(dev, 0x76, &value1); - pci_read_config_byte(dev, 0x77, &value2); + if (isa_dev) { + pci_read_config_byte(isa_dev, 0x76, &value1); + pci_read_config_byte(isa_dev, 0x77, &value2); if ((value1 & 0x80) || (value2 & 0x80)) errata.piix4.fdma =3D 1; - pci_dev_put(dev); + pci_dev_put(isa_dev); } =20 break; } =20 - if (errata.piix4.bmisx) - dev_dbg(&dev->dev, "Bus master activity detection (BM-IDE) erratum enabl= ed\n"); - if (errata.piix4.fdma) - dev_dbg(&dev->dev, "Type-F DMA livelock erratum (C3 disabled)\n"); + if (ide_dev) + dev_dbg(&ide_dev->dev, "Bus master activity detection (BM-IDE) erratum e= nabled\n"); + if (isa_dev) + dev_dbg(&isa_dev->dev, "Type-F DMA livelock erratum (C3 disabled)\n"); =20 return 0; } --=20 2.43.0