1. Patchew
  2. linux
  3. View series

[PATCH] ACPI: processor: idle: Fix NULL pointer dereference in hotplug path

Huisong Li posted 1 patch 2 months, 1 week ago
There is a newer version of this series
drivers/acpi/processor_idle.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
[PATCH] ACPI: processor: idle: Fix NULL pointer dereference in hotplug path
Posted by Huisong Li 2 months, 1 week ago 
A cpuidle_device might fail to register during boot, but the system can
continue to run. In such cases, acpi_processor_hotplug() can trigger
a NULL pointer dereference when accessing the per-cpu acpi_cpuidle_device.

So add NULL pointer check for the per-cpu acpi_cpuidle_device in
acpi_processor_hotplug.

Signed-off-by: Huisong Li <lihuisong@huawei.com>
---
 drivers/acpi/processor_idle.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c
index 479995a4c48a..2adaee0f32ed 100644
--- a/drivers/acpi/processor_idle.c
+++ b/drivers/acpi/processor_idle.c
@@ -1267,16 +1267,15 @@ static int acpi_processor_get_power_info(struct acpi_processor *pr)
 
 int acpi_processor_hotplug(struct acpi_processor *pr)
 {
+	struct cpuidle_device *dev = per_cpu(acpi_cpuidle_device, pr->id);
 	int ret = 0;
-	struct cpuidle_device *dev;
 
 	if (disabled_by_idle_boot_param())
 		return 0;
 
-	if (!pr->flags.power_setup_done)
+	if (!pr->flags.power_setup_done || !dev)
 		return -ENODEV;
 
-	dev = per_cpu(acpi_cpuidle_device, pr->id);
 	cpuidle_pause_and_lock();
 	cpuidle_disable_device(dev);
 	ret = acpi_processor_get_power_info(pr);
-- 
2.33.0
Re: [PATCH] ACPI: processor: idle: Fix NULL pointer dereference in hotplug path
Posted by Rafael J. Wysocki 2 months, 1 week ago 
On Fri, Apr 3, 2026 at 11:03 AM Huisong Li <lihuisong@huawei.com> wrote:
>
> A cpuidle_device might fail to register during boot, but the system can
> continue to run. In such cases, acpi_processor_hotplug() can trigger
> a NULL pointer dereference when accessing the per-cpu acpi_cpuidle_device.
>
> So add NULL pointer check for the per-cpu acpi_cpuidle_device in
> acpi_processor_hotplug.
>
> Signed-off-by: Huisong Li <lihuisong@huawei.com>
> ---
>  drivers/acpi/processor_idle.c | 5 ++---
>  1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c
> index 479995a4c48a..2adaee0f32ed 100644
> --- a/drivers/acpi/processor_idle.c
> +++ b/drivers/acpi/processor_idle.c
> @@ -1267,16 +1267,15 @@ static int acpi_processor_get_power_info(struct acpi_processor *pr)
>
>  int acpi_processor_hotplug(struct acpi_processor *pr)
>  {
> +       struct cpuidle_device *dev = per_cpu(acpi_cpuidle_device, pr->id);
>         int ret = 0;
> -       struct cpuidle_device *dev;
>
>         if (disabled_by_idle_boot_param())
>                 return 0;
>
> -       if (!pr->flags.power_setup_done)
> +       if (!pr->flags.power_setup_done || !dev)
>                 return -ENODEV;
>
> -       dev = per_cpu(acpi_cpuidle_device, pr->id);
>         cpuidle_pause_and_lock();
>         cpuidle_disable_device(dev);
>         ret = acpi_processor_get_power_info(pr);
> --

Applied as 7.1 material, thanks!

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.