[PATCH] powerpc/pseries/msi: Fix NULL pointer dereference at irq domain teardown
Nam Cao
namcao at linutronix.de
Fri Oct 10 23:03:07 AEDT 2025
pseries_msi_ops_teardown() reads pci_dev* from msi_alloc_info_t. However,
pseries_msi_ops_prepare() does not populate this structure, thus it is all
zeros. Consequently, pseries_msi_ops_teardown() triggers a NULL pointer
dereference crash.
struct pci_dev is available in struct irq_domain. Read it there instead.
Reported-by: Venkat Rao Bagalkote <venkat88 at linux.ibm.com>
Closes: https://lore.kernel.org/linuxppc-dev/878d7651-433a-46fe-a28b-1b7e893fcbe0@linux.ibm.com/
Tested-by: Venkat Rao Bagalkote <venkat88 at linux.ibm.com>
Signed-off-by: Nam Cao <namcao at linutronix.de>
---
arch/powerpc/platforms/pseries/msi.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/arch/powerpc/platforms/pseries/msi.c b/arch/powerpc/platforms/pseries/msi.c
index 825f9432e03d..a82aaa786e9e 100644
--- a/arch/powerpc/platforms/pseries/msi.c
+++ b/arch/powerpc/platforms/pseries/msi.c
@@ -443,8 +443,7 @@ static int pseries_msi_ops_prepare(struct irq_domain *domain, struct device *dev
*/
static void pseries_msi_ops_teardown(struct irq_domain *domain, msi_alloc_info_t *arg)
{
- struct msi_desc *desc = arg->desc;
- struct pci_dev *pdev = msi_desc_to_pci_dev(desc);
+ struct pci_dev *pdev = to_pci_dev(domain->dev);
rtas_disable_msi(pdev);
}
--
2.51.0
More information about the Linuxppc-dev
mailing list