ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()

In acpi_processor_errata_piix4(), the pointer dev is first assigned an IDE
device and then reassigned an ISA device:

  dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB, ...);
  dev = pci_get_subsys(..., PCI_DEVICE_ID_INTEL_82371AB_0, ...);

If the first lookup succeeds but the second fails, dev becomes NULL. This
leads to a potential null-pointer dereference when dev_dbg() is called:

  if (errata.piix4.bmisx)
    dev_dbg(&dev->dev, ...);

To prevent this, use two temporary pointers and retrieve each device
independently, avoiding overwriting dev with a possible NULL value.

Signed-off-by: Tuo Li <islituo@gmail.com>
[ rjw: Subject adjustment, added an empty code line ]
Link: https://patch.msgid.link/20260111163214.202262-1-islituo@gmail.com
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>

diff --git a/drivers/acpi/acpi_processor.c b/drivers/acpi/acpi_processor.c
index 7ec1dc04fd11b9cc82151e495220b3e15d7fe6f4..85096ce7b658b523e707369d52a75392e635938a 100644 (file)
--- a/drivers/acpi/acpi_processor.c
+++ b/drivers/acpi/acpi_processor.c
@@ -50,6 +50,7 @@ static int acpi_processor_errata_piix4(struct pci_dev *dev)
 {
        u8 value1 = 0;
        u8 value2 = 0;
+       struct pci_dev *ide_dev = NULL, *isa_dev = NULL;
 
 
        if (!dev)
@@ -107,12 +108,12 @@ static int acpi_processor_errata_piix4(struct pci_dev *dev)
                 * each IDE controller's DMA status to make sure we catch all
                 * DMA activity.
                 */
-               dev = pci_get_subsys(PCI_VENDOR_ID_INTEL,
+               ide_dev = pci_get_subsys(PCI_VENDOR_ID_INTEL,
                                     PCI_DEVICE_ID_INTEL_82371AB,
                                     PCI_ANY_ID, PCI_ANY_ID, NULL);
-               if (dev) {
-                       errata.piix4.bmisx = pci_resource_start(dev, 4);
-                       pci_dev_put(dev);
+               if (ide_dev) {
+                       errata.piix4.bmisx = pci_resource_start(ide_dev, 4);
+                       pci_dev_put(ide_dev);
                }
 
                /*
@@ -124,24 +125,25 @@ static int acpi_processor_errata_piix4(struct pci_dev *dev)
                 * disable C3 support if this is enabled, as some legacy
                 * devices won't operate well if fast DMA is disabled.
                 */
-               dev = pci_get_subsys(PCI_VENDOR_ID_INTEL,
+               isa_dev = pci_get_subsys(PCI_VENDOR_ID_INTEL,
                                     PCI_DEVICE_ID_INTEL_82371AB_0,
                                     PCI_ANY_ID, PCI_ANY_ID, NULL);
-               if (dev) {
-                       pci_read_config_byte(dev, 0x76, &value1);
-                       pci_read_config_byte(dev, 0x77, &value2);
+               if (isa_dev) {
+                       pci_read_config_byte(isa_dev, 0x76, &value1);
+                       pci_read_config_byte(isa_dev, 0x77, &value2);
                        if ((value1 & 0x80) || (value2 & 0x80))
                                errata.piix4.fdma = 1;
-                       pci_dev_put(dev);
+                       pci_dev_put(isa_dev);
                }
 
                break;
        }
 
-       if (errata.piix4.bmisx)
-               dev_dbg(&dev->dev, "Bus master activity detection (BM-IDE) erratum enabled\n");
-       if (errata.piix4.fdma)
-               dev_dbg(&dev->dev, "Type-F DMA livelock erratum (C3 disabled)\n");
+       if (ide_dev)
+               dev_dbg(&ide_dev->dev, "Bus master activity detection (BM-IDE) erratum enabled\n");
+
+       if (isa_dev)
+               dev_dbg(&isa_dev->dev, "Type-F DMA livelock erratum (C3 disabled)\n");
 
        return 0;
 }