Received: by 2002:a05:6a10:d5a5:0:0:0:0 with SMTP id gn37csp1259567pxb;
        Fri, 1 Oct 2021 07:02:02 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxjBSbNx5wuJwfF4rCWtRTq8J5MSKeZzRu+9KwV/J11RaBdYgrUKqu/jplrEU3kcAsFB1+o
X-Received: by 2002:a65:49c3:: with SMTP id t3mr5034973pgs.224.1633096921492;
        Fri, 01 Oct 2021 07:02:01 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1633096921; cv=none;
        d=google.com; s=arc-20160816;
        b=0GM7LIr+RQ5NdhNBBPttxwEGczs15uHmIqGTlrWqDTq9/42h7WCNXJPXiC1OML91Uz
         VRtWVHLdYcPu4O7cXkrFsI+Kdwk61rpl/t7tqUjMhiOwAA+1pcgGppfqipGsoiiapryu
         bjGLhGP3nQ/m0f3UDx394TgP2CGgp4Y68PitgEGb7u9F7MoXDQmBWGxNWEqBVATkjBcx
         jbTew17qt910saDGhopRpZASuHFbAOP3shM7w6POXsP8Dq9YpJuGhM+yZHyaWJ7dGEaU
         w0Kt2+RehrVuvRJ7STKAxJLLJWLY0Lkc0ieMyAoV9KFQJYOg229LTuXiT2C+hvZ3W/f/
         rocw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=is7S3erxHzFdUnH6CmRz5qspLa5gjhd7QV7wMe+lBO4=;
        b=iE2idWWdvYpkCq2lAyPwfLLzkX7HFeRpFWm0b/j8OOqEuMwROmcb6cz7XFtzS0bLuJ
         et/QuXrbYOzULGdiCXZhWdnokRiA+g5+bARHIxedj02Q//mXMYyH/9+i/XfjOirhq9P/
         bi6y5hhvf5qyj+rVY+SEObyZ0m9yHVo56f/Ts7fzmPCe9bUuk11bQzm8L/ETtp9JBCam
         76kBJRLwWOi3yW9JzL0Ff9fqDXwcLF/Mxx1RGunOj/r97MEN+Rq8PhxeVlqfwRE1xgEV
         rXjnWL6QCP9x31szRHzp+FpwQOxxOfOTtrYp4dVJ+ukfqPToKFju3fJTv3kisZMFDI+8
         nLuQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id q22si7338451pgv.490.2021.10.01.07.01.46;
        Fri, 01 Oct 2021 07:02:01 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231795AbhJAN75 (ORCPT <rfc822;longbowk@gmail.com> + 99 others);
        Fri, 1 Oct 2021 09:59:57 -0400
Received: from cloudserver094114.home.pl ([79.96.170.134]:50168 "EHLO
        cloudserver094114.home.pl" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231530AbhJAN75 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 1 Oct 2021 09:59:57 -0400
Received: from localhost (127.0.0.1) (HELO v370.home.net.pl)
 by /usr/run/smtp (/usr/run/postfix/private/idea_relay_lmtp) via UNIX with SMTP (IdeaSmtpServer 3.0.0)
 id b330d1a140d17332; Fri, 1 Oct 2021 15:58:11 +0200
Received: from kreacher.localnet (unknown [213.134.175.164])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
        (No client certificate requested)
        by v370.home.net.pl (Postfix) with ESMTPSA id BFC5E66A79A;
        Fri,  1 Oct 2021 15:58:10 +0200 (CEST)
From:   "Rafael J. Wysocki" <rjw@rjwysocki.net>
To:     Linux PCI <linux-pci@vger.kernel.org>,
        Bjorn Helgaas <helgaas@kernel.org>
Cc:     Linux ACPI <linux-acpi@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Niklas Schnelle <schnelle@linux.ibm.com>,
        Jesse Brandeburg <jesse.brandeburg@intel.com>,
        Shanker Donthineni <sdonthineni@nvidia.com>,
        Alex Williamson <alex.williamson@redhat.com>
Subject: [PATCH] PCI: ACPI: Check parent pointer in acpi_pci_find_companion()
Date:   Fri, 01 Oct 2021 15:58:10 +0200
Message-ID: <5523582.DvuYhMxLoT@kreacher>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="UTF-8"
X-CLIENT-IP: 213.134.175.164
X-CLIENT-HOSTNAME: 213.134.175.164
X-VADE-SPAMSTATE: clean
X-VADE-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedvtddrudekiedgieejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecujffqoffgrffnpdggtffipffknecuuegrihhlohhuthemucduhedtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpefhvffufffkggfgtgesthfuredttddtjeenucfhrhhomhepfdftrghfrggvlhculfdrucghhihsohgtkhhifdcuoehrjhifsehrjhifhihsohgtkhhirdhnvghtqeenucggtffrrghtthgvrhhnpedvvefgteeuteehkeduuedvudetleevffdtffdtjeejueekffetieekgfeigfehudenucffohhmrghinhepkhgvrhhnvghlrdhorhhgnecukfhppedvudefrddufeegrddujeehrdduieegnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepvddufedrudefgedrudejhedrudeigedphhgvlhhopehkrhgvrggthhgvrhdrlhhotggrlhhnvghtpdhmrghilhhfrhhomhepfdftrghfrggvlhculfdrucghhihsohgtkhhifdcuoehrjhifsehrjhifhihsohgtkhhirdhnvghtqedprhgtphhtthhopehlihhnuhigqdhptghisehvghgvrhdrkhgvrhhnvghlrdhorhhgpdhrtghpthhtohephhgvlhhgrggrsheskhgvrhhnvghlrdhorhhgpdhrtghpthhtoheplhhinhhugidqrggtphhisehvghgvrhdrkhgvrhhnvghlrdhorhhgpdhrtghpthhtoheplhhinhhugidqkhgvrhhnvghlsehvghgvrhdrkhgvrhhnvghlrdhorhhgpdhr
 tghpthhtohepshgthhhnvghllhgvsehlihhnuhigrdhisghmrdgtohhmpdhrtghpthhtohepjhgvshhsvgdrsghrrghnuggvsghurhhgsehinhhtvghlrdgtohhmpdhrtghpthhtohepshguohhnthhhihhnvghnihesnhhvihguihgrrdgtohhmpdhrtghpthhtoheprghlvgigrdifihhllhhirghmshhonhesrhgvughhrghtrdgtohhm
X-DCC--Metrics: v370.home.net.pl 1024; Body=8 Fuz1=8 Fuz2=8
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>

If acpi_pci_find_companion() is called for a device whose parent
pointer is NULL, it will crash when attempting to get the ACPI
companion of the parent due to a NULL pointer dereference in
the ACPI_COMPANION() macro.

This was not a problem before commit 375553a93201 ("PCI: Setup ACPI
fwnode early and at the same time with OF") that made pci_setup_device()
call pci_set_acpi_fwnode() and so it allowed devices with NULL parent
pointers to be passed to acpi_pci_find_companion() which is the case
in pci_iov_add_virtfn(), for instance.

Fix this issue by making acpi_pci_find_companion() check the device's
parent pointer upfront and bail out if it is NULL.

While pci_iov_add_virtfn() can be changed to set the device's parent
pointer before calling pci_setup_device() for it, checking pointers
against NULL before dereferencing them is prudent anyway and looking
for ACPI companions of virtual functions isn't really useful.

Fixes: 375553a93201 ("PCI: Setup ACPI fwnode early and at the same time with OF")
Link: https://lore.kernel.org/linux-acpi/8e4bbd5c59de31db71f718556654c0aa077df03d.camel@linux.ibm.com/
Reported-by: Niklas Schnelle <schnelle@linux.ibm.com>
Tested-by: Niklas Schnelle <schnelle@linux.ibm.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
---
 drivers/pci/pci-acpi.c |    3 +++
 1 file changed, 3 insertions(+)

Index: linux-pm/drivers/pci/pci-acpi.c
===================================================================
--- linux-pm.orig/drivers/pci/pci-acpi.c
+++ linux-pm/drivers/pci/pci-acpi.c
@@ -1243,6 +1243,9 @@ static struct acpi_device *acpi_pci_find
 	bool check_children;
 	u64 addr;
 
+	if (!dev->parent)
+		return NULL;
+
 	down_read(&pci_acpi_companion_lookup_sem);
 
 	adev = pci_acpi_find_companion_hook ?