Re: [PATCH] platform/x86: intel: punit_ipc: fix memory corruption
From: Ilpo Järvinen
Date: Fri Nov 21 2025 - 12:28:01 EST
On Fri, 21 Nov 2025, Dan Carpenter wrote:
> This passes a stack address to the IRQ handler, "&punit_ipcdev" vs
This first part I don't get, why you think &punit_ipcdev is a stack
address? The punit_ipcdev variable is defined in the global scope:
static IPC_DEV *punit_ipcdev;
> "punit_ipcdev" without the ampersand. This means that the:
>
> complete(&ipcdev->cmd_complete);
>
> in intel_punit_ioc() will corrupt the wrong memory.
Can you please also rephrace "will corrupt the wrong memory" as it has
a bit awkward sound in it. My suggestion:
...will write to a wrong memory address corrupting it.
(I'd have done this edit myself but I wanted to ask about the stack
address claim so better you just send v2.)
The change diff itself looks correct.
> Fixes: fdca4f16f57d ("platform:x86: add Intel P-Unit mailbox IPC driver")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> ---
> drivers/platform/x86/intel/punit_ipc.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/platform/x86/intel/punit_ipc.c b/drivers/platform/x86/intel/punit_ipc.c
> index bafac8aa2baf..14513010daad 100644
> --- a/drivers/platform/x86/intel/punit_ipc.c
> +++ b/drivers/platform/x86/intel/punit_ipc.c
> @@ -250,7 +250,7 @@ static int intel_punit_ipc_probe(struct platform_device *pdev)
> } else {
> ret = devm_request_irq(&pdev->dev, irq, intel_punit_ioc,
> IRQF_NO_SUSPEND, "intel_punit_ipc",
> - &punit_ipcdev);
> + punit_ipcdev);
> if (ret) {
> dev_err(&pdev->dev, "Failed to request irq: %d\n", irq);
> return ret;
>
--
i.