Re: [PATCH] PM: EM: Fix NULL pointer dereference in em_create_pd()

[Lukasz Luba]

On 1/15/26 20:30, Rafael J. Wysocki wrote:
> On Thu, Jan 15, 2026 at 11:37 AM Malaya Kumar Rout <mrout@xxxxxxxxxx> wrote:
> > The get_cpu_device() function can return NULL if the CPU device is
> > not registered. However, the code in em_create_pd() dereferences the
> > returned pointer without checking for NULL, which can lead to a kernel
> > panic during energy model initialization.
> >
> > Add a NULL check before dereferencing cpu_dev. If get_cpu_device()
> > returns NULL, return -ENODEV and properly clean up allocated resources
> > through the existing error path.
> >
> > This issue was found by code inspection. The same function is correctly
> > handled with NULL checking in em_cpu_get() at line 555-557.
> >
> > Fixes: 1bc138c62295 ("PM / EM: add support for other devices than CPUs in Energy Model")
> > Signed-off-by: Malaya Kumar Rout <mrout@xxxxxxxxxx>
> > ---
> >   kernel/power/energy_model.c | 4 ++++
> >   1 file changed, 4 insertions(+)
> >
> > diff --git a/kernel/power/energy_model.c b/kernel/power/energy_model.c
> > index 11af9f64aa82..3971743d7e67 100644
> > --- a/kernel/power/energy_model.c
> > +++ b/kernel/power/energy_model.c
> > @@ -466,6 +466,10 @@ static int em_create_pd(struct device *dev, int nr_states,
> >          if (_is_cpu_device(dev))
> >                  for_each_cpu(cpu, cpus) {
> >                          cpu_dev = get_cpu_device(cpu);
> > +                       if (!cpu_dev) {
> > +                               ret = -ENODEV;
> > +                               goto free_pd_table;
>
> No, you need to clear em_pd for the CPUs for which it has been set already.
>
> Maybe it would be better to do this check upfront for all CPUs in the
> mask.  Lukasz?

Right, let me study this and come back with the recommendation...