[PATCH 0/2] PCI: Fix NULL pointer access in pci_store_saved_state()

Next message: Krishna Chaitanya Chundru: "[PATCH 1/2] PCI: Add pcie_link_is_active() to determine if the link is active"
Previous message: ShiHao: "Re: [PATCH v2] dt-bindings: gpio: cavium,thunder-8890: Convert to DT schema"
Next in thread: Krishna Chaitanya Chundru: "[PATCH 1/2] PCI: Add pcie_link_is_active() to determine if the link is active"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Krishna Chaitanya Chundru

Date: Sat Apr 04 2026 - 04:53:32 EST

If the PCIe link goes down while pci_save_state() is in progress, reads
from the device configuration space may return invalid values(all 0xF's).

This can lead to saving corrupted or inconsistent capability state and
subsequent memory corruption. The issue is not limited to a specific
capability type and may occur at any point during the save process.

One example is, while saving VC extended capability save path
(pci_save_vc_state() / pci_vc_do_save_buffer()) then interprets all-1s
capability fields as valid and ends up writing far beyond the allocated
pci_cap_saved_state buffer, corrupting the pci_dev->saved_cap_space list.

Signed-off-by: Krishna Chaitanya Chundru <krishna.chundru@xxxxxxxxxxxxxxxx>
---
Krishna Chaitanya Chundru (2):
PCI: Add pcie_link_is_active() to determine if the link is active
PCI: Fix NULL pointer access in pci_store_saved_state()

drivers/pci/hotplug/pciehp.h | 1 -
drivers/pci/hotplug/pciehp_ctrl.c | 2 +-
drivers/pci/hotplug/pciehp_hpc.c | 35 ++++-------------------------------
drivers/pci/pci.c | 38 +++++++++++++++++++++++++++++++++++---
drivers/pci/pci.h | 1 +
5 files changed, 41 insertions(+), 36 deletions(-)
---
base-commit: 7ca6d1cfec80ebe46cc063f3284c5896c344d9a1
change-id: 20260303-fix_pci_access-c03b3b64ddbc

Best regards,
--
Krishna Chaitanya Chundru <krishna.chundru@xxxxxxxxxxxxxxxx>