From: ethan zhao <ethan.zhao@oracle.com>
To: Viresh Kumar <viresh.kumar@linaro.org>
Cc: Dirk Brandewie <dirk.j.brandewie@intel.com>,
kristen@linux.intel.com, "Rafael J. Wysocki" <rjw@rjwysocki.net>,
Linda Knippers <linda.knippers@hp.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
"linux-pm@vger.kernel.org" <linux-pm@vger.kernel.org>,
Ethan Zhao <ethan.kernel@gmail.com>
Subject: Re: [PATCH V3] cpufreq: fix a NULL pointer dereference triggered by _PPC changed notification
Date: Thu, 18 Dec 2014 14:31:53 +0800 [thread overview]
Message-ID: <549274D9.5000102@oracle.com> (raw)
In-Reply-To: <CAKohponG+RKcCGGNYxwm0h_6jLWt2v6PqKLyQycka3N0db8c-Q@mail.gmail.com>
Viresh,
On 2014/12/18 14:29, Viresh Kumar wrote:
> On 18 December 2014 at 11:58, Ethan Zhao <ethan.zhao@oracle.com> wrote:
>> If _PPC changed notification happens before governor was initiated while kernel
>> is booting, a NULL pointer dereference will be triggered:
>>
>> BUG: unable to handle kernel NULL pointer dereference at 0000000000000030
>> IP: [<ffffffff81470453>] __cpufreq_governor+0x23/0x1e0
>> PGD 0
>> Oops: 0000 [#1] SMP
>> ... ...
>> RIP: 0010:[<ffffffff81470453>] [<ffffffff81470453>]
>> __cpufreq_governor+0x23/0x1e0
>> RSP: 0018:ffff881fcfbcfbb8 EFLAGS: 00010286
>> RAX: 0000000000000000 RBX: ffff881fd11b3980 RCX: ffff88407fc20000
>> RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff881fd11b3980
>> RBP: ffff881fcfbcfbd8 R08: 0000000000000000 R09: 000000000000000f
>> R10: ffffffff818068d0 R11: 0000000000000043 R12: 0000000000000004
>> R13: 0000000000000000 R14: ffffffff8196cae0 R15: 0000000000000000
>> FS: 0000000000000000(0000) GS:ffff881fffc00000(0000) knlGS:0000000000000000
>> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> CR2: 0000000000000030 CR3: 00000000018ae000 CR4: 00000000000407f0
>> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
>> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
>> Process kworker/0:3 (pid: 750, threadinfo ffff881fcfbce000, task
>> ffff881fcf556400)
>> Stack:
>> ffff881fffc17d00 ffff881fcfbcfc18 ffff881fd11b3980 0000000000000000
>> ffff881fcfbcfc08 ffffffff81470d08 ffff881fd11b3980 0000000000000007
>> ffff881fcfbcfc18 ffff881fffc17d00 ffff881fcfbcfd28 ffffffff81472e9a
>> Call Trace:
>> [<ffffffff81470d08>] __cpufreq_set_policy+0x1b8/0x2e0
>> [<ffffffff81472e9a>] cpufreq_update_policy+0xca/0x150
>> [<ffffffff81472f20>] ? cpufreq_update_policy+0x150/0x150
>> [<ffffffff81324a96>] acpi_processor_ppc_has_changed+0x71/0x7b
>> [<ffffffff81320bcd>] acpi_processor_notify+0x55/0x115
>> [<ffffffff812f9c29>] acpi_device_notify+0x19/0x1b
>> [<ffffffff813084ca>] acpi_ev_notify_dispatch+0x41/0x5f
>> [<ffffffff812f64a4>] acpi_os_execute_deferred+0x27/0x34
>>
>> The root cause is a race conditon -- cpufreq core and acpi-cpufreq driver
>> were initiated, but cpufreq_governor wasn't and _PPC changed notification
>> happened, __cpufreq_governor() was called within acpi_os_execute_deferred
>> kernel thread context.
>>
>> To fix this panic issue, add pointer checking code in __cpufreq_governor()
>> before pointer policy->governor is to be dereferenced.
>>
>> Signed-off-by: Ethan Zhao <ethan.zhao@oracle.com>
>> Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
>> ---
>> v2&v3: correct comment style.
>>
>> drivers/cpufreq/cpufreq.c | 5 +++++
>> 1 file changed, 5 insertions(+)
>>
>> diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
>> index 4473eba..b75735c 100644
>> --- a/drivers/cpufreq/cpufreq.c
>> +++ b/drivers/cpufreq/cpufreq.c
>> @@ -2021,6 +2021,11 @@ static int __cpufreq_governor(struct cpufreq_policy *policy,
>> /* Don't start any governor operations if we are entering suspend */
>> if (cpufreq_suspended)
>> return 0;
>> + /*
>> + * Governor might not be initiated here if _PPC changed notification
>> + * happened, check it.
>> + */
>> + if (!policy->governor)
>> + return -EINVAL;
>>
>> if (policy->governor->max_transition_latency &&
>> policy->cpuinfo.transition_latency >
> It will take me sometime to get cpufreq core simplified, till that time
>
> Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
>
> to yet another band-aid :)
Maybe more band-aid needed before it is be done.
Thanks,
Ethan
prev parent reply other threads:[~2014-12-18 6:31 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-18 6:28 [PATCH V3] cpufreq: fix a NULL pointer dereference triggered by _PPC changed notification Ethan Zhao
2014-12-18 6:29 ` Viresh Kumar
2014-12-18 6:31 ` ethan zhao [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=549274D9.5000102@oracle.com \
--to=ethan.zhao@oracle.com \
--cc=dirk.j.brandewie@intel.com \
--cc=ethan.kernel@gmail.com \
--cc=kristen@linux.intel.com \
--cc=linda.knippers@hp.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=rjw@rjwysocki.net \
--cc=viresh.kumar@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.