From: Christian Loehle <christian.loehle@arm.com>
To: Aboorva Devarajan <aboorvad@linux.ibm.com>, rafael@kernel.org
Cc: daniel.lezcano@linaro.org, linux-pm@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] cpuidle: ladder: Fix state index when only one idle state is registered
Date: Fri, 13 Feb 2026 13:44:39 +0000 [thread overview]
Message-ID: <aa4e56dc-d74b-44dc-b628-c7573159de99@arm.com> (raw)
In-Reply-To: <7297173684f500e006a2997b92c927262221336f.camel@linux.ibm.com>
On 2/13/26 08:29, Aboorva Devarajan wrote:
> On Wed, 2026-02-11 at 15:00 +0000, Christian Loehle wrote:
>> On 2/11/26 05:35, Aboorva Devarajan wrote:
>>> On certain platforms (PowerNV systems without a power-mgt DT node),
>>> cpuidle may register only a single idle state. In cases where that
>>> single state is a polling state (state 0), the ladder governor may
>>> incorrectly treat state 1 as the first usable state and pass an
>>> out-of-bounds index. This can lead to a NULL enter callback being
>>> invoked, ultimately resulting in a system crash.
>>>
>>> [ 13.342636] cpuidle-powernv : Only Snooze is available
>>> [ 13.351854] Faulting instruction address: 0x00000000
>>> [ 13.376489] NIP [0000000000000000] 0x0
>>> [ 13.378351] LR [c000000001e01974] cpuidle_enter_state+0x2c4/0x668
>>>
>>> Fix this by determining the first non-polling state index based on
>>> the number of registered states, and by returning state 0 when only
>>> one state is registered.
>>>
>>> Fixes: dc2251bf98c6 ("cpuidle: Eliminate the CPUIDLE_DRIVER_STATE_START symbol")
>>> Signed-off-by: Aboorva Devarajan <aboorvad@linux.ibm.com>
>>
>> Agreed that the current behavior is a bug, but is there really much value
>> in using a cpuidle governor with just a polling state?
>> It's dead code and trivial to bail out of in cpuidle, right?
>>
>
> Hi Christian,
>
> Thanks for the review.
>
> Other governors (teo, menu) already handle this single-state scenario
> correctly. Fixing ladder's first_idx calculation seemed like the most
> targeted fix, however since ladder is not widely used this is likely
> to go unnoticed, it only popped up during testing with a missing
> power-mgt device tree node.
>
> yes, adding a bail-out in the core cpuidle_select() is also trivial and
> would benefit all governors uniformly. Setting stop_tick to false keeps
> the tick running, which is correct for a single state configuration.
>
> Please let me know if you'd prefer this approach instead.
>
> ---
>
> diff --git a/drivers/cpuidle/cpuidle.c b/drivers/cpuidle/cpuidle.c
> index c7876e9e024f..ea082419f7db 100644
> --- a/drivers/cpuidle/cpuidle.c
> +++ b/drivers/cpuidle/cpuidle.c
> @@ -359,6 +359,16 @@ noinstr int cpuidle_enter_state(struct
> cpuidle_device *dev,
> int cpuidle_select(struct cpuidle_driver *drv, struct cpuidle_device
> *dev,
> bool *stop_tick)
> {
> + /*
> + * If there is only a single idle state (or none), there is
> nothing
> + * meaningful for the governor to choose. Skip the governor and
> + * always use state 0 with the tick running.
> + */
> + if (unlikely(drv->state_count <= 1)) {
I think the unlikely isn't helping here, this just let the branch predictor
handle this as it won't change anyway.
> + *stop_tick = false;
> + return 0;
> + }
> +
> return cpuidle_curr_governor->select(drv, dev, stop_tick);
> }
>
I prefer this, additionally of course:
-------8<-------
diff --git a/drivers/cpuidle/governors/menu.c b/drivers/cpuidle/governors/menu.c
index 64d6f7a1c776..fdfa5d7e10a6 100644
--- a/drivers/cpuidle/governors/menu.c
+++ b/drivers/cpuidle/governors/menu.c
@@ -271,7 +271,7 @@ static int menu_select(struct cpuidle_driver *drv, struct cpuidle_device *dev,
data->bucket = BUCKETS - 1;
}
- if (unlikely(drv->state_count <= 1 || latency_req == 0) ||
+ if (unlikely(latency_req == 0) ||
((data->next_timer_ns < drv->states[1].target_residency_ns ||
latency_req < drv->states[1].exit_latency_ns) &&
!dev->states_usage[0].disable)) {
diff --git a/drivers/cpuidle/governors/teo.c b/drivers/cpuidle/governors/teo.c
index 81ac5fd58a1c..9b5b8c617806 100644
--- a/drivers/cpuidle/governors/teo.c
+++ b/drivers/cpuidle/governors/teo.c
@@ -317,12 +317,6 @@ static int teo_select(struct cpuidle_driver *drv, struct cpuidle_device *dev,
*/
cpu_data->sleep_length_ns = KTIME_MAX;
- /* Check if there is any choice in the first place. */
- if (drv->state_count < 2) {
- idx = 0;
- goto out_tick;
- }
-
if (!dev->states_usage[0].disable)
idx = 0;
next prev parent reply other threads:[~2026-02-13 13:44 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-11 5:35 [PATCH] cpuidle: ladder: Fix state index when only one idle state is registered Aboorva Devarajan
2026-02-11 15:00 ` Christian Loehle
2026-02-13 8:29 ` Aboorva Devarajan
2026-02-13 13:44 ` Christian Loehle [this message]
2026-02-16 11:05 ` Christian Loehle
2026-02-16 18:58 ` Aboorva Devarajan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aa4e56dc-d74b-44dc-b628-c7573159de99@arm.com \
--to=christian.loehle@arm.com \
--cc=aboorvad@linux.ibm.com \
--cc=daniel.lezcano@linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=rafael@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox