[PATCH] cpufreq: fix race on cpufreq online

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Schspa Shi <schspa@gmail.com>
To: rafael@kernel.org, viresh.kumar@linaro.org
Cc: linux-pm@vger.kernel.org, linux-kernel@vger.kernel.org, schspa@gmail.com
Subject: [PATCH] cpufreq: fix race on cpufreq online
Date: Thu, 21 Apr 2022 03:15:41 +0800	[thread overview]
Message-ID: <20220420191541.99528-1-schspa@gmail.com> (raw)

When cpufreq online failed, policy->cpus are not empty while
cpufreq sysfs file available, we may access some data freed.

Take policy->clk as an example:

static int cpufreq_online(unsigned int cpu)
{
  ...
  // policy->cpus != 0 at this time
  down_write(&policy->rwsem);
  ret = cpufreq_add_dev_interface(policy);
  up_write(&policy->rwsem);

  return 0;

out_destroy_policy:
	for_each_cpu(j, policy->real_cpus)
		remove_cpu_dev_symlink(policy, get_cpu_device(j));
    up_write(&policy->rwsem);
...
out_exit_policy:
  if (cpufreq_driver->exit)
    cpufreq_driver->exit(policy);
      clk_put(policy->clk);
      // policy->clk is a wild pointer
...
                                    ^
                                    |
                            Another process access
                            __cpufreq_get
                              cpufreq_verify_current_freq
                                cpufreq_generic_get
                                  // acces wild pointer of policy->clk;
                                    |
                                    |
out_offline_policy:                 |
  cpufreq_policy_free(policy);      |
    // deleted here, and will wait for no body reference
    cpufreq_policy_put_kobj(policy);
}

Signed-off-by: Schspa Shi <schspa@gmail.com>
---
 drivers/cpufreq/cpufreq.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
index 80f535cc8a75..0d58b0f8f3af 100644
--- a/drivers/cpufreq/cpufreq.c
+++ b/drivers/cpufreq/cpufreq.c
@@ -1533,8 +1533,6 @@ static int cpufreq_online(unsigned int cpu)
 	for_each_cpu(j, policy->real_cpus)
 		remove_cpu_dev_symlink(policy, get_cpu_device(j));
 
-	up_write(&policy->rwsem);
-
 out_offline_policy:
 	if (cpufreq_driver->offline)
 		cpufreq_driver->offline(policy);
@@ -1543,6 +1541,9 @@ static int cpufreq_online(unsigned int cpu)
 	if (cpufreq_driver->exit)
 		cpufreq_driver->exit(policy);
 
+	cpumask_clear(policy->cpus);
+	up_write(&policy->rwsem);
+
 out_free_policy:
 	cpufreq_policy_free(policy);
 	return ret;
-- 
2.24.3 (Apple Git-128)

next             reply	other threads:[~2022-04-20 19:16 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-20 19:15 Schspa Shi [this message]
2022-04-22 14:38 ` [PATCH] cpufreq: fix race on cpufreq online Rafael J. Wysocki
2022-04-22 15:10   ` Schspa Shi
2022-04-22 15:59     ` Rafael J. Wysocki
2022-05-09  3:57 ` Viresh Kumar
2022-05-09 15:06   ` Schspa Shi
2022-05-10  3:52     ` Viresh Kumar
2022-05-10 15:28       ` [PATCH v2] " Schspa Shi
2022-05-10 15:34         ` Rafael J. Wysocki
2022-05-10 15:43           ` Schspa Shi
2022-05-10 15:42       ` [PATCH v3] " Schspa Shi
2022-05-11  4:35         ` Viresh Kumar
2022-05-11  8:10           ` Schspa Shi
2022-05-11 12:21             ` Viresh Kumar
2022-05-11 12:59               ` Rafael J. Wysocki
2022-05-11 13:19                 ` Rafael J. Wysocki
2022-05-11 13:42                   ` Rafael J. Wysocki
2022-05-11 13:42                   ` Schspa Shi
2022-05-11 13:50                     ` Rafael J. Wysocki
2022-05-12  6:56                   ` Viresh Kumar
2022-05-12 10:49                     ` Rafael J. Wysocki
2022-05-13  4:27                       ` Viresh Kumar
2022-05-24 11:14                         ` Viresh Kumar
2022-05-24 11:22                           ` Rafael J. Wysocki
2022-05-24 11:29                             ` Viresh Kumar
2022-05-24 11:48                               ` Rafael J. Wysocki
2022-05-24 11:53                                 ` Rafael J. Wysocki
2022-05-25  5:32                                   ` Viresh Kumar
2022-05-12  5:56                 ` Viresh Kumar
2022-05-11 13:12               ` Schspa Shi
2022-05-11 14:15         ` Rafael J. Wysocki
2022-05-12  5:51           ` Schspa Shi
2022-05-12 10:37             ` Rafael J. Wysocki

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:80f535cc8a7 dfblob:0d58b0f8f3a )
 OR (
bs:"[PATCH] cpufreq: fix race on cpufreq online" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220420191541.99528-1-schspa@gmail.com \
    --to=schspa@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-pm@vger.kernel.org \
    --cc=rafael@kernel.org \
    --cc=viresh.kumar@linaro.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox