[PATCH] cpuidle: fix number of initialized/destroyed states

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] cpuidle: fix number of initialized/destroyed states
@ 2013-01-07 19:12 Krzysztof Mazur
  2013-01-07 21:58 ` Rafael J. Wysocki
  2013-01-11 22:33 ` Rafael J. Wysocki
  0 siblings, 2 replies; 5+ messages in thread
From: Krzysztof Mazur @ 2013-01-07 19:12 UTC (permalink / raw)
  To: daniel.lezcano, rafael.j.wysocki; +Cc: linux-kernel, Krzysztof Mazur

Commit bf4d1b5ddb78f86078ac6ae0415802d5f0c68f92 (cpuidle: support
multiple drivers) changed the number of initialized state kobjects
in cpuidle_add_state_sysfs() from device->state_count to drv->state_count,
but leaved device->state_count in cpuidle_remove_state_sysfs().
Those two values might have different values, causing for instance
NULL pointer dereference in cpuidle_remove_state_sysfs().

Signed-off-by: Krzysztof Mazur <krzysiek@podlesie.net>
---
Hi,

commit bf4d1b5ddb78f86078ac6ae0415802d5f0c68f92
(cpuidle: support multiple drivers, merged in v3.8-rc1) causes NULL pointer
dereference in cpuidle_remove_state_sysfs() when I plug the AC line to my
laptop. I'm using the acpi_idle cpuidle driver and the C4 state is
available only on when the system runs from battery. The problem still
exists in v3.8-rc2 and f243b9b46a22e5790dbbc36f574c2417af49a41.

I noticed that the commit bf4d1b5ddb78f86078ac6ae0415802d5f0c68f92
(merged in v3.8-rc1) changed device->state_count to drv->state_count
in only one of two places, which seems to be incorrect. This patch restores
device->state_count in both places. It fixes the problem on my system.

Krzysiek

 drivers/cpuidle/sysfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/cpuidle/sysfs.c b/drivers/cpuidle/sysfs.c
index 3409429..428754a 100644
--- a/drivers/cpuidle/sysfs.c
+++ b/drivers/cpuidle/sysfs.c
@@ -374,7 +374,7 @@ static int cpuidle_add_state_sysfs(struct cpuidle_device *device)
 	struct cpuidle_driver *drv = cpuidle_get_cpu_driver(device);

 	/* state statistics */
-	for (i = 0; i < drv->state_count; i++) {
+	for (i = 0; i < device->state_count; i++) {
 		kobj = kzalloc(sizeof(struct cpuidle_state_kobj), GFP_KERNEL);
 		if (!kobj)
 			goto error_state;
-- 
1.8.1.441.g6e0eed0

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] cpuidle: fix number of initialized/destroyed states
  2013-01-07 19:12 [PATCH] cpuidle: fix number of initialized/destroyed states Krzysztof Mazur
@ 2013-01-07 21:58 ` Rafael J. Wysocki
  2013-01-07 22:56   ` Daniel Lezcano
  2013-01-11 22:33 ` Rafael J. Wysocki
  1 sibling, 1 reply; 5+ messages in thread
From: Rafael J. Wysocki @ 2013-01-07 21:58 UTC (permalink / raw)
  To: Krzysztof Mazur; +Cc: daniel.lezcano, linux-kernel, Linux PM list

Hi,

Thanks for the patch!

I'd like Daniel to have a look at it still.

Thanks,
Rafael


On Monday, January 07, 2013 08:12:01 PM Krzysztof Mazur wrote:
> Commit bf4d1b5ddb78f86078ac6ae0415802d5f0c68f92 (cpuidle: support
> multiple drivers) changed the number of initialized state kobjects
> in cpuidle_add_state_sysfs() from device->state_count to drv->state_count,
> but leaved device->state_count in cpuidle_remove_state_sysfs().
> Those two values might have different values, causing for instance
> NULL pointer dereference in cpuidle_remove_state_sysfs().
> 
> Signed-off-by: Krzysztof Mazur <krzysiek@podlesie.net>
> ---
> Hi,
> 
> commit bf4d1b5ddb78f86078ac6ae0415802d5f0c68f92
> (cpuidle: support multiple drivers, merged in v3.8-rc1) causes NULL pointer
> dereference in cpuidle_remove_state_sysfs() when I plug the AC line to my
> laptop. I'm using the acpi_idle cpuidle driver and the C4 state is
> available only on when the system runs from battery. The problem still
> exists in v3.8-rc2 and f243b9b46a22e5790dbbc36f574c2417af49a41.
> 
> I noticed that the commit bf4d1b5ddb78f86078ac6ae0415802d5f0c68f92
> (merged in v3.8-rc1) changed device->state_count to drv->state_count
> in only one of two places, which seems to be incorrect. This patch restores
> device->state_count in both places. It fixes the problem on my system.
> 
> Krzysiek
> 
>  drivers/cpuidle/sysfs.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/cpuidle/sysfs.c b/drivers/cpuidle/sysfs.c
> index 3409429..428754a 100644
> --- a/drivers/cpuidle/sysfs.c
> +++ b/drivers/cpuidle/sysfs.c
> @@ -374,7 +374,7 @@ static int cpuidle_add_state_sysfs(struct cpuidle_device *device)
>  	struct cpuidle_driver *drv = cpuidle_get_cpu_driver(device);
>  
>  	/* state statistics */
> -	for (i = 0; i < drv->state_count; i++) {
> +	for (i = 0; i < device->state_count; i++) {
>  		kobj = kzalloc(sizeof(struct cpuidle_state_kobj), GFP_KERNEL);
>  		if (!kobj)
>  			goto error_state;
> 
-- 
I speak only for myself.
Rafael J. Wysocki, Intel Open Source Technology Center.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] cpuidle: fix number of initialized/destroyed states
  2013-01-07 21:58 ` Rafael J. Wysocki
@ 2013-01-07 22:56   ` Daniel Lezcano
  2013-01-07 23:48     ` Rafael J. Wysocki
  0 siblings, 1 reply; 5+ messages in thread
From: Daniel Lezcano @ 2013-01-07 22:56 UTC (permalink / raw)
  To: Rafael J. Wysocki
  Cc: Krzysztof Mazur, linux-kernel, Linux PM list, Lists Linaro-dev

On 01/07/2013 10:58 PM, Rafael J. Wysocki wrote:
> Hi,
> 
> Thanks for the patch!
> 
> I'd like Daniel to have a look at it still.

I agree with this patch. I was about to send exactly the same.

Thanks Krzysztof for fixing this.


> On Monday, January 07, 2013 08:12:01 PM Krzysztof Mazur wrote:
>> Commit bf4d1b5ddb78f86078ac6ae0415802d5f0c68f92 (cpuidle: support
>> multiple drivers) changed the number of initialized state kobjects
>> in cpuidle_add_state_sysfs() from device->state_count to drv->state_count,
>> but leaved device->state_count in cpuidle_remove_state_sysfs().
>> Those two values might have different values, causing for instance
>> NULL pointer dereference in cpuidle_remove_state_sysfs().
>>
>> Signed-off-by: Krzysztof Mazur <krzysiek@podlesie.net>

Acked-by: Daniel Lezcano <daniel.lezcano@linaro.org>


-- 
 <http://www.linaro.org/> Linaro.org │ Open source software for ARM SoCs

Follow Linaro:  <http://www.facebook.com/pages/Linaro> Facebook |
<http://twitter.com/#!/linaroorg> Twitter |
<http://www.linaro.org/linaro-blog/> Blog


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] cpuidle: fix number of initialized/destroyed states
  2013-01-07 22:56   ` Daniel Lezcano
@ 2013-01-07 23:48     ` Rafael J. Wysocki
  0 siblings, 0 replies; 5+ messages in thread
From: Rafael J. Wysocki @ 2013-01-07 23:48 UTC (permalink / raw)
  To: Daniel Lezcano
  Cc: Krzysztof Mazur, linux-kernel, Linux PM list, Lists Linaro-dev

On Monday, January 07, 2013 11:56:36 PM Daniel Lezcano wrote:
> On 01/07/2013 10:58 PM, Rafael J. Wysocki wrote:
> > Hi,
> > 
> > Thanks for the patch!
> > 
> > I'd like Daniel to have a look at it still.
> 
> I agree with this patch. I was about to send exactly the same.
> 
> Thanks Krzysztof for fixing this.
> 
> 
> > On Monday, January 07, 2013 08:12:01 PM Krzysztof Mazur wrote:
> >> Commit bf4d1b5ddb78f86078ac6ae0415802d5f0c68f92 (cpuidle: support
> >> multiple drivers) changed the number of initialized state kobjects
> >> in cpuidle_add_state_sysfs() from device->state_count to drv->state_count,
> >> but leaved device->state_count in cpuidle_remove_state_sysfs().
> >> Those two values might have different values, causing for instance
> >> NULL pointer dereference in cpuidle_remove_state_sysfs().
> >>
> >> Signed-off-by: Krzysztof Mazur <krzysiek@podlesie.net>
> 
> Acked-by: Daniel Lezcano <daniel.lezcano@linaro.org>

OK, thanks.

I have a pull request for 3.8-rc3 ready, so I'll send this one in the next
round.

Thanks,
Rafael


-- 
I speak only for myself.
Rafael J. Wysocki, Intel Open Source Technology Center.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] cpuidle: fix number of initialized/destroyed states
  2013-01-07 19:12 [PATCH] cpuidle: fix number of initialized/destroyed states Krzysztof Mazur
  2013-01-07 21:58 ` Rafael J. Wysocki
@ 2013-01-11 22:33 ` Rafael J. Wysocki
  1 sibling, 0 replies; 5+ messages in thread
From: Rafael J. Wysocki @ 2013-01-11 22:33 UTC (permalink / raw)
  To: Krzysztof Mazur; +Cc: daniel.lezcano, rafael.j.wysocki, linux-kernel

On Monday, January 07, 2013 08:12:01 PM Krzysztof Mazur wrote:
> Commit bf4d1b5ddb78f86078ac6ae0415802d5f0c68f92 (cpuidle: support
> multiple drivers) changed the number of initialized state kobjects
> in cpuidle_add_state_sysfs() from device->state_count to drv->state_count,
> but leaved device->state_count in cpuidle_remove_state_sysfs().
> Those two values might have different values, causing for instance
> NULL pointer dereference in cpuidle_remove_state_sysfs().

Applied to the linux-next branch of the linux-pm.git tree as v3.8 material.

Thanks,
Rafael


> Signed-off-by: Krzysztof Mazur <krzysiek@podlesie.net>
> ---
> Hi,
> 
> commit bf4d1b5ddb78f86078ac6ae0415802d5f0c68f92
> (cpuidle: support multiple drivers, merged in v3.8-rc1) causes NULL pointer
> dereference in cpuidle_remove_state_sysfs() when I plug the AC line to my
> laptop. I'm using the acpi_idle cpuidle driver and the C4 state is
> available only on when the system runs from battery. The problem still
> exists in v3.8-rc2 and f243b9b46a22e5790dbbc36f574c2417af49a41.
> 
> I noticed that the commit bf4d1b5ddb78f86078ac6ae0415802d5f0c68f92
> (merged in v3.8-rc1) changed device->state_count to drv->state_count
> in only one of two places, which seems to be incorrect. This patch restores
> device->state_count in both places. It fixes the problem on my system.
> 
> Krzysiek
> 
>  drivers/cpuidle/sysfs.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/cpuidle/sysfs.c b/drivers/cpuidle/sysfs.c
> index 3409429..428754a 100644
> --- a/drivers/cpuidle/sysfs.c
> +++ b/drivers/cpuidle/sysfs.c
> @@ -374,7 +374,7 @@ static int cpuidle_add_state_sysfs(struct cpuidle_device *device)
>  	struct cpuidle_driver *drv = cpuidle_get_cpu_driver(device);
>  
>  	/* state statistics */
> -	for (i = 0; i < drv->state_count; i++) {
> +	for (i = 0; i < device->state_count; i++) {
>  		kobj = kzalloc(sizeof(struct cpuidle_state_kobj), GFP_KERNEL);
>  		if (!kobj)
>  			goto error_state;
> 
-- 
I speak only for myself.
Rafael J. Wysocki, Intel Open Source Technology Center.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2013-01-11 22:27 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-01-07 19:12 [PATCH] cpuidle: fix number of initialized/destroyed states Krzysztof Mazur
2013-01-07 21:58 ` Rafael J. Wysocki
2013-01-07 22:56   ` Daniel Lezcano
2013-01-07 23:48     ` Rafael J. Wysocki
2013-01-11 22:33 ` Rafael J. Wysocki

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox