leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
56a0b978d4
linux/drivers/acpi
History
John Garry 56a0b978d4 ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() 
When enabling KASAN and DEBUG_TEST_DRIVER_REMOVE, I find this KASAN
warning:

[   20.872057] BUG: KASAN: use-after-free in pcc_data_alloc+0x40/0xb8
[   20.878226] Read of size 4 at addr ffff00236cdeb684 by task swapper/0/1
[   20.884826]
[   20.886309] CPU: 19 PID: 1 Comm: swapper/0 Not tainted 5.4.0-rc1-00009-ge7f7df3db5bf-dirty #289
[   20.894994] Hardware name: Huawei D06 /D06, BIOS Hisilicon D06 UEFI RC0 - V1.16.01 03/15/2019
[   20.903505] Call trace:
[   20.905942]  dump_backtrace+0x0/0x200
[   20.909593]  show_stack+0x14/0x20
[   20.912899]  dump_stack+0xd4/0x130
[   20.916291]  print_address_description.isra.9+0x6c/0x3b8
[   20.921592]  __kasan_report+0x12c/0x23c
[   20.925417]  kasan_report+0xc/0x18
[   20.928808]  __asan_load4+0x94/0xb8
[   20.932286]  pcc_data_alloc+0x40/0xb8
[   20.935938]  acpi_cppc_processor_probe+0x4e8/0xb08
[   20.940717]  __acpi_processor_start+0x48/0xb0
[   20.945062]  acpi_processor_start+0x40/0x60
[   20.949235]  really_probe+0x118/0x548
[   20.952887]  driver_probe_device+0x7c/0x148
[   20.957059]  device_driver_attach+0x94/0xa0
[   20.961231]  __driver_attach+0xa4/0x110
[   20.965055]  bus_for_each_dev+0xe8/0x158
[   20.968966]  driver_attach+0x30/0x40
[   20.972531]  bus_add_driver+0x234/0x2f0
[   20.976356]  driver_register+0xbc/0x1d0
[   20.980182]  acpi_processor_driver_init+0x40/0xe4
[   20.984875]  do_one_initcall+0xb4/0x254
[   20.988700]  kernel_init_freeable+0x24c/0x2f8
[   20.993047]  kernel_init+0x10/0x118
[   20.996524]  ret_from_fork+0x10/0x18
[   21.000087]
[   21.001567] Allocated by task 1:
[   21.004785]  save_stack+0x28/0xc8
[   21.008089]  __kasan_kmalloc.isra.9+0xbc/0xd8
[   21.012435]  kasan_kmalloc+0xc/0x18
[   21.015913]  pcc_data_alloc+0x94/0xb8
[   21.019564]  acpi_cppc_processor_probe+0x4e8/0xb08
[   21.024343]  __acpi_processor_start+0x48/0xb0
[   21.028689]  acpi_processor_start+0x40/0x60
[   21.032860]  really_probe+0x118/0x548
[   21.036512]  driver_probe_device+0x7c/0x148
[   21.040684]  device_driver_attach+0x94/0xa0
[   21.044855]  __driver_attach+0xa4/0x110
[   21.048680]  bus_for_each_dev+0xe8/0x158
[   21.052591]  driver_attach+0x30/0x40
[   21.056155]  bus_add_driver+0x234/0x2f0
[   21.059980]  driver_register+0xbc/0x1d0
[   21.063805]  acpi_processor_driver_init+0x40/0xe4
[   21.068497]  do_one_initcall+0xb4/0x254
[   21.072322]  kernel_init_freeable+0x24c/0x2f8
[   21.076667]  kernel_init+0x10/0x118
[   21.080144]  ret_from_fork+0x10/0x18
[   21.083707]
[   21.085186] Freed by task 1:
[   21.088056]  save_stack+0x28/0xc8
[   21.091360]  __kasan_slab_free+0x118/0x180
[   21.095445]  kasan_slab_free+0x10/0x18
[   21.099183]  kfree+0x80/0x268
[   21.102139]  acpi_cppc_processor_exit+0x1a8/0x1b8
[   21.106832]  acpi_processor_stop+0x70/0x80
[   21.110917]  really_probe+0x174/0x548
[   21.114568]  driver_probe_device+0x7c/0x148
[   21.118740]  device_driver_attach+0x94/0xa0
[   21.122912]  __driver_attach+0xa4/0x110
[   21.126736]  bus_for_each_dev+0xe8/0x158
[   21.130648]  driver_attach+0x30/0x40
[   21.134212]  bus_add_driver+0x234/0x2f0
[   21.0x10/0x18
[   21.161764]
[   21.163244] The buggy address belongs to the object at ffff00236cdeb600
[   21.163244]  which belongs to the cache kmalloc-256 of size 256
[   21.175750] The buggy address is located 132 bytes inside of
[   21.175750]  256-byte region [ffff00236cdeb600, ffff00236cdeb700)
[   21.187473] The buggy address belongs to the page:
[   21.192254] page:fffffe008d937a00 refcount:1 mapcount:0 mapping:ffff002370c0fa00 index:0x0 compound_mapcount: 0
[   21.202331] flags: 0x1ffff00000010200(slab|head)
[   21.206940] raw: 1ffff00000010200 dead000000000100 dead000000000122 ffff002370c0fa00
[   21.214671] raw: 0000000000000000 00000000802a002a 00000001ffffffff 0000000000000000
[   21.222400] page dumped because: kasan: bad access detected
[   21.227959]
[   21.229438] Memory state around the buggy address:
[   21.234218]  ffff00236cdeb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.241427]  ffff00236cdeb600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   21.248637] >ffff00236cdeb680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   21.255845]                    ^
[   21.259062]  ffff00236cdeb700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.266272]  ffff00236cdeb780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   21.273480] ==================================================================

It seems that global pcc_data[pcc_ss_id] can be freed in
acpi_cppc_processor_exit(), but we may later reference this value, so
NULLify it when freed.

Also remove the useless setting of data "pcc_channel_acquired", which
we're about to free.

Fixes: 85b1407bf6 ("ACPI / CPPC: Make CPPC ACPI driver aware of PCC subspace IDs")
Signed-off-by: John Garry <john.garry@huawei.com>
Cc: 4.15+ <stable@vger.kernel.org> # 4.15+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2019-10-18 10:36:37 +02:00
..
acpica ACPI updates for 5.4-rc1 2019-09-17 19:31:36 -07:00
apei ACPI / APEI: Release resources if gen_pool_add() fails 2019-08-20 23:52:11 +02:00
arm64 ACPI/IORT: Rename arm_smmu_v3_set_proximity() 'node' local variable 2019-08-05 11:06:34 +01:00
dptf treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
hmat HMAT: Skip publishing target info for nodes with no online memory 2019-08-12 11:00:31 +02:00
nfit libnvdimm/security: Introduce a 'frozen' attribute 2019-08-29 13:49:13 -07:00
pmic ACPI / PMIC: intel: Drop double removal of address space handler 2019-07-03 13:03:41 +02:00
x86 x86/intel: Aggregate big core mobile naming 2019-08-28 11:29:31 +02:00
ac.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
acpi_adxl.c ACPI/ADXL: Add address translation interface using an ACPI DSM 2018-10-16 10:03:00 +02:00
acpi_amba.c Merge 5.2-rc6 into char-misc-next 2019-06-23 09:23:33 +02:00
acpi_apd.c i2c: imx: ACPI support for NXP i2c controller 2019-09-13 15:12:38 +01:00
acpi_cmos_rtc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
acpi_configfs.c Merge branches 'acpi-tables', 'acpi-osl', 'acpi-misc' and 'acpi-tools' 2019-07-08 11:02:22 +02:00
acpi_dbg.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
acpi_extlog.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 437 2019-06-05 17:37:17 +02:00
acpi_ipmi.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
acpi_lpat.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
acpi_lpit.c Merge branches 'acpi-pm' and 'pm-pci' 2019-07-08 10:49:36 +02:00
acpi_lpss.c ACPI / LPSS: Save/restore LPSS private registers also on Lynxpoint 2019-08-23 12:53:14 +02:00
acpi_memhotplug.c mm/memory_hotplug: rename walk_memory_range() and pass start+size instead of pfns 2019-07-18 17:08:06 -07:00
acpi_pad.c ACPI, x86: Add Zhaoxin processors support for NONSTOP TSC 2019-06-22 11:45:57 +02:00
acpi_platform.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
acpi_pnp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
acpi_processor.c ACPI / processor: don't print errors for processorIDs == 0xff 2019-08-09 10:48:34 +02:00
acpi_tad.c ACPI: TAD: Add low-level support for real time capability 2018-10-18 09:11:53 +02:00
acpi_video.c ACPI: video: Add new hw_changes_brightness quirk, set it on PB Easynote MZ35 2019-07-16 17:30:09 +02:00
acpi_watchdog.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
battery.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
bgrt.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
blacklist.c ACPI: blacklist: fix clang warning for unused DMI table 2019-07-11 22:45:00 +02:00
bus.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
button.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
cm_sbs.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
container.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
cppc_acpi.c ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() 2019-10-18 10:36:37 +02:00
custom_method.c Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-09-28 08:14:15 -07:00
debugfs.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
device_pm.c Merge branches 'pm-opp', 'pm-qos', 'acpi-pm', 'pm-domains' and 'pm-tools' 2019-09-17 09:49:19 +02:00
device_sysfs.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
dock.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
ec_sys.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 482 2019-06-19 17:09:52 +02:00
ec.c ACPI: PM: s2idle: Always set up EC GPE for system wakeup 2019-08-21 23:56:05 +02:00
event.c ACPI: event: replace strcpy() by strscpy() 2019-04-23 10:54:26 +02:00
evged.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 284 2019-06-05 17:36:37 +02:00
fan.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
glue.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 428 2019-06-05 17:37:16 +02:00
hed.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
internal.h ACPI: EC: PM: Consolidate some code depending on PM_SLEEP 2019-08-08 11:25:43 +02:00
ioapic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
irq.c Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-07-08 11:01:13 -07:00
Kconfig ia64: remove support for machvecs 2019-08-16 14:32:26 -07:00
Makefile acpi/hmat: Parse and report heterogeneous memory 2019-04-04 18:41:20 +02:00
numa.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
nvs.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 428 2019-06-05 17:37:16 +02:00
osi.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
osl.c Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-09-28 08:14:15 -07:00
pci_irq.c ACPI / PCI: fix acpi_pci_irq_enable() memory leak 2019-09-03 09:41:25 +02:00
pci_link.c ACPI/PCI: Remove surplus parentheses from a return statement 2019-08-21 00:05:20 +02:00
pci_mcfg.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 459 2019-06-19 17:09:09 +02:00
pci_root.c PCI: Move ASPM declarations to linux/pci.h 2019-08-28 08:28:39 -05:00
pci_slot.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 491 2019-06-19 17:09:52 +02:00
power.c ACPI / PM: Introduce concept of a _PR0 dependent device 2019-06-27 12:31:57 +02:00
pptt.c ACPI/PPTT: Add support for ACPI 6.3 thread flag 2019-08-12 12:59:15 +01:00
proc.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
processor_core.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
processor_driver.c ACPI: cpufreq: Switch to QoS requests instead of cpufreq notifier 2019-08-28 11:21:53 +02:00
processor_idle.c ACPI, x86: Add Zhaoxin processors support for NONSTOP TSC 2019-06-22 11:45:57 +02:00
processor_pdc.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
processor_perflib.c ACPI: cpufreq: Switch to QoS requests instead of cpufreq notifier 2019-08-28 11:21:53 +02:00
processor_thermal.c ACPI: cpufreq: Switch to QoS requests instead of cpufreq notifier 2019-08-28 11:21:53 +02:00
processor_throttling.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
property.c Char/Misc driver patches for 5.4-rc1 2019-09-18 11:14:31 -07:00
reboot.c ACPI: Allow CONFIG_PCI to be unset for reboot 2018-12-20 10:19:49 +01:00
resource.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
sbs.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
sbshc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 372 2019-06-05 17:37:10 +02:00
sbshc.h ACPI: SBS: remove unused const variable 'SMBUS_PEC' 2019-08-23 12:55:09 +02:00
scan.c drivers/acpi/scan.c: document why we don't need the device_hotplug_lock 2019-08-03 07:02:01 -07:00
sleep.c ACPI: PM: s2idle: Always set up EC GPE for system wakeup 2019-08-21 23:56:05 +02:00
sleep.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
spcr.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
sysfs.c ACPICA: Rename nameseg length macro/define for clarity 2019-04-09 11:24:48 +02:00
tables.c Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-09-28 08:14:15 -07:00
thermal.c ACPI: thermal: Remove redundant acpi_has_method() calls 2019-09-02 22:52:50 +02:00
utils.c bus_find_device: Unify the match callback with class_find_device 2019-06-24 05:22:31 +02:00
video_detect.c Merge branches 'acpi-utils', 'acpi-video', 'acpi-soc' and 'acpi-button' 2019-05-06 10:50:08 +02:00
wakeup.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00