forked from Minki/linux
e4b133cc4b
There is a race discovered by Juri, where we are able to: - create and read a sysfs file before policy->governor_data is being set to a non NULL value. OR - set policy->governor_data to NULL, and reading a file before being destroyed. And so such a crash is reported: Unable to handle kernel NULL pointer dereference at virtual address 0000000c pgd = edfc8000 [0000000c] *pgd=bfc8c835 Internal error: Oops: 17 [#1] SMP ARM Modules linked in: CPU: 4 PID: 1730 Comm: cat Not tainted 4.5.0-rc1+ #463 Hardware name: ARM-Versatile Express task: ee8e8480 ti: ee930000 task.ti: ee930000 PC is at show_ignore_nice_load_gov_pol+0x24/0x34 LR is at show+0x4c/0x60 pc : [<c058f1bc>] lr : [<c058ae88>] psr: a0070013 sp : ee931dd0 ip : ee931de0 fp : ee931ddc r10: ee4bc290 r9 : 00001000 r8 : ef2cb000 r7 : ee4bc200 r6 : ef2cb000 r5 : c0af57b0 r4 : ee4bc2e0 r3 : 00000000 r2 : 00000000 r1 : c0928df4 r0 : ef2cb000 Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 10c5387d Table: adfc806a DAC: 00000051 Process cat (pid: 1730, stack limit = 0xee930210) Stack: (0xee931dd0 to 0xee932000) 1dc0: ee931dfc ee931de0 c058ae88 c058f1a4 1de0: edce3bc0 c07bfca4 edce3ac0 00001000 ee931e24 ee931e00 c01fcb90 c058ae48 1e00: 00000001 edce3bc0 00000000 00000001 ee931e50 ee8ff480 ee931e34 ee931e28 1e20: c01fb33c c01fcb0c ee931e8c ee931e38 c01a5210 c01fb314 ee931e9c ee931e48 1e40: 00000000 edce3bf0 befe4a00 ee931f78 00000000 00000000 000001e4 00000000 1e60: c00545a8 edce3ac0 00001000 00001000 befe4a00 ee931f78 00000000 00001000 1e80: ee931ed4 ee931e90 c01fbed8 c01a5038 ed085a58 00020000 00000000 00000000 1ea0: c0ad72e4 ee931f78 ee8ff488 ee8ff480 c077f3fc 00001000 befe4a00 ee931f78 1ec0: 00000000 00001000 ee931f44 ee931ed8 c017c328 c01fbdc4 00001000 00000000 1ee0: ee8ff480 00001000 ee931f44 ee931ef8 c017c65c c03deb10 ee931fac ee931f08 1f00: c0009270 c001f290 c0a8d968 ef2cb000 ef2cb000 ee8ff480 00000020 ee8ff480 1f20: ee8ff480 befe4a00 00001000 ee931f78 00000000 00000000 ee931f74 ee931f48 1f40: c017d1ec c017c2f8 c019c724 c019c684 ee8ff480 ee8ff480 00001000 befe4a00 1f60: 00000000 00000000 ee931fa4 ee931f78 c017d2a8 c017d160 00000000 00000000 1f80: 000a9f20 00001000 befe4a00 00000003 c000ffe4 ee930000 00000000 ee931fa8 1fa0: c000fe40 c017d264 000a9f20 00001000 00000003 befe4a00 00001000 00000000 Unable to handle kernel NULL pointer dereference at virtual address 0000000c 1fc0: 000a9f20 00001000 befe4a00 00000003 00000000 00000000 00000003 00000001 pgd = edfc4000 [0000000c] *pgd=bfcac835 1fe0: 00000000 befe49dc 000197f8 b6e35dfc 60070010 00000003 3065b49d 134ac2c9 [<c058f1bc>] (show_ignore_nice_load_gov_pol) from [<c058ae88>] (show+0x4c/0x60) [<c058ae88>] (show) from [<c01fcb90>] (sysfs_kf_seq_show+0x90/0xfc) [<c01fcb90>] (sysfs_kf_seq_show) from [<c01fb33c>] (kernfs_seq_show+0x34/0x38) [<c01fb33c>] (kernfs_seq_show) from [<c01a5210>] (seq_read+0x1e4/0x4e4) [<c01a5210>] (seq_read) from [<c01fbed8>] (kernfs_fop_read+0x120/0x1a0) [<c01fbed8>] (kernfs_fop_read) from [<c017c328>] (__vfs_read+0x3c/0xe0) [<c017c328>] (__vfs_read) from [<c017d1ec>] (vfs_read+0x98/0x104) [<c017d1ec>] (vfs_read) from [<c017d2a8>] (SyS_read+0x50/0x90) [<c017d2a8>] (SyS_read) from [<c000fe40>] (ret_fast_syscall+0x0/0x1c) Code: e5903044 e1a00001 e3081df4 e34c1092 (e593300c) ---[ end trace 5994b9a5111f35ee ]--- Fix that by making sure, policy->governor_data is updated at the right places only. Cc: 4.2+ <stable@vger.kernel.org> # 4.2+ Reported-and-tested-by: Juri Lelli <juri.lelli@arm.com> Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> |
||
---|---|---|
.. | ||
acpi-cpufreq.c | ||
amd_freq_sensitivity.c | ||
arm_big_little_dt.c | ||
arm_big_little.c | ||
arm_big_little.h | ||
at32ap-cpufreq.c | ||
blackfin-cpufreq.c | ||
cppc_cpufreq.c | ||
cpufreq_conservative.c | ||
cpufreq_governor.c | ||
cpufreq_governor.h | ||
cpufreq_ondemand.c | ||
cpufreq_performance.c | ||
cpufreq_powersave.c | ||
cpufreq_stats.c | ||
cpufreq_userspace.c | ||
cpufreq-dt.c | ||
cpufreq-nforce2.c | ||
cpufreq.c | ||
cris-artpec3-cpufreq.c | ||
cris-etraxfs-cpufreq.c | ||
davinci-cpufreq.c | ||
dbx500-cpufreq.c | ||
e_powersaver.c | ||
elanfreq.c | ||
exynos5440-cpufreq.c | ||
freq_table.c | ||
gx-suspmod.c | ||
highbank-cpufreq.c | ||
hisi-acpu-cpufreq.c | ||
ia64-acpi-cpufreq.c | ||
imx6q-cpufreq.c | ||
integrator-cpufreq.c | ||
intel_pstate.c | ||
Kconfig | ||
Kconfig.arm | ||
Kconfig.powerpc | ||
Kconfig.x86 | ||
kirkwood-cpufreq.c | ||
longhaul.c | ||
longhaul.h | ||
longrun.c | ||
loongson2_cpufreq.c | ||
ls1x-cpufreq.c | ||
Makefile | ||
maple-cpufreq.c | ||
mt8173-cpufreq.c | ||
omap-cpufreq.c | ||
p4-clockmod.c | ||
pasemi-cpufreq.c | ||
pcc-cpufreq.c | ||
pmac32-cpufreq.c | ||
pmac64-cpufreq.c | ||
powernow-k6.c | ||
powernow-k7.c | ||
powernow-k7.h | ||
powernow-k8.c | ||
powernow-k8.h | ||
powernv-cpufreq.c | ||
ppc_cbe_cpufreq_pervasive.c | ||
ppc_cbe_cpufreq_pmi.c | ||
ppc_cbe_cpufreq.c | ||
ppc_cbe_cpufreq.h | ||
pxa2xx-cpufreq.c | ||
pxa3xx-cpufreq.c | ||
qoriq-cpufreq.c | ||
s3c24xx-cpufreq-debugfs.c | ||
s3c24xx-cpufreq.c | ||
s3c64xx-cpufreq.c | ||
s3c2410-cpufreq.c | ||
s3c2412-cpufreq.c | ||
s3c2416-cpufreq.c | ||
s3c2440-cpufreq.c | ||
s5pv210-cpufreq.c | ||
sa1100-cpufreq.c | ||
sa1110-cpufreq.c | ||
sc520_freq.c | ||
scpi-cpufreq.c | ||
sfi-cpufreq.c | ||
sh-cpufreq.c | ||
sparc-us2e-cpufreq.c | ||
sparc-us3-cpufreq.c | ||
spear-cpufreq.c | ||
speedstep-centrino.c | ||
speedstep-ich.c | ||
speedstep-lib.c | ||
speedstep-lib.h | ||
speedstep-smi.c | ||
sti-cpufreq.c | ||
tegra20-cpufreq.c | ||
tegra124-cpufreq.c | ||
unicore2-cpufreq.c | ||
vexpress-spc-cpufreq.c |