linux/drivers/cpufreq
Viresh Kumar e4b133cc4b cpufreq: Fix NULL reference crash while accessing policy->governor_data
There is a race discovered by Juri, where we are able to:
- create and read a sysfs file before policy->governor_data is being set
  to a non NULL value.
  OR
- set policy->governor_data to NULL, and reading a file before being
  destroyed.

And so such a crash is reported:

Unable to handle kernel NULL pointer dereference at virtual address 0000000c
pgd = edfc8000
[0000000c] *pgd=bfc8c835
Internal error: Oops: 17 [#1] SMP ARM
Modules linked in:
CPU: 4 PID: 1730 Comm: cat Not tainted 4.5.0-rc1+ #463
Hardware name: ARM-Versatile Express
task: ee8e8480 ti: ee930000 task.ti: ee930000
PC is at show_ignore_nice_load_gov_pol+0x24/0x34
LR is at show+0x4c/0x60
pc : [<c058f1bc>]    lr : [<c058ae88>]    psr: a0070013
sp : ee931dd0  ip : ee931de0  fp : ee931ddc
r10: ee4bc290  r9 : 00001000  r8 : ef2cb000
r7 : ee4bc200  r6 : ef2cb000  r5 : c0af57b0  r4 : ee4bc2e0
r3 : 00000000  r2 : 00000000  r1 : c0928df4  r0 : ef2cb000
Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 10c5387d  Table: adfc806a  DAC: 00000051
Process cat (pid: 1730, stack limit = 0xee930210)
Stack: (0xee931dd0 to 0xee932000)
1dc0:                                     ee931dfc ee931de0 c058ae88 c058f1a4
1de0: edce3bc0 c07bfca4 edce3ac0 00001000 ee931e24 ee931e00 c01fcb90 c058ae48
1e00: 00000001 edce3bc0 00000000 00000001 ee931e50 ee8ff480 ee931e34 ee931e28
1e20: c01fb33c c01fcb0c ee931e8c ee931e38 c01a5210 c01fb314 ee931e9c ee931e48
1e40: 00000000 edce3bf0 befe4a00 ee931f78 00000000 00000000 000001e4 00000000
1e60: c00545a8 edce3ac0 00001000 00001000 befe4a00 ee931f78 00000000 00001000
1e80: ee931ed4 ee931e90 c01fbed8 c01a5038 ed085a58 00020000 00000000 00000000
1ea0: c0ad72e4 ee931f78 ee8ff488 ee8ff480 c077f3fc 00001000 befe4a00 ee931f78
1ec0: 00000000 00001000 ee931f44 ee931ed8 c017c328 c01fbdc4 00001000 00000000
1ee0: ee8ff480 00001000 ee931f44 ee931ef8 c017c65c c03deb10 ee931fac ee931f08
1f00: c0009270 c001f290 c0a8d968 ef2cb000 ef2cb000 ee8ff480 00000020 ee8ff480
1f20: ee8ff480 befe4a00 00001000 ee931f78 00000000 00000000 ee931f74 ee931f48
1f40: c017d1ec c017c2f8 c019c724 c019c684 ee8ff480 ee8ff480 00001000 befe4a00
1f60: 00000000 00000000 ee931fa4 ee931f78 c017d2a8 c017d160 00000000 00000000
1f80: 000a9f20 00001000 befe4a00 00000003 c000ffe4 ee930000 00000000 ee931fa8
1fa0: c000fe40 c017d264 000a9f20 00001000 00000003 befe4a00 00001000 00000000
Unable to handle kernel NULL pointer dereference at virtual address 0000000c
1fc0: 000a9f20 00001000 befe4a00 00000003 00000000 00000000 00000003 00000001
pgd = edfc4000
[0000000c] *pgd=bfcac835
1fe0: 00000000 befe49dc 000197f8 b6e35dfc 60070010 00000003 3065b49d 134ac2c9

[<c058f1bc>] (show_ignore_nice_load_gov_pol) from [<c058ae88>] (show+0x4c/0x60)
[<c058ae88>] (show) from [<c01fcb90>] (sysfs_kf_seq_show+0x90/0xfc)
[<c01fcb90>] (sysfs_kf_seq_show) from [<c01fb33c>] (kernfs_seq_show+0x34/0x38)
[<c01fb33c>] (kernfs_seq_show) from [<c01a5210>] (seq_read+0x1e4/0x4e4)
[<c01a5210>] (seq_read) from [<c01fbed8>] (kernfs_fop_read+0x120/0x1a0)
[<c01fbed8>] (kernfs_fop_read) from [<c017c328>] (__vfs_read+0x3c/0xe0)
[<c017c328>] (__vfs_read) from [<c017d1ec>] (vfs_read+0x98/0x104)
[<c017d1ec>] (vfs_read) from [<c017d2a8>] (SyS_read+0x50/0x90)
[<c017d2a8>] (SyS_read) from [<c000fe40>] (ret_fast_syscall+0x0/0x1c)
Code: e5903044 e1a00001 e3081df4 e34c1092 (e593300c)
---[ end trace 5994b9a5111f35ee ]---

Fix that by making sure, policy->governor_data is updated at the right
places only.

Cc: 4.2+ <stable@vger.kernel.org> # 4.2+
Reported-and-tested-by: Juri Lelli <juri.lelli@arm.com>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2016-01-27 23:13:53 +01:00
..
acpi-cpufreq.c cpufreq: Simplify core code related to boost support 2016-01-01 03:49:51 +01:00
amd_freq_sensitivity.c cpufreq: AMD "frequency sensitivity feedback" powersave bias for ondemand governor 2013-04-10 13:19:26 +02:00
arm_big_little_dt.c PM / OPP: Prefix exported opp routines with dev_pm_opp_ 2015-09-15 02:03:16 +02:00
arm_big_little.c cpufreq: arm_big_little: Add support to register a cpufreq cooling device 2015-12-10 00:14:58 +01:00
arm_big_little.h PM / OPP: Prefix exported opp routines with dev_pm_opp_ 2015-09-15 02:03:16 +02:00
at32ap-cpufreq.c cpufreq: at32ap: don't declare local variable as static 2014-04-07 14:31:33 +02:00
blackfin-cpufreq.c blackfin-cpufreq: Mark cpu_set_cclk() as static 2015-12-28 01:51:36 +01:00
cppc_cpufreq.c cpufreq: CPPC: Initialize and check CPUFreq CPU co-ord type correctly 2015-11-23 22:21:18 +01:00
cpufreq_conservative.c cpufreq: governor: Pass policy as argument to ->gov_dbs_timer() 2015-12-07 02:20:22 +01:00
cpufreq_governor.c cpufreq: Fix NULL reference crash while accessing policy->governor_data 2016-01-27 23:13:53 +01:00
cpufreq_governor.h cpufreq: governor: Use lockless timer function 2015-12-09 22:26:13 +01:00
cpufreq_ondemand.c cpufreq: ondemand: update update_sampling_rate() to make it more efficient 2015-12-09 22:26:12 +01:00
cpufreq_performance.c cpufreq: Clean up header files included in the core 2013-08-07 23:34:09 +02:00
cpufreq_powersave.c cpufreq: Clean up header files included in the core 2013-08-07 23:34:09 +02:00
cpufreq_stats.c cpufreq: stats: drop unnecessary locking 2015-01-23 23:06:45 +01:00
cpufreq_userspace.c cpufreq / governor: Remove fossil comment 2013-10-17 23:00:20 +02:00
cpufreq-dt.c cpufreq-dt: fix handling regulator_get_voltage() result 2016-01-05 02:01:38 +01:00
cpufreq-nforce2.c cpufreq: nforce2: Fix typo in comment to function nforce2_init() 2015-06-15 15:45:24 +02:00
cpufreq.c cpufreq: Simplify core code related to boost support 2016-01-01 03:49:51 +01:00
cris-artpec3-cpufreq.c cpufreq: create another field .flags in cpufreq_frequency_table 2014-04-07 14:43:50 +02:00
cris-etraxfs-cpufreq.c cpufreq: create another field .flags in cpufreq_frequency_table 2014-04-07 14:43:50 +02:00
davinci-cpufreq.c cpufreq: drop owner assignment from platform_drivers 2014-10-20 16:20:24 +02:00
dbx500-cpufreq.c cpufreq: drop owner assignment from platform_drivers 2014-10-20 16:20:24 +02:00
e_powersaver.c ACPI / processor: Drop an unused argument of a cleanup routine 2015-07-22 22:11:16 +02:00
elanfreq.c cpufreq: Use cpufreq_for_each_* macros for frequency table iteration 2014-04-30 00:06:21 +02:00
exynos5440-cpufreq.c PM / OPP: Prefix exported opp routines with dev_pm_opp_ 2015-09-15 02:03:16 +02:00
freq_table.c cpufreq: Allow drivers to enable boost support after registering driver 2015-08-07 03:25:23 +02:00
gx-suspmod.c cpufreq: gx-suspmod: Fix two typos in two comments 2015-06-15 15:46:15 +02:00
highbank-cpufreq.c Merge branch 'mailbox-for-linus' of git://git.linaro.org/landing-teams/working/fujitsu/integration 2014-10-21 11:21:19 -07:00
hisi-acpu-cpufreq.c cpufreq: hisilicon: add acpu driver 2015-04-02 02:24:54 +02:00
ia64-acpi-cpufreq.c cpufreq: ia64: Fix a memory leak in acpi_cpufreq_cpu_exit() 2015-07-22 22:27:40 +02:00
imx6q-cpufreq.c Merge branch 'pm-opp' 2015-11-02 00:54:37 +01:00
integrator-cpufreq.c cpufreq: integrator: Fix module autoload for OF platform driver 2015-09-25 23:29:35 +02:00
intel_pstate.c Merge back earlier cpufreq material for v4.5. 2015-12-21 03:15:15 +01:00
Kconfig cpufreq: qoriq: rename the driver 2015-03-18 22:35:16 +01:00
Kconfig.arm Merge back earlier cpufreq material for v4.5. 2015-12-21 03:15:15 +01:00
Kconfig.powerpc cpufreq: qoriq: rename the driver 2015-03-18 22:35:16 +01:00
Kconfig.x86 Revert "cpufreq: intel_pstate: Use ACPI perf configuration" 2015-11-19 00:20:42 +01:00
kirkwood-cpufreq.c cpufreq: drop owner assignment from platform_drivers 2014-10-20 16:20:24 +02:00
longhaul.c Update/Remove soon-to-be-dead email address 2014-12-19 12:56:15 -08:00
longhaul.h cpufreq: delete __cpuinit usage from all cpufreq files 2013-07-14 19:36:57 -04:00
longrun.c cpufreq: add new routine cpufreq_verify_within_cpu_limits() 2013-10-16 00:50:23 +02:00
loongson2_cpufreq.c CPUFREQ: Loongson2: Fix broken build due to incorrect include. 2015-08-03 09:24:59 +02:00
ls1x-cpufreq.c MIPS: Loongson: Naming style cleanup and rework 2015-06-21 21:53:59 +02:00
Makefile cpufreq: st: Provide runtime initialised driver for ST's platforms 2015-12-12 02:55:21 +01:00
maple-cpufreq.c cpufreq: create another field .flags in cpufreq_frequency_table 2014-04-07 14:43:50 +02:00
mt8173-cpufreq.c cpufreq: mt8173: migrate to use operating-points-v2 bindings 2016-01-02 00:49:33 +01:00
omap-cpufreq.c cpufreq: drop owner assignment from platform_drivers 2014-10-20 16:20:24 +02:00
p4-clockmod.c p4-clockmod: Replace cpu_sibling_mask() with topology_sibling_cpumask() 2015-05-27 15:22:16 +02:00
pasemi-cpufreq.c cpufreq: Use cpufreq_for_each_* macros for frequency table iteration 2014-04-30 00:06:21 +02:00
pcc-cpufreq.c cpufreq: pcc-cpufreq: update default value of cpuinfo_transition_latency 2015-12-10 00:17:03 +01:00
pmac32-cpufreq.c powerpc: Remove powerpc specific cmd_line 2014-10-02 17:33:55 +10:00
pmac64-cpufreq.c of: Migrate of_find_node_by_name() users to for_each_node_by_name() 2014-06-26 17:12:24 +01:00
powernow-k6.c Update/Remove soon-to-be-dead email address 2014-12-19 12:56:15 -08:00
powernow-k7.c ACPI / processor: Drop an unused argument of a cleanup routine 2015-07-22 22:11:16 +02:00
powernow-k7.h
powernow-k8.c ACPI / processor: Drop an unused argument of a cleanup routine 2015-07-22 22:11:16 +02:00
powernow-k8.h cpufreq: powernow-k8: Suppress checkpatch warnings 2014-05-17 01:27:01 +02:00
powernv-cpufreq.c cpufreq : powernv: Report Pmax throttling if capped below nominal frequency 2015-09-26 03:03:06 +02:00
ppc_cbe_cpufreq_pervasive.c cpufreq: powerpc/platforms/cell: move cpufreq driver to drivers/cpufreq 2013-04-10 13:19:26 +02:00
ppc_cbe_cpufreq_pmi.c cpufreq: remove redundant CPUFREQ_INCOMPATIBLE notifier event 2015-09-01 15:50:38 +02:00
ppc_cbe_cpufreq.c cpufreq: Use cpufreq_for_each_* macros for frequency table iteration 2014-04-30 00:06:21 +02:00
ppc_cbe_cpufreq.h cpufreq: powerpc/platforms/cell: move cpufreq driver to drivers/cpufreq 2013-04-10 13:19:26 +02:00
pxa2xx-cpufreq.c cpufreq: pxa: make pxa_freqs arrays const 2015-05-05 00:49:38 +02:00
pxa3xx-cpufreq.c cpufreq: Remove cpufreq_generic_exit() 2014-03-12 01:06:00 +01:00
qoriq-cpufreq.c cpufreq: qoriq: Register cooling device based on device tree 2015-12-10 00:19:35 +01:00
s3c24xx-cpufreq-debugfs.c cpufreq: s3c24xx: move cpufreq driver to drivers/cpufreq 2013-05-20 23:04:28 +09:00
s3c24xx-cpufreq.c cpufreq: s3c24xx: Do not mark s3c2410_plls_add as __init 2015-11-27 10:10:32 +09:00
s3c64xx-cpufreq.c cpufreq: Use cpufreq_for_each_* macros for frequency table iteration 2014-04-30 00:06:21 +02:00
s3c2410-cpufreq.c cpufreq: s3c24xx: Remove some dead code 2014-07-19 04:24:59 +09:00
s3c2412-cpufreq.c cpufreq: s3c24xx: Remove some dead code 2014-07-19 04:24:59 +09:00
s3c2416-cpufreq.c cpufreq: s3c: remove incorrect __init annotations 2015-02-19 06:36:53 +01:00
s3c2440-cpufreq.c cpufreq: s3c24xx: Remove some dead code 2014-07-19 04:24:59 +09:00
s5pv210-cpufreq.c cpufreq: s5pv210-cpufreq: fix wrong do_div() usage 2015-11-05 22:50:48 +01:00
sa1100-cpufreq.c cpufreq: Mark ARM drivers with CPUFREQ_NEED_INITIAL_FREQ_CHECK flag 2014-01-06 14:17:25 +01:00
sa1110-cpufreq.c cpufreq: sa1110: set memory type for h3600 2014-07-16 14:30:17 +02:00
sc520_freq.c cpufreq: create another field .flags in cpufreq_frequency_table 2014-04-07 14:43:50 +02:00
scpi-cpufreq.c cpufreq: scpi-cpufreq: signedness bug in scpi_get_dvfs_info() 2015-12-24 02:11:37 +01:00
sfi-cpufreq.c cpufreq: sfi: use kmemdup rather than duplicating its implementation 2015-09-01 15:51:15 +02:00
sh-cpufreq.c cpufreq: Convert existing drivers to use cpufreq_freq_transition_{begin|end} 2014-03-26 16:41:41 +01:00
sparc-us2e-cpufreq.c cpufreq: add 'freq_table' in struct cpufreq_policy 2014-03-12 01:06:00 +01:00
sparc-us3-cpufreq.c cpufreq: add 'freq_table' in struct cpufreq_policy 2014-03-12 01:06:00 +01:00
spear-cpufreq.c cpufreq: drop owner assignment from platform_drivers 2014-10-20 16:20:24 +02:00
speedstep-centrino.c cpufreq: Make linux-pm@vger.kernel.org official mailing list 2014-05-01 01:15:32 +02:00
speedstep-ich.c speedstep-ich: Replace cpu_sibling_mask() with topology_sibling_cpumask() 2015-05-27 15:22:16 +02:00
speedstep-lib.c cpufreq: speedstep-lib: Use monotonic clock 2015-09-01 15:51:43 +02:00
speedstep-lib.h
speedstep-smi.c cpufreq: speedstep-smi: enable interrupts when waiting 2015-02-12 02:02:52 +01:00
sti-cpufreq.c cpufreq: st: Provide runtime initialised driver for ST's platforms 2015-12-12 02:55:21 +01:00
tegra20-cpufreq.c cpufreq: tegra20: remove superfluous CONFIG_PM ifdefs 2015-09-26 03:00:57 +02:00
tegra124-cpufreq.c cpufreq: Add cpufreq driver for Tegra124 2015-07-16 09:34:09 +02:00
unicore2-cpufreq.c cpufreq: unicore32: replace IS_ERR and PTR_ERR with PTR_ERR_OR_ZERO 2014-04-21 23:42:27 +02:00
vexpress-spc-cpufreq.c cpufreq: drop owner assignment from platform_drivers 2014-10-20 16:20:24 +02:00