• Bibek Basu's avatar
    cpufreq: remove race while accessing cur_policy · 3ddbd9a2
    Bibek Basu authored
    commit c5450db8 upstream.
    
    While accessing cur_policy during executing events
    CPUFREQ_GOV_START, CPUFREQ_GOV_STOP, CPUFREQ_GOV_LIMITS,
    same mutex lock is not taken, dbs_data->mutex, which leads
    to race and data corruption while running continious suspend
    resume test. This is seen with ondemand governor with suspend
    resume test using rtcwake.
    
     Unable to handle kernel NULL pointer dereference at virtual address 00000028
     pgd = ed610000
     [00000028] *pgd=adf11831, *pte=00000000, *ppte=00000000
     Internal error: Oops: 17 [#1] PREEMPT SMP ARM
     Modules linked in: nvhost_vi
     CPU: 1 PID: 3243 Comm: rtcwake Not tainted 3.10.24-gf5cf9e5 #1
     task: ee708040 ti: ed61c000 task.ti: ed61c000
     PC is at cpufreq_governor_dbs+0x400/0x634
     LR is at cpufreq_governor_dbs+0x3f8/0x634
     pc : [<c05652b8>] lr : [<c05652b0>] psr: 600f0013
     sp : ed61dcb0 ip : 000493e0 fp : c1cc14f0
     r10: 00000000 r9 : 00000000 r8 : 00000000
     r7 : eb725280 r6 : c1cc1560 r5 : eb575200 r4 : ebad7740
     r3 : ee708040 r2 : ed61dca8 r1 : 001ebd24 r0 : 00000000
     Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
     Control: 10c5387d Table: ad61006a DAC: 00000015
     [<c05652b8>] (cpufreq_governor_dbs+0x400/0x634) from [<c055f700>] (__cpufreq_governor+0x98/0x1b4)
     [<c055f700>] (__cpufreq_governor+0x98/0x1b4) from [<c0560770>] (__cpufreq_set_policy+0x250/0x320)
     [<c0560770>] (__cpufreq_set_policy+0x250/0x320) from [<c0561dcc>] (cpufreq_update_policy+0xcc/0x168)
     [<c0561dcc>] (cpufreq_update_policy+0xcc/0x168) from [<c0561ed0>] (cpu_freq_notify+0x68/0xdc)
     [<c0561ed0>] (cpu_freq_notify+0x68/0xdc) from [<c008eff8>] (notifier_call_chain+0x4c/0x8c)
     [<c008eff8>] (notifier_call_chain+0x4c/0x8c) from [<c008f3d4>] (__blocking_notifier_call_chain+0x50/0x68)
     [<c008f3d4>] (__blocking_notifier_call_chain+0x50/0x68) from [<c008f40c>] (blocking_notifier_call_chain+0x20/0x28)
     [<c008f40c>] (blocking_notifier_call_chain+0x20/0x28) from [<c00aac6c>] (pm_qos_update_bounded_target+0xd8/0x310)
     [<c00aac6c>] (pm_qos_update_bounded_target+0xd8/0x310) from [<c00ab3b0>] (__pm_qos_update_request+0x64/0x70)
     [<c00ab3b0>] (__pm_qos_update_request+0x64/0x70) from [<c004b4b8>] (tegra_pm_notify+0x114/0x134)
     [<c004b4b8>] (tegra_pm_notify+0x114/0x134) from [<c008eff8>] (notifier_call_chain+0x4c/0x8c)
     [<c008eff8>] (notifier_call_chain+0x4c/0x8c) from [<c008f3d4>] (__blocking_notifier_call_chain+0x50/0x68)
     [<c008f3d4>] (__blocking_notifier_call_chain+0x50/0x68) from [<c008f40c>] (blocking_notifier_call_chain+0x20/0x28)
     [<c008f40c>] (blocking_notifier_call_chain+0x20/0x28) from [<c00ac228>] (pm_notifier_call_chain+0x1c/0x34)
     [<c00ac228>] (pm_notifier_call_chain+0x1c/0x34) from [<c00ad38c>] (enter_state+0xec/0x128)
     [<c00ad38c>] (enter_state+0xec/0x128) from [<c00ad400>] (pm_suspend+0x38/0xa4)
     [<c00ad400>] (pm_suspend+0x38/0xa4) from [<c00ac114>] (state_store+0x70/0xc0)
     [<c00ac114>] (state_store+0x70/0xc0) from [<c027b1e8>] (kobj_attr_store+0x14/0x20)
     [<c027b1e8>] (kobj_attr_store+0x14/0x20) from [<c019cd9c>] (sysfs_write_file+0x104/0x184)
     [<c019cd9c>] (sysfs_write_file+0x104/0x184) from [<c0143038>] (vfs_write+0xd0/0x19c)
     [<c0143038>] (vfs_write+0xd0/0x19c) from [<c0143414>] (SyS_write+0x4c/0x78)
     [<c0143414>] (SyS_write+0x4c/0x78) from [<c000f080>] (ret_fast_syscall+0x0/0x30)
     Code: e1a00006 eb084346 e59b0020 e5951024 (e5903028)
     ---[ end trace 0488523c8f6b0f9d ]---
    Signed-off-by: default avatarBibek Basu <bbasu@nvidia.com>
    Acked-by: default avatarViresh Kumar <viresh.kumar@linaro.org>
    Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
    Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
    3ddbd9a2
cpufreq_governor.c 10.3 KB