1. 06 Mar, 2014 4 commits
    • Rafael J. Wysocki's avatar
      3b4aff04
    • Viresh Kumar's avatar
      cpufreq: Initialize governor for a new policy under policy->rwsem · 4e97b631
      Viresh Kumar authored
      policy->rwsem is used to lock access to all parts of code modifying
      struct cpufreq_policy, but it's not used on a new policy created by
      __cpufreq_add_dev().
      
      Because of that, if cpufreq_update_policy() is called in a tight loop
      on one CPU in parallel with offline/online of another CPU, then the
      following crash can be triggered:
      
      Unable to handle kernel NULL pointer dereference at virtual address 00000020
      pgd = c0003000
      [00000020] *pgd=80000000004003, *pmd=00000000
      Internal error: Oops: 206 [#1] PREEMPT SMP ARM
      
      PC is at __cpufreq_governor+0x10/0x1ac
      LR is at cpufreq_update_policy+0x114/0x150
      
      ---[ end trace f23a8defea6cd706 ]---
      Kernel panic - not syncing: Fatal exception
      CPU0: stopping
      CPU: 0 PID: 7136 Comm: mpdecision Tainted: G      D W    3.10.0-gd727407-00074-g979ede8 #396
      
      [<c0afe180>] (notifier_call_chain+0x40/0x68) from [<c02a23ac>] (__blocking_notifier_call_chain+0x40/0x58)
      [<c02a23ac>] (__blocking_notifier_call_chain+0x40/0x58) from [<c02a23d8>] (blocking_notifier_call_chain+0x14/0x1c)
      [<c02a23d8>] (blocking_notifier_call_chain+0x14/0x1c) from [<c0803c68>] (cpufreq_set_policy+0xd4/0x2b8)
      [<c0803c68>] (cpufreq_set_policy+0xd4/0x2b8) from [<c0803e7c>] (cpufreq_init_policy+0x30/0x98)
      [<c0803e7c>] (cpufreq_init_policy+0x30/0x98) from [<c0805a18>] (__cpufreq_add_dev.isra.17+0x4dc/0x7a4)
      [<c0805a18>] (__cpufreq_add_dev.isra.17+0x4dc/0x7a4) from [<c0805d38>] (cpufreq_cpu_callback+0x58/0x84)
      [<c0805d38>] (cpufreq_cpu_callback+0x58/0x84) from [<c0afe180>] (notifier_call_chain+0x40/0x68)
      [<c0afe180>] (notifier_call_chain+0x40/0x68) from [<c02812dc>] (__cpu_notify+0x28/0x44)
      [<c02812dc>] (__cpu_notify+0x28/0x44) from [<c0aeed90>] (_cpu_up+0xf4/0x1dc)
      [<c0aeed90>] (_cpu_up+0xf4/0x1dc) from [<c0aeeed4>] (cpu_up+0x5c/0x78)
      [<c0aeeed4>] (cpu_up+0x5c/0x78) from [<c0aec808>] (store_online+0x44/0x74)
      [<c0aec808>] (store_online+0x44/0x74) from [<c03a40f4>] (sysfs_write_file+0x108/0x14c)
      [<c03a40f4>] (sysfs_write_file+0x108/0x14c) from [<c03517d4>] (vfs_write+0xd0/0x180)
      [<c03517d4>] (vfs_write+0xd0/0x180) from [<c0351ca8>] (SyS_write+0x38/0x68)
      [<c0351ca8>] (SyS_write+0x38/0x68) from [<c0205de0>] (ret_fast_syscall+0x0/0x30)
      
      Fix that by taking locks at appropriate places in __cpufreq_add_dev()
      as well.
      Reported-by: default avatarSaravana Kannan <skannan@codeaurora.org>
      Suggested-by: default avatarSrivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
      Signed-off-by: default avatarViresh Kumar <viresh.kumar@linaro.org>
      [rjw: Changelog]
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      4e97b631
    • Viresh Kumar's avatar
      cpufreq: Initialize policy before making it available for others to use · 5a7e56a5
      Viresh Kumar authored
      Policy must be fully initialized before it is being made available
      for use by others. Otherwise cpufreq_cpu_get() would be able to grab
      a half initialized policy structure that might not have affected_cpus
      (for example) populated. Then, anybody accessing those fields will get
      a wrong value and that will lead to unpredictable results.
      
      In order to fix this, do all the necessary initialization before we
      make the policy structure available via cpufreq_cpu_get(). That will
      guarantee that any code accessing fields of the policy will get
      correct data from them.
      Reported-by: default avatarSaravana Kannan <skannan@codeaurora.org>
      Signed-off-by: default avatarViresh Kumar <viresh.kumar@linaro.org>
      [rjw: Changelog]
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      5a7e56a5
    • Aaron Plattner's avatar
      cpufreq: use cpufreq_cpu_get() to avoid cpufreq_get() race conditions · 999976e0
      Aaron Plattner authored
      If a module calls cpufreq_get while cpufreq is initializing, it's
      possible for it to be called after cpufreq_driver is set but before
      cpufreq_cpu_data is written during subsys_interface_register.  This
      happens because cpufreq_get doesn't take the cpufreq_driver_lock
      around its use of cpufreq_cpu_data.
      
      Fix this by using cpufreq_cpu_get(cpu) to look up the policy rather
      than reading it out of cpufreq_cpu_data directly.  cpufreq_cpu_get()
      takes the appropriate locks to prevent this race from happening.
      
      Since it's possible for policy to be NULL if the caller passes in an
      invalid CPU number or calls the function before cpufreq is initialized,
      delete the BUG_ON(!policy) and simply return 0.  Don't try to return
      -ENOENT because that's negative and the function returns an unsigned
      integer.
      
      References: https://bbs.archlinux.org/viewtopic.php?id=177934Signed-off-by: default avatarAaron Plattner <aplattner@nvidia.com>
      Cc: 3.13+ <stable@vger.kernel.org> # 3.13+
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      999976e0
  2. 03 Mar, 2014 1 commit
  3. 02 Mar, 2014 15 commits
  4. 01 Mar, 2014 8 commits
  5. 28 Feb, 2014 12 commits