diff mbox series

cpufreq: Init completion before kobject_init_and_add()

Message ID	20221110142307.981883-1-liuyongqiang13@huawei.com
State	New
Headers	Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; From: Yongqiang Liu <liuyongqiang13@huawei.com> To: <rafael@kernel.org>, <viresh.kumar@linaro.org>, <tobin@kernel.org> CC: <zhangxiaoxu5@huawei.com>, <linux-pm@vger.kernel.org>, <linux-kernel@vger.kernel.org> Subject: [PATCH] cpufreq: Init completion before kobject_init_and_add() Date: Thu, 10 Nov 2022 14:23:07 +0000 Message-ID: <20221110142307.981883-1-liuyongqiang13@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII Precedence: bulk
Series	cpufreq: Init completion before kobject_init_and_add() \| cpufreq: Init completion before kobject_init_and_add()

Commit Message

Yongqiang Liu Nov. 10, 2022, 2:23 p.m. UTC

  In cpufreq_policy_alloc(), it will call uninitialed completion in
cpufreq_sysfs_release() when kobject_init_and_add() fails. And
that will cause a crash such as the following page fault in complete:

BUG: unable to handle page fault for address: fffffffffffffff8
[..]
RIP: 0010:complete+0x98/0x1f0
[..]
Call Trace:
 kobject_put+0x1be/0x4c0
 cpufreq_online.cold+0xee/0x1fd
 cpufreq_add_dev+0x183/0x1e0
 subsys_interface_register+0x3f5/0x4e0
 cpufreq_register_driver+0x3b7/0x670
 acpi_cpufreq_init+0x56c/0x1000 [acpi_cpufreq]
 do_one_initcall+0x13d/0x780
 do_init_module+0x1c3/0x630
 load_module+0x6e67/0x73b0
 __do_sys_finit_module+0x181/0x240
 do_syscall_64+0x35/0x80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Fixes: 4ebe36c94aed ("cpufreq: Fix kobject memleak")
Signed-off-by: Yongqiang Liu <liuyongqiang13@huawei.com>
---
 drivers/cpufreq/cpufreq.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Viresh Kumar Nov. 14, 2022, 3:23 a.m. UTC | #1

On 10-11-22, 14:23, Yongqiang Liu wrote:
> In cpufreq_policy_alloc(), it will call uninitialed completion in
> cpufreq_sysfs_release() when kobject_init_and_add() fails. And
> that will cause a crash such as the following page fault in complete:
> 
> BUG: unable to handle page fault for address: fffffffffffffff8
> [..]
> RIP: 0010:complete+0x98/0x1f0
> [..]
> Call Trace:
>  kobject_put+0x1be/0x4c0
>  cpufreq_online.cold+0xee/0x1fd
>  cpufreq_add_dev+0x183/0x1e0
>  subsys_interface_register+0x3f5/0x4e0
>  cpufreq_register_driver+0x3b7/0x670
>  acpi_cpufreq_init+0x56c/0x1000 [acpi_cpufreq]
>  do_one_initcall+0x13d/0x780
>  do_init_module+0x1c3/0x630
>  load_module+0x6e67/0x73b0
>  __do_sys_finit_module+0x181/0x240
>  do_syscall_64+0x35/0x80
>  entry_SYSCALL_64_after_hwframe+0x63/0xcd
> 
> Fixes: 4ebe36c94aed ("cpufreq: Fix kobject memleak")
> Signed-off-by: Yongqiang Liu <liuyongqiang13@huawei.com>
> ---
>  drivers/cpufreq/cpufreq.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
> index 69b3d61852ac..7e56a42750ea 100644
> --- a/drivers/cpufreq/cpufreq.c
> +++ b/drivers/cpufreq/cpufreq.c
> @@ -1207,6 +1207,7 @@ static struct cpufreq_policy *cpufreq_policy_alloc(unsigned int cpu)
>  	if (!zalloc_cpumask_var(&policy->real_cpus, GFP_KERNEL))
>  		goto err_free_rcpumask;
>  
> +	init_completion(&policy->kobj_unregister);
>  	ret = kobject_init_and_add(&policy->kobj, &ktype_cpufreq,
>  				   cpufreq_global_kobject, "policy%u", cpu);
>  	if (ret) {
> @@ -1245,7 +1246,6 @@ static struct cpufreq_policy *cpufreq_policy_alloc(unsigned int cpu)
>  	init_rwsem(&policy->rwsem);
>  	spin_lock_init(&policy->transition_lock);
>  	init_waitqueue_head(&policy->transition_wait);
> -	init_completion(&policy->kobj_unregister);
>  	INIT_WORK(&policy->update, handle_update);
>  
>  	policy->cpu = cpu;

Acked-by: Viresh Kumar <viresh.kumar@linaro.org>

Rafael J. Wysocki Nov. 30, 2022, 6:38 p.m. UTC | #2

On Mon, Nov 14, 2022 at 4:23 AM Viresh Kumar <viresh.kumar@linaro.org> wrote:
>
> On 10-11-22, 14:23, Yongqiang Liu wrote:
> > In cpufreq_policy_alloc(), it will call uninitialed completion in
> > cpufreq_sysfs_release() when kobject_init_and_add() fails. And
> > that will cause a crash such as the following page fault in complete:
> >
> > BUG: unable to handle page fault for address: fffffffffffffff8
> > [..]
> > RIP: 0010:complete+0x98/0x1f0
> > [..]
> > Call Trace:
> >  kobject_put+0x1be/0x4c0
> >  cpufreq_online.cold+0xee/0x1fd
> >  cpufreq_add_dev+0x183/0x1e0
> >  subsys_interface_register+0x3f5/0x4e0
> >  cpufreq_register_driver+0x3b7/0x670
> >  acpi_cpufreq_init+0x56c/0x1000 [acpi_cpufreq]
> >  do_one_initcall+0x13d/0x780
> >  do_init_module+0x1c3/0x630
> >  load_module+0x6e67/0x73b0
> >  __do_sys_finit_module+0x181/0x240
> >  do_syscall_64+0x35/0x80
> >  entry_SYSCALL_64_after_hwframe+0x63/0xcd
> >
> > Fixes: 4ebe36c94aed ("cpufreq: Fix kobject memleak")
> > Signed-off-by: Yongqiang Liu <liuyongqiang13@huawei.com>
> > ---
> >  drivers/cpufreq/cpufreq.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
> > index 69b3d61852ac..7e56a42750ea 100644
> > --- a/drivers/cpufreq/cpufreq.c
> > +++ b/drivers/cpufreq/cpufreq.c
> > @@ -1207,6 +1207,7 @@ static struct cpufreq_policy *cpufreq_policy_alloc(unsigned int cpu)
> >       if (!zalloc_cpumask_var(&policy->real_cpus, GFP_KERNEL))
> >               goto err_free_rcpumask;
> >
> > +     init_completion(&policy->kobj_unregister);
> >       ret = kobject_init_and_add(&policy->kobj, &ktype_cpufreq,
> >                                  cpufreq_global_kobject, "policy%u", cpu);
> >       if (ret) {
> > @@ -1245,7 +1246,6 @@ static struct cpufreq_policy *cpufreq_policy_alloc(unsigned int cpu)
> >       init_rwsem(&policy->rwsem);
> >       spin_lock_init(&policy->transition_lock);
> >       init_waitqueue_head(&policy->transition_wait);
> > -     init_completion(&policy->kobj_unregister);
> >       INIT_WORK(&policy->update, handle_update);
> >
> >       policy->cpu = cpu;
>
> Acked-by: Viresh Kumar <viresh.kumar@linaro.org>

Applied as 6.2 material, thanks!

diff mbox series

Patch

diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
index 69b3d61852ac..7e56a42750ea 100644
--- a/drivers/cpufreq/cpufreq.c
+++ b/drivers/cpufreq/cpufreq.c
@@ -1207,6 +1207,7 @@  static struct cpufreq_policy *cpufreq_policy_alloc(unsigned int cpu)
 	if (!zalloc_cpumask_var(&policy->real_cpus, GFP_KERNEL))
 		goto err_free_rcpumask;
 
+	init_completion(&policy->kobj_unregister);
 	ret = kobject_init_and_add(&policy->kobj, &ktype_cpufreq,
 				   cpufreq_global_kobject, "policy%u", cpu);
 	if (ret) {
@@ -1245,7 +1246,6 @@  static struct cpufreq_policy *cpufreq_policy_alloc(unsigned int cpu)
 	init_rwsem(&policy->rwsem);
 	spin_lock_init(&policy->transition_lock);
 	init_waitqueue_head(&policy->transition_wait);
-	init_completion(&policy->kobj_unregister);
 	INIT_WORK(&policy->update, handle_update);
 
 	policy->cpu = cpu;