From 17823171af70986013f80e85c70e95e6730ae7d2 Mon Sep 17 00:00:00 2001 From: Tao Huang Date: Wed, 10 Jun 2020 20:18:45 +0800 Subject: [PATCH] PM / QoS: Do not call pm_qos_set_value_for_cpus() Which confuse pm_qos_request and dev_pm_qos_request. So get this bug: [ 0.264863] ================================================================== [ 0.265600] BUG: KASAN: slab-out-of-bounds in find_next_bit+0x38/0x9c [ 0.266241] Read of size 8 at addr ffffffc0d27c4eb0 by task swapper/0/1 [ 0.266887] [ 0.267055] CPU: 5 PID: 1 Comm: swapper/0 Not tainted 4.19.126 #121 [ 0.267671] Hardware name: Rockchip RK3399 Evaluation Board v3 (Android) (DT) [ 0.268370] Call trace: [ 0.268632] dump_backtrace+0x0/0x220 [ 0.269004] show_stack+0x14/0x1c [ 0.269344] dump_stack+0xd8/0x118 [ 0.269693] print_address_description+0x80/0x2e4 [ 0.270163] __kasan_report+0x15c/0x1c4 [ 0.270550] kasan_report+0x10/0x18 [ 0.270904] __asan_load8+0x80/0x88 [ 0.271259] find_next_bit+0x38/0x9c [ 0.271620] cpumask_next+0x20/0x28 [ 0.271977] pm_qos_update_target+0x380/0x65c [ 0.272417] apply_constraint+0x94/0x13c [ 0.272813] __dev_pm_qos_add_request+0x204/0x258 [ 0.273284] dev_pm_qos_expose_latency_limit+0x84/0x1ac [ 0.273806] register_cpu+0x1a8/0x1c4 [ 0.274177] topology_init+0x90/0xd0 [ 0.274539] do_one_initcall+0x1fc/0x3d8 [ 0.274937] do_initcall_level+0x1c4/0x1f8 [ 0.275350] do_basic_setup+0x68/0x80 [ 0.275722] kernel_init_freeable+0x108/0x194 [ 0.276161] kernel_init+0x14/0x2a0 [ 0.276514] ret_from_fork+0x10/0x18 [ 0.276870] [ 0.277027] Allocated by task 1: [ 0.277358] __kasan_kmalloc+0xf0/0x1d4 [ 0.277740] kasan_kmalloc+0xc/0x14 [ 0.278083] __kmalloc+0x114/0x378 [ 0.278424] kobject_get_path+0x60/0xe4 [ 0.278804] kobject_uevent_env+0x174/0x81c [ 0.279217] kobject_uevent+0x10/0x18 [ 0.279581] device_add+0xa3c/0xe68 [ 0.279929] device_register+0x1c/0x28 [ 0.280300] register_cpu+0x158/0x1c4 [ 0.280664] topology_init+0x90/0xd0 [ 0.281018] do_one_initcall+0x1fc/0x3d8 [ 0.281410] do_initcall_level+0x1c4/0x1f8 [ 0.281814] do_basic_setup+0x68/0x80 [ 0.282183] kernel_init_freeable+0x108/0x194 [ 0.282610] kernel_init+0x14/0x2a0 [ 0.282957] ret_from_fork+0x10/0x18 [ 0.283305] [ 0.283461] Freed by task 1: [ 0.283758] __kasan_slab_free+0x140/0x234 [ 0.284164] kasan_slab_free+0x10/0x1c [ 0.284533] kfree+0x1a0/0x730 [ 0.284840] kobject_uevent_env+0x208/0x81c [ 0.285248] kobject_uevent+0x10/0x18 [ 0.285615] device_add+0xa3c/0xe68 [ 0.285962] device_register+0x1c/0x28 [ 0.286337] register_cpu+0x158/0x1c4 [ 0.286699] topology_init+0x90/0xd0 [ 0.287054] do_one_initcall+0x1fc/0x3d8 [ 0.287441] do_initcall_level+0x1c4/0x1f8 [ 0.287848] do_basic_setup+0x68/0x80 [ 0.288210] kernel_init_freeable+0x108/0x194 [ 0.288643] kernel_init+0x14/0x2a0 [ 0.288987] ret_from_fork+0x10/0x18 [ 0.289336] [ 0.289498] The buggy address belongs to the object at ffffffc0d27c4e00 [ 0.289498] which belongs to the cache kmalloc-128 of size 128 [ 0.290726] The buggy address is located 48 bytes to the right of [ 0.290726] 128-byte region [ffffffc0d27c4e00, ffffffc0d27c4e80) [ 0.291915] The buggy address belongs to the page: [ 0.292395] page:ffffffbf0349f100 count:1 mapcount:0 mapping:ffffffc00a2c7c00 index:0x0 [ 0.293184] flags: 0x200(slab) [ 0.293504] raw: 0000000000000200 dead000000000100 dead000000000200 ffffffc00a2c7c00 [ 0.294273] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 0.295028] page dumped because: kasan: bad access detected [ 0.295576] [ 0.295731] Memory state around the buggy address: [ 0.296194] ffffffc0d27c4d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 0.296905] ffffffc0d27c4e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 0.297617] >ffffffc0d27c4e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 0.298323] ^ [ 0.298787] ffffffc0d27c4f00: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 0.299498] ffffffc0d27c4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 0.300206] ================================================================== Fixes: 723feab600f7 ("ANDROID: GKI: QoS: Enhance framework to support cpu/irq specific QoS requests") Change-Id: I87d682d30d8147cdba6309a9d4ffd6dcb25e0960 Signed-off-by: Tao Huang --- kernel/power/qos.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/power/qos.c b/kernel/power/qos.c index 789dd20b6669..7445e83dc5f4 100644 --- a/kernel/power/qos.c +++ b/kernel/power/qos.c @@ -340,7 +340,9 @@ int pm_qos_update_target(struct pm_qos_constraints *c, struct plist_node *node, curr_value = pm_qos_get_value(c); pm_qos_set_value(c, curr_value); +#ifndef CONFIG_ARCH_ROCKCHIP pm_qos_set_value_for_cpus(c); +#endif spin_unlock_irqrestore(&pm_qos_lock, flags);