linux

mirror of https://github.com/hardkernel/linux.git synced 2026-04-01 10:42:58 +09:00

Files

James Morse ea4bbe1a04 cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory

[ Upstream commit cdef119660 ]

Since commit e5c6b312ce ("cpufreq: schedutil: Use kobject release()
method to free sugov_tunables") kobject_put() has kfree()d the
attr_set before gov_attr_set_put() returns.

kobject_put() isn't the last user of attr_set in gov_attr_set_put(),
the subsequent mutex_destroy() triggers a use-after-free:
| BUG: KASAN: use-after-free in mutex_is_locked+0x20/0x60
| Read of size 8 at addr ffff000800ca4250 by task cpuhp/2/20
|
| CPU: 2 PID: 20 Comm: cpuhp/2 Not tainted 5.15.0-rc1 #12369
| Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno Development
| Platform, BIOS EDK II Jul 30 2018
| Call trace:
|  dump_backtrace+0x0/0x380
|  show_stack+0x1c/0x30
|  dump_stack_lvl+0x8c/0xb8
|  print_address_description.constprop.0+0x74/0x2b8
|  kasan_report+0x1f4/0x210
|  kasan_check_range+0xfc/0x1a4
|  __kasan_check_read+0x38/0x60
|  mutex_is_locked+0x20/0x60
|  mutex_destroy+0x80/0x100
|  gov_attr_set_put+0xfc/0x150
|  sugov_exit+0x78/0x190
|  cpufreq_offline.isra.0+0x2c0/0x660
|  cpuhp_cpufreq_offline+0x14/0x24
|  cpuhp_invoke_callback+0x430/0x6d0
|  cpuhp_thread_fun+0x1b0/0x624
|  smpboot_thread_fn+0x5e0/0xa6c
|  kthread+0x3a0/0x450
|  ret_from_fork+0x10/0x20

Swap the order of the calls.

Fixes: e5c6b312ce ("cpufreq: schedutil: Use kobject release() method to free sugov_tunables")
Cc: 4.7+ <stable@vger.kernel.org> # 4.7+
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

2023-05-16 11:53:41 +09:00

acpi-cpufreq.c

acpi-cpufreq: Honor _PSD table setting on new AMD CPUs

2023-05-16 09:45:13 +09:00

amd_freq_sensitivity.c

cpufreq: Reuse new freq-table helpers

2016-07-07 00:14:27 +02:00

arm_big_little_dt.c

cpufreq: arm_big_little: use generic OPP functions for {init, free}_opp_table

2016-05-05 01:40:04 +02:00

arm_big_little.c

cpufreq: enable scpi cpufreq

2017-02-17 17:18:46 +08:00

arm_big_little.h

cpufreq: arm_big_little: use generic OPP functions for {init, free}_opp_table

2016-05-05 01:40:04 +02:00

at32ap-cpufreq.c

cpufreq: at32ap: don't declare local variable as static

2014-04-07 14:31:33 +02:00

blackfin-cpufreq.c

blackfin-cpufreq: Mark cpu_set_cclk() as static

2015-12-28 01:51:36 +01:00

cppc_cpufreq.c

cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path

2018-05-30 07:50:44 +02:00

cpufreq_conservative.c

Merge 4.9.34 into android-4.9

2017-06-27 10:43:56 +02:00

cpufreq_governor_attr_set.c

cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory

2023-05-16 11:53:41 +09:00

cpufreq_governor.c

sched/cpufreq: Fix kobject memleak

2023-05-15 13:00:00 +09:00

cpufreq_governor.h

cpufreq: Drop the 'initialized' field from struct cpufreq_governor

2016-06-02 23:24:39 +02:00

cpufreq_interactive.c

Amlogic: sync the code from mainline. [1/1]

2020-02-04 13:48:58 +09:00

cpufreq_ondemand.c

cpufreq: Reuse new freq-table helpers

2016-07-07 00:14:27 +02:00

cpufreq_ondemand.h

cpufreq: ondemand: Don't keep a copy of freq_table pointer

2016-06-09 00:58:06 +02:00

cpufreq_performance.c

ANDROID: [CPUFREQ] Don't export governors for default governor

2017-01-31 10:46:03 -08:00

cpufreq_powersave.c

ANDROID: [CPUFREQ] Don't export governors for default governor

2017-01-31 10:46:03 -08:00

cpufreq_stats.c

sched/cputime: Convert kcpustat to nsecs

2023-05-15 09:10:24 +09:00

cpufreq_times.c

ANDROID: Fix massive cpufreq_times memory leaks

2018-07-18 13:22:08 +00:00

cpufreq_userspace.c

ANDROID: [CPUFREQ] Don't export governors for default governor

2017-01-31 10:46:03 -08:00

cpufreq-dt-platdev.c

cpufreq: ti: Use generic platdev driver

2016-09-16 23:57:04 +02:00

cpufreq-dt.c

cpufreq: dt: Try freeing static OPPs only if we have added them

2023-05-15 09:19:38 +09:00

cpufreq-dt.h

cpufreq: dt: Support governor tunables per policy

2016-09-13 02:39:12 +02:00

cpufreq-nforce2.c

cpufreq: Use consistent prefixing via pr_fmt

2016-04-09 01:35:18 +02:00

cpufreq.c

cpufreq: Register drivers only after CPU devices have been registered

2023-05-15 16:19:37 +09:00

cris-artpec3-cpufreq.c

cpufreq: create another field .flags in cpufreq_frequency_table

2014-04-07 14:43:50 +02:00

cris-etraxfs-cpufreq.c

cpufreq: create another field .flags in cpufreq_frequency_table

2014-04-07 14:43:50 +02:00

davinci-cpufreq.c

cpufreq: davinci: Reuse cpufreq_generic_frequency_table_verify()

2016-06-09 00:58:07 +02:00

dbx500-cpufreq.c

cpufreq: drop owner assignment from platform_drivers

2014-10-20 16:20:24 +02:00

e_powersaver.c

cpufreq: e_powersaver: Use IS_ENABLED() instead of checking for built-in or module

2016-04-27 22:42:34 +02:00

elanfreq.c

cpufreq: Use consistent prefixing via pr_fmt

2016-04-09 01:35:18 +02:00

exynos5440-cpufreq.c

PM / OPP: Prefix exported opp routines with dev_pm_opp_

2015-09-15 02:03:16 +02:00

freq_table.c

cpufreq: Handle sorted frequency tables more efficiently

2016-07-07 00:13:20 +02:00

gx-suspmod.c

cpufreq: gx-suspmod: Fix two typos in two comments

2015-06-15 15:46:15 +02:00

highbank-cpufreq.c

cpufreq: highbank: Add missing MODULE_DEVICE_TABLE

2023-05-16 09:57:46 +09:00

ia64-acpi-cpufreq.c

cpufreq: Use consistent prefixing via pr_fmt

2016-04-09 01:35:18 +02:00

imx6q-cpufreq.c

cpufreq: imx6q: add return value check for voltage scale

2023-05-15 09:57:51 +09:00

integrator-cpufreq.c

cpufreq: integrator: Fix module autoload for OF platform driver

2015-09-25 23:29:35 +02:00

intel_pstate.c

x86/cpu: Sanitize FAM6_ATOM naming

2023-05-15 12:46:28 +09:00

Kconfig

ANDROID: cpufreq: track per-task time in state

2018-04-03 11:15:30 -07:00

Kconfig.arm

CPUFREQ: modify cpufreq driver.

2018-08-01 22:37:29 -07:00

Kconfig.powerpc

cpufreq: qoriq: rename the driver

2015-03-18 22:35:16 +01:00

Kconfig.x86

cpufreq: intel_pstate: Enforce _PPC limits

2016-04-28 01:01:39 +02:00

kirkwood-cpufreq.c

cpufreq: kirkwood: add missing \n to end of dev_err messages

2016-09-26 15:10:58 +02:00

longhaul.c

x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping

2018-02-22 15:43:55 +01:00

longhaul.h

cpufreq: delete __cpuinit usage from all cpufreq files

2013-07-14 19:36:57 -04:00

longrun.c

cpufreq: add new routine cpufreq_verify_within_cpu_limits()

2013-10-16 00:50:23 +02:00

loongson1-cpufreq.c

cpufreq: loongson1: Add missing MODULE_ALIAS

2023-05-16 09:57:49 +09:00

loongson2_cpufreq.c

cpufreq: Use consistent prefixing via pr_fmt

2016-04-09 01:35:18 +02:00

Makefile

CPUFREQ: modify cpufreq driver.

2018-08-01 22:37:29 -07:00

maple-cpufreq.c

cpufreq: Use consistent prefixing via pr_fmt

2016-04-09 01:35:18 +02:00

mt8173-cpufreq.c

Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux

2016-05-26 09:23:43 -07:00

mvebu-cpufreq.c

cpufreq: mvebu: fix integer to pointer cast

2016-06-13 23:49:43 +02:00

omap-cpufreq.c

remove lots of IS_ERR_VALUE abuses

2016-05-27 15:26:11 -07:00

p4-clockmod.c

x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping

2018-02-22 15:43:55 +01:00

pasemi-cpufreq.c

cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init()

2023-05-15 14:17:02 +09:00

pcc-cpufreq.c

Revert "cpufreq: pcc-cpufreq: update default value of cpuinfo_transition_latency"

2016-07-22 23:51:06 +02:00

pmac32-cpufreq.c

cpufreq: pmac32: fix possible object reference leak

2023-05-15 13:35:19 +09:00

pmac64-cpufreq.c

cpufreq: Use consistent prefixing via pr_fmt

2016-04-09 01:35:18 +02:00

powernow-k6.c

cpufreq: Use consistent prefixing via pr_fmt

2016-04-09 01:35:18 +02:00

powernow-k7.c

x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping

2018-02-22 15:43:55 +01:00

powernow-k7.h

[CPUFREQ] Move x86 drivers to drivers/cpufreq/

2011-05-19 18:51:07 -04:00

powernow-k8.c

cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get()

2023-05-16 10:26:09 +09:00

powernow-k8.h

cpufreq: powernow-k8: Suppress checkpatch warnings

2014-05-17 01:27:01 +02:00

powernv-cpufreq.c

cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier

2023-05-16 09:38:54 +09:00

ppc_cbe_cpufreq_pervasive.c

cpufreq: powerpc/platforms/cell: move cpufreq driver to drivers/cpufreq

2013-04-10 13:19:26 +02:00

ppc_cbe_cpufreq_pmi.c

cpufreq: Remove cpufreq_frequency_get_table()

2016-06-09 00:58:05 +02:00

ppc_cbe_cpufreq.c

cpufreq: ppc_cbe: fix possible object reference leak

2023-05-15 13:35:16 +09:00

ppc_cbe_cpufreq.h

cpufreq: e_powersaver: Use IS_ENABLED() instead of checking for built-in or module

2016-04-27 22:42:34 +02:00

pxa2xx-cpufreq.c

cpufreq: pxa2xx: remove incorrect __init annotation

2023-05-15 12:06:06 +09:00

pxa3xx-cpufreq.c

cpufreq: Remove cpufreq_generic_exit()

2014-03-12 01:06:00 +01:00

qoriq-cpufreq.c

cpufreq: qoriq: Fix cooling device registration issue during suspend

2016-04-25 16:07:02 +02:00

s3c24xx-cpufreq-debugfs.c

cpufreq: Use consistent prefixing via pr_fmt

2016-04-09 01:35:18 +02:00

s3c24xx-cpufreq.c

cpufreq: s3c24xx: Fix broken s3c_cpufreq_init()

2018-03-11 16:21:28 +01:00

s3c64xx-cpufreq.c

cpufreq: Use cpufreq_for_each_* macros for frequency table iteration

2014-04-30 00:06:21 +02:00

s3c2410-cpufreq.c

cpufreq: s3c24xx: Remove some dead code

2014-07-19 04:24:59 +09:00

s3c2412-cpufreq.c

cpufreq: Use consistent prefixing via pr_fmt

2016-04-09 01:35:18 +02:00

s3c2416-cpufreq.c

cpufreq: s3c2416: double free on driver init error path

2017-07-05 14:40:30 +02:00

s3c2440-cpufreq.c

cpufreq: Use consistent prefixing via pr_fmt

2016-04-09 01:35:18 +02:00

s5pv210-cpufreq.c

Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

2016-08-01 18:36:01 -04:00

sa1100-cpufreq.c

cpufreq: Mark ARM drivers with CPUFREQ_NEED_INITIAL_FREQ_CHECK flag

2014-01-06 14:17:25 +01:00

sa1110-cpufreq.c

ARM: sa1100: move StrongARM CPU ID checks to cputype.h

2016-08-23 10:25:17 +01:00

sc520_freq.c

cpufreq: Use consistent prefixing via pr_fmt

2016-04-09 01:35:18 +02:00

scpi-cpufreq.c

cpufreq: scpi: Add missing MODULE_ALIAS

2023-05-16 09:57:50 +09:00

sfi-cpufreq.c

cpufreq: sfi: use kmemdup rather than duplicating its implementation

2015-09-01 15:51:15 +02:00

sh-cpufreq.c

cpufreq/sh: Replace racy task affinity logic

2018-03-24 11:00:10 +01:00

sparc-us2e-cpufreq.c

cpufreq: add 'freq_table' in struct cpufreq_policy

2014-03-12 01:06:00 +01:00

sparc-us3-cpufreq.c

cpufreq: add 'freq_table' in struct cpufreq_policy

2014-03-12 01:06:00 +01:00

spear-cpufreq.c

cpufreq: drop owner assignment from platform_drivers

2014-10-20 16:20:24 +02:00

speedstep-centrino.c

x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping

2018-02-22 15:43:55 +01:00

speedstep-ich.c

cpufreq: Use consistent prefixing via pr_fmt

2016-04-09 01:35:18 +02:00

speedstep-lib.c

x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping

2018-02-22 15:43:55 +01:00

speedstep-lib.h

[CPUFREQ] Move x86 drivers to drivers/cpufreq/

2011-05-19 18:51:07 -04:00

speedstep-smi.c

cpufreq: Use consistent prefixing via pr_fmt

2016-04-09 01:35:18 +02:00

sti-cpufreq.c

cpufreq: st: Add missing MODULE_DEVICE_TABLE

2023-05-16 09:57:48 +09:00

tegra20-cpufreq.c

cpufreq: tegra20: remove superfluous CONFIG_PM ifdefs

2015-09-26 03:00:57 +02:00

tegra124-cpufreq.c

cpufreq: tegra124: add missing of_node_put()

2023-05-15 12:06:05 +09:00

unicore2-cpufreq.c

cpufreq: unicore32: replace IS_ERR and PTR_ERR with PTR_ERR_OR_ZERO

2014-04-21 23:42:27 +02:00

vexpress-spc-cpufreq.c

cpufreq: arm_big_little: use generic OPP functions for {init, free}_opp_table

2016-05-05 01:40:04 +02:00