| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <819e3c75-9831-4190-aa01-e76aed423460@igalia.com>
Date: Wed, 29 Oct 2025 09:37:02 +0900
From: Changwoo Min <changwoo@...lia.com>
To: Peng Fan <peng.fan@....com>, Lukasz Luba <lukasz.luba@....com>,
"Rafael J. Wysocki" <rafael@...nel.org>, Pavel Machek <pavel@...nel.org>,
Len Brown <lenb@...nel.org>, Ulf Hansson <ulf.hansson@...aro.org>,
Sudeep Holla <sudeep.holla@....com>,
Cristian Marussi <cristian.marussi@....com>
Cc: arm-scmi@...r.kernel.org, "Rafael J. Wysocki"
<rafael.j.wysocki@...el.com>, linux-pm@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH RFC] PM: EM: Add to em_pd_list only when no failure
Thanks, Peng, for catching this. This makes sense.
So, feel free to add:
Reviewed-by: Changwoo Min <changwoo@...lia.com>
On 10/28/25 23:23, Peng Fan wrote:
> When em_create_perf_table() returns failure, pd is freed, there dev->em_pd
> is not valid. Then accessing dev->em_pd->node will trigger kernel panic
> in em_dev_register_pd_no_update(). So return early if 'ret' is non-zero.
>
> Kernel dump:
> cpu cpu0: EM: invalid power: 0
> Unable to handle kernel NULL pointer dereference at virtual address
> 0000000000000008
> Mem abort info:
> pc : em_dev_register_pd_no_update+0xb4/0x79c
> lr : em_dev_register_pd_no_update+0x9c/0x79c
> Call trace:
> em_dev_register_pd_no_update+0xb4/0x79c (P)
> em_dev_register_perf_domain+0x18/0x58
> scmi_cpufreq_register_em+0x84/0xb8
> cpufreq_online+0x48c/0xb74
> cpufreq_add_dev+0x80/0x98
> subsys_interface_register+0x100/0x11c
> cpufreq_register_driver+0x158/0x278
> scmi_cpufreq_probe+0x1f8/0x2e0
> scmi_dev_probe+0x28/0x3c
> really_probe+0xbc/0x29c
> __driver_probe_device+0x78/0x12c
> driver_probe_device+0x3c/0x15c
> __device_attach_driver+0xb8/0x134
> bus_for_each_drv+0x84/0xe4
>
> Fixes: cbe5aeedecc7 ("PM: EM: Assign a unique ID when creating a performance domain")
> Signed-off-by: Peng Fan <peng.fan@....com>
> ---
> kernel/power/energy_model.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/power/energy_model.c b/kernel/power/energy_model.c
> index e669d5057fca6da9612575a1c626474e60e7f7c4..11af9f64aa8276e47e0a5b2d615b227368af5480 100644
> --- a/kernel/power/energy_model.c
> +++ b/kernel/power/energy_model.c
> @@ -693,13 +693,16 @@ int em_dev_register_pd_no_update(struct device *dev, unsigned int nr_states,
>
> unlock:
> mutex_unlock(&em_pd_mutex);
> + if (ret)
> + return ret;
>
> mutex_lock(&em_pd_list_mutex);
> list_add_tail(&dev->em_pd->node, &em_pd_list);
> mutex_unlock(&em_pd_list_mutex);
>
> em_notify_pd_created(dev->em_pd);
> - return ret;
> +
> + return 0;
> }
> EXPORT_SYMBOL_GPL(em_dev_register_pd_no_update);
>
>
> ---
> base-commit: f7d2388eeec24966fc4d5cf32d706f0514f29ac5
> change-id: 20251028-fix-energy-6b63b72ae9c6
>
> Best regards,
Powered by blists - more mailing lists