[PATCH 2/5] cpufreq, fix locking around CPUFREQ_GOV_POLICY_EXIT calls

From: Prarit Bhargava
Date: Wed Nov 05 2014 - 09:59:59 EST

Next message: Andrey Ryabinin: "[PATCH v6 00/11] Kernel address sanitizer - runtime memory debugger."
Previous message: Prarit Bhargava: "[PATCH 4/5] cpufreq, policy->initialized count must be atomic"
In reply to: Rafael J. Wysocki: "Re: [PATCH 4/5] cpufreq, policy->initialized count must be atomic"
Next in thread: Prarit Bhargava: "[PATCH 3/5] cpufreq, dbs_data->usage count must be atomic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

commit 955ef4833574636819cd269cfbae12f79cbde63a (" cpufreq: Drop rwsem
lock around CPUFREQ_GOV_POLICY_EXIT") opens up a hole in the locking
scheme for cpufreq.

Simple tests such as rapidly switching the governor between ondemand and
performance or attempting to read policy values while a governor switch occurs
now fail with very NULL pointer warnings, sysfs namespace collisions, and
system hangs. In short, the locking that policy->rwsem is supposed to provide
is currently broken.

The identified commit attempts to resolve a lockdep warning by removing
a lock around a section of code which does a shutdown of the
existing policy. The problem is that this is part of the _critical_ section of
code that switches the governors and must be protected by the lock; without
locking readers may access now NULL or stale data, and writes may collide with
each other.

With the previous patch, which now returns -EBUSY during times of
contention the deadlock reported in
955ef4833574636819cd269cfbae12f79cbde63a (" cpufreq: Drop rwsem lock
around CPUFREQ_GOV_POLICY_EXIT") cannot occur, so adding the locks back
into this section of code is possible.

Cc: "Rafael J. Wysocki" <rjw@xxxxxxxxxxxxx>
Cc: Viresh Kumar <viresh.kumar@xxxxxxxxxx>
Cc: linux-pm@xxxxxxxxxxxxxxx
Signed-off-by: Prarit Bhargava <prarit@xxxxxxxxxx>
---
drivers/cpufreq/cpufreq.c | 4 ----
include/linux/cpufreq.h | 4 ----
2 files changed, 8 deletions(-)

diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
index 3f09ca9..e33cb15 100644
--- a/drivers/cpufreq/cpufreq.c
+++ b/drivers/cpufreq/cpufreq.c
@@ -2222,9 +2222,7 @@ static int cpufreq_set_policy(struct cpufreq_policy *policy,
/* end old governor */
if (old_gov) {
__cpufreq_governor(policy, CPUFREQ_GOV_STOP);
- up_write(&policy->rwsem);
__cpufreq_governor(policy, CPUFREQ_GOV_POLICY_EXIT);
- down_write(&policy->rwsem);
}

/* start new governor */
@@ -2233,9 +2231,7 @@ static int cpufreq_set_policy(struct cpufreq_policy *policy,
if (!__cpufreq_governor(policy, CPUFREQ_GOV_START))
goto out;

- up_write(&policy->rwsem);
__cpufreq_governor(policy, CPUFREQ_GOV_POLICY_EXIT);
- down_write(&policy->rwsem);
}

/* new governor failed, so re-start old one */
diff --git a/include/linux/cpufreq.h b/include/linux/cpufreq.h
index 503b085..43909ad 100644
--- a/include/linux/cpufreq.h
+++ b/include/linux/cpufreq.h
@@ -100,10 +100,6 @@ struct cpufreq_policy {
* - Any routine that will write to the policy structure and/or may take away
* the policy altogether (eg. CPU hotplug), will hold this lock in write
* mode before doing so.
- *
- * Additional rules:
- * - Lock should not be held across
- * __cpufreq_governor(data, CPUFREQ_GOV_POLICY_EXIT);
*/
struct rw_semaphore rwsem;

--
1.7.9.3

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrey Ryabinin: "[PATCH v6 00/11] Kernel address sanitizer - runtime memory debugger."
Previous message: Prarit Bhargava: "[PATCH 4/5] cpufreq, policy->initialized count must be atomic"
In reply to: Rafael J. Wysocki: "Re: [PATCH 4/5] cpufreq, policy->initialized count must be atomic"
Next in thread: Prarit Bhargava: "[PATCH 3/5] cpufreq, dbs_data->usage count must be atomic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]