| Message ID | 20210901084732.943248-1-ardb@kernel.org (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
| Series | cpufreq: qcom-cpufreq-hw: Avoid stack buffer for IRQ name | expand |
On 9/1/21 3:47 AM, Ard Biesheuvel wrote: > Registering an IRQ requires the string buffer containing the name to > remain allocated, as the name is not copied into another buffer. > > So let's add a irq_name field to the data struct instead, which is > guaranteed to have the appropriate lifetime. > > Cc: Thara Gopinath <thara.gopinath@linaro.org> > Cc: Bjorn Andersson <bjorn.andersson@linaro.org> > Cc: Andy Gross <agross@kernel.org> > Cc: linux-arm-msm@vger.kernel.org > Signed-off-by: Ard Biesheuvel <ardb@kernel.org> > --- > I'm not following msm development closely, so apologies if this was > already fixed, or if this is not based on the right tree. > > This fixes a crash on my Yoga C630 when reading /proc/interrupts. > > drivers/cpufreq/qcom-cpufreq-hw.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/drivers/cpufreq/qcom-cpufreq-hw.c b/drivers/cpufreq/qcom-cpufreq-hw.c > index 3cc27d9e2ed1..6613228fe68c 100644 > --- a/drivers/cpufreq/qcom-cpufreq-hw.c > +++ b/drivers/cpufreq/qcom-cpufreq-hw.c > @@ -44,6 +44,7 @@ struct qcom_cpufreq_data { > /* Lock to synchronize between de-init sequence and re-starting LMh polling/interrupts */ > spinlock_t throttle_lock; > int throttle_irq; > + char irq_name[15]; > bool cancel_throttle; > }; > > @@ -371,7 +372,6 @@ static int qcom_cpufreq_hw_lmh_init(struct cpufreq_policy *policy, int index) > { > struct qcom_cpufreq_data *data = policy->driver_data; > struct platform_device *pdev = cpufreq_get_driver_data(); > - char irq_name[15]; > int ret; > > /* > @@ -388,11 +388,11 @@ static int qcom_cpufreq_hw_lmh_init(struct cpufreq_policy *policy, int index) > spin_lock_init(&data->throttle_lock); > INIT_DEFERRABLE_WORK(&data->throttle_work, qcom_lmh_dcvs_poll); > > - snprintf(irq_name, sizeof(irq_name), "dcvsh-irq-%u", policy->cpu); > + snprintf(data->irq_name, sizeof(data->irq_name), "dcvsh-irq-%u", policy->cpu); > ret = request_threaded_irq(data->throttle_irq, NULL, qcom_lmh_dcvs_handle_irq, > - IRQF_ONESHOT, irq_name, data); > + IRQF_ONESHOT, data->irq_name, data); > if (ret) { > - dev_err(&pdev->dev, "Error registering %s: %d\n", irq_name, ret); > + dev_err(&pdev->dev, "Error registering %s: %d\n", data->irq_name, ret); > return 0; > } > I haven't experienced the crash here, but I also tested the patch on my C630, and still don't see the issue so, if you want: Tested-By: Steev Klimaszewski <steev@kali.org>
On 9/1/21 4:47 AM, Ard Biesheuvel wrote: > Registering an IRQ requires the string buffer containing the name to > remain allocated, as the name is not copied into another buffer. > > So let's add a irq_name field to the data struct instead, which is > guaranteed to have the appropriate lifetime. > > Cc: Thara Gopinath <thara.gopinath@linaro.org> > Cc: Bjorn Andersson <bjorn.andersson@linaro.org> > Cc: Andy Gross <agross@kernel.org> > Cc: linux-arm-msm@vger.kernel.org > Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Thanks for the fix. Reviewed-by: Thara Gopinath <thara.gopinath@linaro.org>
> On 9/1/21 4:47 AM, Ard Biesheuvel wrote: > > Registering an IRQ requires the string buffer containing the name to > > remain allocated, as the name is not copied into another buffer. > > > > So let's add a irq_name field to the data struct instead, which is > > guaranteed to have the appropriate lifetime. > > > > Cc: Thara Gopinath <thara.gopinath@linaro.org> > > Cc: Bjorn Andersson <bjorn.andersson@linaro.org> > > Cc: Andy Gross <agross@kernel.org> > > Cc: linux-arm-msm@vger.kernel.org > > Signed-off-by: Ard Biesheuvel <ardb@kernel.org> > > Thanks for the fix. > > Reviewed-by: Thara Gopinath <thara.gopinath@linaro.org> Seems this patch has been overlooked. Would it be possible to resubmit it with a 'Fixes' tag? Regards, Loic
On Mon 20 Dec 02:12 PST 2021, Loic Poulain wrote: > > On 9/1/21 4:47 AM, Ard Biesheuvel wrote: > > > Registering an IRQ requires the string buffer containing the name to > > > remain allocated, as the name is not copied into another buffer. > > > > > > So let's add a irq_name field to the data struct instead, which is > > > guaranteed to have the appropriate lifetime. > > > > > > Cc: Thara Gopinath <thara.gopinath@linaro.org> > > > Cc: Bjorn Andersson <bjorn.andersson@linaro.org> > > > Cc: Andy Gross <agross@kernel.org> > > > Cc: linux-arm-msm@vger.kernel.org > > > Signed-off-by: Ard Biesheuvel <ardb@kernel.org> > > > > Thanks for the fix. > > > > Reviewed-by: Thara Gopinath <thara.gopinath@linaro.org> > > Seems this patch has been overlooked. Would it be possible to resubmit > it with a 'Fixes' tag? > This was resubmitted by Vladimir and Viresh replied that it's applied, see: https://lore.kernel.org/all/20211125065014.phkfugo2wptosrgv@vireshk-i7/ Regards, Bjorn
diff --git a/drivers/cpufreq/qcom-cpufreq-hw.c b/drivers/cpufreq/qcom-cpufreq-hw.c index 3cc27d9e2ed1..6613228fe68c 100644 --- a/drivers/cpufreq/qcom-cpufreq-hw.c +++ b/drivers/cpufreq/qcom-cpufreq-hw.c @@ -44,6 +44,7 @@ struct qcom_cpufreq_data { /* Lock to synchronize between de-init sequence and re-starting LMh polling/interrupts */ spinlock_t throttle_lock; int throttle_irq; + char irq_name[15]; bool cancel_throttle; }; @@ -371,7 +372,6 @@ static int qcom_cpufreq_hw_lmh_init(struct cpufreq_policy *policy, int index) { struct qcom_cpufreq_data *data = policy->driver_data; struct platform_device *pdev = cpufreq_get_driver_data(); - char irq_name[15]; int ret; /* @@ -388,11 +388,11 @@ static int qcom_cpufreq_hw_lmh_init(struct cpufreq_policy *policy, int index) spin_lock_init(&data->throttle_lock); INIT_DEFERRABLE_WORK(&data->throttle_work, qcom_lmh_dcvs_poll); - snprintf(irq_name, sizeof(irq_name), "dcvsh-irq-%u", policy->cpu); + snprintf(data->irq_name, sizeof(data->irq_name), "dcvsh-irq-%u", policy->cpu); ret = request_threaded_irq(data->throttle_irq, NULL, qcom_lmh_dcvs_handle_irq, - IRQF_ONESHOT, irq_name, data); + IRQF_ONESHOT, data->irq_name, data); if (ret) { - dev_err(&pdev->dev, "Error registering %s: %d\n", irq_name, ret); + dev_err(&pdev->dev, "Error registering %s: %d\n", data->irq_name, ret); return 0; }
Registering an IRQ requires the string buffer containing the name to remain allocated, as the name is not copied into another buffer. So let's add a irq_name field to the data struct instead, which is guaranteed to have the appropriate lifetime. Cc: Thara Gopinath <thara.gopinath@linaro.org> Cc: Bjorn Andersson <bjorn.andersson@linaro.org> Cc: Andy Gross <agross@kernel.org> Cc: linux-arm-msm@vger.kernel.org Signed-off-by: Ard Biesheuvel <ardb@kernel.org> --- I'm not following msm development closely, so apologies if this was already fixed, or if this is not based on the right tree. This fixes a crash on my Yoga C630 when reading /proc/interrupts. drivers/cpufreq/qcom-cpufreq-hw.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)