Revision 6941051d3028963c3b0b3fcdd0815f2b51b957bb authored by Sudeep Holla on 18 October 2019, 10:58:15 UTC, committed by Rafael J. Wysocki on 22 October 2019, 16:07:30 UTC
Scheduled policy update work may end up racing with the freeing of the policy and unregistering the driver. One possible race is as below, where the cpufreq_driver is unregistered, but the scheduled work gets executed at later stage when, cpufreq_driver is NULL (i.e. after freeing the policy and driver). Unable to handle kernel NULL pointer dereference at virtual address 0000001c pgd = (ptrval) [0000001c] *pgd=80000080204003, *pmd=00000000 Internal error: Oops: 206 [#1] SMP THUMB2 Modules linked in: CPU: 0 PID: 34 Comm: kworker/0:1 Not tainted 5.4.0-rc3-00006-g67f5a8081a4b #86 Hardware name: ARM-Versatile Express Workqueue: events handle_update PC is at cpufreq_set_policy+0x58/0x228 LR is at dev_pm_qos_read_value+0x77/0xac Control: 70c5387d Table: 80203000 DAC: fffffffd Process kworker/0:1 (pid: 34, stack limit = 0x(ptrval)) (cpufreq_set_policy) from (refresh_frequency_limits.part.24+0x37/0x48) (refresh_frequency_limits.part.24) from (handle_update+0x2f/0x38) (handle_update) from (process_one_work+0x16d/0x3cc) (process_one_work) from (worker_thread+0xff/0x414) (worker_thread) from (kthread+0xff/0x100) (kthread) from (ret_from_fork+0x11/0x28) Fixes: 67d874c3b2c6 ("cpufreq: Register notifiers with the PM QoS framework") Signed-off-by: Sudeep Holla <sudeep.holla@arm.com> [ rjw: Cancel the work before dropping the QoS requests ] Acked-by: Viresh Kumar <viresh.kumar@linaro.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
1 parent 2aac8bd
extract-module-sig.pl
#!/usr/bin/env perl
# SPDX-License-Identifier: GPL-2.0
#
# extract-mod-sig <part> <module-file>
#
# Reads the module file and writes out some or all of the signature
# section to stdout. Part is the bit to be written and is one of:
#
# -0: The unsigned module, no signature data at all
# -a: All of the signature data, including magic number
# -d: Just the descriptor values as a sequence of numbers
# -n: Just the signer's name
# -k: Just the key ID
# -s: Just the crypto signature or PKCS#7 message
#
use warnings;
use strict;
die "Format: $0 -[0adnks] module-file >out\n"
if ($#ARGV != 1);
my $part = $ARGV[0];
my $modfile = $ARGV[1];
my $magic_number = "~Module signature appended~\n";
#
# Read the module contents
#
open FD, "<$modfile" || die $modfile;
binmode(FD);
my @st = stat(FD);
die "$modfile" unless (@st);
my $buf = "";
my $len = sysread(FD, $buf, $st[7]);
die "$modfile" unless (defined($len));
die "Short read on $modfile\n" unless ($len == $st[7]);
close(FD) || die $modfile;
print STDERR "Read ", $len, " bytes from module file\n";
die "The file is too short to have a sig magic number and descriptor\n"
if ($len < 12 + length($magic_number));
#
# Check for the magic number and extract the information block
#
my $p = $len - length($magic_number);
my $raw_magic = substr($buf, $p);
die "Magic number not found at $len\n"
if ($raw_magic ne $magic_number);
print STDERR "Found magic number at $len\n";
$p -= 12;
my $raw_info = substr($buf, $p, 12);
my @info = unpack("CCCCCxxxN", $raw_info);
my ($algo, $hash, $id_type, $name_len, $kid_len, $sig_len) = @info;
if ($id_type == 0) {
print STDERR "Found PGP key identifier\n";
} elsif ($id_type == 1) {
print STDERR "Found X.509 cert identifier\n";
} elsif ($id_type == 2) {
print STDERR "Found PKCS#7/CMS encapsulation\n";
} else {
print STDERR "Found unsupported identifier type $id_type\n";
}
#
# Extract the three pieces of info data
#
die "Insufficient name+kid+sig data in file\n"
unless ($p >= $name_len + $kid_len + $sig_len);
$p -= $sig_len;
my $raw_sig = substr($buf, $p, $sig_len);
$p -= $kid_len;
my $raw_kid = substr($buf, $p, $kid_len);
$p -= $name_len;
my $raw_name = substr($buf, $p, $name_len);
my $module_len = $p;
if ($sig_len > 0) {
print STDERR "Found $sig_len bytes of signature [";
my $n = $sig_len > 16 ? 16 : $sig_len;
foreach my $i (unpack("C" x $n, substr($raw_sig, 0, $n))) {
printf STDERR "%02x", $i;
}
print STDERR "]\n";
}
if ($kid_len > 0) {
print STDERR "Found $kid_len bytes of key identifier [";
my $n = $kid_len > 16 ? 16 : $kid_len;
foreach my $i (unpack("C" x $n, substr($raw_kid, 0, $n))) {
printf STDERR "%02x", $i;
}
print STDERR "]\n";
}
if ($name_len > 0) {
print STDERR "Found $name_len bytes of signer's name [$raw_name]\n";
}
#
# Produce the requested output
#
if ($part eq "-0") {
# The unsigned module, no signature data at all
binmode(STDOUT);
print substr($buf, 0, $module_len);
} elsif ($part eq "-a") {
# All of the signature data, including magic number
binmode(STDOUT);
print substr($buf, $module_len);
} elsif ($part eq "-d") {
# Just the descriptor values as a sequence of numbers
print join(" ", @info), "\n";
} elsif ($part eq "-n") {
# Just the signer's name
print STDERR "No signer's name for PKCS#7 message type sig\n"
if ($id_type == 2);
binmode(STDOUT);
print $raw_name;
} elsif ($part eq "-k") {
# Just the key identifier
print STDERR "No key ID for PKCS#7 message type sig\n"
if ($id_type == 2);
binmode(STDOUT);
print $raw_kid;
} elsif ($part eq "-s") {
# Just the crypto signature or PKCS#7 message
binmode(STDOUT);
print $raw_sig;
}
Computing file changes ...