| Message ID | 20230503233850.1918041-1-srinivas.pandruvada@linux.intel.com |
|---|---|
| State | Accepted |
| Commit | b5d68f84f4c62c78bc3d004911d80da5aa22df8b |
| Headers | show |
| Series | thermal: intel: powerclamp: Fix NULL pointer access issue | expand |
On Thu, May 4, 2023 at 1:38 AM Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com> wrote: > > If the cur_state for the powerclamp cooling device is set to the default > minimum state of 0, without setting first to cur_state > 0, this results > in NULL pointer access. > > This NULL pointer access happens in the powercap core idle-inject function > idle_inject_set_duration() as there is no NULL check for idle_inject_device > pointer. This pointer must be allocated by calling idle_inject_register() > or idle_inject_register_full(). > > In the function powerclamp_set_cur_state(), idle_inject_device pointer is > allocated only when the cur_state > 0. But setting 0 without changing to > any other state, idle_inject_set_duration() will be called with a NULL > idle_inject_device pointer. > > To address this just return from powerclamp_set_cur_state(), if the > current cooling device state is same as the last one. Since the powerup > default cooling device state is 0, changing the state to 0 again here > will return without calling idle_inject_set_duration(). > > Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com> > Fixes: 8526eb7fc75a ("thermal: intel: powerclamp: Use powercap idle-inject feature") > Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=217386 > Tested-by: Risto A. Paju <teknohog@iki.fi> > Cc: stable@kernel.org > --- > This issue is can be reproduced from 6.3-rc1 kernel. > > drivers/thermal/intel/intel_powerclamp.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/drivers/thermal/intel/intel_powerclamp.c b/drivers/thermal/intel/intel_powerclamp.c > index 91fc7e239497..36243a3972fd 100644 > --- a/drivers/thermal/intel/intel_powerclamp.c > +++ b/drivers/thermal/intel/intel_powerclamp.c > @@ -703,6 +703,10 @@ static int powerclamp_set_cur_state(struct thermal_cooling_device *cdev, > > new_target_ratio = clamp(new_target_ratio, 0UL, > (unsigned long) (max_idle - 1)); > + > + if (powerclamp_data.target_ratio == new_target_ratio) > + goto exit_set; > + > if (!powerclamp_data.target_ratio && new_target_ratio > 0) { > pr_info("Start idle injection to reduce power\n"); > powerclamp_data.target_ratio = new_target_ratio; > -- Applied as 6.4-rc material, thanks!
diff --git a/drivers/thermal/intel/intel_powerclamp.c b/drivers/thermal/intel/intel_powerclamp.c index 91fc7e239497..36243a3972fd 100644 --- a/drivers/thermal/intel/intel_powerclamp.c +++ b/drivers/thermal/intel/intel_powerclamp.c @@ -703,6 +703,10 @@ static int powerclamp_set_cur_state(struct thermal_cooling_device *cdev, new_target_ratio = clamp(new_target_ratio, 0UL, (unsigned long) (max_idle - 1)); + + if (powerclamp_data.target_ratio == new_target_ratio) + goto exit_set; + if (!powerclamp_data.target_ratio && new_target_ratio > 0) { pr_info("Start idle injection to reduce power\n"); powerclamp_data.target_ratio = new_target_ratio;