| Message ID | 20230829070318.1217668-1-liaochang1@huawei.com |
|---|---|
| State | Accepted |
| Commit | 61bfbf7951ba561dcbdd5357702d3cbc2d447812 |
| Headers | show |
| Series | [v2] cpufreq: Fix the race condition while updating the transition_task of policy | expand |
On 29-08-23, 07:03, Liao Chang wrote: > The field 'transition_task' of policy structure is used to track the > task which is performing the frequency transition. Using this field to > print a warning once detect a case where the same task is calling > _begin() again before completing the preivous frequency transition via > the _end(). > > However, there is a potential race condition in _end() and _begin() APIs > while updating the field 'transition_task' of policy, the scenario is > depicted below: > > Task A Task B > > /* 1st freq transition */ > Invoke _begin() { > ... > ... > } > /* 2nd freq transition */ > Invoke _begin() { > ... //waiting for A to > ... //clear > ... //transition_ongoing > ... //in _end() for > ... //the 1st transition > | > Change the frequency | > | > Invoke _end() { | > ... | > ... | > transition_ongoing = false; V > transition_ongoing = true; > transition_task = current; > transition_task = NULL; > ... //A overwrites the task > ... //performing the transition > ... //result in error warning. > } > > To fix this race condition, the transition_lock of policy structure is > now acquired before updating policy structure in _end() API. Which ensure > that only one task can update the 'transition_task' field at a time. > > Link: https://lore.kernel.org/all/b3c61d8a-d52d-3136-fbf0-d1de9f1ba411@huawei.com/ > Fixes: ca654dc3a93d ("cpufreq: Catch double invocations of cpufreq_freq_transition_begin/end") > Signed-off-by: Liao Chang <liaochang1@huawei.com> > --- > drivers/cpufreq/cpufreq.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c > index 26fa99d46684..5c09a4936699 100644 > --- a/drivers/cpufreq/cpufreq.c > +++ b/drivers/cpufreq/cpufreq.c > @@ -455,8 +455,10 @@ void cpufreq_freq_transition_end(struct cpufreq_policy *policy, > policy->cur, > policy->cpuinfo.max_freq); > > + spin_lock(&policy->transition_lock); > policy->transition_ongoing = false; > policy->transition_task = NULL; > + spin_unlock(&policy->transition_lock); > > wake_up(&policy->transition_wait); > } Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
On Tue, Aug 29, 2023 at 9:20 AM Viresh Kumar <viresh.kumar@linaro.org> wrote: > > On 29-08-23, 07:03, Liao Chang wrote: > > The field 'transition_task' of policy structure is used to track the > > task which is performing the frequency transition. Using this field to > > print a warning once detect a case where the same task is calling > > _begin() again before completing the preivous frequency transition via > > the _end(). > > > > However, there is a potential race condition in _end() and _begin() APIs > > while updating the field 'transition_task' of policy, the scenario is > > depicted below: > > > > Task A Task B > > > > /* 1st freq transition */ > > Invoke _begin() { > > ... > > ... > > } > > /* 2nd freq transition */ > > Invoke _begin() { > > ... //waiting for A to > > ... //clear > > ... //transition_ongoing > > ... //in _end() for > > ... //the 1st transition > > | > > Change the frequency | > > | > > Invoke _end() { | > > ... | > > ... | > > transition_ongoing = false; V > > transition_ongoing = true; > > transition_task = current; > > transition_task = NULL; > > ... //A overwrites the task > > ... //performing the transition > > ... //result in error warning. > > } > > > > To fix this race condition, the transition_lock of policy structure is > > now acquired before updating policy structure in _end() API. Which ensure > > that only one task can update the 'transition_task' field at a time. > > > > Link: https://lore.kernel.org/all/b3c61d8a-d52d-3136-fbf0-d1de9f1ba411@huawei.com/ > > Fixes: ca654dc3a93d ("cpufreq: Catch double invocations of cpufreq_freq_transition_begin/end") > > Signed-off-by: Liao Chang <liaochang1@huawei.com> > > --- > > drivers/cpufreq/cpufreq.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c > > index 26fa99d46684..5c09a4936699 100644 > > --- a/drivers/cpufreq/cpufreq.c > > +++ b/drivers/cpufreq/cpufreq.c > > @@ -455,8 +455,10 @@ void cpufreq_freq_transition_end(struct cpufreq_policy *policy, > > policy->cur, > > policy->cpuinfo.max_freq); > > > > + spin_lock(&policy->transition_lock); > > policy->transition_ongoing = false; > > policy->transition_task = NULL; > > + spin_unlock(&policy->transition_lock); > > > > wake_up(&policy->transition_wait); > > } > > Acked-by: Viresh Kumar <viresh.kumar@linaro.org> Applied as 6.6-rc material, thanks!
diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c index 26fa99d46684..5c09a4936699 100644 --- a/drivers/cpufreq/cpufreq.c +++ b/drivers/cpufreq/cpufreq.c @@ -455,8 +455,10 @@ void cpufreq_freq_transition_end(struct cpufreq_policy *policy, policy->cur, policy->cpuinfo.max_freq); + spin_lock(&policy->transition_lock); policy->transition_ongoing = false; policy->transition_task = NULL; + spin_unlock(&policy->transition_lock); wake_up(&policy->transition_wait); }
The field 'transition_task' of policy structure is used to track the task which is performing the frequency transition. Using this field to print a warning once detect a case where the same task is calling _begin() again before completing the preivous frequency transition via the _end(). However, there is a potential race condition in _end() and _begin() APIs while updating the field 'transition_task' of policy, the scenario is depicted below: Task A Task B /* 1st freq transition */ Invoke _begin() { ... ... } /* 2nd freq transition */ Invoke _begin() { ... //waiting for A to ... //clear ... //transition_ongoing ... //in _end() for ... //the 1st transition | Change the frequency | | Invoke _end() { | ... | ... | transition_ongoing = false; V transition_ongoing = true; transition_task = current; transition_task = NULL; ... //A overwrites the task ... //performing the transition ... //result in error warning. } To fix this race condition, the transition_lock of policy structure is now acquired before updating policy structure in _end() API. Which ensure that only one task can update the 'transition_task' field at a time. Link: https://lore.kernel.org/all/b3c61d8a-d52d-3136-fbf0-d1de9f1ba411@huawei.com/ Fixes: ca654dc3a93d ("cpufreq: Catch double invocations of cpufreq_freq_transition_begin/end") Signed-off-by: Liao Chang <liaochang1@huawei.com> --- drivers/cpufreq/cpufreq.c | 2 ++ 1 file changed, 2 insertions(+)