Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755766AbbFBGUs (ORCPT <rfc822;w@1wt.eu>);
	Tue, 2 Jun 2015 02:20:48 -0400
Received: from e33.co.us.ibm.com ([32.97.110.151]:45472 "EHLO
	e33.co.us.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754524AbbFBGUl (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 2 Jun 2015 02:20:41 -0400
Message-ID: <556D4B32.3000407@linux.vnet.ibm.com>
Date: Tue, 02 Jun 2015 11:50:34 +0530
From: Preeti U Murthy <preeti@linux.vnet.ibm.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Viresh Kumar <viresh.kumar@linaro.org>
CC: rjw@rjwysocki.net, ego@linux.vnet.ibm.com, paulus@samba.org,
        linux-kernel@vger.kernel.org, shilpa.bhat@linux.vnet.ibm.com,
        linux-pm@vger.kernel.org
Subject: Re: [RFC PATCH] cpufreq/hotplug: Fix cpu-hotplug cpufreq race conditions
References: <20150601064031.2972.59208.stgit@perfhull-ltc.austin.ibm.com> <20150601071934.GC4242@linux> <556D3FAA.3080703@linux.vnet.ibm.com> <20150602053956.GD10443@linux> <556D4748.7040105@linux.vnet.ibm.com> <20150602061133.GE10443@linux>
In-Reply-To: <20150602061133.GE10443@linux>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-TM-AS-MML: disable
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 15060206-0009-0000-0000-00000B5655B0
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2067
Lines: 66

On 06/02/2015 11:41 AM, Viresh Kumar wrote:
> On 02-06-15, 11:33, Preeti U Murthy wrote:
>> No, dbs_data is a governor wide data structure and not a policy wide
> 
> Yeah, that's the common part which I was referring to. But normally
> its just read for policies in START/STOP, they just update per-cpu
> data for policy->cpus.
> 
>> one, which is manipulated in START/STOP calls for drivers where the
>> CPUFREQ_HAVE_GOVERNOR_PER_POLICY is not set.
>>
>> So even if we assume that we hold per-policy locks, the following race
>> is still present. Assume that we have just two cpus which do not have a
>> governor-per-policy set.
>>
>> CPU0                        CPU1
>>
>>  store*                     store*
>>
>> lock(policy 1)              lock(policy 2)
>> cpufreq_set_policy()       cpufreq_set_policy()
>> EXIT() :
>> dbs-data->usage_count--
>>
>> INIT()
>> dbs_data exists
> 
> You missed the usage_count++ here.

Ok, sorry about that. How about the below ?
> 
>> so return
>>                             EXIT()
>>                             dbs_data->usage_count -- = 0
>>                             kfree(dbs_data)
> 
>                                 And so this shouldn't happen. Else we
>                                 are missing locking in governor's
>                                 code, rather than cpufreq.c
> 
 CPU0                        CPU1

store*                     store*

lock(policy 1)              lock(policy 2)
cpufreq_set_policy()       cpufreq_set_policy()
EXIT() :
dbs-data->usage_count--

INIT()                      EXIT()
dbs_data exists             dbs_data->usage_count -- = 0
                            kfree(dbs_data)
dbs-data->usage_count++
*NULL dereference*

The point is there are potential race conditions. Its just a matter of
interleaving ?

Regards
Preeti U Murthy

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/