Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp8952453pxu; Mon, 28 Dec 2020 02:31:30 -0800 (PST) X-Google-Smtp-Source: ABdhPJxbIw34Ej+iu1ppeVaF2a3wfnuCxMd3vVo+5Q43IbMTqXRXEz+afUqR0L1Wy+rISmudBiF1 X-Received: by 2002:a17:906:878d:: with SMTP id za13mr40679520ejb.395.1609151490302; Mon, 28 Dec 2020 02:31:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1609151490; cv=none; d=google.com; s=arc-20160816; b=K4Dj25YLQngHdKsJMon+U8Va8TMZ3WM8YZHuhcVXiueRdydNuasa4cLRscOa3u9yk4 dGi+hsxVzcEBbWHkzJWg77BfvzWYThdrzuazfw+D65/9mWJXcQH5yTutzEjUda3FqVFr cIG9LRtW03fYYxvYkVUF+pYfSrjiZtHThfN64yYe+24+4UVUBHwdnv2ulcQmGnZ9gdnc WUbmXr9/qvpH+fU+dc2q6gnLmcvB+5ADd6XTCNhe+M5jGzP1YAw5cPKJOKs7j3NXay2M x4e2WsYtfBut/IKB0ixo3yEMpjJrqMJoGxWI90+bd/x1CNnaHpmdrd5H2+RedWZ+72MK vFjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=Kq+xLofd2wMh6Oy1Igxt7kZBiMQVy8WE1y/qUqNMjdQ=; b=Q6gj4PeIfcdhVIyfY1u4tabp7H+ET+aNT/hpGhDgNcPsrOCi7DdqaIky1PFK6z7VwP WunHVVmaqVWOWc3uw2I4/lX9ZwpmeB+F7Q+nSBEW4aAFUVQOha8EYSMI8AXdjAEDrHsI AOOrWw493Ei1RL5na8mr/VnZHO4HpfiZl2rkIT+/kJ3nE8eyrRPdLsfK2xitNRgp6wBb tBLrHeidk5VypQyqf/pLelsehRYEjKQAKGvqT1WQEslbCGZC6el3PEx97PvwLxc7Fi8R Nrl1y/Y8rP939jIJ/Rktbgit37cRqjus48ImwzZZDzTCg+hC7KyIVko1mSVT9wQZ5Ro4 5LFQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bo6si19605373edb.434.2020.12.28.02.31.08; Mon, 28 Dec 2020 02:31:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727209AbgL1K3X (ORCPT + 99 others); Mon, 28 Dec 2020 05:29:23 -0500 Received: from foss.arm.com ([217.140.110.172]:50688 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727018AbgL1K3X (ORCPT ); Mon, 28 Dec 2020 05:29:23 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 72D431FB; Mon, 28 Dec 2020 02:28:37 -0800 (PST) Received: from [10.57.30.50] (unknown [10.57.30.50]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 0EDF13F6CF; Mon, 28 Dec 2020 02:28:33 -0800 (PST) Subject: Re: [PATCH] thermal: cpufreq_cooling: fix slab OOB issue To: Michael Kao , fan.chen@mediatek.com, Zhang Rui , Daniel Lezcano , linux-pm@vger.kernel.org, srv_heupstream@mediatek.com Cc: Eduardo Valentin , Rob Herring , Mark Rutland , Matthias Brugger , hsinyi@chromium.org, devicetree@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, brian-sy yang References: <20201223074849.1989-1-michael.kao@mediatek.com> From: Lukasz Luba Message-ID: <010350df-e094-cf12-1c17-f56aa4b20b9f@arm.com> Date: Mon, 28 Dec 2020 10:28:31 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <20201223074849.1989-1-michael.kao@mediatek.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 12/23/20 7:48 AM, Michael Kao wrote: > From: brian-sy yang > > Slab OOB issue is scanned by KASAN in cpu_power_to_freq(). > If power is limited below the power of OPP0 in EM table, > it will cause slab out-of-bound issue with negative array > index. > > Return the lowest frequency if limited power cannot found > a suitable OPP in EM table to fix this issue. > > Backtrace: > [] die+0x104/0x5ac > [] bug_handler+0x64/0xd0 > [] brk_handler+0x160/0x258 > [] do_debug_exception+0x248/0x3f0 > [] el1_dbg+0x14/0xbc > [] __kasan_report+0x1dc/0x1e0 > [] kasan_report+0x10/0x20 > [] __asan_report_load8_noabort+0x18/0x28 > [] cpufreq_power2state+0x180/0x43c > [] power_actor_set_power+0x114/0x1d4 > [] allocate_power+0xaec/0xde0 > [] power_allocator_throttle+0x3ec/0x5a4 > [] handle_thermal_trip+0x160/0x294 > [] thermal_zone_device_check+0xe4/0x154 > [] process_one_work+0x5e4/0xe28 > [] worker_thread+0xa4c/0xfac > [] kthread+0x33c/0x358 > [] ret_from_fork+0xc/0x18 Thank you for looking at this and sending a fix. It's worth to add the 'fixes' line: Fixes: 371a3bc79c11b ("thermal/drivers/cpufreq_cooling: Fix wrong frequency converted from power") IIRC that patch was sent to stable trees. Might be worth to check and apply this fix. > > Signed-off-by: brian-sy yang Reviewed-by: Lukasz Luba > --- > drivers/thermal/cpufreq_cooling.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/thermal/cpufreq_cooling.c b/drivers/thermal/cpufreq_cooling.c > index cc2959f22f01..fb33b3480a8f 100644 > --- a/drivers/thermal/cpufreq_cooling.c > +++ b/drivers/thermal/cpufreq_cooling.c > @@ -123,7 +123,7 @@ static u32 cpu_power_to_freq(struct cpufreq_cooling_device *cpufreq_cdev, > { > int i; > > - for (i = cpufreq_cdev->max_level; i >= 0; i--) { > + for (i = cpufreq_cdev->max_level; i > 0; i--) { > if (power >= cpufreq_cdev->em->table[i].power) > break; > } >