Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp196112pxj; Tue, 15 Jun 2021 23:49:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyYuEUtp7i30op0VWVoach0vXrz/LX1FKuaVLMqiv33OuGsSkvq2BKavg5OEs0dsWtg7Zsm X-Received: by 2002:a50:9d8d:: with SMTP id w13mr2345503ede.94.1623826183387; Tue, 15 Jun 2021 23:49:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623826183; cv=none; d=google.com; s=arc-20160816; b=iFcVZqo/muevyI/S0EJXpeMMaJQAmAqGPjxXyLf26mJzzuZvR5+cJztk3LkJPc8JGK Pa/1i6i7MXyx5g0DaLLex5DbwcH22ljweHB2cBMLCQ+UhgZ4gUH9OyqxHuloKwNYqdit YjmREPm4KRln65JpZsCHDkhzuGVwwNqKS45OR2UIWmLsr1Btw6HvFYVJH5DThPV5PpMn 0AuAuSYU95lzn7/hUC4j/kaIsNq/PSYL5AVfR99WjcdDRitdMRMOTnCxKvr/pSNBzkX4 ygACeh2anvlDWxxYoPZ6fc7XbKj00kbDk+kVVCV5QrGRLJggZ01DOw6ozpLI4bSOnMXv cKMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=5RkESd0HK4MR77nDjYWPFbKW7m8spyK8zJmc8uVKNCY=; b=NoV3CyNs9LITa6OG7r17Wa0iMQbu9mVX0AEBbt9NjVvcTkZgnjf/WxiqnRjdgeqE+F Ls51RKuwJlxzoqZU33zY30Ck/cMaMl39Ix8Vt9a5LVXS9BKC1fRGlp7NHn/8JgPxfwFy EQGwq2Pbgv73KtXehKzCL4qjBd5ksOJd1ketec55Tl6tkEEMH5qJu7Or2OOfMZwAtVdP j9vzSSiSECaRqgpzXI+8cF757hbp2GOhVJznwX9RxyqyhPPquFQ3uSIZT30wVkuQ8Xx/ xjnAW3NkOxGJWFt1GpkRZq/6TopFxtEodNfxOifaFahyvB35IBGoinMkvrdQL0rT5aaO W9AQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=qfJXKeo4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dz22si1393677edb.470.2021.06.15.23.49.20; Tue, 15 Jun 2021 23:49:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=qfJXKeo4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231638AbhFPGu2 (ORCPT + 99 others); Wed, 16 Jun 2021 02:50:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33118 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231614AbhFPGu1 (ORCPT ); Wed, 16 Jun 2021 02:50:27 -0400 Received: from mail-pf1-x436.google.com (mail-pf1-x436.google.com [IPv6:2607:f8b0:4864:20::436]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 99F98C061760 for ; Tue, 15 Jun 2021 23:48:21 -0700 (PDT) Received: by mail-pf1-x436.google.com with SMTP id x73so1374747pfc.8 for ; Tue, 15 Jun 2021 23:48:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=5RkESd0HK4MR77nDjYWPFbKW7m8spyK8zJmc8uVKNCY=; b=qfJXKeo4h64kbUFW1dLRqCxx1NM3VzPw5VPItHIh652oS+xP0v5eQrBk8wC0asRupc urD7ajq67fiNMNrNOlN1GjrYkMdyDTjZHOzfL1ePfvPW7HHsRVq6kC3yqGHk4A1JOeNg hpcjD5zn0aUprDFarQsQaL7ztHMKjXVqLPziBk//OG9fQsm1rCNlWtNJlkv8oYacUMeG uz+DArLn43Rz92Ak/Fo7+p0G5k+Te1J19SJkX3TnHA80JCoBGpx57wafMSo8jUjyKm+z QFgjAlsK52MSIfX5nkVwR6D6JHdboS/xB5+O6LFmU9+v4SNzjy2QgF2pvBqZRWPDQQ7x y2uQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=5RkESd0HK4MR77nDjYWPFbKW7m8spyK8zJmc8uVKNCY=; b=FOlCbPjW0lwHvdlvhC+p1MYZkmog+iddAIqR3ajN71bBBgxvWl2pD4gUJWDkvU1JoI GzaDOEoBPRSRTX8+IXCpZ3jE8PNnfoDKFSivCajDd6FFU1hFMpodbNI1h+Jw7JdEYZDN bQzZgawOQ0BTqA9tNa07fwZWn/CNSmpsqC1gFCfH0xJt4UYiK3U76mj73Si/9ORzvgnm V0Q8DENhGve6byFeRygUeYglavYtonPyyviaMTYlLvxY59cztArabNTlkYy6rcSGVk3k e1x+n7VkGXOPnSW6Q4tbY5whjkoGoD1nr2PFlAcB5rudIX/WWapO66thorhFAVpYnyFI saYA== X-Gm-Message-State: AOAM530fztQV+cr6jlrPY2UN2f+efYdizgoKYT176qwxDreLzVcdPYiU z583JuFdfXfxbFq0KDJGJhIbICfZ62ozFA== X-Received: by 2002:a65:6642:: with SMTP id z2mr3507720pgv.388.1623826101221; Tue, 15 Jun 2021 23:48:21 -0700 (PDT) Received: from localhost ([136.185.134.182]) by smtp.gmail.com with ESMTPSA id p6sm4434629pjk.34.2021.06.15.23.48.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 15 Jun 2021 23:48:20 -0700 (PDT) From: Viresh Kumar To: Rafael Wysocki , Ionela Voinescu , Sudeep Holla , Greg Kroah-Hartman , "Rafael J. Wysocki" Cc: Viresh Kumar , linux-pm@vger.kernel.org, Vincent Guittot , Qian Cai , "Paul E . McKenney" , linux-kernel@vger.kernel.org Subject: [PATCH V2 2/3] arch_topology: Avoid use-after-free for scale_freq_data Date: Wed, 16 Jun 2021 12:18:08 +0530 Message-Id: <9dba462b4d09a1a8a9fbb75740b74bf91a09a3e1.1623825725.git.viresh.kumar@linaro.org> X-Mailer: git-send-email 2.31.1.272.g89b43f80a514 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Currently topology_scale_freq_tick() may end up using a pointer to struct scale_freq_data, which was previously cleared by topology_clear_scale_freq_source(), as there is no protection in place here. The users of topology_clear_scale_freq_source() though needs a guarantee that the previous scale_freq_data isn't used anymore. Since topology_scale_freq_tick() is called from scheduler tick, we don't want to add locking in there. Use the RCU update mechanism instead (which is already used by the scheduler's utilization update path) to guarantee race free updates here. Cc: Paul E. McKenney Signed-off-by: Viresh Kumar --- drivers/base/arch_topology.c | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/drivers/base/arch_topology.c b/drivers/base/arch_topology.c index c1179edc0f3b..921312a8d957 100644 --- a/drivers/base/arch_topology.c +++ b/drivers/base/arch_topology.c @@ -18,10 +18,11 @@ #include #include #include +#include #include #include -static DEFINE_PER_CPU(struct scale_freq_data *, sft_data); +static DEFINE_PER_CPU(struct scale_freq_data __rcu *, sft_data); static struct cpumask scale_freq_counters_mask; static bool scale_freq_invariant; @@ -66,16 +67,20 @@ void topology_set_scale_freq_source(struct scale_freq_data *data, if (cpumask_empty(&scale_freq_counters_mask)) scale_freq_invariant = topology_scale_freq_invariant(); + rcu_read_lock(); + for_each_cpu(cpu, cpus) { - sfd = per_cpu(sft_data, cpu); + sfd = rcu_dereference(*per_cpu_ptr(&sft_data, cpu)); /* Use ARCH provided counters whenever possible */ if (!sfd || sfd->source != SCALE_FREQ_SOURCE_ARCH) { - per_cpu(sft_data, cpu) = data; + rcu_assign_pointer(per_cpu(sft_data, cpu), data); cpumask_set_cpu(cpu, &scale_freq_counters_mask); } } + rcu_read_unlock(); + update_scale_freq_invariant(true); } EXPORT_SYMBOL_GPL(topology_set_scale_freq_source); @@ -86,22 +91,32 @@ void topology_clear_scale_freq_source(enum scale_freq_source source, struct scale_freq_data *sfd; int cpu; + rcu_read_lock(); + for_each_cpu(cpu, cpus) { - sfd = per_cpu(sft_data, cpu); + sfd = rcu_dereference(*per_cpu_ptr(&sft_data, cpu)); if (sfd && sfd->source == source) { - per_cpu(sft_data, cpu) = NULL; + rcu_assign_pointer(per_cpu(sft_data, cpu), NULL); cpumask_clear_cpu(cpu, &scale_freq_counters_mask); } } + rcu_read_unlock(); + + /* + * Make sure all references to previous sft_data are dropped to avoid + * use-after-free races. + */ + synchronize_rcu(); + update_scale_freq_invariant(false); } EXPORT_SYMBOL_GPL(topology_clear_scale_freq_source); void topology_scale_freq_tick(void) { - struct scale_freq_data *sfd = *this_cpu_ptr(&sft_data); + struct scale_freq_data *sfd = rcu_dereference_sched(*this_cpu_ptr(&sft_data)); if (sfd) sfd->set_freq_scale(); -- 2.31.1.272.g89b43f80a514