Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp379897pxj; Wed, 16 Jun 2021 04:44:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwE3zIPP/U5A9wW/pzn5yo6hREnnR1H1WEAwRomygkZVMevPKmo5W/+QkQtlGdXaH2xwL3Z X-Received: by 2002:a05:6e02:692:: with SMTP id o18mr3196579ils.145.1623843894842; Wed, 16 Jun 2021 04:44:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623843894; cv=none; d=google.com; s=arc-20160816; b=KcKrIs3ZlWcxtTkuKa/+/M7qlgkDbiImiC9c6g1npN8ef+ruwI8t6Rp0j6L2Xc0pdA 0cVBGjWp9q4jNpGiihr2kDb3WzbqVYNy/MmcoRMJwWRok/gGISF4mOd7NR23/VKVucAa zfQo+36uHkouyAxnKe8TMOBGDvS4AQjnq/txeeCeMJhsVUngv8fUVU8jUL7Sc6uSNbuM CHj2vQPhStIkS/MYKc+tODT66xZaAUslCGVsPHFLDkd5H5gCVe9DXFTJoF0+RG7RDE4k 0+Ve5RQhVFD1pWMbgNS5NFVP3ujThPREhlYTzOWSA/mQPwyZguVGYmXSHooWzP4Q8Id0 Us2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=AFNw9Rg5VPuxN2wHcOG+M82kB/OTV/RwGWRWsiLI7hk=; b=cgFPj2/8bAd3+P3Vetmn7/MqHA0rBXhcyq0KFjuSOHbvUEh9OUWTC1Ifxl6XyuP4cP gbVLELspuX/fHnHTgaaomASzM69nejrulLer4Caiixckm6O1/21q2lDPLNuaoI+Alvkv h+YpC0IA+nVDnQz5u2V+awAAiCDU8V1xWKjJNx3omth9xs7tFbtOy7qSVVP96scpRt0n njmmeNF44mHCdexlXX7hFKCk2Kx+CunD4IMKLDJy0PJruVawOctcM1kzV29JxNyG4oiD 4TjQuLky+dUfIuFBM5F+duCr1B7Swk1yD0tGzWOxHGP3WxGYly2k2UhHt727FKnKxiOg JRKA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=uJxJhSA4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i1si2482559jaj.53.2021.06.16.04.44.42; Wed, 16 Jun 2021 04:44:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=uJxJhSA4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229546AbhFPLiO (ORCPT + 99 others); Wed, 16 Jun 2021 07:38:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42192 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229503AbhFPLiO (ORCPT ); Wed, 16 Jun 2021 07:38:14 -0400 Received: from mail-pg1-x52c.google.com (mail-pg1-x52c.google.com [IPv6:2607:f8b0:4864:20::52c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6A9D1C06175F for ; Wed, 16 Jun 2021 04:36:07 -0700 (PDT) Received: by mail-pg1-x52c.google.com with SMTP id t9so1725863pgn.4 for ; Wed, 16 Jun 2021 04:36:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=AFNw9Rg5VPuxN2wHcOG+M82kB/OTV/RwGWRWsiLI7hk=; b=uJxJhSA45GbGjc4mU6EQzm+JA1rv1Nf/rYnXrafAWklsYnUpciRXuUXb3LNLk/GSsG uhcgjKTOEq2Y/o467Kwmp+8lwt3HQpn4hR1rMPUeeFKhjBkKFNcp4aK6Cj9XWf9UY82B ii4wKCe3L00EZ5VW94NzrJpfp/ux0/q3LedvvpojQDxHWZDElEgaW0FasGQR0AB1QEV/ irBcUKKYS6YDTB6zw+hqnexDyErM7FDRTFd45cVWS7vySYhD5HVodguvEGsJIsbM3T7F SjIm3+k+ElXfcKNtVutd6/2gBV9dB+5EfytNbPUl5PC23kpZM2UakgTHKzdc8JIlQllz jL6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=AFNw9Rg5VPuxN2wHcOG+M82kB/OTV/RwGWRWsiLI7hk=; b=LcELw86FNYfdM7Qt0Nel0N6PJHhH4UT3EO6Jm+ZWk6DtsMJnozW13rdjYnkyky+Ilk mhltjghc99FNFPliHUNwYDbPTiF0NbtiVHsEG1flil92Y7+ic85YZrAZv2VT1myUVuFF IDFGcmlufGO025qMsnUoBJ5zRdxOF+x3YRLVaXlm+YNMuOFSpywFMN6z0zVcV3ylDRpf TNDrUIlLcSXy4T+7vdz1J+8mMo75/RKmfBSwUAhtY3jWXsFt7FWf19N2CX5jWZBatPhC d7pHlkJlINo6sE2J4JCm8Y0wVC7HaVjOTi2aNsDGKSB8wdKE0d3jIOAQJ2sbJrP2sVTn /OtQ== X-Gm-Message-State: AOAM530y4ZmglSvZx55aLsftm8vkw98JMZMHBmTU8uWXMvl/5TrjP2Au JO20z9ZXFX7aG/PkIFEutCB7aw== X-Received: by 2002:a63:e453:: with SMTP id i19mr4668054pgk.134.1623843366888; Wed, 16 Jun 2021 04:36:06 -0700 (PDT) Received: from localhost ([136.185.134.182]) by smtp.gmail.com with ESMTPSA id i125sm2026393pfc.7.2021.06.16.04.36.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Jun 2021 04:36:06 -0700 (PDT) Date: Wed, 16 Jun 2021 17:06:04 +0530 From: Viresh Kumar To: Ionela Voinescu Cc: Rafael Wysocki , Sudeep Holla , Greg Kroah-Hartman , "Rafael J. Wysocki" , linux-pm@vger.kernel.org, Vincent Guittot , Qian Cai , "Paul E . McKenney" , linux-kernel@vger.kernel.org Subject: Re: [PATCH V2 2/3] arch_topology: Avoid use-after-free for scale_freq_data Message-ID: <20210616113604.e4kc3jxb7ayqskev@vireshk-i7> References: <9dba462b4d09a1a8a9fbb75740b74bf91a09a3e1.1623825725.git.viresh.kumar@linaro.org> <20210616112544.GA23657@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210616112544.GA23657@arm.com> User-Agent: NeoMutt/20180716-391-311a52 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Ionela, On 16-06-21, 12:25, Ionela Voinescu wrote: > Please correct me if I'm wrong, but my understanding is that this is > only a problem for the cppc cpufreq invariance functionality. Let's > consider a scenario where CPUs are either hotplugged out or the cpufreq > CPPC driver module is removed; topology_clear_scale_freq_source() would > get called and the sfd_data will be set to NULL. But if at the same > time topology_scale_freq_tick() got an old reference of sfd_data, > set_freq_scale() will be called. This is only a problem for CPPC cpufreq > as cppc_scale_freq_tick() will end up using driver internal data that > might have been freed during the hotplug callbacks or the exit path. For now, yes, CPPC is the only one affected. > If this is the case, wouldn't the synchronisation issue be better > resolved in the CPPC cpufreq driver, rather than here? Hmm, the way I see it is that topology_clear_scale_freq_source() is an API provided by topology core and the topology core needs to guarantee that it doesn't use the data any longer after topology_clear_scale_freq_source() is called. The same is true for other APIs, like: irq_work_sync(); kthread_cancel_work_sync(); It isn't the user which needs to take this into account, but the API provider. There may be more users of this in the future, lets say another cpufreq driver, and so keeping this synchronization at the API provider is the right thing to do IMHO. And from the user's perspective, like cppc, it doesn't have any control over who is using its callback and how and when. It is very very difficult to provide something like this at the users, redundant anyway. For example cppc won't ever know when topology_scale_freq_tick() has stopped calling its callback. For example this is what cppc driver needs to do now: +static void cppc_cpufreq_stop_cpu(struct cpufreq_policy *policy, + unsigned int cpu) +{ + struct cppc_freq_invariance *cppc_fi = &per_cpu(cppc_freq_inv, cpu); + + topology_clear_scale_freq_source(SCALE_FREQ_SOURCE_CPPC, cpumask_of(cpu)); + irq_work_sync(&cppc_fi->irq_work); + kthread_cancel_work_sync(&cppc_fi->work); +} The driver uses APIs provided by 3 layers, topology, irq-work, kthread and all must provide these guarantees. A very similar thing is implemented in kernel/sched/cpufreq.c for example. -- viresh