cpuidle: Fix crash with single idle state

[PATCH v2 0/4] cpuidle: Fix crash with single idle state

Aboorva Devarajan posted 4 patches 2 weeks, 2 days ago

Download series mbox

drivers/cpuidle/cpuidle.c            | 10 ++++++++++
drivers/cpuidle/governors/haltpoll.c |  2 +-
drivers/cpuidle/governors/menu.c     |  2 +-
drivers/cpuidle/governors/teo.c      |  6 ------
4 files changed, 12 insertions(+), 8 deletions(-)

Expand all Fold all

[PATCH v2 0/4] cpuidle: Fix crash with single idle state

Posted by Aboorva Devarajan 2 weeks, 2 days ago

When a cpuidle driver registers only a single idle state, the ladder
governor can compute an out-of-bounds index, leading to a NULL pointer
dereference in cpuidle_enter_state().

Patch 1 fixes this by adding a bail-out in cpuidle_select() that
bypasses the governor entirely when state_count <= 1.

Patches 2-4 remove the now-redundant single-state handling from the
haltpoll, teo, and menu governors.

v1:
https://lore.kernel.org/all/20260211053552.739337-1-aboorvad@linux.ibm.com/

v1 -> v2:
- Move fix to cpuidle_select() core bail-out instead of ladder governor
- Remove redundant single-state handling from menu, teo, haltpoll

Aboorva Devarajan (2):
  cpuidle: Skip governor when only one idle state is available
  cpuidle: haltpoll: Remove single state handling

Christian Loehle (2):
  cpuidle: teo: Remove single state handling
  cpuidle: menu: Remove single state handling

 drivers/cpuidle/cpuidle.c            | 10 ++++++++++
 drivers/cpuidle/governors/haltpoll.c |  2 +-
 drivers/cpuidle/governors/menu.c     |  2 +-
 drivers/cpuidle/governors/teo.c      |  6 ------
 4 files changed, 12 insertions(+), 8 deletions(-)

-- 
2.52.0