drivers/cpufreq/intel_pstate.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-)
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
The cpufreq_cpu_put() call in update_qos_request() takes place too early
because the latter subsequently calls freq_qos_update_request() that
indirectly accesses the policy object in question through the QoS request
object passed to it.
Fortunately, update_qos_request() is called under intel_pstate_driver_lock,
so this issue does not matter for changing the intel_pstate operation
mode, but it theoretically can cause a crash to occur on CPU device hot
removal (which currently can only happen in virt, but it is formally
supported nevertheless).
Address this issue by modifying update_qos_request() to drop the
reference to the policy later.
Fixes: da5c504c7aae ("cpufreq: intel_pstate: Implement QoS supported freq constraints")
Cc: 5.4+ <stable@vger.kernel.org> # 5.4+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
---
drivers/cpufreq/intel_pstate.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/drivers/cpufreq/intel_pstate.c
+++ b/drivers/cpufreq/intel_pstate.c
@@ -1708,10 +1708,10 @@ static void update_qos_request(enum freq
continue;
req = policy->driver_data;
- cpufreq_cpu_put(policy);
-
- if (!req)
+ if (!req) {
+ cpufreq_cpu_put(policy);
continue;
+ }
if (hwp_active)
intel_pstate_get_hwp_cap(cpu);
@@ -1727,6 +1727,8 @@ static void update_qos_request(enum freq
if (freq_qos_update_request(req, freq) < 0)
pr_warn("Failed to update freq constraint: CPU%d\n", i);
+
+ cpufreq_cpu_put(policy);
}
}
在 2025/9/5 21:52, Rafael J. Wysocki 写道:
> From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
>
> The cpufreq_cpu_put() call in update_qos_request() takes place too early
> because the latter subsequently calls freq_qos_update_request() that
> indirectly accesses the policy object in question through the QoS request
> object passed to it.
>
> Fortunately, update_qos_request() is called under intel_pstate_driver_lock,
> so this issue does not matter for changing the intel_pstate operation
> mode, but it theoretically can cause a crash to occur on CPU device hot
> removal (which currently can only happen in virt, but it is formally
> supported nevertheless).
>
> Address this issue by modifying update_qos_request() to drop the
> reference to the policy later.
>
> Fixes: da5c504c7aae ("cpufreq: intel_pstate: Implement QoS supported freq constraints")
> Cc: 5.4+ <stable@vger.kernel.org> # 5.4+
> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
> ---
> drivers/cpufreq/intel_pstate.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> --- a/drivers/cpufreq/intel_pstate.c
> +++ b/drivers/cpufreq/intel_pstate.c
> @@ -1708,10 +1708,10 @@ static void update_qos_request(enum freq
> continue;
>
> req = policy->driver_data;
> - cpufreq_cpu_put(policy);
> -
> - if (!req)
> + if (!req) {
> + cpufreq_cpu_put(policy);
> continue;
> + }
>
> if (hwp_active)
> intel_pstate_get_hwp_cap(cpu);
> @@ -1727,6 +1727,8 @@ static void update_qos_request(enum freq
>
> if (freq_qos_update_request(req, freq) < 0)
> pr_warn("Failed to update freq constraint: CPU%d\n", i);
> +
> + cpufreq_cpu_put(policy);
> }
> }
>
Reviewed-by: Zihuan Zhang <zhangzihuan@kylinos.cn>
© 2016 - 2025 Red Hat, Inc.