| Message ID | 1577501824-12152-1-git-send-email-qiwuchen55@gmail.com (mailing list archive) |
|---|---|
| State | Changes Requested, archived |
| Headers | show |
| Series | cpufreq: powernow-k8: avoid use after free issue in cpufreq_notify_transition() | expand |
On 28-12-19, 10:57, qiwuchen55@gmail.com wrote: > From: chenqiwu <chenqiwu@xiaomi.com> > > There is a potential UAF issue in cpufreq_notify_transition() that the > cpufreq of current cpu has been released before using it. So we should > make a judgement and avoid it. > > Signed-off-by: chenqiwu <chenqiwu@xiaomi.com> > --- > drivers/cpufreq/powernow-k8.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/drivers/cpufreq/powernow-k8.c b/drivers/cpufreq/powernow-k8.c > index 2db2f17..7391eb0 100644 > --- a/drivers/cpufreq/powernow-k8.c > +++ b/drivers/cpufreq/powernow-k8.c > @@ -913,6 +913,11 @@ static int transition_frequency_fidvid(struct powernow_k8_data *data, > freqs.new = find_khz_freq_from_fid(fid); > > policy = cpufreq_cpu_get(smp_processor_id()); > + if (!policy) { > + pr_debug("cpu %d: CPUFreq policy not found\n", > + smp_processor_id()); > + return 1; > + } You $subject and this change doesn't look related to me. The cpufreq policy shall never be NULL here as we are in the middle of changing frequency, initiated by cpufreq core itself. > cpufreq_cpu_put(policy); > > cpufreq_freq_transition_begin(policy, &freqs); > -- > 1.9.1
diff --git a/drivers/cpufreq/powernow-k8.c b/drivers/cpufreq/powernow-k8.c index 2db2f17..7391eb0 100644 --- a/drivers/cpufreq/powernow-k8.c +++ b/drivers/cpufreq/powernow-k8.c @@ -913,6 +913,11 @@ static int transition_frequency_fidvid(struct powernow_k8_data *data, freqs.new = find_khz_freq_from_fid(fid); policy = cpufreq_cpu_get(smp_processor_id()); + if (!policy) { + pr_debug("cpu %d: CPUFreq policy not found\n", + smp_processor_id()); + return 1; + } cpufreq_cpu_put(policy); cpufreq_freq_transition_begin(policy, &freqs);