On 3/10/2021 12:23 AM, Viresh Kumar wrote: > Hello, > > CPPC cpufreq driver is used for ARM servers and this patch series tries > to provide counter-based frequency invariance support for them in the > absence for architecture specific counters (like AMUs). > > This is tested by: > - Vincent Guittot on ThunderX2. > - Ionela Voinescu on Juno R2. > - /me with hacks on Hikey, as I don't have access to the right hardware. Git blame pointed out this series for a use-after-free during CPU offline/online. Any thoughts? cppc_scale_freq_workfn+0x2e8/0x368: cppc_perf_from_fbctrs at /usr/src/linux-next/drivers/cpufreq/cppc_cpufreq.c:584 (inlined by) cppc_scale_freq_workfn at /usr/src/linux-next/drivers/cpufreq/cppc_cpufreq.c:119 [ 9334.586904][ T694] BUG: KASAN: use-after-free in cppc_scale_freq_workfn+0x2e8/0x368 [cppc_cpufreq] [ 9334.595966][ T694] Read of size 4 at addr ffff0008d52557b4 by task cppc_fie/694 [ 9334.603360][ T694] [ 9334.605543][ T694] CPU: 2 PID: 694 Comm: cppc_fie Tainted: G W 5.13.0-rc5-next-20210609+ #19 [ 9334.615368][ T694] Hardware name: MiTAC RAPTOR EV-883832-X3-0001/RAPTOR, BIOS 1.6 06/28/2020 [ 9334.623888][ T694] Call trace: [ 9334.627025][ T694] dump_backtrace+0x0/0x3b8 [ 9334.631385][ T694] show_stack+0x20/0x30 [ 9334.635394][ T694] dump_stack_lvl+0x144/0x190 [ 9334.639925][ T694] print_address_description.constprop.0+0x74/0x3c8 [ 9334.646368][ T694] kasan_report+0x1f0/0x208 [ 9334.650724][ T694] __asan_report_load4_noabort+0x34/0x60 [ 9334.656208][ T694] cppc_scale_freq_workfn+0x2e8/0x368 [cppc_cpufreq] [ 9334.662740][ T694] kthread_worker_fn+0x2f0/0xda0 [ 9334.667532][ T694] kthread+0x3ac/0x460 [ 9334.671453][ T694] ret_from_fork+0x10/0x18 [ 9334.675722][ T694] [ 9334.677904][ T694] Allocated by task 607: [ 9334.681996][ T694] kasan_save_stack+0x28/0x58 [ 9334.686525][ T694] 94] cppc_cpufre7164][ T694] cpufreq_add_dev+0x164/0x1b8 [ 9334.711779][ T694] subsys_interface_register+0x218/0x360 [ 9334.717265][ T694] cpufreq_register_driver+0x2a4/0x4c0 [ 9334.722577][ T694] 0xffff80000af902a4 [ 9334.726412][ T694] do_one_initcall+0x170/0xb98 [ 9334.731029][ T694] do_init_module+0x18c/0x648 [ 9334.735559][ T694] load_module+0x2618/0x3240 [ 9334.740001][ T694] __do_sys_finit_module+0x118/0x1a8 [ 9334.745138][ T694] __arm64_sys_finit_module+0x74/0xa8 [ 9334.750360][ T694] invoke_syscall.constprop.0+0xdc/0x1d8 [ 9334.755846][ T694] do_el0_svc+0x1f8/0x298 [ 9334.760028][ T694] el0_svc+0x20/0x30 [ 9334.763775][ T694] el0t_64_sync_handler+0xb0/0xb8 [ 9334.768651][ T694] el0t_64_sync+0x178/0x17c [ 9334.773006][ T694] [ 9334.775187][ T694] The buggy address belongs to the object at ffff0008d5255780 [ 9334.775187][ T694] which belongs to the cache kmalloc-128 of size 128 [ 9334.789089][ T694] The buggy address is located 52 bytes inside of [ 9334.789089][ T694] 128-byte region [ffff0008d5255780, ffff0008d5255800) [ 9334.802125][ T694] The buggy address belongs to the page: [ 9334.807606][ T694] page:ffffffc002354940 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff0008d5255780 pfn:0x95525 [ 9334.818907][ T694] flags: 0x7ffff800000200(slab|node=0|zone=0|lastcpupid=0xfffff) [ 9334.826480][ T694] raw: 007ffff800000200 ffff000012900448 ffffffc00240f8c8 ffff000012910580 [ 9334.834915][ T694] raw: ffff0008d5255780 0000000000aa00a9 00000001ffffffff 0000000000000000 [ 9334.843347][ T694] page dumped because: kasan: bad access detected [ 9334.849609][ T694] [ 9334.851790][ T694] Memory state around the buggy address: [ 9334.857272][ T694] ffff0008d5255680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 9334.865184][ T694] ffff0008d5255700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 9334.873096][ T694] >ffff0008d5255780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 9334.881007][ T694] ^ [ 9334.886489][ T694] ffff0008d5255800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 9334.894401][ T694] ffff0008d5255880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 9334.902312][ T694] ================================================================== [ 9334.910223][ T694] Disabling lock debugging due to kernel taint [ 9334.916638][T62553] CPU1: shutdown [ 9334.920044][T62553] psci: CPU1 killed (polled 0 ms) [ 9335.175037][ T22] IRQ 326: no longer affine to CPU2 [ 9335.180136][ T22] IRQ 382: no longer affine to CPU2 [ 9335.185320][T62553] CPU2: shutdown [ 9335.188751][T62553] psci: CPU2 killed (polled 0 ms) [ 9335.469684][ T27] IRQ 327: no longer affine to CPU3 [ 9335.474792][ T27] IRQ 361: no longer affine to CPU3 [ 9335.479938][T62553] CPU3: shutdown [ 9335.483344][T62553] psci: CPU3 killed (polled 0 ms) [ 9335.797240][ T32] IRQ 15: no longer affine to CPU4 [ 9335.802343][ T32] IRQ 334: no longer affine to CPU4 [ 9335.807554][T62553] CPU4: shutdown [ 9335.810973][T62553] psci: CPU4 killed (polled 0 ms) [ 9336.064091][T62553] CPU5: shutdown [ 9336.067529][T62553] psci: CPU5 killed (polled 0 ms) [ 9336.346263][T62553] CPU6: shutdown [ 9336.349668][T62553] psci: CPU6 killed (polled 0 ms) [ 9336.586727][T62553] CPU7: shutdown [ 9336.590140][T62553] psci: CPU7 killed (polled 0 ms) [ 9336.846866][T62553] CPU8: shutdown [ 9336.850273][T62553] psci: CPU8 killed (polled 0 ms) [ 9357.773249][T62671] loop0: detected capacity change from 0 to 8 [ 9471.525541][ T191] INFO: task cpuhp/9:56 blocked for more than 122 seconds. [ 9471.532603][ T191] Tainted: G B W 5.13.0-rc5-next-20210609+ #19 [ 9471.540291][ T191] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 9471.548837][ T191] task:cpuhp/9 state:D stack:58816 pid: 56 ppid: 2 flags:0x00000008 [ 9471.557924][ T191] Call trace: [ 9471.561063][ T191] __switch_to+0x184/0x400 [ 9471.565338][ T191] __schedule+0x744/0x1930 [ 9471.569632][ T191] schedule+0x1d0/0x3e8 [ 9471.573641][ T191] schedule_timeout+0x188/0x1f8 [ 9471.578380][ T191] wait_for_completion+0x15c/0x270 [ 9471.583348][ T191] kthread_flush_work+0x15c/0x248 [ 9471.588274][ T191] __kthread_cancel_work_sync+0x1a0/0x230 [ 9471.593851][ T191] kthread_cancel_work_sync+0x1c/0x28 [ 9471.599114][ T191] sugov_stop+0x104/0x148 [ 9471.603302][ T191] cpufreq_stop_governor+0x78/0x138 [ 9471.608390][ T191] cpufreq_offline+0x7c/0x748 [ 9471.612924][ T191] cpuhp_cpufreq_offline+0x18/0x28 [ 9471.617924][ T191] cpuhp_invoke_callback+0x54c/0x2be0 [ 9471.623153][ T191] cpuhp_thread_fun+0x204/0x588 [ 9471.627892][ T191] smpboot_thread_fn+0x3c8/0xbf8 [ 9471.632687][ T191] kthread+0x3ac/0x460 [ 9471.636646][ T191] ret_from_fork+0x10/0x18 [ 9471.640998][ T191] INFO: task irqbalance:940 blocked for more than 122 seconds. [ 9471.648437][ T191] Tainted: G B W 5.13.0-rc5-next-20210609+ #19 [ 9471.656127][ T191] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 9471.664650][ T191] task:irqbalance state:D stack:55696 pid: 940 ppid: 1 flags:0x00000800 [ 9471.673753][ T191] Call trace: [ 9471.676931][ T191] __switch_to+0x184/0x400 [ 9471.681207][ T191] __schedule+0x744/0x1930 [ 9471.685513][ T191] schedule+0x1d0/0x3e8 [ 9471.689526][ T191] schedule_preempt_disabled+0x80/0x110 [ 9471.694925][ T191] __mutex_lock+0x618/0x1330 [ 9471.699401][ T191] mutex_lock_nested+0x6c/0xc0 [ 9471.704024][ T191] online_show+0x34/0xa8 [ 9471.708167][ T191] dev_attr_show+0x50/0xc8 [ 9471.712442][ T191] sysfs_kf_seq_show+0x164/0x368 [ 9471.717271][ T191] kernfs_seq_show+0x130/0x198 [ 9471.721893][ T191] seq_read_iter+0x344/0xd50 [ 9471.726371][ T191] kernfs_fop_read_iter+0x32c/0x4a8 [ 9471.731426][ T191] new_sync_read+0x2bc/0x4e8 [ 9471.735905][ T191] vfs_read+0x18c/0x340 [ 9471.739918][ T191] ksys_read+0xf8/0x1e0 [ 9471.743927][ T191] __arm64_sys_read+0x74/0xa8 [ 9471.748479][ T191] invoke_syscall.constprop.0+0xdc/0x1d8 [ 9471.753967][ T191] do_el0_svc+0x1f8/0x298 [ 9471.758168][ T191] el0_svc+0x20/0x30 [ 9471.761916][ T191] el0t_64_sync_handler+0xb0/0xb8 [ 9471.766828][ T191] el0t_64_sync+0x178/0x17c [ 9471.771209][ T191] INFO: task kworker/9:2:27306 blocked for more than 123 seconds. [ 9471.778895][ T191] Tainted: G B W 5.13.0-rc5-next-20210609+ #19 [ 9471.786574][ T191] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 9471.795094][ T191] task:kworker/9:2 state:D stack:57552 pid:27306 ppid: 2 flags:0x00000008 [ 9471.804179][ T191] Workqueue: events cpuset_hotplug_workfn [ 9471.809782][ T191] Call trace: [ 9471.812919][ T191] __switch_to+0x184/0x400 [ 9471.817208][ T191] __schedule+0x744/0x1930 [ 9471.821479][ T191] schedule+0x1d0/0x3e8 [ 9471.825512][ T191] percpu_rwsem_wait+0x1a4/0x320 [ 9471.830303][ T191] __percpu_down_read+0xb0/0x148 [ 9471.835089][ T191] cpus_read_lock+0x2b4/0x308 [ 9471.839635][ T191] rebuild_sched_domains+0x24/0x50 [ 9471.844598][ T191] cpuset_hotplug_workfn+0x21c/0x11e0 [ 9471.849839][ T191] process_one_work+0x7e4/0x1998 [ 9471.854629][ T191] worker_thread+0x334/0xad0 [ 9471.859089][ T191] kthread+0x3ac/0x460 [ 9471.863011][ T191] ret_from_fork+0x10/0x18 [ 9471.867318][ T191] INFO: task kworker/31:1:49260 blocked for more than 123 seconds. [ 9471.875058][ T191] Tainted: G B W 5.13.0-rc5-next-20210609+ #19 [ 9471.882732][ T191] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 9471.891280][ T191] task:kworker/31:1 state:D stack:60640 pid:49260 ppid: 2 flags:0x00000008 [ 9471.900366][ T191] Workqueue: events vmstat_shepherd [ 9471.905425][ T191] Call trace: [ 9471.908582][ T191] __switch_to+0x184/0x400 [ 9471.912853][ T191] __schedule+0x744/0x1930 [ 9471.917142][ T191] schedule+0x1d0/0x3e8 [ 9471.921150][ T191] percpu_rwsem_wait+0x1a4/0x320 [ 9471.925960][ T191] __percpu_down_read+0xb0/0x148 [ 9471.930751][ T191] cpus_read_lock+0x2b4/0x308 [ 9471.935277][ T191] vmstat_shepherd+0x5c/0x1a8 [ 9471.939828][ T191] process_one_work+0x7e4/0x1998 [ 9471.944618][ T191] worker_thread+0x334/0xad0 [ 9471.949084][ T191] kthread+0x3ac/0x460 [ 9471.953007][ T191] ret_from_fork+0x10/0x18 [ 9471.957305][ T191] INFO: task cpuhotplug04.sh:62553 blocked for more than 123 seconds. [ 9471.965306][ T191] Tainted: G B W 5.13.0-rc5-next-20210609+ #19 [ 9471.972991][ T191] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 9471.981538][ T191] task:cpuhotplug04.sh state:D stack:55936 pid:62553 ppid: 7301 flags:0x00000000 [ 9471.990625][ T191] Call trace: [ 9471.993764][ T191] __switch_to+0x184/0x400 [ 9471.998053][ T191] __schedule+0x744/0x1930 [ 9472.002322][ T191] schedule+0x1d0/0x3e8 [ 9472.006352][ T191] schedule_timeout+0x188/0x1f8 [ 9472.011056][ T191] wait_for_completion+0x15c/0x270 [ 9472.016038][ T191] __cpuhp_kick_ap+0x158/0x1a8 [ 9472.020656][ T191] cpuhp_kick_ap+0x200/0x7f8 [ 9472.025095][ T191] cpuhp_kick_ap_work+0x1f0/0xc98 [ 9472.029990][ T191] _cpu_down.constprop.0+0x348/0x1118 [ 9472.035214][ T191] cpu_down+0x50/0x80 [ 9472.039065][ T191] cpu_device_down+0x4c/0x68 [ 9472.043507][ T191] cpu_subsys_offline+0x18/0x28 [ 9472.048229][ T191] device_offline+0x154/0x1e0 [ 9472.052757][ T191] online_store+0xa4/0x118 [ 9472.057042][ T191] dev_attr_store+0x44/0x78 [ 9472.061397][ T191] sysfs_kf_write+0xe8/0x138 [ 9472.065867][ T191] kernfs_fop_write_iter+0x26c/0x3d0 [ 9472.071006][ T191] new_sync_write+0x2bc/0x4f8 [ 9472.075554][ T191] vfs_write+0x718/0xc88 [ 9472.079649][ T191] ksys_write+0xf8/0x1e0 [ 9472.083742][ T191] __arm64_sys_write+0x74/0xa8 [ 9472.088374][ T191] invoke_syscall.constprop.0+0xdc/0x1d8 [ 9472.093859][ T191] do_el0_svc+0xe4/0x298 [ 9472.097971][ T191] el0_svc+0x20/0x30 [ 9472.101718][ T191] el0t_64_sync_handler+0xb0/0xb8 [ 9472.106610][ T191] el0t_64_sync+0x178/0x17c [ 9472.110972][ T191] INFO: lockdep is turned off. [ 9594.405358][ T191] INFO: task cpuhp/9:56 blocked for more than 245 seconds. [ 9594.412416][ T191] Tainted: G B W 5.13.0-rc5-next-20210609+ #19 [ 9594.420107][ T191] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 9594.428651][ T191] task:cpuhp/9 state:D stack:58816 pid: 56 ppid: 2 flags:0x00000008 [ 9594.437737][ T191] Call trace: [ 9594.440877][ T191] __switch_to+0x184/0x400 [ 9594.445148][ T191] __schedule+0x744/0x1930 [ 9594.449438][ T191] schedule+0x1d0/0x3e8 [ 9594.453447][ T191] schedule_timeout+0x188/0x1f8 [ 9594.458169][ T191] wait_for_completion+0x15c/0x270 [ 9594.463133][ T191] kthread_flush_work+0x15c/0x248 [ 9594.468038][ T191] __kthread_cancel_work_sync+0x1a0/0x230 [ 9594.473611][ T191] kthread_cancel_work_sync+0x1c/0x28 [ 9594.478853][ T191] sugov_stop+0x104/0x148 [ 9594.483036][ T191] cpufreq_stop_governor+0x78/0x138 [ 9594.488106][ T191] cpufreq_offline+0x7c/0x748 [ 9594.492634][ T191] cpuhp_cpufreq_offline+0x18/0x28 [ 9594.497616][ T191] cpuhp_invoke_callback+0x54c/0x2be0 [ 9594.502840][ T191] cpuhp_thread_fun+0x204/0x588 [ 9594.507559][ T191] smpboot_thread_fn+0x3c8/0xbf8 [ 9594.512349][ T191] kthread+0x3ac/0x460 [ 9594.516291][ T191] ret_from_fork+0x10/0x18 > > This is based of 5.12-rc2. I will merge these via the arm-cpufreq tree > directly. > > Changes since V5: > - New patch to rename freq_scale to arch_freq_scale (Will Deacon). > - Separate patch to export arch_freq_scale and helpers (Will Deacon). > - Some improvements in the last patch like commit log, moving more stuff > to policy init, new fie_disabled flag, etc. (Ionela Voinescu). > - Added Reviewed/Acked/Tested-by tags. > > Changes since V4: > - Move some code to policy specific initialization for cppc driver. > - Initialize kthread specific stuff only once in cppc driver. > - Added a kerneldoc comment in cppc driver and improved changelog as > well. > > Changes since V3: > - rebuild_sched_domains_energy() stuff moved from arm64 to drivers/base. > - Added Reviewed/Tested-by Ionela for the first patch. > - Remove unused max_freq field from structure in cppc driver. > - s/cppc_f_i/cppc_freq_inv. > - Fix an per-cpu access, there was a bug in earlier version. > - Create a single kthread which can run on any CPU and takes care of > work from all the CPUs. > - Do the whole FIE thing under a new CONFIG option for cppc driver. > - Few minor improvements. > > Changes since V2: > - Not sending as an RFC anymore. > - Several renames, reordering of code in 1/2 based on Ionela's comments. > - Several rebase changes for 2/2. > - The freq_scale calculations are optimized a bit. > - Better overall commenting and commit logs. > > Changes since V1: > - The interface for setting the callbacks is improved, so different > parts looking to provide their callbacks don't need to think about > each other. > > - Moved to per-cpu storage for storing the callback related data, AMU > counters have higher priority with this. > > -- > Viresh > > Viresh Kumar (4): > arch_topology: Rename freq_scale as arch_freq_scale > arch_topology: Allow multiple entities to provide sched_freq_tick() > callback > arch_topology: Export arch_freq_scale and helpers > cpufreq: CPPC: Add support for frequency invariance > > arch/arm64/include/asm/topology.h | 10 +- > arch/arm64/kernel/topology.c | 109 +++++-------- > drivers/base/arch_topology.c | 89 ++++++++++- > drivers/cpufreq/Kconfig.arm | 10 ++ > drivers/cpufreq/cppc_cpufreq.c | 245 ++++++++++++++++++++++++++++-- > include/linux/arch_topology.h | 19 ++- > kernel/sched/core.c | 1 + > 7 files changed, 385 insertions(+), 98 deletions(-) > > > base-commit: a38fd8748464831584a19438cbb3082b5a2dab15 >
