Re: [PATCH] cpufreq: qcom-cpufreq-hw: Avoid stack buffer for IRQ name

Thara Gopinath <thara.gopinath@xxxxxxxxxx> · Wed, 1 Sep 2021 15:22:55 -0400

On 9/1/21 4:47 AM, Ard Biesheuvel wrote:
Registering an IRQ requires the string buffer containing the name to
remain allocated, as the name is not copied into another buffer.

So let's add a irq_name field to the data struct instead, which is
guaranteed to have the appropriate lifetime.

Cc: Thara Gopinath <thara.gopinath@xxxxxxxxxx>
Cc: Bjorn Andersson <bjorn.andersson@xxxxxxxxxx>
Cc: Andy Gross <agross@xxxxxxxxxx>
Cc: linux-arm-msm@xxxxxxxxxxxxxxx
Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>

Thanks for the fix.

Reviewed-by: Thara Gopinath <thara.gopinath@xxxxxxxxxx>

--
Warm Regards
Thara (She/Her/Hers)

---
I'm not following msm development closely, so apologies if this was
already fixed, or if this is not based on the right tree.

This fixes a crash on my Yoga C630 when reading /proc/interrupts.

  drivers/cpufreq/qcom-cpufreq-hw.c | 8 ++++----
  1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/cpufreq/qcom-cpufreq-hw.c b/drivers/cpufreq/qcom-cpufreq-hw.c
index 3cc27d9e2ed1..6613228fe68c 100644
--- a/drivers/cpufreq/qcom-cpufreq-hw.c
+++ b/drivers/cpufreq/qcom-cpufreq-hw.c
@@ -44,6 +44,7 @@ struct qcom_cpufreq_data {
  	/* Lock to synchronize between de-init sequence and re-starting LMh polling/interrupts */
  	spinlock_t throttle_lock;
  	int throttle_irq;
+	char irq_name[15];
  	bool cancel_throttle;
  };
  
@@ -371,7 +372,6 @@ static int qcom_cpufreq_hw_lmh_init(struct cpufreq_policy *policy, int index)
  {
  	struct qcom_cpufreq_data *data = policy->driver_data;
  	struct platform_device *pdev = cpufreq_get_driver_data();
-	char irq_name[15];
  	int ret;
  
  	/*
@@ -388,11 +388,11 @@ static int qcom_cpufreq_hw_lmh_init(struct cpufreq_policy *policy, int index)
  	spin_lock_init(&data->throttle_lock);
  	INIT_DEFERRABLE_WORK(&data->throttle_work, qcom_lmh_dcvs_poll);
  
-	snprintf(irq_name, sizeof(irq_name), "dcvsh-irq-%u", policy->cpu);
+	snprintf(data->irq_name, sizeof(data->irq_name), "dcvsh-irq-%u", policy->cpu);
  	ret = request_threaded_irq(data->throttle_irq, NULL, qcom_lmh_dcvs_handle_irq,
-				   IRQF_ONESHOT, irq_name, data);
+				   IRQF_ONESHOT, data->irq_name, data);
  	if (ret) {
-		dev_err(&pdev->dev, "Error registering %s: %d\n", irq_name, ret);
+		dev_err(&pdev->dev, "Error registering %s: %d\n", data->irq_name, ret);
  		return 0;
  	}
  









