James Morse cdef119660 cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory ... Since commit e5c6b312ce ("cpufreq: schedutil: Use kobject release() method to free sugov_tunables") kobject_put() has kfree()d the attr_set before gov_attr_set_put() returns. kobject_put() isn't the last user of attr_set in gov_attr_set_put(), the subsequent mutex_destroy() triggers a use-after-free: | BUG: KASAN: use-after-free in mutex_is_locked+0x20/0x60 | Read of size 8 at addr ffff000800ca4250 by task cpuhp/2/20 | | CPU: 2 PID: 20 Comm: cpuhp/2 Not tainted 5.15.0-rc1 #12369 | Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno Development | Platform, BIOS EDK II Jul 30 2018 | Call trace: | dump_backtrace+0x0/0x380 | show_stack+0x1c/0x30 | dump_stack_lvl+0x8c/0xb8 | print_address_description.constprop.0+0x74/0x2b8 | kasan_report+0x1f4/0x210 | kasan_check_range+0xfc/0x1a4 | __kasan_check_read+0x38/0x60 | mutex_is_locked+0x20/0x60 | mutex_destroy+0x80/0x100 | gov_attr_set_put+0xfc/0x150 | sugov_exit+0x78/0x190 | cpufreq_offline.isra.0+0x2c0/0x660 | cpuhp_cpufreq_offline+0x14/0x24 | cpuhp_invoke_callback+0x430/0x6d0 | cpuhp_thread_fun+0x1b0/0x624 | smpboot_thread_fn+0x5e0/0xa6c | kthread+0x3a0/0x450 | ret_from_fork+0x10/0x20 Swap the order of the calls. Fixes: e5c6b312ce ("cpufreq: schedutil: Use kobject release() method to free sugov_tunables") Cc: 4.7+ <stable@vger.kernel.org> # 4.7+ Signed-off-by: James Morse <james.morse@arm.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>		2021-09-14 19:01:36 +02:00
..
acpi-cpufreq.c	cpufreq: acpi: Remove acpi_cpufreq_cpu_ready()	2021-09-02 18:04:17 +02:00
amd_freq_sensitivity.c
armada-8k-cpufreq.c
armada-37xx-cpufreq.c	cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant	2021-08-09 09:31:22 +05:30
bmips-cpufreq.c
brcmstb-avs-cpufreq.c
cppc_cpufreq.c	cpufreq: CPPC: Add support for frequency invariance	2021-07-01 07:32:14 +05:30
cpufreq-dt-platdev.c	cpufreq: blocklist more Qualcomm platforms in cpufreq-dt-platdev	2021-08-30 10:43:35 +05:30
cpufreq-dt.c	cpufreq: dt: Use .register_em() to register with energy model	2021-08-12 09:54:07 +05:30
cpufreq-dt.h
cpufreq-nforce2.c
cpufreq.c	cpufreq: Remove ready() callback	2021-09-02 18:04:17 +02:00
cpufreq_conservative.c
cpufreq_governor.c
cpufreq_governor.h
cpufreq_governor_attr_set.c	cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory	2021-09-14 19:01:36 +02:00
cpufreq_ondemand.c	cpufreq: Replace deprecated CPU-hotplug functions	2021-08-04 20:16:32 +02:00
cpufreq_ondemand.h
cpufreq_performance.c
cpufreq_powersave.c
cpufreq_stats.c	cpufreq: stats: Clean up local variable in cpufreq_stats_create_table()	2021-06-07 13:47:57 +02:00
cpufreq_userspace.c
davinci-cpufreq.c
e_powersaver.c
elanfreq.c
freq_table.c	cpufreq: Fix scaling_{available,boost}_frequencies_show() comments	2021-03-26 17:43:48 +01:00
gx-suspmod.c
highbank-cpufreq.c
ia64-acpi-cpufreq.c	ia64: fix format string for ia64-acpi-cpu-freq	2021-03-19 17:26:20 +01:00
imx-cpufreq-dt.c
imx6q-cpufreq.c	cpufreq: imx6q: Use .register_em() to register with energy model	2021-08-12 09:54:07 +05:30
intel_pstate.c	cpufreq: intel_pstate: Override parameters if HWP forced by BIOS	2021-09-13 19:26:08 +02:00
Kconfig	cpufreq: Kconfig: fix documentation links	2021-04-21 19:00:42 +02:00
Kconfig.arm	cpufreq: mediatek-hw: Add support for CPUFREQ HW	2021-09-06 15:15:19 +05:30
Kconfig.powerpc
Kconfig.x86
kirkwood-cpufreq.c
longhaul.c	cpufreq: Fix fall-through warning for Clang	2021-07-13 11:53:07 -05:00
longhaul.h
longrun.c
loongson1-cpufreq.c
loongson2_cpufreq.c	cpufreq: loongson2: Remove unused linux/sched.h headers	2021-06-07 17:43:52 +02:00
Makefile	cpufreq: mediatek-hw: Add support for CPUFREQ HW	2021-09-06 15:15:19 +05:30
maple-cpufreq.c
mediatek-cpufreq-hw.c	cpufreq: mediatek-hw: Add support for CPUFREQ HW	2021-09-06 15:15:19 +05:30
mediatek-cpufreq.c	cpufreq: mediatek: Use .register_em() to register with energy model	2021-08-12 09:54:07 +05:30
mvebu-cpufreq.c
omap-cpufreq.c	cpufreq: omap: Use .register_em() to register with energy model	2021-08-12 09:54:07 +05:30
p4-clockmod.c
pasemi-cpufreq.c
pcc-cpufreq.c
pmac32-cpufreq.c
pmac64-cpufreq.c
powernow-k6.c
powernow-k7.c
powernow-k7.h
powernow-k8.c	cpufreq: Replace deprecated CPU-hotplug functions	2021-08-04 20:16:32 +02:00
powernow-k8.h
powernv-cpufreq.c	powerpc updates for 5.15	2021-09-03 11:22:50 -07:00
ppc_cbe_cpufreq.c
ppc_cbe_cpufreq.h
ppc_cbe_cpufreq_pervasive.c
ppc_cbe_cpufreq_pmi.c
pxa2xx-cpufreq.c
pxa3xx-cpufreq.c
qcom-cpufreq-hw.c	cpufreq: qcom-hw: Set dvfs_possible_from_any_cpu cpufreq driver flag	2021-08-30 10:43:35 +05:30
qcom-cpufreq-nvmem.c
qoriq-cpufreq.c
raspberrypi-cpufreq.c
s3c24xx-cpufreq-debugfs.c
s3c24xx-cpufreq.c
s3c64xx-cpufreq.c
s3c2410-cpufreq.c
s3c2412-cpufreq.c
s3c2416-cpufreq.c
s3c2440-cpufreq.c
s5pv210-cpufreq.c	cpufreq: Rudimentary typos fix in the file s5pv210-cpufreq.c	2021-03-22 08:55:41 +05:30
sa1100-cpufreq.c
sa1110-cpufreq.c
sc520_freq.c	cpufreq: sc520_freq: add 'fallthrough' to one case	2021-05-21 18:52:13 +02:00
scmi-cpufreq.c	cpufreq: scmi: Use .register_em() to register with energy model	2021-08-30 10:43:00 +05:30
scpi-cpufreq.c	cpufreq: scpi: Use .register_em() to register with energy model	2021-08-30 10:42:45 +05:30
sh-cpufreq.c	cpufreq: sh: Remove sh_cpufreq_cpu_ready()	2021-09-02 18:04:17 +02:00
sparc-us2e-cpufreq.c
sparc-us3-cpufreq.c
spear-cpufreq.c
speedstep-centrino.c
speedstep-ich.c
speedstep-lib.c
speedstep-lib.h
speedstep-smi.c
sti-cpufreq.c
sun50i-cpufreq-nvmem.c
tegra20-cpufreq.c
tegra124-cpufreq.c
tegra186-cpufreq.c
tegra194-cpufreq.c
ti-cpufreq.c
vexpress-spc-cpufreq.c	cpufreq: vexpress: Use .register_em() to register with energy model	2021-08-30 10:42:56 +05:30