Before determining the validity of the last-level cache info, ensure that it has been allocated. Simply checking for non-zero cache_leaves() is not sufficient, as some architectures (e.g., Intel processors) have non-zero cache_leaves() before allocation.
Dereferencing NULL cacheinfo can occur in update_per_cpu_data_slice_size(). This function iterates over all online CPUs. However, a CPU may have come online recently, but its cacheinfo may not have been allocated yet.
Cc: Andreas Herrmann aherrmann@suse.com Cc: Catalin Marinas catalin.marinas@arm.com Cc: Chen Yu yu.c.chen@intel.com Cc: Huang Ying ying.huang@intel.com Cc: Len Brown len.brown@intel.com Cc: Radu Rendec rrendec@redhat.com Cc: Pierre Gondois Pierre.Gondois@arm.com Cc: Pu Wen puwen@hygon.cn Cc: "Rafael J. Wysocki" rafael.j.wysocki@intel.com Cc: Sudeep Holla sudeep.holla@arm.com Cc: Srinivas Pandruvada srinivas.pandruvada@linux.intel.com Cc: Will Deacon will@kernel.org Cc: Zhang Rui rui.zhang@intel.com Cc: linux-arm-kernel@lists.infradead.org Cc: stable@vger.kernel.org Signed-off-by: Ricardo Neri ricardo.neri-calderon@linux.intel.com --- Changes since v3: * Introduced this patch.
Changes since v2: * N/A
Changes since v1: * N/A ---
The dereference of a NULL cacheinfo is not observed today because cache_leaves(cpu) is zero until after init_cache_level() is called (during the CPU hotplug callback). A subsequent changeset will set the number of cache leaves earlier and the NULL-pointer dereference will be observed. --- drivers/base/cacheinfo.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/drivers/base/cacheinfo.c b/drivers/base/cacheinfo.c index f1e79263fe61..967c5cf3fb1d 100644 --- a/drivers/base/cacheinfo.c +++ b/drivers/base/cacheinfo.c @@ -61,6 +61,9 @@ bool last_level_cache_is_valid(unsigned int cpu) if (!cache_leaves(cpu)) return false;
+ if (!per_cpu_cacheinfo(cpu)) + return false; + llc = per_cpu_cacheinfo_idx(cpu, cache_leaves(cpu) - 1);
return (llc->attributes & CACHE_ID) || !!llc->fw_token;