[PATCH v1 00/10] devfreq: Fix NULL pointer dereference when a governor module is unloaded

[Jie Zhan]

When compiled as a kernel module, the governor module can be dynamically
inserted or removed.  'devfreq->governor' would become NULL if the governor
module is removed when it's in use, and NULL pointer dereference would be
triggered.  A similar issue was also reported in [1].

To address this issue:

Patch 1-5 rework mutex, factor out a common governor setting function, and
clean up some unreachable code.

Patch 6-8 prevent a governor module in use from being removed (except for
force unload) by getting/putting a refcount of the governor's module when
switching governors.

Patch 9-10 allow 'governor' and 'available_governors' to work normally even
when a governor module in use is force unloaded.

Note that this series is based on [1] or devfreq-next, otherwise code
would conflict.

[1] https://lore.kernel.org/all/20260319091409.998397-1-tianyaxiong@kylinos.cn/
[2] https://lore.kernel.org/all/20251216031153.2242306-1-zhangpengjie2@huawei.com/

Jie Zhan (8):
  devfreq: Use mutex guard in governor_store()
  devfreq: Use mutex guard in devfreq_add/remove_governor()
  devfreq: Add a dedicated mutex for the governor list
  devfreq: Factor out devfreq_set_governor[_locked]()
  devfreq: Remove dead code in devfreq_add_governor()
  devfreq: Add module owner to devfreq governor
  devfreq: Get and put module refcount when switching governor
  devfreq: Allow find_devfreq_governor() to get module refcount

Zhi Wang (2):
  devfreq: Allow showing available_governors when device governor is
    NULL
  devfreq: Allow setting governor when device governor is NULL

 drivers/devfreq/devfreq.c        | 287 +++++++++++++------------------
 include/linux/devfreq-governor.h |  26 ++-
 2 files changed, 143 insertions(+), 170 deletions(-)

-- 
2.43.0