[PATCH] cpufreq: qcom-cpufreq-hw: Avoid stack buffer for IRQ name

[Steev Klimaszewski]

On 9/1/21 3:47 AM, Ard Biesheuvel wrote:
> Registering an IRQ requires the string buffer containing the name to
> remain allocated, as the name is not copied into another buffer.
>
> So let's add a irq_name field to the data struct instead, which is
> guaranteed to have the appropriate lifetime.
>
> Cc: Thara Gopinath <thara.gopinath at linaro.org>
> Cc: Bjorn Andersson <bjorn.andersson at linaro.org>
> Cc: Andy Gross <agross at kernel.org>
> Cc: linux-arm-msm at vger.kernel.org
> Signed-off-by: Ard Biesheuvel <ardb at kernel.org>
> ---
> I'm not following msm development closely, so apologies if this was
> already fixed, or if this is not based on the right tree.
>
> This fixes a crash on my Yoga C630 when reading /proc/interrupts.
>
>  drivers/cpufreq/qcom-cpufreq-hw.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/cpufreq/qcom-cpufreq-hw.c b/drivers/cpufreq/qcom-cpufreq-hw.c
> index 3cc27d9e2ed1..6613228fe68c 100644
> --- a/drivers/cpufreq/qcom-cpufreq-hw.c
> +++ b/drivers/cpufreq/qcom-cpufreq-hw.c
> @@ -44,6 +44,7 @@ struct qcom_cpufreq_data {
>  	/* Lock to synchronize between de-init sequence and re-starting LMh polling/interrupts */
>  	spinlock_t throttle_lock;
>  	int throttle_irq;
> +	char irq_name[15];
>  	bool cancel_throttle;
>  };
>  
> @@ -371,7 +372,6 @@ static int qcom_cpufreq_hw_lmh_init(struct cpufreq_policy *policy, int index)
>  {
>  	struct qcom_cpufreq_data *data = policy->driver_data;
>  	struct platform_device *pdev = cpufreq_get_driver_data();
> -	char irq_name[15];
>  	int ret;
>  
>  	/*
> @@ -388,11 +388,11 @@ static int qcom_cpufreq_hw_lmh_init(struct cpufreq_policy *policy, int index)
>  	spin_lock_init(&data->throttle_lock);
>  	INIT_DEFERRABLE_WORK(&data->throttle_work, qcom_lmh_dcvs_poll);
>  
> -	snprintf(irq_name, sizeof(irq_name), "dcvsh-irq-%u", policy->cpu);
> +	snprintf(data->irq_name, sizeof(data->irq_name), "dcvsh-irq-%u", policy->cpu);
>  	ret = request_threaded_irq(data->throttle_irq, NULL, qcom_lmh_dcvs_handle_irq,
> -				   IRQF_ONESHOT, irq_name, data);
> +				   IRQF_ONESHOT, data->irq_name, data);
>  	if (ret) {
> -		dev_err(&pdev->dev, "Error registering %s: %d\n", irq_name, ret);
> +		dev_err(&pdev->dev, "Error registering %s: %d\n", data->irq_name, ret);
>  		return 0;
>  	}
>  

I haven't experienced the crash here, but I also tested the patch on my
C630, and still don't see the issue so, if you want:

Tested-By: Steev Klimaszewski <steev at kali.org>