cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()

The cpufreq_cpu_put() call in update_qos_request() takes place too early
because the latter subsequently calls freq_qos_update_request() that
indirectly accesses the policy object in question through the QoS request
object passed to it.

Fortunately, update_qos_request() is called under intel_pstate_driver_lock,
so this issue does not matter for changing the intel_pstate operation
mode, but it theoretically can cause a crash to occur on CPU device hot
removal (which currently can only happen in virt, but it is formally
supported nevertheless).

Address this issue by modifying update_qos_request() to drop the
reference to the policy later.

Fixes: da5c504c7aae ("cpufreq: intel_pstate: Implement QoS supported freq constraints")
Cc: 5.4+ <stable@vger.kernel.org> # 5.4+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Reviewed-by: Zihuan Zhang <zhangzihuan@kylinos.cn>
Link: https://patch.msgid.link/2255671.irdbgypaU6@rafael.j.wysocki

diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c
index e9fe5dd6c7927b6cf5c6b5024ee82accfa6e980e..4cb5e40dd2642277559cc009673559e94bf99d87 100644 (file)
--- a/drivers/cpufreq/intel_pstate.c
+++ b/drivers/cpufreq/intel_pstate.c
@@ -1667,10 +1667,10 @@ static void update_qos_request(enum freq_qos_req_type type)
                        continue;
 
                req = policy->driver_data;
-               cpufreq_cpu_put(policy);
-
-               if (!req)
+               if (!req) {
+                       cpufreq_cpu_put(policy);
                        continue;
+               }
 
                if (hwp_active)
                        intel_pstate_get_hwp_cap(cpu);
@@ -1686,6 +1686,8 @@ static void update_qos_request(enum freq_qos_req_type type)
 
                if (freq_qos_update_request(req, freq) < 0)
                        pr_warn("Failed to update freq constraint: CPU%d\n", i);
+
+               cpufreq_cpu_put(policy);
        }
 }