+14
−7
Loading
cpufreq: Rearrange locking in cpufreq_remove_dev()
stable inclusion from stable-v5.10.219 commit 92aca16797e6f799737846887e31aaf1cf3cce96 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IA6SHN CVE: CVE-2024-38615 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=92aca16797e6f799737846887e31aaf1cf3cce96 -------------------------------- [ Upstream commit f339f354 ] Currently, cpufreq_remove_dev() invokes the ->exit() driver callback without holding the policy rwsem which is inconsistent with what happens if ->exit() is invoked directly from cpufreq_offline(). It also manipulates the real_cpus mask and removes the CPU device symlink without holding the policy rwsem, but cpufreq_offline() holds the rwsem around the modifications thereof. For consistency, modify cpufreq_remove_dev() to hold the policy rwsem until the ->exit() callback has been called (or it has been determined that it is not necessary to call it). Signed-off-by:Rafael J. Wysocki <rafael.j.wysocki@intel.com> Acked-by: