[PATCH] cpuidle: fix number of initialized/destroyed states

From: Krzysztof Mazur
Date: Mon Jan 07 2013 - 14:12:07 EST

Commit bf4d1b5ddb78f86078ac6ae0415802d5f0c68f92 (cpuidle: support
multiple drivers) changed the number of initialized state kobjects
in cpuidle_add_state_sysfs() from device->state_count to drv->state_count,
but leaved device->state_count in cpuidle_remove_state_sysfs().
Those two values might have different values, causing for instance
NULL pointer dereference in cpuidle_remove_state_sysfs().

Signed-off-by: Krzysztof Mazur <krzysiek@xxxxxxxxxxxx>

commit bf4d1b5ddb78f86078ac6ae0415802d5f0c68f92
(cpuidle: support multiple drivers, merged in v3.8-rc1) causes NULL pointer
dereference in cpuidle_remove_state_sysfs() when I plug the AC line to my
laptop. I'm using the acpi_idle cpuidle driver and the C4 state is
available only on when the system runs from battery. The problem still
exists in v3.8-rc2 and f243b9b46a22e5790dbbc36f574c2417af49a41.

I noticed that the commit bf4d1b5ddb78f86078ac6ae0415802d5f0c68f92
(merged in v3.8-rc1) changed device->state_count to drv->state_count
in only one of two places, which seems to be incorrect. This patch restores
device->state_count in both places. It fixes the problem on my system.


drivers/cpuidle/sysfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/cpuidle/sysfs.c b/drivers/cpuidle/sysfs.c
index 3409429..428754a 100644
--- a/drivers/cpuidle/sysfs.c
+++ b/drivers/cpuidle/sysfs.c
@@ -374,7 +374,7 @@ static int cpuidle_add_state_sysfs(struct cpuidle_device *device)
struct cpuidle_driver *drv = cpuidle_get_cpu_driver(device);

/* state statistics */
- for (i = 0; i < drv->state_count; i++) {
+ for (i = 0; i < device->state_count; i++) {
kobj = kzalloc(sizeof(struct cpuidle_state_kobj), GFP_KERNEL);
if (!kobj)
goto error_state;

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/