Re: [PATCH v2] cpuidle: Add sanity check for exit latency and target residency
From: Rafael J. Wysocki
Date: Sat Nov 08 2025 - 06:48:42 EST
On Sat, Nov 8, 2025 at 12:02 PM Rafael J. Wysocki <rafael@xxxxxxxxxx> wrote:
>
> On Sat, Nov 8, 2025 at 9:49 AM Artem Bityutskiy
> <artem.bityutskiy@xxxxxxxxxxxxxxx> wrote:
> >
> > On Fri, 2025-11-07 at 20:07 +0100, Rafael J. Wysocki wrote:
> > > From: Rafael J. Wysocki <rafael.j.wysocki@xxxxxxxxx>
> > >
> > > Make __cpuidle_driver_init() fail if the exit latency of one of the
> > > driver's idle states is less than its exit latency which would break
> > > cpuidle assumptions.
> > >
> > > Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@xxxxxxxxx>
> >
> > LGTM
> >
> > Reviewed-by: Artem Bityutskiy <artem.bityutskiy@xxxxxxxxxxxxxxx>
> >
> >
> > By the way, I have a more paranoid validation patch, which validates
> > latency and also more. Sure I can rebase it later on top of this
> > patch.
>
> That should be rather straightforward.
>
> > I did not have time to polish it yet, but sharing just in case there is
> > a quick feedback.
> >
> > From: Artem Bityutskiy <artem.bityutskiy@xxxxxxxxxxxxxxx>
> > Subject: [PATCH] cpuidle: Add idle states validation
> >
> > Validate the idle states table provided by the underlying idle driver. For
> > example, validate that deeper idle states have greater latency and target
> > residency compared to shallower states.
> >
> > Signed-off-by: Artem Bityutskiy <artem.bityutskiy@xxxxxxxxxxxxxxx>
> > ---
> > drivers/cpuidle/driver.c | 58 ++++++++++++++++++++++++++++++++++++++--
> > 1 file changed, 56 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/cpuidle/driver.c b/drivers/cpuidle/driver.c
> > index 9bbfa594c4425..6bcedad534dd9 100644
> > --- a/drivers/cpuidle/driver.c
> > +++ b/drivers/cpuidle/driver.c
> > @@ -20,6 +20,10 @@
> >
> > #include "cpuidle.h"
> >
> > +/* Maximum allowed latency and target residency values */
> > +#define MAX_LATENCY 50000 /* 50 milliseconds */
> > +#define MAX_RESIDENCY 1000000 /* 1 second */
> > +
> > DEFINE_SPINLOCK(cpuidle_driver_lock);
> >
> > #ifdef CONFIG_CPU_IDLE_MULTIPLE_DRIVERS
> > @@ -148,11 +152,46 @@ static void cpuidle_setup_broadcast_timer(void *arg)
> > tick_broadcast_disable();
> > }
> >
> > +/**
> > + * validate_state - Validate an idle state.
> > + * @state: The C-state to validate.
> > + * @prev_state: The previous idle state or NULL.
> > + *
> > + * Return: 0 if the idle state is valid or -EINVAL otherwise.
> > + */
> > +static int validate_state(struct cpuidle_state *s, struct cpuidle_state *prev_s)
> > +{
> > + if (s->exit_latency == 0)
> > + return -EINVAL;
>
> The change above will break the polling state AFAICS.
>
> > +
> > + if (s->exit_latency > MAX_LATENCY)
> > + return -EINVAL;
> > +
> > + if (s->target_residency > MAX_RESIDENCY)
> > + return -EINVAL;
> > +
> > + if (s->target_residency < s->exit_latency)
> > + return -EINVAL;
> > +
> > + if (!prev_s)
> > + return 0;
> > +
> > + if (s->exit_latency <= prev_s->exit_latency)
> > + return -EINVAL;
>
> Well, is this really necessary? Nothing depends on this ordering AFAICS.
Yes, it is, there are assumptions in the governors regarding this.
Sorry for the noise.