Re: [PATCH] cpufreq: intel_pstate: Fix crash during turbo disable

[Rafael J. Wysocki]

On Wed, Feb 25, 2026 at 1:17 AM Srinivas Pandruvada
<srinivas.pandruvada@xxxxxxxxxxxxxxx> wrote:
>
> When the system is booted with kernel command line argument "nosmt" or
> "maxcpus" to limit the number of CPUs, disabling turbo via:
> echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo
> results in a crash:
> PF: supervisor read access in kernel mode
> PF: error_code(0x0000) - not-present page
> PGD 0 P4D 0
> Oops: Oops: 0000 [#1] SMP PTI
> ...
> RIP: 0010:store_no_turbo+0x100/0x1f0
>  ...
>
> This occurs because for_each_possible_cpu() returns CPUs even if they are
> not online. For those CPUs, all_cpu_data[] will be NULL. Since
> commit 973207ae3d7c ("cpufreq: intel_pstate: Rearrange max frequency
> updates handling code"), all_cpu_data[] is dereferenced even for CPUs
> which are not online, causing the NULL pointer dereference.
>
> To fix that pass CPU number to intel_pstate_update_max_freq() and use
> all_cpu_data[] for those CPUs for which there is a valid cpufreq policy.
>
> Fixes: 973207ae3d7c ("cpufreq: intel_pstate: Rearrange max frequency updates handling code")
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=221068
> Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@xxxxxxxxxxxxxxx>
> Cc: <stable@xxxxxxxxxxxxxxx> # 6.16+
> ---
>  drivers/cpufreq/intel_pstate.c | 10 +++++-----
>  1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c
> index a48af3540c74..3ecfa921f9b9 100644
> --- a/drivers/cpufreq/intel_pstate.c
> +++ b/drivers/cpufreq/intel_pstate.c
> @@ -1476,13 +1476,13 @@ static void __intel_pstate_update_max_freq(struct cpufreq_policy *policy,
>         refresh_frequency_limits(policy);
>  }
>
> -static bool intel_pstate_update_max_freq(struct cpudata *cpudata)
> +static bool intel_pstate_update_max_freq(int cpu)
>  {
> -       struct cpufreq_policy *policy __free(put_cpufreq_policy) = cpufreq_cpu_get(cpudata->cpu);
> +       struct cpufreq_policy *policy __free(put_cpufreq_policy) = cpufreq_cpu_get(cpu);
>         if (!policy)
>                 return false;
>
> -       __intel_pstate_update_max_freq(policy, cpudata);
> +       __intel_pstate_update_max_freq(policy, all_cpu_data[cpu]);
>
>         return true;
>  }
> @@ -1501,7 +1501,7 @@ static void intel_pstate_update_limits_for_all(void)
>         int cpu;
>
>         for_each_possible_cpu(cpu)
> -               intel_pstate_update_max_freq(all_cpu_data[cpu]);
> +               intel_pstate_update_max_freq(cpu);
>
>         mutex_lock(&hybrid_capacity_lock);
>
> @@ -1908,7 +1908,7 @@ static void intel_pstate_notify_work(struct work_struct *work)
>         struct cpudata *cpudata =
>                 container_of(to_delayed_work(work), struct cpudata, hwp_notify_work);
>
> -       if (intel_pstate_update_max_freq(cpudata)) {
> +       if (intel_pstate_update_max_freq(cpudata->cpu)) {
>                 /*
>                  * The driver will not be unregistered while this function is
>                  * running, so update the capacity without acquiring the driver
> --

Applied as 7.0-rc material, thanks!