From 879000f94442860e72c934f9e568989bc7fb8ec4 Mon Sep 17 00:00:00 2001 From: CHIKAMA masaki Date: Thu, 5 Jun 2008 22:46:33 -0700 Subject: cpufreq: fix null object access on Transmeta CPU If cpu specific cpufreq driver(i.e. longrun) has "setpolicy" function, governor object isn't set into cpufreq_policy object at "__cpufreq_set_policy" function in driver/cpufreq/cpufreq.c . This causes a null object access at "store_scaling_setspeed" and "show_scaling_setspeed" function in driver/cpufreq/cpufreq.c when reading or writing through /sys interface (ex. cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_setspeed) Addresses: http://bugzilla.kernel.org/show_bug.cgi?id=10654 https://bugzilla.redhat.com/show_bug.cgi?id=443354 Signed-off-by: CHIKAMA Masaki Cc: Dave Jones Cc: Chuck Ebbert Acked-by: Dominik Brodowski Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/cpufreq/cpufreq.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'drivers/cpufreq/cpufreq.c') diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c index 86f0a24..4e07d1f 100644 --- a/drivers/cpufreq/cpufreq.c +++ b/drivers/cpufreq/cpufreq.c @@ -625,7 +625,7 @@ static ssize_t store_scaling_setspeed(struct cpufreq_policy *policy, unsigned int freq = 0; unsigned int ret; - if (!policy->governor->store_setspeed) + if (!policy->governor || !policy->governor->store_setspeed) return -EINVAL; ret = sscanf(buf, "%u", &freq); @@ -639,7 +639,7 @@ static ssize_t store_scaling_setspeed(struct cpufreq_policy *policy, static ssize_t show_scaling_setspeed(struct cpufreq_policy *policy, char *buf) { - if (!policy->governor->show_setspeed) + if (!policy->governor || !policy->governor->show_setspeed) return sprintf(buf, "\n"); return policy->governor->show_setspeed(policy, buf); -- cgit v1.1 From 326f6a5c9c9e1a62aec37bdc0c3f8d53adabe77b Mon Sep 17 00:00:00 2001 From: Chris Wright Date: Fri, 6 Jun 2008 21:26:02 -0700 Subject: [CPUFREQ] Fix format string bug. Format string bug. Not exploitable, as this is only writable by root, but worth fixing all the same. Spotted-by: Ilja van Sprundel Signed-off-by: Dave Jones --- drivers/cpufreq/cpufreq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers/cpufreq/cpufreq.c') diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c index 86f0a24..cc3baf1 100644 --- a/drivers/cpufreq/cpufreq.c +++ b/drivers/cpufreq/cpufreq.c @@ -412,7 +412,7 @@ static int cpufreq_parse_governor(char *str_governor, unsigned int *policy, int ret; mutex_unlock(&cpufreq_governor_mutex); - ret = request_module(name); + ret = request_module("%s", name); mutex_lock(&cpufreq_governor_mutex); if (ret == 0) -- cgit v1.1