From 65d21518f83ff8bd5b8e2f5ef51f401ca9fae63d Mon Sep 17 00:00:00 2001
From: Srinivasarao Pathipati <quic_c_spathi@quicinc.com>
Date: Thu, 18 May 2023 14:40:32 +0530
Subject: [PATCH] cpufreq: schedutil: Fix UAF issue

sugov_tunables are getting deleted with kobject release() in
'commit 67c98e023135 ("cpufreq: schedutil: Use kobject release()
method to free sugov_tunables")'. So save tunables before freeing.

Change-Id: I9df2604210cb071bb907a39cf7fcc1131e4de5f8
Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com>
---
 kernel/sched/cpufreq_schedutil.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/kernel/sched/cpufreq_schedutil.c b/kernel/sched/cpufreq_schedutil.c
index 1cc72eb764a7..9de29b93c046 100644
--- a/kernel/sched/cpufreq_schedutil.c
+++ b/kernel/sched/cpufreq_schedutil.c
@@ -1296,12 +1296,14 @@ static void sugov_exit(struct cpufreq_policy *policy)
 
 	mutex_lock(&global_tunables_lock);
 
+	/* Save tunables before last owner release it in gov_attr_set_put() */
+	if (tunables->attr_set.usage_count == 1)
+		sugov_tunables_save(policy, tunables);
+
 	count = gov_attr_set_put(&tunables->attr_set, &sg_policy->tunables_hook);
 	policy->governor_data = NULL;
-	if (!count) {
-		sugov_tunables_save(policy, tunables);
+	if (!count)
 		sugov_clear_global_tunables();
-	}
 
 	mutex_unlock(&global_tunables_lock);