| From b0151da52a6d4f3951ea24c083e7a95977621436 Mon Sep 17 00:00:00 2001 |
| From: Reinette Chatre <reinette.chatre@intel.com> |
| Date: Tue, 17 Mar 2020 09:26:45 -0700 |
| Subject: x86/resctrl: Fix invalid attempt at removing the default resource group |
| |
| From: Reinette Chatre <reinette.chatre@intel.com> |
| |
| commit b0151da52a6d4f3951ea24c083e7a95977621436 upstream. |
| |
| The default resource group ("rdtgroup_default") is associated with the |
| root of the resctrl filesystem and should never be removed. New resource |
| groups can be created as subdirectories of the resctrl filesystem and |
| they can be removed from user space. |
| |
| There exists a safeguard in the directory removal code |
| (rdtgroup_rmdir()) that ensures that only subdirectories can be removed |
| by testing that the directory to be removed has to be a child of the |
| root directory. |
| |
| A possible deadlock was recently fixed with |
| |
| 334b0f4e9b1b ("x86/resctrl: Fix a deadlock due to inaccurate reference"). |
| |
| This fix involved associating the private data of the "mon_groups" |
| and "mon_data" directories to the resource group to which they belong |
| instead of NULL as before. A consequence of this change was that |
| the original safeguard code preventing removal of "mon_groups" and |
| "mon_data" found in the root directory failed resulting in attempts to |
| remove the default resource group that ends in a BUG: |
| |
| kernel BUG at mm/slub.c:3969! |
| invalid opcode: 0000 [#1] SMP PTI |
| |
| Call Trace: |
| rdtgroup_rmdir+0x16b/0x2c0 |
| kernfs_iop_rmdir+0x5c/0x90 |
| vfs_rmdir+0x7a/0x160 |
| do_rmdir+0x17d/0x1e0 |
| do_syscall_64+0x55/0x1d0 |
| entry_SYSCALL_64_after_hwframe+0x44/0xa9 |
| |
| Fix this by improving the directory removal safeguard to ensure that |
| subdirectories of the resctrl root directory can only be removed if they |
| are a child of the resctrl filesystem's root _and_ not associated with |
| the default resource group. |
| |
| Fixes: 334b0f4e9b1b ("x86/resctrl: Fix a deadlock due to inaccurate reference") |
| Reported-by: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com> |
| Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> |
| Signed-off-by: Borislav Petkov <bp@suse.de> |
| Tested-by: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com> |
| Cc: stable@vger.kernel.org |
| Link: https://lkml.kernel.org/r/884cbe1773496b5dbec1b6bd11bb50cffa83603d.1584461853.git.reinette.chatre@intel.com |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| arch/x86/kernel/cpu/resctrl/rdtgroup.c | 3 ++- |
| 1 file changed, 2 insertions(+), 1 deletion(-) |
| |
| --- a/arch/x86/kernel/cpu/resctrl/rdtgroup.c |
| +++ b/arch/x86/kernel/cpu/resctrl/rdtgroup.c |
| @@ -3006,7 +3006,8 @@ static int rdtgroup_rmdir(struct kernfs_ |
| * If the rdtgroup is a mon group and parent directory |
| * is a valid "mon_groups" directory, remove the mon group. |
| */ |
| - if (rdtgrp->type == RDTCTRL_GROUP && parent_kn == rdtgroup_default.kn) { |
| + if (rdtgrp->type == RDTCTRL_GROUP && parent_kn == rdtgroup_default.kn && |
| + rdtgrp != &rdtgroup_default) { |
| if (rdtgrp->mode == RDT_MODE_PSEUDO_LOCKSETUP || |
| rdtgrp->mode == RDT_MODE_PSEUDO_LOCKED) { |
| ret = rdtgroup_ctrl_remove(kn, rdtgrp); |