The default resource group ("rdtgroup_default") is associated with the root of the resctrl filesystem and should never be removed. New resource groups can be created as subdirectories of the resctrl filesystem and they can be removed from user space. There exists a safeguard in the directory removal code (rdtgroup_rmdir()) that ensures that only subdirectories can be removed by testing that the directory to be removed has to be a child of the root directory.
A possible deadlock was recently fixed with commit 334b0f4e9b1b ("x86/resctrl: Fix a deadlock due to inaccurate reference"). This fix involved associating the private data of the "mon_groups" and "mon_data" directories to the resource group to which they belong instead of NULL as before. A consequence of this change was that the original safeguard code preventing removal of "mon_groups" and "mon_data" found in the root directory failed resulting in attempts to remove the default resource group that ends in a BUG:
kernel BUG at mm/slub.c:3969! invalid opcode: 0000 [#1] SMP PTI
Call Trace: rdtgroup_rmdir+0x16b/0x2c0 kernfs_iop_rmdir+0x5c/0x90 vfs_rmdir+0x7a/0x160 do_rmdir+0x17d/0x1e0 do_syscall_64+0x55/0x1d0 entry_SYSCALL_64_after_hwframe+0x44/0xa9
Fix this by improving the directory removal safeguard to ensure that subdirectories of the resctrl root directory can only be removed if they are a child of the resctrl filesystem's root _and_ not associated with the default resource group.
Fixes: 334b0f4e9b1b ("x86/resctrl: Fix a deadlock due to inaccurate reference") Cc: stable@vger.kernel.org Reported-by: Sai Praneeth Prakhya sai.praneeth.prakhya@intel.com Tested-by: Sai Praneeth Prakhya sai.praneeth.prakhya@intel.com Signed-off-by: Reinette Chatre reinette.chatre@intel.com --- arch/x86/kernel/cpu/resctrl/rdtgroup.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/resctrl/rdtgroup.c b/arch/x86/kernel/cpu/resctrl/rdtgroup.c index 064e9ef44cd6..9d4e73a9b5a9 100644 --- a/arch/x86/kernel/cpu/resctrl/rdtgroup.c +++ b/arch/x86/kernel/cpu/resctrl/rdtgroup.c @@ -3072,7 +3072,8 @@ static int rdtgroup_rmdir(struct kernfs_node *kn) * If the rdtgroup is a mon group and parent directory * is a valid "mon_groups" directory, remove the mon group. */ - if (rdtgrp->type == RDTCTRL_GROUP && parent_kn == rdtgroup_default.kn) { + if (rdtgrp->type == RDTCTRL_GROUP && parent_kn == rdtgroup_default.kn && + rdtgrp != &rdtgroup_default) { if (rdtgrp->mode == RDT_MODE_PSEUDO_LOCKSETUP || rdtgrp->mode == RDT_MODE_PSEUDO_LOCKED) { ret = rdtgroup_ctrl_remove(kn, rdtgrp);
Hi
[This is an automated email]
This commit has been processed because it contains a "Fixes:" tag fixing commit: 334b0f4e9b1b ("x86/resctrl: Fix a deadlock due to inaccurate reference").
The bot has tested the following trees: v5.5.9, v5.4.25, v4.19.110, v4.14.173.
v5.5.9: Build OK! v5.4.25: Build OK! v4.19.110: Failed to apply! Possible dependencies: Unable to calculate
v4.14.173: Failed to apply! Possible dependencies: 0b9aa6562650 ("x86/intel_rdt: Introduce test to determine if closid is in use") 2244645ab194 ("x86/intel_rdt: Fix a silent failure when writing zero value schemata") 472ef09b40c5 ("x86/intel_rdt: Associate mode with each RDT resource group") 49f7b4efa110 ("x86/intel_rdt: Enable setting of exclusive mode") 7604df6e16ae ("x86/intel_rdt: Support flexible data to parsing callbacks") 95f0b77efa57 ("x86/intel_rdt: Initialize new resource group with sane defaults") 9ab9aa15c309 ("x86/intel_rdt: Ensure requested schemata respects mode") 9af4c0a6dc1a ("x86/intel_rdt: Making CBM name and type more explicit") cfd0f34e4cd5 ("x86/intel_rdt: Add diagnostics when making directories") d48d7a57f718 ("x86/intel_rdt: Introduce resource group's mode resctrl file") e0bdfe8e36f3 ("x86/intel_rdt: Support creation/removal of pseudo-locked region")
NOTE: The patch will not be queued to stable trees until it is upstream.
How should we proceed with this patch?
Hi Thomas and Borislav,
Could you please consider this patch for inclusion as a fix for v5.7?
Thank you
Reinette
On 3/17/2020 9:26 AM, Reinette Chatre wrote:
The default resource group ("rdtgroup_default") is associated with the root of the resctrl filesystem and should never be removed. New resource groups can be created as subdirectories of the resctrl filesystem and they can be removed from user space. There exists a safeguard in the directory removal code (rdtgroup_rmdir()) that ensures that only subdirectories can be removed by testing that the directory to be removed has to be a child of the root directory.
A possible deadlock was recently fixed with commit 334b0f4e9b1b ("x86/resctrl: Fix a deadlock due to inaccurate reference"). This fix involved associating the private data of the "mon_groups" and "mon_data" directories to the resource group to which they belong instead of NULL as before. A consequence of this change was that the original safeguard code preventing removal of "mon_groups" and "mon_data" found in the root directory failed resulting in attempts to remove the default resource group that ends in a BUG:
kernel BUG at mm/slub.c:3969! invalid opcode: 0000 [#1] SMP PTI
Call Trace: rdtgroup_rmdir+0x16b/0x2c0 kernfs_iop_rmdir+0x5c/0x90 vfs_rmdir+0x7a/0x160 do_rmdir+0x17d/0x1e0 do_syscall_64+0x55/0x1d0 entry_SYSCALL_64_after_hwframe+0x44/0xa9
Fix this by improving the directory removal safeguard to ensure that subdirectories of the resctrl root directory can only be removed if they are a child of the resctrl filesystem's root _and_ not associated with the default resource group.
Fixes: 334b0f4e9b1b ("x86/resctrl: Fix a deadlock due to inaccurate reference") Cc: stable@vger.kernel.org Reported-by: Sai Praneeth Prakhya sai.praneeth.prakhya@intel.com Tested-by: Sai Praneeth Prakhya sai.praneeth.prakhya@intel.com Signed-off-by: Reinette Chatre reinette.chatre@intel.com
arch/x86/kernel/cpu/resctrl/rdtgroup.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/resctrl/rdtgroup.c b/arch/x86/kernel/cpu/resctrl/rdtgroup.c index 064e9ef44cd6..9d4e73a9b5a9 100644 --- a/arch/x86/kernel/cpu/resctrl/rdtgroup.c +++ b/arch/x86/kernel/cpu/resctrl/rdtgroup.c @@ -3072,7 +3072,8 @@ static int rdtgroup_rmdir(struct kernfs_node *kn) * If the rdtgroup is a mon group and parent directory * is a valid "mon_groups" directory, remove the mon group. */
- if (rdtgrp->type == RDTCTRL_GROUP && parent_kn == rdtgroup_default.kn) {
- if (rdtgrp->type == RDTCTRL_GROUP && parent_kn == rdtgroup_default.kn &&
if (rdtgrp->mode == RDT_MODE_PSEUDO_LOCKSETUP || rdtgrp->mode == RDT_MODE_PSEUDO_LOCKED) { ret = rdtgroup_ctrl_remove(kn, rdtgrp);rdtgrp != &rdtgroup_default) {
The following commit has been merged into the x86/urgent branch of tip:
Commit-ID: b0151da52a6d4f3951ea24c083e7a95977621436 Gitweb: https://git.kernel.org/tip/b0151da52a6d4f3951ea24c083e7a95977621436 Author: Reinette Chatre reinette.chatre@intel.com AuthorDate: Tue, 17 Mar 2020 09:26:45 -07:00 Committer: Borislav Petkov bp@suse.de CommitterDate: Fri, 17 Apr 2020 16:26:23 +02:00
x86/resctrl: Fix invalid attempt at removing the default resource group
The default resource group ("rdtgroup_default") is associated with the root of the resctrl filesystem and should never be removed. New resource groups can be created as subdirectories of the resctrl filesystem and they can be removed from user space.
There exists a safeguard in the directory removal code (rdtgroup_rmdir()) that ensures that only subdirectories can be removed by testing that the directory to be removed has to be a child of the root directory.
A possible deadlock was recently fixed with
334b0f4e9b1b ("x86/resctrl: Fix a deadlock due to inaccurate reference").
This fix involved associating the private data of the "mon_groups" and "mon_data" directories to the resource group to which they belong instead of NULL as before. A consequence of this change was that the original safeguard code preventing removal of "mon_groups" and "mon_data" found in the root directory failed resulting in attempts to remove the default resource group that ends in a BUG:
kernel BUG at mm/slub.c:3969! invalid opcode: 0000 [#1] SMP PTI
Call Trace: rdtgroup_rmdir+0x16b/0x2c0 kernfs_iop_rmdir+0x5c/0x90 vfs_rmdir+0x7a/0x160 do_rmdir+0x17d/0x1e0 do_syscall_64+0x55/0x1d0 entry_SYSCALL_64_after_hwframe+0x44/0xa9
Fix this by improving the directory removal safeguard to ensure that subdirectories of the resctrl root directory can only be removed if they are a child of the resctrl filesystem's root _and_ not associated with the default resource group.
Fixes: 334b0f4e9b1b ("x86/resctrl: Fix a deadlock due to inaccurate reference") Reported-by: Sai Praneeth Prakhya sai.praneeth.prakhya@intel.com Signed-off-by: Reinette Chatre reinette.chatre@intel.com Signed-off-by: Borislav Petkov bp@suse.de Tested-by: Sai Praneeth Prakhya sai.praneeth.prakhya@intel.com Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/884cbe1773496b5dbec1b6bd11bb50cffa83603d.158446185... --- arch/x86/kernel/cpu/resctrl/rdtgroup.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/resctrl/rdtgroup.c b/arch/x86/kernel/cpu/resctrl/rdtgroup.c index 064e9ef..9d4e73a 100644 --- a/arch/x86/kernel/cpu/resctrl/rdtgroup.c +++ b/arch/x86/kernel/cpu/resctrl/rdtgroup.c @@ -3072,7 +3072,8 @@ static int rdtgroup_rmdir(struct kernfs_node *kn) * If the rdtgroup is a mon group and parent directory * is a valid "mon_groups" directory, remove the mon group. */ - if (rdtgrp->type == RDTCTRL_GROUP && parent_kn == rdtgroup_default.kn) { + if (rdtgrp->type == RDTCTRL_GROUP && parent_kn == rdtgroup_default.kn && + rdtgrp != &rdtgroup_default) { if (rdtgrp->mode == RDT_MODE_PSEUDO_LOCKSETUP || rdtgrp->mode == RDT_MODE_PSEUDO_LOCKED) { ret = rdtgroup_ctrl_remove(kn, rdtgrp);
linux-stable-mirror@lists.linaro.org