lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <f2ecb501-bc65-49a9-903d-80ba1737845f@arm.com>
Date: Fri, 7 Feb 2025 15:54:21 +0000
From: James Morse <james.morse@....com>
To: Reinette Chatre <reinette.chatre@...el.com>, x86@...nel.org,
 linux-kernel@...r.kernel.org
Cc: Fenghua Yu <fenghua.yu@...el.com>, Thomas Gleixner <tglx@...utronix.de>,
 Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
 H Peter Anvin <hpa@...or.com>, Babu Moger <Babu.Moger@....com>,
 shameerali.kolothum.thodi@...wei.com,
 D Scott Phillips OS <scott@...amperecomputing.com>,
 carl@...amperecomputing.com, lcherian@...vell.com,
 bobo.shaobowang@...wei.com, tan.shaopeng@...itsu.com,
 baolin.wang@...ux.alibaba.com, Jamie Iles <quic_jiles@...cinc.com>,
 Xin Hao <xhao@...ux.alibaba.com>, peternewman@...gle.com,
 dfustini@...libre.com, amitsinght@...vell.com,
 David Hildenbrand <david@...hat.com>, Rex Nie <rex.nie@...uarmicro.com>,
 Dave Martin <dave.martin@....com>, Shaopeng Tan <tan.shaopeng@...fujitsu.com>
Subject: Re: [PATCH v5 32/40] x86/resctrl: resctrl_exit() teardown resctrl but
 leave the mount point

Hi Reinette,

On 24/10/2024 00:50, Reinette Chatre wrote:
> On 10/4/24 11:03 AM, James Morse wrote:
>> resctrl_exit() was intended for use when the 'resctrl' module was unloaded.
>> resctrl can't be built as a module, and the kernfs helpers are not exported
>> so this is unlikely to change. MPAM has an error interrupt which indicates
>> the MPAM driver has gone haywire. Should this occur tasks could run with
>> the wrong control values, leading to bad performance for important tasks.
>> The MPAM driver needs a way to tell resctrl that no further configuration
>> should be attempted.
>>
>> Using resctrl_exit() for this leaves the system in a funny state as
>> resctrl is still mounted, but cannot be un-mounted because the sysfs
>> directory that is typically used has been removed. Dave Martin suggests
>> this may cause systemd trouble in the future as not all filesystems
>> can be unmounted.
>>
>> Add calls to remove all the files and directories in resctrl, and
>> remove the sysfs_remove_mount_point() call that leaves the system
>> in a funny state. When triggered, this causes all the resctrl files
>> to disappear. resctrl can be unmounted, but not mounted again.

>> diff --git a/arch/x86/kernel/cpu/resctrl/rdtgroup.c b/arch/x86/kernel/cpu/resctrl/rdtgroup.c
>> index f77fab859c35..bb5aadaf99b6 100644
>> --- a/arch/x86/kernel/cpu/resctrl/rdtgroup.c
>> +++ b/arch/x86/kernel/cpu/resctrl/rdtgroup.c
>> @@ -4319,9 +4319,9 @@ int __init resctrl_init(void)
>>  
>>  void __exit resctrl_exit(void)
>>  {
>> +	rdtgroup_destroy_root();
> 
> If I understand correctly, rdtgroup_destroy_root() can now be called
> twice, first during the error interrupt and then on unmount. Would the
> second call be safe?

Hmmm, I thought the mount point would be holding a reference, but this is undoing the work
done at mount time, not init time. Yes, its not safe.

As there is no caller of resctrl_exit() until the MPAM driver, I had another piece left
until later - which covers what happens if the error triggers when resctrl is not mounted:

https://git.kernel.org/pub/scm/linux/kernel/git/morse/linux.git/commit/?h=mpam/snapshot/v6.12-rc1&id=44bb27404b4ce6744fdd4058d1fc07ed2f8d1a9f

(which also covers serialising this against umount if the caller is really unlucky)


> I am not familiar with this code but  I
> see kernfs_destroy_root() and __kernfs_remove() dereferencing pointers
> without checks. I wonder if this needs to be made safer with a:


> 	rdtgroup_destroy_root()
> 	{
> 		if (rdtgroup_default.kn) {
> 			kernfs_destroy_root();
> 			rdtgroup_default.kn = NULL;
> 		}
> 	}

My version checked rdt_root - but nothing actually nobbles that. Your version is a lot
better. Thanks!

If there was a helper to reverse kernfs_root_to_node(), it'd be possible to remove
rdt_root completely - but its contents are private to kernfs.



>>  	debugfs_remove_recursive(debugfs_resctrl);
>>  	unregister_filesystem(&rdt_fs_type);
>> -	sysfs_remove_mount_point(fs_kobj, "resctrl");


> This breaks symmetry with resctrl_init(). The changelog describes the
> motivation clearly but once this line is removed it will be difficult to
> get back to this motivation. Could this function get a comment to explain
> why the mount point is not removed? This will be helpful to anybody following
> this work that may attempt to "fix" the asymmetry by cleaning up the
> mount point created during init.

Sure. I've added some kdoc to explain where/when this is called, and what it does at a
high level:
| /**
|  * resctrl_exit() - Remove the resctrl filesystem and free resources.
|  *
|  * Called by the architecture code in response to a fatal error.
|  * Resctrl files and structures are removed from kernfs to prevent further
|  * configuration.
|  */

Then specifically:
|	/*
| 	 * The sysfs mount point added by resctrl_init() is not removed so that
|	 * it can be used to umount resctrl.
|	 */


Thanks,

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ