Patch "x86/intel_rdt: Put group node in rdtgroup_kn_unlock" has been added to the 4.10-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Mon, 20 Mar 2017 18:33:26 +0100

This is a note to let you know that I've just added the patch titled

    x86/intel_rdt: Put group node in rdtgroup_kn_unlock

to the 4.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     x86-intel_rdt-put-group-node-in-rdtgroup_kn_unlock.patch
and it can be found in the queue-4.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 49ec8f5b6ae3ab60385492cad900ffc8a523c895 Mon Sep 17 00:00:00 2001
From: Jiri Olsa <jolsa@xxxxxxxxxx>
Date: Tue, 14 Mar 2017 15:20:53 +0100
Subject: x86/intel_rdt: Put group node in rdtgroup_kn_unlock

From: Jiri Olsa <jolsa@xxxxxxxxxx>

commit 49ec8f5b6ae3ab60385492cad900ffc8a523c895 upstream.

The rdtgroup_kn_unlock waits for the last user to release and put its
node. But it's calling kernfs_put on the node which calls the
rdtgroup_kn_unlock, which might not be the group's directory node, but
another group's file node.

This race could be easily reproduced by running 2 instances
of following script:

  mount -t resctrl resctrl /sys/fs/resctrl/
  pushd /sys/fs/resctrl/
  mkdir krava
  echo "krava" > krava/schemata
  rmdir krava
  popd
  umount  /sys/fs/resctrl

It triggers the slub debug error message with following command
line config: slub_debug=,kernfs_node_cache.

Call kernfs_put on the group's node to fix it.

Fixes: 60cf5e101fd4 ("x86/intel_rdt: Add mkdir to resctrl file system")
Signed-off-by: Jiri Olsa <jolsa@xxxxxxxxxx>
Cc: Fenghua Yu <fenghua.yu@xxxxxxxxx>
Cc: Peter Zijlstra <a.p.zijlstra@xxxxxxxxx>
Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Cc: Mike Galbraith <efault@xxxxxx>
Cc: Shaohua Li <shli@xxxxxx>
Link: http://lkml.kernel.org/r/1489501253-20248-1-git-send-email-jolsa@xxxxxxxxxx
Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 arch/x86/kernel/cpu/intel_rdt_rdtgroup.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
+++ b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
@@ -727,7 +727,7 @@ void rdtgroup_kn_unlock(struct kernfs_no
 	if (atomic_dec_and_test(&rdtgrp->waitcount) &&
 	    (rdtgrp->flags & RDT_DELETED)) {
 		kernfs_unbreak_active_protection(kn);
-		kernfs_put(kn);
+		kernfs_put(rdtgrp->kn);
 		kfree(rdtgrp);
 	} else {
 		kernfs_unbreak_active_protection(kn);


Patches currently in stable-queue which might be from jolsa@xxxxxxxxxx are

queue-4.10/x86-intel_rdt-put-group-node-in-rdtgroup_kn_unlock.patch






