[PATCH openEuler-1.0-LTS 2/2] arm64/mpam: Fix use-after-free when deleting resource groups

13 Mar 2024

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I975PZ
--------------------------------
Refer to the below commit:
commit b8511ccc75c0 ("x86/resctrl: Fix use-after-free when deleting resource groups")
Before removing rdtgroup, we need to refer to waitcount counter, otherwise
when unmounting the resctrl file system or deleting ctrl_mon groups, and
there were a waiter on resctrl system, then a use-after-free issue would
occurs. Fix that by removing rdtgroup after checking the waitcount.
Fixes: 3b856c03b36a ("arm64/mpam: remove kernfs_get() calls() and add kernfs_put() calls to prevent refcount leak")
Signed-off-by: Zeng Heng zengheng4@huawei.com
---
 fs/resctrlfs.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/fs/resctrlfs.c b/fs/resctrlfs.c
index 45259c387347..bdb095f16f13 100644
--- a/fs/resctrlfs.c
+++ b/fs/resctrlfs.c
@@ -466,7 +466,10 @@ static void free_all_child_rdtgrp(struct resctrl_group *rdtgrp)
    	/* rmid may not be used */
    	rmid_free(sentry->mon.rmid);
    	list_del(&sentry->mon.crdtgrp_list);
-		rdtgroup_remove(sentry);
+		if (atomic_read(&sentry->waitcount) != 0)
+			sentry->flags = RDT_DELETED;
+		else
+			rdtgroup_remove(sentry);
    }
 }
@@ -500,7 +503,10 @@ static void rmdir_all_sub(void)
kernfs_remove(rdtgrp->kn);
    	list_del(&rdtgrp->resctrl_group_list);
-		rdtgroup_remove(rdtgrp);
+		if (atomic_read(&rdtgrp->waitcount) != 0)
+			rdtgrp->flags = RDT_DELETED;
+		else
+			rdtgroup_remove(rdtgrp);
    }
    /* Notify online CPUs to update per cpu storage and PQR_ASSOC MSR */
    update_closid_rmid(cpu_online_mask, &resctrl_group_default);
-- 
2.25.1


    

2024

2023

2022

2021

2020

2019

[PATCH openEuler-1.0-LTS 2/2] arm64/mpam: Fix use-after-free when deleting resource groups