From: tip-bot for Reinette Chatre <tipbot@zytor.com>
To: linux-tip-commits@vger.kernel.org
Cc: mingo@kernel.org, hpa@zytor.com, tglx@linutronix.de,
linux-kernel@vger.kernel.org, reinette.chatre@intel.com
Subject: [tip:x86/cache] x86/intel_rdt: Protect against resource group changes during locking
Date: Sat, 23 Jun 2018 05:17:48 -0700 [thread overview]
Message-ID: <tip-c966dac8a5ede5d5f9b730512d8bdbcec307fe38@git.kernel.org> (raw)
In-Reply-To: <0c5cb006e81ead0b8bfff2df530c5d3017fd31d1.1529706536.git.reinette.chatre@intel.com>
Commit-ID: c966dac8a5ede5d5f9b730512d8bdbcec307fe38
Gitweb: https://git.kernel.org/tip/c966dac8a5ede5d5f9b730512d8bdbcec307fe38
Author: Reinette Chatre <reinette.chatre@intel.com>
AuthorDate: Fri, 22 Jun 2018 15:42:12 -0700
Committer: Thomas Gleixner <tglx@linutronix.de>
CommitDate: Sat, 23 Jun 2018 13:03:46 +0200
x86/intel_rdt: Protect against resource group changes during locking
We intend to modify file permissions to make the "tasks", "cpus", and
"cpus_list" not accessible to the user when cache pseudo-locking in
progress. Even so, it is still possible for the user to force the file
permissions (using chmod) to make them writeable. Similarly, directory
permissions will be modified to prevent future monitor group creation but
the user can override these restrictions also.
Add additional checks to the files we intend to restrict to ensure that no
modifications from user space are attempted while setting up a
pseudo-locking or after a pseudo-locked region is set up.
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: fenghua.yu@intel.com
Cc: tony.luck@intel.com
Cc: vikas.shivappa@linux.intel.com
Cc: gavin.hindman@intel.com
Cc: jithu.joseph@intel.com
Cc: dave.hansen@intel.com
Cc: hpa@zytor.com
Link: https://lkml.kernel.org/r/0c5cb006e81ead0b8bfff2df530c5d3017fd31d1.1529706536.git.reinette.chatre@intel.com
---
arch/x86/kernel/cpu/intel_rdt_ctrlmondata.c | 10 +++++++++
arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 32 +++++++++++++++++++++++++----
2 files changed, 38 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kernel/cpu/intel_rdt_ctrlmondata.c b/arch/x86/kernel/cpu/intel_rdt_ctrlmondata.c
index 0e6210a043f0..bc79396c5dad 100644
--- a/arch/x86/kernel/cpu/intel_rdt_ctrlmondata.c
+++ b/arch/x86/kernel/cpu/intel_rdt_ctrlmondata.c
@@ -283,6 +283,16 @@ ssize_t rdtgroup_schemata_write(struct kernfs_open_file *of,
}
rdt_last_cmd_clear();
+ /*
+ * No changes to pseudo-locked region allowed. It has to be removed
+ * and re-created instead.
+ */
+ if (rdtgrp->mode == RDT_MODE_PSEUDO_LOCKED) {
+ ret = -EINVAL;
+ rdt_last_cmd_puts("resource group is pseudo-locked\n");
+ goto out;
+ }
+
for_each_alloc_enabled_rdt_resource(r) {
list_for_each_entry(dom, &r->domains, list)
dom->have_new_ctrl = false;
diff --git a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
index 08a412e0b47a..013cbfedc753 100644
--- a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
+++ b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
@@ -449,6 +449,13 @@ static ssize_t rdtgroup_cpus_write(struct kernfs_open_file *of,
goto unlock;
}
+ if (rdtgrp->mode == RDT_MODE_PSEUDO_LOCKED ||
+ rdtgrp->mode == RDT_MODE_PSEUDO_LOCKSETUP) {
+ ret = -EINVAL;
+ rdt_last_cmd_puts("pseudo-locking in progress\n");
+ goto unlock;
+ }
+
if (is_cpu_list(of))
ret = cpulist_parse(buf, newmask);
else
@@ -651,13 +658,22 @@ static ssize_t rdtgroup_tasks_write(struct kernfs_open_file *of,
if (kstrtoint(strstrip(buf), 0, &pid) || pid < 0)
return -EINVAL;
rdtgrp = rdtgroup_kn_lock_live(of->kn);
+ if (!rdtgrp) {
+ rdtgroup_kn_unlock(of->kn);
+ return -ENOENT;
+ }
rdt_last_cmd_clear();
- if (rdtgrp)
- ret = rdtgroup_move_task(pid, rdtgrp, of);
- else
- ret = -ENOENT;
+ if (rdtgrp->mode == RDT_MODE_PSEUDO_LOCKED ||
+ rdtgrp->mode == RDT_MODE_PSEUDO_LOCKSETUP) {
+ ret = -EINVAL;
+ rdt_last_cmd_puts("pseudo-locking in progress\n");
+ goto unlock;
+ }
+
+ ret = rdtgroup_move_task(pid, rdtgrp, of);
+unlock:
rdtgroup_kn_unlock(of->kn);
return ret ?: nbytes;
@@ -2315,6 +2331,14 @@ static int mkdir_rdt_prepare(struct kernfs_node *parent_kn,
goto out_unlock;
}
+ if (rtype == RDTMON_GROUP &&
+ (prdtgrp->mode == RDT_MODE_PSEUDO_LOCKSETUP ||
+ prdtgrp->mode == RDT_MODE_PSEUDO_LOCKED)) {
+ ret = -EINVAL;
+ rdt_last_cmd_puts("pseudo-locking in progress\n");
+ goto out_unlock;
+ }
+
/* allocate the rdtgroup. */
rdtgrp = kzalloc(sizeof(*rdtgrp), GFP_KERNEL);
if (!rdtgrp) {
next prev parent reply other threads:[~2018-06-23 12:17 UTC|newest]
Thread overview: 98+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-22 22:41 [PATCH V7 00/41] Intel(R) Resource Director Technology Cache Pseudo-Locking enabling Reinette Chatre
2018-06-22 22:41 ` [PATCH V7 01/41] x86/intel_rdt: Provide pseudo-locking hooks within rdt_mount Reinette Chatre
2018-06-23 12:07 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:41 ` [PATCH V7 02/41] x86/intel_rdt: Document new mode, size, and bit_usage Reinette Chatre
2018-06-23 12:07 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:41 ` [PATCH V7 03/41] x86/intel_rdt: Introduce RDT resource group mode Reinette Chatre
2018-06-23 12:08 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:41 ` [PATCH V7 04/41] x86/intel_rdt: Associate mode with each RDT resource group Reinette Chatre
2018-06-23 12:08 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:41 ` [PATCH V7 05/41] x86/intel_rdt: Introduce resource group's mode resctrl file Reinette Chatre
2018-06-23 12:09 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:41 ` [PATCH V7 06/41] x86/intel_rdt: Introduce test to determine if closid is in use Reinette Chatre
2018-06-23 12:09 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:41 ` [PATCH V7 07/41] x86/intel_rdt: Make useful functions available internally Reinette Chatre
2018-06-23 12:10 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:41 ` [PATCH V7 08/41] x86/intel_rdt: Initialize new resource group with sane defaults Reinette Chatre
2018-06-23 12:10 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 09/41] x86/intel_rdt: Introduce new "exclusive" mode Reinette Chatre
2018-06-23 12:11 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 10/41] x86/intel_rdt: Enable setting of exclusive mode Reinette Chatre
2018-06-23 12:11 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 11/41] x86/intel_rdt: Making CBM name and type more explicit Reinette Chatre
2018-06-23 12:12 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 12/41] x86/intel_rdt: Support flexible data to parsing callbacks Reinette Chatre
2018-06-23 12:13 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 13/41] x86/intel_rdt: Ensure requested schemata respects mode Reinette Chatre
2018-06-23 12:13 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 14/41] x86/intel_rdt: Introduce "bit_usage" to display cache allocations details Reinette Chatre
2018-06-23 12:14 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 15/41] x86/intel_rdt: Display resource groups' allocations' size in bytes Reinette Chatre
2018-06-23 12:14 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 16/41] x86/intel_rdt: Documentation for Cache Pseudo-Locking Reinette Chatre
2018-06-23 12:15 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 17/41] x86/intel_rdt: Introduce the Cache Pseudo-Locking modes Reinette Chatre
2018-06-23 12:15 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 18/41] x86/intel_rdt: Respect read and write access Reinette Chatre
2018-06-23 12:16 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 19/41] x86/intel_rdt: Add utility to test if tasks assigned to resource group Reinette Chatre
2018-06-23 12:16 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 20/41] x86/intel_rdt: Add utility to restrict/restore access to resctrl files Reinette Chatre
2018-06-23 12:17 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 21/41] x86/intel_rdt: Protect against resource group changes during locking Reinette Chatre
2018-06-23 12:17 ` tip-bot for Reinette Chatre [this message]
2018-06-22 22:42 ` [PATCH V7 22/41] x86/intel_rdt: Utilities to restrict/restore access to specific files Reinette Chatre
2018-06-23 12:18 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 23/41] x86/intel_rdt: Add check to determine if monitoring in progress Reinette Chatre
2018-06-23 12:18 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 24/41] x86/intel_rdt: Introduce pseudo-locked region Reinette Chatre
2018-06-23 12:19 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 25/41] x86/intel_rdt: Support enter/exit of locksetup mode Reinette Chatre
2018-06-23 12:20 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 26/41] x86/intel_rdt: Enable entering of pseudo-locksetup mode Reinette Chatre
2018-06-23 12:20 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 27/41] x86/intel_rdt: Split resource group removal in two Reinette Chatre
2018-06-23 12:21 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 28/41] x86/intel_rdt: Add utilities to test pseudo-locked region possibility Reinette Chatre
2018-06-23 12:21 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 29/41] x86/intel_rdt: Discover supported platforms via prefetch disable bits Reinette Chatre
2018-06-23 12:22 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 30/41] x86/intel_rdt: Pseudo-lock region creation/removal core Reinette Chatre
2018-06-23 12:22 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 31/41] x86/intel_rdt: Support creation/removal of pseudo-locked region Reinette Chatre
2018-06-23 12:23 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 32/41] x86/intel_rdt: Resctrl files reflect pseudo-locked information Reinette Chatre
2018-06-23 12:23 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 33/41] x86/intel_rdt: Ensure RDT cleanup on exit Reinette Chatre
2018-06-23 12:24 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 34/41] x86/intel_rdt: Create resctrl debug area Reinette Chatre
2018-06-23 12:24 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 35/41] x86/intel_rdt: Create debugfs files for pseudo-locking testing Reinette Chatre
2018-06-23 12:25 ` [tip:x86/cache] " tip-bot for Reinette Chatre
[not found] ` <201806232005.zVl35hAb%fengguang.wu@intel.com>
2018-06-24 9:09 ` [PATCH V7 35/41] " Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 36/41] x86/intel_rdt: Create character device exposing pseudo-locked region Reinette Chatre
2018-06-23 12:25 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-24 13:39 ` tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 37/41] x86/intel_rdt: More precise L2 hit/miss measurements Reinette Chatre
2018-06-23 12:26 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-24 13:40 ` tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 38/41] x86/intel_rdt: Support L3 cache performance event of Broadwell Reinette Chatre
2018-06-23 12:27 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-24 13:40 ` tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 39/41] x86/intel_rdt: Limit C-states dynamically when pseudo-locking active Reinette Chatre
2018-06-23 12:27 ` [tip:x86/cache] " tip-bot for Reinette Chatre
2018-06-24 13:41 ` tip-bot for Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 40/41] x86/intel_rdt: Fix passing of value to 32-bit register Reinette Chatre
2018-06-22 22:42 ` [PATCH V7 41/41] x86/intel_rdt: Simplify index type Reinette Chatre
2018-06-22 23:45 ` [PATCH V7 00/41] Intel(R) Resource Director Technology Cache Pseudo-Locking enabling David Howells
2018-06-23 0:28 ` Reinette Chatre
2018-06-23 12:16 ` Thomas Gleixner
2018-06-23 12:38 ` Thomas Gleixner
2018-06-23 22:54 ` David Howells
2018-06-24 0:30 ` Thomas Gleixner
2018-06-23 23:14 ` David Howells
2018-06-24 0:28 ` Thomas Gleixner
2018-06-24 9:20 ` Reinette Chatre
2018-06-24 9:45 ` Thomas Gleixner
2018-06-25 22:08 ` Reinette Chatre
-- strict thread matches above, loose matches on Subject: below --
2018-05-29 12:57 [PATCH V5 20/38] x86/intel_rdt: Protect against resource group changes during locking Reinette Chatre
2018-06-20 0:23 ` [tip:x86/cache] " tip-bot for Reinette Chatre
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tip-c966dac8a5ede5d5f9b730512d8bdbcec307fe38@git.kernel.org \
--to=tipbot@zytor.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=reinette.chatre@intel.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox