diff options
| author | Reinette Chatre <reinette.chatre@intel.com> | 2026-06-09 14:02:27 -0700 |
|---|---|---|
| committer | Borislav Petkov (AMD) <bp@alien8.de> | 2026-07-01 13:15:02 -0700 |
| commit | fc16126cc11d9f507130bf84ab137ee0938c900e (patch) | |
| tree | cb71a93c0504afcc9a62691e9b7f41db89c787c0 /tools/testing/selftests/drivers/net/netdevsim | |
| parent | dc59e4fea9d83f03bad6bddf3fa2e52491777482 (diff) | |
| download | lwn-fc16126cc11d9f507130bf84ab137ee0938c900e.tar.gz lwn-fc16126cc11d9f507130bf84ab137ee0938c900e.zip | |
x86,fs/resctrl: Prevent out-of-bounds access while offlining CPU when SNC enabled
The architecture updates the cpu_mask in a domain's header to track which
online CPUs are associated with the domain. When this mask becomes empty
the architecture initiates offline of the domain that includes calling
on resctrl fs to offline the domain. If it is a monitoring domain in
which LLC occupancy is tracked resctrl fs forces the limbo handler to
clear all busy RMID state associated with the domain.
The limbo handler always reads the current event value associated with a
busy RMID irrespective of it being checked as part of regular "is it still
busy" check or whether it will be forced released anyway. When reading an
RMID on a system with SNC enabled the "logical RMID" is converted to the
"physical RMID" and this conversion requires the NUMA node ID of the
resctrl monitoring domain that is in turn determined by querying the NUMA
node ID of any CPU belonging to the monitoring domain.
When the monitoring domain is going offline its cpu_mask is empty causing
the NUMA node ID query via cpu_to_node() to be done with "nr_cpu_ids" as
argument resulting in an out-of-bounds access.
Refactor the limbo handler to skip reading the RMID when the RMID will
just be forced to no longer be dirty in the domain anyway. Add a safety
check to the architecture's RMID reader to protect against this scenario.
Fixes: e13db55b5a0d ("x86/resctrl: Introduce snc_nodes_per_l3_cache")
Closes: https://sashiko.dev/#/patchset/cover.1780456704.git.reinette.chatre%40intel.com?part=9
Reported-by: Sashiko <sashiko-bot@kernel.org>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: <stable@kernel.org>
Link: https://patch.msgid.link/16137433df42f85013b2f7a53626795cbd6637b9.1781029125.git.reinette.chatre@intel.com
Diffstat (limited to 'tools/testing/selftests/drivers/net/netdevsim')
0 files changed, 0 insertions, 0 deletions
