Re: [PATCH v3 9/9] fs/resctrl: Fix UAF from worker threads when domains are removed

Next message: Robin Murphy: "Re: [PATCH] driver core: platform: Setup device MSI domain just before driver probe"
Previous message: Boqun Feng: "[PATCH v2 12/12] s390/preempt: Enable HAS_SEPARATE_PREEMPT_RESCHED_BITS"
Next in thread: Reinette Chatre: "Re: [PATCH v3 9/9] fs/resctrl: Fix UAF from worker threads when domains are removed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Luck, Tony

Date: Tue May 26 2026 - 11:40:16 EST

On Fri, May 22, 2026 at 12:15:13PM -0700, Reinette Chatre wrote:
> - Adding a reference count to the domain structure to avoid the worker
> needing to take CPU hotplug lock. This ended up being very complicated
> with the architecture needing new APIs to manage the reference count
> which cannot cleanly integrate into MPAM since it uses a single
> architecture domain structure to contain both the control and monitoring
> domain structures. Managing the references across mount, unmount,
> online, offline, as well as worker self exit resulted in several
> asymmetrical and complicated paths that were error prone. Locking also
> proved to be complicated since architecture would need to initiate
> domain free that will need to call back into resctrl that will take
> rdtgroup_mutex which means that references need to be taken/released
> without locking.

I'd been working on a reference count approach too. The MPAM combined
domain for control and monitoring doesn't seem insurmountable. Mostly
because it seems unlikely that the problem with worker threads would
ever apply to control domains. Maybe I missed something, but just adding
an architecture *release() function that can be used by file system code
to drop reference counts on the domain when worker threads exit seems
enough.

My patch below.

-Tony