Re: [PATCH v3 4/9] fs/resctrl: Fix deadlock for errors during mount

[Chen, Yu C]

On 5/29/2026 11:53 PM, Reinette Chatre wrote:
> Hi Chenyu,
>
> On 5/29/26 7:06 AM, Chen, Yu C wrote:
> > On 5/23/2026 3:15 AM, Reinette Chatre wrote:
> > > @@ -3085,10 +3105,37 @@ static int rdt_get_tree(struct fs_context *fc)
> > >                               RESCTRL_PICK_ANY_CPU);
> > >        }
> > >    -    goto out;
> > > +    /*
> > > +     * Ensure root kn remains accessible after mutex is unlocked so that
> >
> > Maybe a little more accurate to say "Ensure rdt_root remains accessible"?
> > Here we increase reference for rdtgroup_default.kn, and protect
> > against UAF of
> > kernfs_kill_sb(sb) ->
> >    info = kernfs_info(sb) ->
> >      kernfs_put(info->root->kn)
> >
> > where the info->root is UAF rather than the kn.
>
> Right. The UAF is indeed on the root self while its lifetime is controlled by references
> to its kn (root->kn). Dropping the last reference on root->kn causes root to be freed.
>
> rdt_root is the name of a variable though and its value can actually change in the flow
> involved here so I'd prefer not to phrase it exactly like that. How about just
> "Ensure root remains accessible ..."?

Yes, this looks good to me.

thanks,
Chenyu