[PATCH v5 00/11] x86,fs/resctrl: Fix long-standing issues

[Reinette Chatre]

v4: https://lore.kernel.org/lkml/cover.1780456704.git.reinette.chatre@xxxxxxxxx/
v3: https://lore.kernel.org/lkml/cover.1779476724.git.reinette.chatre@xxxxxxxxx/
v2: https://lore.kernel.org/lkml/20260515193944.15114-1-tony.luck@xxxxxxxxx/
v1: https://lore.kernel.org/all/20260508182143.14592-1-tony.luck@xxxxxxxxx/

While reviewing the AET series [1] Sashiko reported a deadlock during mount,
and a use-after-free when an L3 domain is removed during CPU offline. More issues
were uncovered as fixes were developed and reviewed. While the goal is to
fix all issues the races surrounding pseudo-locked regions are not yet
solved and have been removed from this series (last appearance was in V3 of
this series).

Applies against tip/master to ensure it considers pending x86/cache changes
as well as the lockdep_is_cpus_held() stubs available in smp/core.

Changes since V4:
- Add new fix to prevent out-of-bouds read when SNC is enabled and domain
  with busy RMID goes offline.
- Add substitute for "is domain going offline" check to workers to avoid
  reading any event counters on soon-to-be-offline domain since its
  cpu_mask is empty and reading an event counter on an SNC enabled system
  depends on knowing a CPU associated with the domain.

Changes since V3:
- Drop majority of pseudo-locking fixes, only keep the double free/double
  list add fix.
- Add patch to help document safe RCU list traversal.
- See individual patches for detailed changes.

[1] https://sashiko.dev/#/patchset/20260429184858.36423-1-tony.luck%40intel.com

Reinette Chatre (8):
  x86,fs/resctrl: Prevent out-of-bounds access while offlining CPU when
    SNC enabled
  x86,fs/resctrl: Document safe RCU list traversal
  fs/resctrl: Fix deadlock on errors during mount
  fs/resctrl: Prevent use-after-free in rdtgroup_kn_put()
  fs/resctrl: Fix double-add of pseudo-locked region's RMID to free list
  fs/resctrl: Prevent deadlock and use-after-free in info file handlers
  x86/resctrl: Ensure domain fully initialized before placed on RCU list
  fs/resctrl: Fix UAF from worker threads when domains are removed

Tony Luck (3):
  fs/resctrl: Move functions to avoid forward references in subsequent
    fixes
  fs/resctrl: Free mon_data structures on rdt_get_tree() failure
  fs/resctrl: Fix use-after-free during unmount

 arch/x86/kernel/cpu/resctrl/core.c        |  18 +-
 arch/x86/kernel/cpu/resctrl/ctrlmondata.c |   4 +-
 arch/x86/kernel/cpu/resctrl/intel_aet.c   |   5 +-
 arch/x86/kernel/cpu/resctrl/monitor.c     |   7 +-
 arch/x86/kernel/cpu/resctrl/rdtgroup.c    |   4 +-
 fs/resctrl/ctrlmondata.c                  |  50 +-
 fs/resctrl/internal.h                     |   3 +-
 fs/resctrl/monitor.c                      | 170 +++--
 fs/resctrl/pseudo_lock.c                  |   2 +-
 fs/resctrl/rdtgroup.c                     | 859 ++++++++++++++--------
 10 files changed, 698 insertions(+), 424 deletions(-)

-- 
2.50.1