[tip:x86/cache] x86/intel_rdt: Protect info directory from removal
From: tip-bot for Fenghua Yu
Date: Tue Nov 15 2016 - 12:44:24 EST
Commit-ID: f57b308728902d9ffade53466e9201e999a870e4
Gitweb: http://git.kernel.org/tip/f57b308728902d9ffade53466e9201e999a870e4
Author: Fenghua Yu <fenghua.yu@xxxxxxxxx>
AuthorDate: Fri, 11 Nov 2016 17:02:36 -0800
Committer: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
CommitDate: Tue, 15 Nov 2016 18:35:49 +0100
x86/intel_rdt: Protect info directory from removal
The info directory and the per-resource subdirectories of the info
directory have no reference to a struct rdtgroup in kn->priv. An attempt to
remove one of those directories results in a NULL pointer dereference.
Protect the directories from removal and return -EPERM instead of -ENOENT.
[ tglx: Massaged changelog ]
Signed-off-by: Fenghua Yu <fenghua.yu@xxxxxxxxx>
Cc: "Ravi V Shankar" <ravi.v.shankar@xxxxxxxxx>
Cc: "Tony Luck" <tony.luck@xxxxxxxxx>
Cc: "Sai Prakhya" <sai.praneeth.prakhya@xxxxxxxxx>
Cc: "Vikas Shivappa" <vikas.shivappa@xxxxxxxxxxxxxxx>
Cc: "Ingo Molnar" <mingo@xxxxxxx>
Cc: "H. Peter Anvin" <h.peter.anvin@xxxxxxxxx>
Link: http://lkml.kernel.org/r/1478912558-55514-1-git-send-email-fenghua.yu@xxxxxxxxx
Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
---
arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 24 ++++++++++++++++++++----
1 file changed, 20 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
index 4795880..cff286e 100644
--- a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
+++ b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
@@ -644,16 +644,29 @@ static int parse_rdtgroupfs_options(char *data)
*/
static struct rdtgroup *kernfs_to_rdtgroup(struct kernfs_node *kn)
{
- if (kernfs_type(kn) == KERNFS_DIR)
- return kn->priv;
- else
+ if (kernfs_type(kn) == KERNFS_DIR) {
+ /*
+ * All the resource directories use "kn->priv"
+ * to point to the "struct rdtgroup" for the
+ * resource. "info" and its subdirectories don't
+ * have rdtgroup structures, so return NULL here.
+ */
+ if (kn == kn_info || kn->parent == kn_info)
+ return NULL;
+ else
+ return kn->priv;
+ } else {
return kn->parent->priv;
+ }
}
struct rdtgroup *rdtgroup_kn_lock_live(struct kernfs_node *kn)
{
struct rdtgroup *rdtgrp = kernfs_to_rdtgroup(kn);
+ if (!rdtgrp)
+ return NULL;
+
atomic_inc(&rdtgrp->waitcount);
kernfs_break_active_protection(kn);
@@ -670,6 +683,9 @@ void rdtgroup_kn_unlock(struct kernfs_node *kn)
{
struct rdtgroup *rdtgrp = kernfs_to_rdtgroup(kn);
+ if (!rdtgrp)
+ return;
+
mutex_unlock(&rdtgroup_mutex);
if (atomic_dec_and_test(&rdtgrp->waitcount) &&
@@ -918,7 +934,7 @@ static int rdtgroup_rmdir(struct kernfs_node *kn)
rdtgrp = rdtgroup_kn_lock_live(kn);
if (!rdtgrp) {
rdtgroup_kn_unlock(kn);
- return -ENOENT;
+ return -EPERM;
}
/* Give any tasks back to the default group */