Re: [PATCH v5 32/40] x86/resctrl: resctrl_exit() teardown resctrl but leave the mount point

[James Morse]

Hi Reinette,

On 24/10/2024 00:50, Reinette Chatre wrote:
> On 10/4/24 11:03 AM, James Morse wrote:
>> resctrl_exit() was intended for use when the 'resctrl' module was unloaded.
>> resctrl can't be built as a module, and the kernfs helpers are not exported
>> so this is unlikely to change. MPAM has an error interrupt which indicates
>> the MPAM driver has gone haywire. Should this occur tasks could run with
>> the wrong control values, leading to bad performance for important tasks.
>> The MPAM driver needs a way to tell resctrl that no further configuration
>> should be attempted.
>>
>> Using resctrl_exit() for this leaves the system in a funny state as
>> resctrl is still mounted, but cannot be un-mounted because the sysfs
>> directory that is typically used has been removed. Dave Martin suggests
>> this may cause systemd trouble in the future as not all filesystems
>> can be unmounted.
>>
>> Add calls to remove all the files and directories in resctrl, and
>> remove the sysfs_remove_mount_point() call that leaves the system
>> in a funny state. When triggered, this causes all the resctrl files
>> to disappear. resctrl can be unmounted, but not mounted again.

>> diff --git a/arch/x86/kernel/cpu/resctrl/rdtgroup.c b/arch/x86/kernel/cpu/resctrl/rdtgroup.c
>> index f77fab859c35..bb5aadaf99b6 100644
>> --- a/arch/x86/kernel/cpu/resctrl/rdtgroup.c
>> +++ b/arch/x86/kernel/cpu/resctrl/rdtgroup.c
>> @@ -4319,9 +4319,9 @@ int __init resctrl_init(void)
>>  
>>  void __exit resctrl_exit(void)
>>  {
>> +	rdtgroup_destroy_root();
> 
> If I understand correctly, rdtgroup_destroy_root() can now be called
> twice, first during the error interrupt and then on unmount. Would the
> second call be safe?

Hmmm, I thought the mount point would be holding a reference, but this is undoing the work
done at mount time, not init time. Yes, its not safe.

As there is no caller of resctrl_exit() until the MPAM driver, I had another piece left
until later - which covers what happens if the error triggers when resctrl is not mounted:

https://git.kernel.org/pub/scm/linux/kernel/git/morse/linux.git/commit/?h=mpam/snapshot/v6.12-rc1&id=44bb27404b4ce6744fdd4058d1fc07ed2f8d1a9f

(which also covers serialising this against umount if the caller is really unlucky)


> I am not familiar with this code but  I
> see kernfs_destroy_root() and __kernfs_remove() dereferencing pointers
> without checks. I wonder if this needs to be made safer with a:


> 	rdtgroup_destroy_root()
> 	{
> 		if (rdtgroup_default.kn) {
> 			kernfs_destroy_root();
> 			rdtgroup_default.kn = NULL;
> 		}
> 	}

My version checked rdt_root - but nothing actually nobbles that. Your version is a lot
better. Thanks!

If there was a helper to reverse kernfs_root_to_node(), it'd be possible to remove
rdt_root completely - but its contents are private to kernfs.



>>  	debugfs_remove_recursive(debugfs_resctrl);
>>  	unregister_filesystem(&rdt_fs_type);
>> -	sysfs_remove_mount_point(fs_kobj, "resctrl");


> This breaks symmetry with resctrl_init(). The changelog describes the
> motivation clearly but once this line is removed it will be difficult to
> get back to this motivation. Could this function get a comment to explain
> why the mount point is not removed? This will be helpful to anybody following
> this work that may attempt to "fix" the asymmetry by cleaning up the
> mount point created during init.

Sure. I've added some kdoc to explain where/when this is called, and what it does at a
high level:
| /**
|  * resctrl_exit() - Remove the resctrl filesystem and free resources.
|  *
|  * Called by the architecture code in response to a fatal error.
|  * Resctrl files and structures are removed from kernfs to prevent further
|  * configuration.
|  */

Then specifically:
|	/*
| 	 * The sysfs mount point added by resctrl_init() is not removed so that
|	 * it can be used to umount resctrl.
|	 */


Thanks,

James