Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp548256pxu;
        Sun, 22 Nov 2020 19:06:31 -0800 (PST)
X-Google-Smtp-Source: ABdhPJy5iJ5um+gi0sqNlh94xfleG6qnrjAfnDVur01UHCwgWLoyuusIAGcu6UpOevV8jEB94LPN
X-Received: by 2002:a17:906:c821:: with SMTP id dd1mr11067790ejb.216.1606100791054;
        Sun, 22 Nov 2020 19:06:31 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1606100791; cv=none;
        d=google.com; s=arc-20160816;
        b=K93WKar0ynFJpiktpyLq+b321rL5w328Kv/oG496m8H1nt6IJzuTQcC6BItZKgTGbb
         pYoMdpDB+2Q/nSVsJ72bVGwaHtovAjjyBZAu4G7Yoi74NHIuLrxCr4UZdzypHAKz5dWy
         AH6bG3CPy1wD3lJxXu+Z7Qsp9xGjVFDKVeaQcbehLBDHgcJ6p/pXwmYdTfJPC2GlEVik
         eBZmiLm+qvZvdGcHXbf+D4dabEfDn/TMgo0AkPR1d9T3L/4hv3CPEO/X7rmszk/aif6e
         ncPTaogKI5ShBLobCHOtdQyXHOBE4qISQne5+grUkxktaIB6X8D8vlg7DpBxrGl0GwN2
         TYZA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=CDwov2c2l8zybzu+7K2eVVqEvZBHRal4d76qlCcD5j0=;
        b=YHj+DmG3JDKHf8qqnPllQIsPdh5rBR+HemPsXZMjUb2bCO0CM8Yt5np902wPQhP5Xd
         KDGF/4OPE3tMsSpAy2X6rq+tOmpCHgIYQuLh/RpQS+cvPLbN5+vEa2l3214Xl97RXvTE
         PjvJVTyaNA7J7eDDaQZOBgj4i1KI2l8WnWFceQ/MHTra73gh1q2BniY0JeN0WsUkdpjA
         qwT2UgU3saYLMQEZltwXsnDM3GE9ewinwf32GD4Kmc+ekhc2Jca3jjIWefoAi+nHNQRD
         Foo0uHNFfOSTVeLKwTDUzvk5lPYiv3gxBBEnUeHjNeqkU0U6upcXd14p+QmUJxfC09Id
         zpUg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id zn8si6366740ejb.16.2020.11.22.19.06.06;
        Sun, 22 Nov 2020 19:06:31 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726993AbgKWCY6 (ORCPT <rfc822;thunderbird.krnldev@gmail.com>
        + 99 others); Sun, 22 Nov 2020 21:24:58 -0500
Received: from foss.arm.com ([217.140.110.172]:51736 "EHLO foss.arm.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726885AbgKWCY6 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 22 Nov 2020 21:24:58 -0500
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
        by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 43FD9106F;
        Sun, 22 Nov 2020 18:24:57 -0800 (PST)
Received: from e113632-lin.cambridge.arm.com (e113632-lin.cambridge.arm.com [10.1.194.46])
        by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id E99AA3F70D;
        Sun, 22 Nov 2020 18:24:55 -0800 (PST)
From:   Valentin Schneider <valentin.schneider@arm.com>
To:     linux-kernel@vger.kernel.org, x86@kernel.org
Cc:     James Morse <James.Morse@arm.com>,
        Fenghua Yu <fenghua.yu@intel.com>,
        Reinette Chatre <reinette.chatre@intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        "H. Peter Anvin" <hpa@zytor.com>
Subject: [PATCH v2 2/3] x86/intel_rdt: Plug task_work vs task_struct {rmid,closid} update race
Date:   Mon, 23 Nov 2020 02:24:32 +0000
Message-Id: <20201123022433.17905-3-valentin.schneider@arm.com>
X-Mailer: git-send-email 2.27.0
In-Reply-To: <20201123022433.17905-1-valentin.schneider@arm.com>
References: <20201123022433.17905-1-valentin.schneider@arm.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Upon moving a task to a new control / monitor group, said task's
{closid, rmid} fields are updated *after* triggering the move_myself()
task_work callback. If the triggering thread gets preempted, or if the
targeted task was already on its way to return to userspace, then
move_myself() might be executed before the relevant task's {closid, rmid}
fields have been updated.

Update the task_struct's {closid, rmid} tuple *before* invoking
task_work_add(). Highlight the required ordering with a pair of comments.

Fixes: e02737d5b826 ("x86/intel_rdt: Add tasks files")
Reviewed-by: James Morse <James.Morse@arm.com>
Signed-off-by: Valentin Schneider <valentin.schneider@arm.com>
---
 arch/x86/kernel/cpu/resctrl/rdtgroup.c | 34 ++++++++++++++++----------
 1 file changed, 21 insertions(+), 13 deletions(-)

diff --git a/arch/x86/kernel/cpu/resctrl/rdtgroup.c b/arch/x86/kernel/cpu/resctrl/rdtgroup.c
index b6b5b95df833..f62d81104fd0 100644
--- a/arch/x86/kernel/cpu/resctrl/rdtgroup.c
+++ b/arch/x86/kernel/cpu/resctrl/rdtgroup.c
@@ -524,6 +524,8 @@ static void move_myself(struct callback_head *head)
 	 * If resource group was deleted before this task work callback
 	 * was invoked, then assign the task to root group and free the
 	 * resource group.
+	 *
+	 * See pairing atomic_inc() in __rdtgroup_move_task()
 	 */
 	if (atomic_dec_and_test(&rdtgrp->waitcount) &&
 	    (rdtgrp->flags & RDT_DELETED)) {
@@ -553,14 +555,32 @@ static int __rdtgroup_move_task(struct task_struct *tsk,
 	callback = kzalloc(sizeof(*callback), GFP_KERNEL);
 	if (!callback)
 		return -ENOMEM;
-	callback->work.func = move_myself;
+
+	init_task_work(&callback->work, move_myself);
 	callback->rdtgrp = rdtgrp;
 
+	/*
+	 * For ctrl_mon groups move both closid and rmid.
+	 * For monitor groups, can move the tasks only from
+	 * their parent CTRL group.
+	 */
+	if (rdtgrp->type == RDTCTRL_GROUP)
+		tsk->closid = rdtgrp->closid;
+	tsk->rmid = rdtgrp->mon.rmid;
+
 	/*
 	 * Take a refcount, so rdtgrp cannot be freed before the
 	 * callback has been invoked.
+	 *
+	 * Also ensures above {closid, rmid} writes are observed by
+	 * move_myself(), as it can run immediately after task_work_add().
+	 * Otherwise old values may be loaded, and the move will only actually
+	 * happen at the next context switch.
+	 *
+	 * Pairs with atomic_dec() in move_myself().
 	 */
 	atomic_inc(&rdtgrp->waitcount);
+
 	ret = task_work_add(tsk, &callback->work, TWA_RESUME);
 	if (ret) {
 		/*
@@ -571,18 +591,6 @@ static int __rdtgroup_move_task(struct task_struct *tsk,
 		atomic_dec(&rdtgrp->waitcount);
 		kfree(callback);
 		rdt_last_cmd_puts("Task exited\n");
-	} else {
-		/*
-		 * For ctrl_mon groups move both closid and rmid.
-		 * For monitor groups, can move the tasks only from
-		 * their parent CTRL group.
-		 */
-		if (rdtgrp->type == RDTCTRL_GROUP) {
-			tsk->closid = rdtgrp->closid;
-			tsk->rmid = rdtgrp->mon.rmid;
-		} else if (rdtgrp->type == RDTMON_GROUP) {
-			tsk->rmid = rdtgrp->mon.rmid;
-		}
 	}
 	return ret;
 }
-- 
2.27.0