On Sun, 2 Jul 2017, Thomas Gleixner wrote:
On Mon, 26 Jun 2017, Vikas Shivappa wrote:
+static void mbm_update(struct rdt_domain *d, int rmid)
+{
+ struct rmid_read rr;
+
+ rr.first = false;
+ rr.d = d;
+
+ if (is_mbm_total_enabled()) {
+ rr.evtid = QOS_L3_MBM_TOTAL_EVENT_ID;
+ __mon_event_count(rmid, &rr);
This is broken as it is not protected against a concurrent read from user
space which comes in via a smp function call.
The read from user also has the rdtgroup_mutex.
Thanks,
Vikas
This means both the internal state and __rmid_read() are unprotected.
I'm not sure whether it's enough to disable interrupts around
__mon_event_count(), but that's the minimal protection required. It's
definitely good enough for __rmid_read(), but it might not be sufficient
for protecting domain->mbm_[local|total]. I leave the exercise of figuring
that out to you.
Thanks,
tglx