Linux Kernel Resctrl Staged Config MSR Access Error Vulnerability

A vulnerability in the Linux kernel's resource control (resctrl) management can lead to an unchecked Model Specific Register (MSR) access error. This issue arises because the 'staged_config' array in the Resource Domain (rdt_domain) is not properly cleared before and after use, allowing stale values to cause errors when accessing certain MSRs. The vulnerability is present in the Linux kernel's stable releases.

Impact

The vulnerability can cause an unchecked MSR access error, which may disrupt normal operations by improperly handling hardware configuration changes related to resource management.

Reproduction

To reproduce this vulnerability, first ensure that the system has 16 usable Cache Level Ownership IDs (CLOSIDs) available for a 15-way L3 Cache. Then, mount the resctrl filesystem with the Cache Data Prefetching (CDP) option enabled. After creating resource groups p1 through p7, unmount and remount the resctrl filesystem, this time creating a resource group named p8. The creation of this group will trigger the MSR access error, as the 'staged_config' array will still hold invalid data from the previous configuration.

Remediation

The vulnerability has been addressed by modifying the resctrl resource group management process to include steps that clear the 'staged_config' array before and after it is used. Users should ensure they are running a version of the Linux kernel that includes this fix.