lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 2 Jul 2017 15:57:50 +0200 (CEST)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Vikas Shivappa <vikas.shivappa@...ux.intel.com>
cc:     x86@...nel.org, linux-kernel@...r.kernel.org, hpa@...or.com,
        peterz@...radead.org, ravi.v.shankar@...el.com,
        vikas.shivappa@...el.com, tony.luck@...el.com,
        fenghua.yu@...el.com, andi.kleen@...el.com
Subject: Re: [PATCH 21/21] x86/intel_rdt/mbm: Handle counter overflow

On Mon, 26 Jun 2017, Vikas Shivappa wrote:
> +static void mbm_update(struct rdt_domain *d, int rmid)
> +{
> +	struct rmid_read rr;
> +
> +	rr.first = false;
> +	rr.d = d;
> +
> +	if (is_mbm_total_enabled()) {
> +		rr.evtid = QOS_L3_MBM_TOTAL_EVENT_ID;
> +		__mon_event_count(rmid, &rr);

This is broken as it is not protected against a concurrent read from user
space which comes in via a smp function call.

This means both the internal state and __rmid_read() are unprotected.

I'm not sure whether it's enough to disable interrupts around
__mon_event_count(), but that's the minimal protection required. It's
definitely good enough for __rmid_read(), but it might not be sufficient
for protecting domain->mbm_[local|total]. I leave the exercise of figuring
that out to you.

Thanks,

	tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ