| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 6 Jul 2017 16:53:40 -0700 (PDT)
From: Shivappa Vikas <vikas.shivappa@...el.com>
To: Thomas Gleixner <tglx@...utronix.de>
cc: Vikas Shivappa <vikas.shivappa@...ux.intel.com>, x86@...nel.org,
linux-kernel@...r.kernel.org, hpa@...or.com, peterz@...radead.org,
ravi.v.shankar@...el.com, vikas.shivappa@...el.com,
tony.luck@...el.com, fenghua.yu@...el.com, andi.kleen@...el.com
Subject: Re: [PATCH 21/21] x86/intel_rdt/mbm: Handle counter overflow
On Sun, 2 Jul 2017, Thomas Gleixner wrote:
> On Mon, 26 Jun 2017, Vikas Shivappa wrote:
>> +static void mbm_update(struct rdt_domain *d, int rmid)
>> +{
>> + struct rmid_read rr;
>> +
>> + rr.first = false;
>> + rr.d = d;
>> +
>> + if (is_mbm_total_enabled()) {
>> + rr.evtid = QOS_L3_MBM_TOTAL_EVENT_ID;
>> + __mon_event_count(rmid, &rr);
>
> This is broken as it is not protected against a concurrent read from user
> space which comes in via a smp function call.
The read from user also has the rdtgroup_mutex.
Thanks,
Vikas
>
> This means both the internal state and __rmid_read() are unprotected.
>
> I'm not sure whether it's enough to disable interrupts around
> __mon_event_count(), but that's the minimal protection required. It's
> definitely good enough for __rmid_read(), but it might not be sufficient
> for protecting domain->mbm_[local|total]. I leave the exercise of figuring
> that out to you.
>
> Thanks,
>
> tglx
>
Powered by blists - more mailing lists