lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 20 Dec 2022 17:07:17 +0100
From:   Peter Newman <peternewman@...gle.com>
To:     reinette.chatre@...el.com, fenghua.yu@...el.com
Cc:     bp@...en8.de, derkling@...gle.com, eranian@...gle.com,
        hpa@...or.com, james.morse@....com, jannh@...gle.com,
        kpsingh@...gle.com, linux-kernel@...r.kernel.org, mingo@...hat.com,
        tglx@...utronix.de, x86@...nel.org, stable@...r.kernel.org
Subject: Re: [PATCH v6] x86/resctrl: Fix task CLOSID/RMID update race

On Fri, Dec 16, 2022 at 2:31 PM Peter Newman <peternewman@...gle.com> wrote:
> In a memory bandwidth-metered compute host, malicious jobs could exploit
> this race to remain in a previous CLOSID or RMID in order to dodge a
> class-of-service downgrade imposed by an admin or to steal bandwidth.

After discussing with Reinette some more[1], I think the payoff of
exploiting this is too little for this to concern me, so I'll remove
the paragraph above.

[1] https://lore.kernel.org/lkml/CALPaoCi8hcFzNN9O9fS9Etri_KMdU32UU1tJsfeO1OxR-i1j7g@mail.gmail.com/

Consequently I don't think this fix is critical enough to be needed on
stable, so I'll drop the CC: stable from the update.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ