Received: by 2002:a05:6358:f14:b0:e5:3b68:ec04 with SMTP id b20csp2316963rwj; Mon, 19 Dec 2022 02:55:41 -0800 (PST) X-Google-Smtp-Source: AA0mqf5Wb/CVoqBPqMn+bU3SQooEWBtwY81D0sXVqwF55iJTEUDGOC83o2SNCSZg5slgUldQ7u/y X-Received: by 2002:a17:902:d650:b0:189:f86:f00 with SMTP id y16-20020a170902d65000b001890f860f00mr38403792plh.16.1671447341629; Mon, 19 Dec 2022 02:55:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671447341; cv=none; d=google.com; s=arc-20160816; b=fExsiYj8ZHbj2dzfbWqVPGG54tC/pHvmhb4+6KzBvNkm0SJWOsg3v7dW1PVB2EbEis PBHAr/PB0nk9PP32IYEs0GhiSgaUaaVMmAFbDkuQfHhOYRLXk3Zyl+gprcfVOeT8khBH G3qMDUDD9zJ010LOtvDjqZEXWcupaQOFbWNeI5Ne40r2Gtm7CyPQ2HhINNHBMozVKYz+ trnHTXio79ItpgEfjQiamk8Je4KU+DTo+83fjBKComK2naon8okYQfATooHpCQb5wi7h RWT0yFCcC6nH2LQs1+XVMmcir65gYQYF5eLCNY6Zdm+WwfM8ezSS65p8oJn3tmPbGA/c +ozw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=peFPU5G0uhvsdpy5rruoB5GWWtp6Vqfz5v7gtK/4+EQ=; b=BODWIJBYl19Dlo7HnQGPIkhPsKaRNz02I5g7X+h+MaPLH5qQ6zrsjK3L0opFWBGfrg xWLwUFzQz5q3rOTAsx6hP17KyC9mX9wcVL0jIWZ8JgK5Gq+Enjh3HzEnaB/1Cr7DUJE8 ek+aNsTjJVmUuOg3sTNJbZ1ZEEsCa7rXfTmiVHlpV+y7cuq81kQwPvNii99mp9T5C3JF jb0C+z4hUrlGZDZO2l0KIdeFXxRv7FZ4FDGBOgIQBVUJcj8ofoVqqULgDiYREB0Vzzij J9GQVTGnDilYjyvMR+o69jVLFRVVpdeTK/NVfbDdRHWJ7ieZqg9S092VOEXR73ySki2i H66w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=EwQmoxNJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r18-20020a170903015200b00189005c48aesi9665259plc.108.2022.12.19.02.55.31; Mon, 19 Dec 2022 02:55:41 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=EwQmoxNJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231749AbiLSKWS (ORCPT + 70 others); Mon, 19 Dec 2022 05:22:18 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40172 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231737AbiLSKWO (ORCPT ); Mon, 19 Dec 2022 05:22:14 -0500 Received: from mail-qk1-x72d.google.com (mail-qk1-x72d.google.com [IPv6:2607:f8b0:4864:20::72d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B5E511099 for ; Mon, 19 Dec 2022 02:22:13 -0800 (PST) Received: by mail-qk1-x72d.google.com with SMTP id k2so3524831qkk.7 for ; Mon, 19 Dec 2022 02:22:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=peFPU5G0uhvsdpy5rruoB5GWWtp6Vqfz5v7gtK/4+EQ=; b=EwQmoxNJ/b6/Qv1FyRK/bpo+IqkR5cX1I6Ty+VvsWRpFEP+0hApS0/W5wwl8cZ/Rnu eCbWqYD3jsKN5drRfFpaYEcttPA2ltT/bdi4jYuBpo69dcYS5isJQqCgcEJq3hZ+Mg55 xbWT9kM3Xv/UWZqnr22beqysrQaYTLb+IOoAXsndfdacNxlvivTd7PDrpMP2f4PbZmAR VxPJJ1tSsTRx/Szwcw8efdXXk0xkIF6mkElQBzSrn5751sqilHAt96Mdl0CNyAC+S6l6 tPkOaQMsxrv6Df4o3YN5KsBXWvaa/705vYa3EFlXru82n8EsZk5jnuqSERFtpQahiy3i 2iaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=peFPU5G0uhvsdpy5rruoB5GWWtp6Vqfz5v7gtK/4+EQ=; b=F+7RIVw0Ov5+ttHsAb/va3st/hopDf9K+2856QoBA0qQcLfXiEszNo8DDb4qKe0Rtg e6C6RD7mKgKDbn1HBZFKT3kj8PeTbfzyLB+N96g4k8sgwLhY6LM5ZqvNrCfdPJcyH7l2 1USqCzV/PraObasEI/ioQv8EYBjmbg35Pg70H0jUNaYaObjmxQBt7LpxVW6y/bMJ/f1v 9pKPCbDpwZIzQot1yLAlFVdCFWnmXBu0gHClQE9aT6ZymeoeGUxBbkTt7bJ+/ZQ+kiJF hVTYGw4GJbFfirsQ2hMgK+fpB9xWgGMSKl3mp8654wfnXAtCIuCqE9p1H0bPpeFO/Nl6 Vv3A== X-Gm-Message-State: ANoB5pnoVbcr3TxL07S9Vr2iy+/iQx6NOnRvOdIsiF7S2ywySlmh47rC +H27RryMJ82uYuY5C9vZRVxIBAR+nYGmCXX7C9x26A== X-Received: by 2002:a37:9546:0:b0:6fb:dbdb:94af with SMTP id x67-20020a379546000000b006fbdbdb94afmr80547190qkd.499.1671445332745; Mon, 19 Dec 2022 02:22:12 -0800 (PST) MIME-Version: 1.0 References: <20221214114447.1935755-1-peternewman@google.com> <20221214114447.1935755-2-peternewman@google.com> <87a9df72-f15a-0cf6-566c-dd7522d40c4e@intel.com> In-Reply-To: <87a9df72-f15a-0cf6-566c-dd7522d40c4e@intel.com> From: Peter Newman Date: Mon, 19 Dec 2022 11:22:01 +0100 Message-ID: Subject: Re: [PATCH v5 1/1] x86/resctrl: Fix task CLOSID/RMID update race To: Reinette Chatre Cc: fenghua.yu@intel.com, bp@alien8.de, derkling@google.com, eranian@google.com, hpa@zytor.com, james.morse@arm.com, jannh@google.com, kpsingh@google.com, linux-kernel@vger.kernel.org, mingo@redhat.com, tglx@linutronix.de, x86@kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Reinette, On Fri, Dec 16, 2022 at 8:36 PM Reinette Chatre wrote: > On 12/16/2022 2:26 AM, Peter Newman wrote: > > However I can make a case that it's exploitable: > > > > "In a memory bandwidth-metered compute host, malicious jobs could > > exploit this race to remain in a previous CLOSID or RMID in order to > > dodge a class-of-service downgrade imposed by an admin or steal > > bandwidth." > > > > I am not comfortable with such high level speculation. For this > exploit to work the malicious jobs needs to control scheduler decisions > as well as time the exploit with the admin's decision to move the target task. I imagined if the malicious job maintained a large pool of threads in short sleep-loops, after it sees a drop in bandwidth, it can cue the threads to measure their memory bandwidth to see if any got past the CLOSID change. I don't know whether having fast, unmetered bandwidth until the next context switch is enough of a payoff to bother with this, though. Our workloads have too many context switches for this to be worth very much, so I'm fine with letting others decide how important this fix is to them. -Peter