From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Seunghun Han <kkamagui@gmail.com>,
Borislav Petkov <bp@suse.de>,
Thomas Gleixner <tglx@linutronix.de>,
Tony Luck <tony.luck@intel.com>,
linux-edac <linux-edac@vger.kernel.org>
Subject: [4.4,20/63] x86/MCE: Serialize sysfs changes
Date: Fri, 16 Mar 2018 16:22:52 +0100 [thread overview]
Message-ID: <20180316152302.324771621@linuxfoundation.org> (raw)
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Seunghun Han <kkamagui@gmail.com>
commit b3b7c4795ccab5be71f080774c45bbbcc75c2aaf upstream.
The check_interval file in
/sys/devices/system/machinecheck/machinecheck<cpu number>
directory is a global timer value for MCE polling. If it is changed by one
CPU, mce_restart() broadcasts the event to other CPUs to delete and restart
the MCE polling timer and __mcheck_cpu_init_timer() reinitializes the
mce_timer variable.
If more than one CPU writes a specific value to the check_interval file
concurrently, mce_timer is not protected from such concurrent accesses and
all kinds of explosions happen. Since only root can write to those sysfs
variables, the issue is not a big deal security-wise.
However, concurrent writes to these configuration variables is void of
reason so the proper thing to do is to serialize the access with a mutex.
Boris:
- Make store_int_with_restart() use device_store_ulong() to filter out
negative intervals
- Limit min interval to 1 second
- Correct locking
- Massage commit message
Signed-off-by: Seunghun Han <kkamagui@gmail.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Tony Luck <tony.luck@intel.com>
Cc: linux-edac <linux-edac@vger.kernel.org>
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/20180302202706.9434-1-kkamagui@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/cpu/mcheck/mce.c | 22 +++++++++++++++++++++-
1 file changed, 21 insertions(+), 1 deletion(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-edac" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
--- a/arch/x86/kernel/cpu/mcheck/mce.c
+++ b/arch/x86/kernel/cpu/mcheck/mce.c
@@ -60,6 +60,9 @@ static DEFINE_MUTEX(mce_chrdev_read_mute
smp_load_acquire(&(p)); \
})
+/* sysfs synchronization */
+static DEFINE_MUTEX(mce_sysfs_mutex);
+
#define CREATE_TRACE_POINTS
#include <trace/events/mce.h>
@@ -2220,6 +2223,7 @@ static ssize_t set_ignore_ce(struct devi
if (kstrtou64(buf, 0, &new) < 0)
return -EINVAL;
+ mutex_lock(&mce_sysfs_mutex);
if (mca_cfg.ignore_ce ^ !!new) {
if (new) {
/* disable ce features */
@@ -2232,6 +2236,8 @@ static ssize_t set_ignore_ce(struct devi
on_each_cpu(mce_enable_ce, (void *)1, 1);
}
}
+ mutex_unlock(&mce_sysfs_mutex);
+
return size;
}
@@ -2244,6 +2250,7 @@ static ssize_t set_cmci_disabled(struct
if (kstrtou64(buf, 0, &new) < 0)
return -EINVAL;
+ mutex_lock(&mce_sysfs_mutex);
if (mca_cfg.cmci_disabled ^ !!new) {
if (new) {
/* disable cmci */
@@ -2255,6 +2262,8 @@ static ssize_t set_cmci_disabled(struct
on_each_cpu(mce_enable_ce, NULL, 1);
}
}
+ mutex_unlock(&mce_sysfs_mutex);
+
return size;
}
@@ -2262,8 +2271,19 @@ static ssize_t store_int_with_restart(st
struct device_attribute *attr,
const char *buf, size_t size)
{
- ssize_t ret = device_store_int(s, attr, buf, size);
+ unsigned long old_check_interval = check_interval;
+ ssize_t ret = device_store_ulong(s, attr, buf, size);
+
+ if (check_interval == old_check_interval)
+ return ret;
+
+ if (check_interval < 1)
+ check_interval = 1;
+
+ mutex_lock(&mce_sysfs_mutex);
mce_restart();
+ mutex_unlock(&mce_sysfs_mutex);
+
return ret;
}
WARNING: multiple messages have this Message-ID (diff)
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Seunghun Han <kkamagui@gmail.com>,
Borislav Petkov <bp@suse.de>,
Thomas Gleixner <tglx@linutronix.de>,
Tony Luck <tony.luck@intel.com>,
linux-edac <linux-edac@vger.kernel.org>
Subject: [PATCH 4.4 20/63] x86/MCE: Serialize sysfs changes
Date: Fri, 16 Mar 2018 16:22:52 +0100 [thread overview]
Message-ID: <20180316152302.324771621@linuxfoundation.org> (raw)
In-Reply-To: <20180316152259.964532775@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Seunghun Han <kkamagui@gmail.com>
commit b3b7c4795ccab5be71f080774c45bbbcc75c2aaf upstream.
The check_interval file in
/sys/devices/system/machinecheck/machinecheck<cpu number>
directory is a global timer value for MCE polling. If it is changed by one
CPU, mce_restart() broadcasts the event to other CPUs to delete and restart
the MCE polling timer and __mcheck_cpu_init_timer() reinitializes the
mce_timer variable.
If more than one CPU writes a specific value to the check_interval file
concurrently, mce_timer is not protected from such concurrent accesses and
all kinds of explosions happen. Since only root can write to those sysfs
variables, the issue is not a big deal security-wise.
However, concurrent writes to these configuration variables is void of
reason so the proper thing to do is to serialize the access with a mutex.
Boris:
- Make store_int_with_restart() use device_store_ulong() to filter out
negative intervals
- Limit min interval to 1 second
- Correct locking
- Massage commit message
Signed-off-by: Seunghun Han <kkamagui@gmail.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Tony Luck <tony.luck@intel.com>
Cc: linux-edac <linux-edac@vger.kernel.org>
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/20180302202706.9434-1-kkamagui@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/cpu/mcheck/mce.c | 22 +++++++++++++++++++++-
1 file changed, 21 insertions(+), 1 deletion(-)
--- a/arch/x86/kernel/cpu/mcheck/mce.c
+++ b/arch/x86/kernel/cpu/mcheck/mce.c
@@ -60,6 +60,9 @@ static DEFINE_MUTEX(mce_chrdev_read_mute
smp_load_acquire(&(p)); \
})
+/* sysfs synchronization */
+static DEFINE_MUTEX(mce_sysfs_mutex);
+
#define CREATE_TRACE_POINTS
#include <trace/events/mce.h>
@@ -2220,6 +2223,7 @@ static ssize_t set_ignore_ce(struct devi
if (kstrtou64(buf, 0, &new) < 0)
return -EINVAL;
+ mutex_lock(&mce_sysfs_mutex);
if (mca_cfg.ignore_ce ^ !!new) {
if (new) {
/* disable ce features */
@@ -2232,6 +2236,8 @@ static ssize_t set_ignore_ce(struct devi
on_each_cpu(mce_enable_ce, (void *)1, 1);
}
}
+ mutex_unlock(&mce_sysfs_mutex);
+
return size;
}
@@ -2244,6 +2250,7 @@ static ssize_t set_cmci_disabled(struct
if (kstrtou64(buf, 0, &new) < 0)
return -EINVAL;
+ mutex_lock(&mce_sysfs_mutex);
if (mca_cfg.cmci_disabled ^ !!new) {
if (new) {
/* disable cmci */
@@ -2255,6 +2262,8 @@ static ssize_t set_cmci_disabled(struct
on_each_cpu(mce_enable_ce, NULL, 1);
}
}
+ mutex_unlock(&mce_sysfs_mutex);
+
return size;
}
@@ -2262,8 +2271,19 @@ static ssize_t store_int_with_restart(st
struct device_attribute *attr,
const char *buf, size_t size)
{
- ssize_t ret = device_store_int(s, attr, buf, size);
+ unsigned long old_check_interval = check_interval;
+ ssize_t ret = device_store_ulong(s, attr, buf, size);
+
+ if (check_interval == old_check_interval)
+ return ret;
+
+ if (check_interval < 1)
+ check_interval = 1;
+
+ mutex_lock(&mce_sysfs_mutex);
mce_restart();
+ mutex_unlock(&mce_sysfs_mutex);
+
return ret;
}
next reply other threads:[~2018-03-16 15:22 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-16 15:22 Greg Kroah-Hartman [this message]
2018-03-16 15:22 ` [PATCH 4.4 20/63] x86/MCE: Serialize sysfs changes Greg Kroah-Hartman
-- strict thread matches above, loose matches on Subject: below --
2018-03-16 15:22 [PATCH 4.4 00/63] 4.4.122-stable review Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 01/63] RDMA/ucma: Limit possible option size Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 02/63] RDMA/ucma: Check that user doesnt overflow QP state Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 03/63] RDMA/mlx5: Fix integer overflow while resizing CQ Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 04/63] scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS Greg Kroah-Hartman
2018-03-16 15:22 ` Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 05/63] workqueue: Allow retrieval of current tasks work struct Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 06/63] drm: Allow determining if current task is output poll worker Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 07/63] drm/nouveau: Fix deadlock on runtime suspend Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 08/63] drm/radeon: " Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 09/63] drm/amdgpu: " Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 10/63] drm/amdgpu: Notify sbios device ready before send request Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 11/63] drm/radeon: fix KV harvesting Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 12/63] drm/amdgpu: " Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 13/63] MIPS: BMIPS: Do not mask IPIs during suspend Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 14/63] MIPS: ath25: Check for kzalloc allocation failure Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 15/63] MIPS: OCTEON: irq: Check for null return on kzalloc allocation Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 16/63] Input: matrix_keypad - fix race when disabling interrupts Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 17/63] loop: Fix lost writes caused by missing flag Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 18/63] kbuild: Handle builtin dtb file names containing hyphens Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 19/63] bcache: dont attach backing with duplicate UUID Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 21/63] ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520 Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 22/63] ALSA: seq: Dont allow resizing pool in use Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 23/63] ALSA: seq: More protection for concurrent write and ioctl races Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 24/63] ALSA: hda: add dock and led support for HP EliteBook 820 G3 Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 25/63] ALSA: hda: add dock and led support for HP ProBook 640 G2 Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 26/63] nospec: Include <asm/barrier.h> dependency Greg Kroah-Hartman
2018-03-16 15:22 ` [PATCH 4.4 27/63] watchdog: hpwdt: SMBIOS check Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 28/63] watchdog: hpwdt: Check source of NMI Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 29/63] watchdog: hpwdt: fix unused variable warning Greg Kroah-Hartman
2018-03-16 22:55 ` Jerry Hoemann
2018-03-18 10:14 ` Greg Kroah-Hartman
2018-03-20 23:19 ` Ben Hutchings
2018-03-21 11:11 ` 王金浦
2018-03-21 18:18 ` Guenter Roeck
2018-03-22 11:08 ` 王金浦
2018-04-06 7:51 ` Greg Kroah-Hartman
2018-04-06 7:51 ` Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 30/63] netfilter: nfnetlink_queue: fix timestamp attribute Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 31/63] ARM: omap2: hide omap3_save_secure_ram on non-OMAP3 builds Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 32/63] Input: tca8418_keypad - remove double read of key event register Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 33/63] [media] tc358743: fix register i2c_rd/wr function fix Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 34/63] netfilter: add back stackpointer size checks Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 35/63] netfilter: x_tables: fix missing timer initialization in xt_LED Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 36/63] netfilter: nat: cope with negative port range Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 37/63] netfilter: IDLETIMER: be syzkaller friendly Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 38/63] netfilter: ebtables: CONFIG_COMPAT: dont trust userland offsets Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 39/63] netfilter: bridge: ebt_among: add missing match size checks Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 40/63] netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 41/63] netfilter: use skb_to_full_sk in ip_route_me_harder Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 42/63] netfilter: x_tables: pass xt_counters struct instead of packet counter Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 43/63] netfilter: x_tables: pass xt_counters struct to counter allocator Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 44/63] netfilter: x_tables: pack percpu counter allocations Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 45/63] ext4: inplace xattr block update fails to deduplicate blocks Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 46/63] ubi: Fix race condition between ubi volume creation and udev Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 47/63] scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 48/63] NFS: Fix an incorrect type in struct nfs_direct_req Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 49/63] Revert "ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux" Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 50/63] x86/module: Detect and skip invalid relocations Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 51/63] x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 52/63] serial: sh-sci: prevent lockup on full TTY buffers Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 53/63] tty/serial: atmel: add new version check for usart Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 54/63] uas: fix comparison for error code Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 55/63] staging: comedi: fix comedi_nsamples_left Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 56/63] staging: android: ashmem: Fix lockdep issue during llseek Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 57/63] USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 58/63] usb: quirks: add control message delay for 1b1c:1b20 Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 59/63] USB: usbmon: remove assignment from IS_ERR argument Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 60/63] usb: usbmon: Read text within supplied buffer size Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 61/63] usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb() Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 62/63] serial: 8250_pci: Add Brainboxes UC-260 4 port serial device Greg Kroah-Hartman
2018-03-16 15:23 ` [PATCH 4.4 63/63] fixup: sctp: verify size of a new chunk in _sctp_make_chunk() Greg Kroah-Hartman
2018-03-16 18:05 ` [PATCH 4.4 00/63] 4.4.122-stable review Nathan Chancellor
2018-03-18 10:16 ` Greg Kroah-Hartman
2018-03-28 10:00 ` Greg Kroah-Hartman
2018-03-16 23:20 ` kernelci.org bot
2018-03-17 10:11 ` Naresh Kamboju
2018-03-17 10:21 ` Naresh Kamboju
2018-03-18 10:30 ` Greg Kroah-Hartman
2018-03-17 14:40 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180316152302.324771621@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bp@suse.de \
--cc=kkamagui@gmail.com \
--cc=linux-edac@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.