Received: by 10.223.185.116 with SMTP id b49csp5968752wrg; Wed, 28 Feb 2018 01:34:07 -0800 (PST) X-Google-Smtp-Source: AG47ELuZoOQSeJEqtY/R4Bhn5VZLcZ/u9JxgIYxsdkJimyvht4zOnCpyifG+pxaoFz/S5dlb6/n1 X-Received: by 10.98.1.88 with SMTP id 85mr641154pfb.226.1519810447573; Wed, 28 Feb 2018 01:34:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519810447; cv=none; d=google.com; s=arc-20160816; b=zcbcunE7KFuANBwg858CPTVbtz48tveB1kLxITQTI2J6vCgkof354EcMqv/mEjCwxD l6yMC7yql5mLUxDRag1MMBMf7wZWteZRCWnsQMOnLwkdxPZZdkv33agH9gINw5090olY kWIVZ9tMClZLYzN0/SGcVEVui2IZz+XGU7irFhSBwL1AinRV957/gwZVEFmgMKdY4/xk EAQisS9aRiB+knGCUbtnQqvtm35fzpud6iyu8aHsn8l0UrRS4Ib2BYO520aFcEa4Z1sm WHLgKCwlty+o1X5D+rzMU5syao+2AulCoIS1PHqz72EAVJMDdoOTECSzFSnDKIYvkwEj xbOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=r8h4oS080znn/D1auPaf6J6Lt6XKhtODGUzmuelgBFQ=; b=RSf0lv3m5jBeQ0+j7O63c4sn2+MrBL53cQ3/9BWm8XksH2nKKTSTZUcmG5oBIGBCvo 3mA8ROBhZLeP9JlGyED9qcZT/S1/r0NNEIor4Yb0yfPYeonXjRUhs0POL6w7XqFPgIdl A4Tn1Z013GlapxOUGtNPid61RyEsxqioxVltWuuXVowi6nQpyY4WScX9psj/al501vL0 Qui4Cqvxlwll+Z5CG72Bui04+LxHBfkyOKN8FHvakQkDpDlrdyCEp5f43nF6NZFONmZz 9Lzw/od1comuZyYmzXNyfZ1yskOYzFgrhVmI6jGGFSLmv0XDyNNNbgpDkAufjtjtiHWE esjQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z188si790155pgb.592.2018.02.28.01.33.50; Wed, 28 Feb 2018 01:34:07 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752096AbeB1JdF (ORCPT + 99 others); Wed, 28 Feb 2018 04:33:05 -0500 Received: from mail.skyhub.de ([5.9.137.197]:34892 "EHLO mail.skyhub.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751823AbeB1JdD (ORCPT ); Wed, 28 Feb 2018 04:33:03 -0500 X-Virus-Scanned: Nedap ESD1 at mail.skyhub.de Received: from mail.skyhub.de ([127.0.0.1]) by localhost (blast.alien8.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id xJjvP3h7IX9A; Wed, 28 Feb 2018 10:33:02 +0100 (CET) Received: from pd.tnic (p200300EC2BCC7700C0F39F3CF1943F44.dip0.t-ipconnect.de [IPv6:2003:ec:2bcc:7700:c0f3:9f3c:f194:3f44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 33FD81EC020A; Wed, 28 Feb 2018 10:33:02 +0100 (CET) Date: Wed, 28 Feb 2018 10:32:39 +0100 From: Borislav Petkov To: Seunghun Han Cc: Greg Kroah-Hartman , Tony Luck , linux-edac@vger.kernel.org, Linux Kernel Mailing List Subject: Re: [PATCH] x86: mce: fix kernel panic when check_interval is changed Message-ID: <20180228093238.GA3769@pd.tnic> References: <20180223101350.8344-1-kkamagui@gmail.com> <20180223105220.GA12058@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.3 (2018-01-21) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Feb 26, 2018 at 05:05:04AM +0900, Seunghun Han wrote: > >> It is a critical security problem because the attacker can make kernel panic > >> by writing a value to the check_interval file in userspace, and it can be > >> used for Denial-of-Service (DoS) attack. > > > > As only root can write to that file, it's not that critical of an issue, > > but yes, this is a problem. Nice find and fix. This is still the wrong fix. You need to: 1. check the old value of check_interval in store_int_with_restart() and exit early if it is the same. 2. have mce_restart() grab a newly defined mutex, say, mce_sysfs_mutex or so, which synchronizes all CPUs so that their timers get deleted and reinitialized in the proper order. Thx. -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.