Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3319112imu; Sun, 11 Nov 2018 12:16:14 -0800 (PST) X-Google-Smtp-Source: AJdET5c+zJI6ExoGumTrBP1KvoHsUF2ldWEL9IQqoAKcn3WBEsEUXhIE+mWPk8jF1+0Z55QOOcCc X-Received: by 2002:a17:902:4623:: with SMTP id o32-v6mr17183730pld.187.1541967374178; Sun, 11 Nov 2018 12:16:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541967374; cv=none; d=google.com; s=arc-20160816; b=zFPXPAB42OpK0NcILrVD01W8k5kEhK1/eKP8WKn6nKod8Nrj93MBOlgm4TybCIWoJd HZFiqj91AraD6bI0ZcyCHNb5gJkDAZ5sR66NihwbyEr6nHlyKuWL6gl2Vbqfi8CNGoxz mr7k0h6IP8eSQNE1EkrMF+bc+K+t0NtBCiLYEibxHZ2D8OG1rrJ7/siU4KqWQRuLc2H9 0sIlSa5SFbvQIoUrRhs5rXKvvfnLz6Tzq3FIq+b0MZmdQ6taWfWT18plbyYBiF4ClfE0 fDjb21UEZHzLtHvqtD631tq3xjQDAstRS+odBwu5ozosd20pKz5hXnyVcyzEI8iUSvHH LtVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:subject:message-id:date:cc:to :from:mime-version:content-transfer-encoding:content-disposition; bh=G1ufn8/+DwKksrJCvzDsOM0qEuY7Wh+rv6KIYi8RhWg=; b=AUvjkY7mlKyiMb0QhmNVpJWsj8tw/ZqLckZeZWmt5qwBcZwopzbt6rQgda7mYlNQBS lDNAturfI1dn8Ftw+vOCgkM9WczsvMiexYbzccH/uSvy1dOVhgbBhOBhWR4pxESU4+Lf QpDHAghDLZcpnclIdzgvAG0BVMYEPKdWVdX88b6nGVSAqS7Fbs46pHPAaOgb/k9Ehegb QeUBijA/hKq/TJVCDZz5x085wcQjnDdjh+S8FtYzFmlFBdnv7tJyeoo2LhTXqvrYLWHv P5YzZJMENMw183NndlfmdiZQjhJeDJPHOlVMYIU9OICi8FeuvF6ezj7pE/xcMAnaySlo AINQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q13si14434439pgj.86.2018.11.11.12.15.59; Sun, 11 Nov 2018 12:16:14 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731784AbeKLGFH (ORCPT + 99 others); Mon, 12 Nov 2018 01:05:07 -0500 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:53032 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731085AbeKLGFH (ORCPT ); Mon, 12 Nov 2018 01:05:07 -0500 Received: from [192.168.4.242] (helo=deadeye) by shadbolt.decadent.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1gLvsy-0000oG-W4; Sun, 11 Nov 2018 19:59:09 +0000 Received: from ben by deadeye with local (Exim 4.91) (envelope-from ) id 1gLvsT-0001cG-Kd; Sun, 11 Nov 2018 19:58:37 +0000 Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit MIME-Version: 1.0 From: Ben Hutchings To: linux-kernel@vger.kernel.org, stable@vger.kernel.org CC: akpm@linux-foundation.org, "Thomas Gleixner" , "Borislav Petkov" , "Tony Luck" Date: Sun, 11 Nov 2018 19:49:05 +0000 Message-ID: X-Mailer: LinuxStableQueue (scripts by bwh) Subject: [PATCH 3.16 182/366] x86/mce: Do not overwrite MCi_STATUS in mce_no_way_out() In-Reply-To: X-SA-Exim-Connect-IP: 192.168.4.242 X-SA-Exim-Mail-From: ben@decadent.org.uk X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.16.61-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Borislav Petkov commit 1f74c8a64798e2c488f86efc97e308b85fb7d7aa upstream. mce_no_way_out() does a quick check during #MC to see whether some of the MCEs logged would require the kernel to panic immediately. And it passes a struct mce where MCi_STATUS gets written. However, after having saved a valid status value, the next iteration of the loop which goes over the MCA banks on the CPU, overwrites the valid status value because we're using struct mce as storage instead of a temporary variable. Which leads to MCE records with an empty status value: mce: [Hardware Error]: CPU 0: Machine Check Exception: 6 Bank 0: 0000000000000000 mce: [Hardware Error]: RIP 10: {trigger_mce+0x7/0x10} In order to prevent the loss of the status register value, return immediately when severity is a panic one so that we can panic immediately with the first fatal MCE logged. This is also the intention of this function and not to noodle over the banks while a fatal MCE is already logged. Tony: read the rest of the MCA bank to populate the struct mce fully. Suggested-by: Tony Luck Signed-off-by: Borislav Petkov Signed-off-by: Thomas Gleixner Link: https://lkml.kernel.org/r/20180622095428.626-8-bp@alien8.de [bwh: Backported to 3.16: adjust context] Signed-off-by: Ben Hutchings --- arch/x86/kernel/cpu/mcheck/mce.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) --- a/arch/x86/kernel/cpu/mcheck/mce.c +++ b/arch/x86/kernel/cpu/mcheck/mce.c @@ -666,23 +666,25 @@ EXPORT_SYMBOL_GPL(machine_check_poll); static int mce_no_way_out(struct mce *m, char **msg, unsigned long *validp, struct pt_regs *regs) { - int i, ret = 0; char *tmp; + int i; for (i = 0; i < mca_cfg.banks; i++) { m->status = mce_rdmsrl(MSR_IA32_MCx_STATUS(i)); - if (m->status & MCI_STATUS_VAL) { - __set_bit(i, validp); - if (quirk_no_way_out) - quirk_no_way_out(i, m, regs); - } + if (!(m->status & MCI_STATUS_VAL)) + continue; + + __set_bit(i, validp); + if (quirk_no_way_out) + quirk_no_way_out(i, m, regs); if (mce_severity(m, mca_cfg.tolerant, &tmp) >= MCE_PANIC_SEVERITY) { + mce_read_aux(m, i); *msg = tmp; - ret = 1; + return 1; } } - return ret; + return 0; } /*