Hello, Borislav. 2018-02-28 18:32 GMT+09:00 Borislav Petkov <[email protected]>: > On Mon, Feb 26, 2018 at 05:05:04AM +0900, Seunghun Han wrote: >> >> It is a critical security problem because the attacker can make kernel >> >> panic >> >> by writing a value to the check_interval file in userspace, and it can be >> >> used for Denial-of-Service (DoS) attack. >> > >> > As only root can write to that file, it's not that critical of an issue, >> > but yes, this is a problem. Nice find and fix. > > This is still the wrong fix. You need to: > > 1. check the old value of check_interval in store_int_with_restart() and > exit early if it is the same. > > 2. have mce_restart() grab a newly defined mutex, say, mce_sysfs_mutex > or so, which synchronizes all CPUs so that their timers get deleted and > reinitialized in the proper order.
Thank you for your advice. I will change my patch like that and send it again. Best regard. Seunghun. > > Thx. > > -- > Regards/Gruss, > Boris. > > Good mailing practices for 400: avoid top-posting and trim the reply.
