[PATCH 3.18 04/25] x86/MCE: Serialize sysfs changes

2018-03-16 Thread Greg Kroah-Hartman 
3.18-stable review patch.  If anyone has any objections, please let me know.

--

From: Seunghun Han 

commit b3b7c4795ccab5be71f080774c45bbbcc75c2aaf upstream.

The check_interval file in

  /sys/devices/system/machinecheck/machinecheck

directory is a global timer value for MCE polling. If it is changed by one
CPU, mce_restart() broadcasts the event to other CPUs to delete and restart
the MCE polling timer and __mcheck_cpu_init_timer() reinitializes the
mce_timer variable.

If more than one CPU writes a specific value to the check_interval file
concurrently, mce_timer is not protected from such concurrent accesses and
all kinds of explosions happen. Since only root can write to those sysfs
variables, the issue is not a big deal security-wise.

However, concurrent writes to these configuration variables is void of
reason so the proper thing to do is to serialize the access with a mutex.

Boris:

 - Make store_int_with_restart() use device_store_ulong() to filter out
   negative intervals
 - Limit min interval to 1 second
 - Correct locking
 - Massage commit message

Signed-off-by: Seunghun Han 
Signed-off-by: Borislav Petkov 
Signed-off-by: Thomas Gleixner 
Cc: Greg Kroah-Hartman 
Cc: Tony Luck 
Cc: linux-edac 
Cc: sta...@vger.kernel.org
Link: http://lkml.kernel.org/r/20180302202706.9434-1-kkama...@gmail.com
Signed-off-by: Greg Kroah-Hartman 

---
 arch/x86/kernel/cpu/mcheck/mce.c |   22 +-
 1 file changed, 21 insertions(+), 1 deletion(-)

--- a/arch/x86/kernel/cpu/mcheck/mce.c
+++ b/arch/x86/kernel/cpu/mcheck/mce.c
@@ -56,6 +56,9 @@ static DEFINE_MUTEX(mce_chrdev_read_mute
  rcu_read_lock_sched_held() || \
  lockdep_is_held(_chrdev_read_mutex))
 
+/* sysfs synchronization */
+static DEFINE_MUTEX(mce_sysfs_mutex);
+
 #define CREATE_TRACE_POINTS
 #include 
 
@@ -2183,6 +2186,7 @@ static ssize_t set_ignore_ce(struct devi
if (kstrtou64(buf, 0, ) < 0)
return -EINVAL;
 
+   mutex_lock(_sysfs_mutex);
if (mca_cfg.ignore_ce ^ !!new) {
if (new) {
/* disable ce features */
@@ -2195,6 +2199,8 @@ static ssize_t set_ignore_ce(struct devi
on_each_cpu(mce_enable_ce, (void *)1, 1);
}
}
+   mutex_unlock(_sysfs_mutex);
+
return size;
 }
 
@@ -2207,6 +2213,7 @@ static ssize_t set_cmci_disabled(struct
if (kstrtou64(buf, 0, ) < 0)
return -EINVAL;
 
+   mutex_lock(_sysfs_mutex);
if (mca_cfg.cmci_disabled ^ !!new) {
if (new) {
/* disable cmci */
@@ -2218,6 +2225,8 @@ static ssize_t set_cmci_disabled(struct
on_each_cpu(mce_enable_ce, NULL, 1);
}
}
+   mutex_unlock(_sysfs_mutex);
+
return size;
 }
 
@@ -2225,8 +2234,19 @@ static ssize_t store_int_with_restart(st
  struct device_attribute *attr,
  const char *buf, size_t size)
 {
-   ssize_t ret = device_store_int(s, attr, buf, size);
+   unsigned long old_check_interval = check_interval;
+   ssize_t ret = device_store_ulong(s, attr, buf, size);
+
+   if (check_interval == old_check_interval)
+   return ret;
+
+   if (check_interval < 1)
+   check_interval = 1;
+
+   mutex_lock(_sysfs_mutex);
mce_restart();
+   mutex_unlock(_sysfs_mutex);
+
return ret;
 }

[PATCH 3.18 04/25] x86/MCE: Serialize sysfs changes

2018-03-16 Thread Greg Kroah-Hartman 
3.18-stable review patch.  If anyone has any objections, please let me know.

--

From: Seunghun Han 

commit b3b7c4795ccab5be71f080774c45bbbcc75c2aaf upstream.

The check_interval file in

  /sys/devices/system/machinecheck/machinecheck

directory is a global timer value for MCE polling. If it is changed by one
CPU, mce_restart() broadcasts the event to other CPUs to delete and restart
the MCE polling timer and __mcheck_cpu_init_timer() reinitializes the
mce_timer variable.

If more than one CPU writes a specific value to the check_interval file
concurrently, mce_timer is not protected from such concurrent accesses and
all kinds of explosions happen. Since only root can write to those sysfs
variables, the issue is not a big deal security-wise.

However, concurrent writes to these configuration variables is void of
reason so the proper thing to do is to serialize the access with a mutex.

Boris:

 - Make store_int_with_restart() use device_store_ulong() to filter out
   negative intervals
 - Limit min interval to 1 second
 - Correct locking
 - Massage commit message

Signed-off-by: Seunghun Han 
Signed-off-by: Borislav Petkov 
Signed-off-by: Thomas Gleixner 
Cc: Greg Kroah-Hartman 
Cc: Tony Luck 
Cc: linux-edac 
Cc: sta...@vger.kernel.org
Link: http://lkml.kernel.org/r/20180302202706.9434-1-kkama...@gmail.com
Signed-off-by: Greg Kroah-Hartman 

---
 arch/x86/kernel/cpu/mcheck/mce.c |   22 +-
 1 file changed, 21 insertions(+), 1 deletion(-)

--- a/arch/x86/kernel/cpu/mcheck/mce.c
+++ b/arch/x86/kernel/cpu/mcheck/mce.c
@@ -56,6 +56,9 @@ static DEFINE_MUTEX(mce_chrdev_read_mute
  rcu_read_lock_sched_held() || \
  lockdep_is_held(_chrdev_read_mutex))
 
+/* sysfs synchronization */
+static DEFINE_MUTEX(mce_sysfs_mutex);
+
 #define CREATE_TRACE_POINTS
 #include 
 
@@ -2183,6 +2186,7 @@ static ssize_t set_ignore_ce(struct devi
if (kstrtou64(buf, 0, ) < 0)
return -EINVAL;
 
+   mutex_lock(_sysfs_mutex);
if (mca_cfg.ignore_ce ^ !!new) {
if (new) {
/* disable ce features */
@@ -2195,6 +2199,8 @@ static ssize_t set_ignore_ce(struct devi
on_each_cpu(mce_enable_ce, (void *)1, 1);
}
}
+   mutex_unlock(_sysfs_mutex);
+
return size;
 }
 
@@ -2207,6 +2213,7 @@ static ssize_t set_cmci_disabled(struct
if (kstrtou64(buf, 0, ) < 0)
return -EINVAL;
 
+   mutex_lock(_sysfs_mutex);
if (mca_cfg.cmci_disabled ^ !!new) {
if (new) {
/* disable cmci */
@@ -2218,6 +2225,8 @@ static ssize_t set_cmci_disabled(struct
on_each_cpu(mce_enable_ce, NULL, 1);
}
}
+   mutex_unlock(_sysfs_mutex);
+
return size;
 }
 
@@ -2225,8 +2234,19 @@ static ssize_t store_int_with_restart(st
  struct device_attribute *attr,
  const char *buf, size_t size)
 {
-   ssize_t ret = device_store_int(s, attr, buf, size);
+   unsigned long old_check_interval = check_interval;
+   ssize_t ret = device_store_ulong(s, attr, buf, size);
+
+   if (check_interval == old_check_interval)
+   return ret;
+
+   if (check_interval < 1)
+   check_interval = 1;
+
+   mutex_lock(_sysfs_mutex);
mce_restart();
+   mutex_unlock(_sysfs_mutex);
+
return ret;
 }