Re: [PATCH] x86: mce: fix kernel panic when check_interval is changed

From: Borislav Petkov
Date: Wed Feb 28 2018 - 04:33:10 EST

Next message: Katsuhiro Suzuki: "[PATCH] arm64: dts: uniphier: add fixed regulators for audio codec"
Previous message: Chao Yu: "Re: [PATCH 1/5 v2] f2fs: add mount option for segment allocation policy"
In reply to: Seunghun Han: "Re: [PATCH] x86: mce: fix kernel panic when check_interval is changed"
Next in thread: Seunghun Han: "Re: [PATCH] x86: mce: fix kernel panic when check_interval is changed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Feb 26, 2018 at 05:05:04AM +0900, Seunghun Han wrote:
> >> It is a critical security problem because the attacker can make kernel panic
> >> by writing a value to the check_interval file in userspace, and it can be
> >> used for Denial-of-Service (DoS) attack.
> >
> > As only root can write to that file, it's not that critical of an issue,
> > but yes, this is a problem. Nice find and fix.

This is still the wrong fix. You need to:

1. check the old value of check_interval in store_int_with_restart() and
exit early if it is the same.

2. have mce_restart() grab a newly defined mutex, say, mce_sysfs_mutex
or so, which synchronizes all CPUs so that their timers get deleted and
reinitialized in the proper order.

Thx.

--
Regards/Gruss,
Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.

Next message: Katsuhiro Suzuki: "[PATCH] arm64: dts: uniphier: add fixed regulators for audio codec"
Previous message: Chao Yu: "Re: [PATCH 1/5 v2] f2fs: add mount option for segment allocation policy"
In reply to: Seunghun Han: "Re: [PATCH] x86: mce: fix kernel panic when check_interval is changed"
Next in thread: Seunghun Han: "Re: [PATCH] x86: mce: fix kernel panic when check_interval is changed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]