lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 1 Feb 2019 10:55:53 +0100
From:   Borislav Petkov <bp@...en8.de>
To:     Tony Luck <tony.luck@...el.com>
Cc:     x86@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] x86/mce: Initialize "bank" when we find a fatal error in
 mce_no_way_out()

On Thu, Jan 31, 2019 at 04:33:41PM -0800, Tony Luck wrote:
> Internal injection testing crashed with a console log that said:
> 
> mce: [Hardware Error]: CPU 7: Machine Check Exception: f Bank 0: bd80000000100134
> 
> This caused a lot of head scratching because the MCACOD (bits 15:0) of that
> status is a signature from an L1 data cache error. But Linux says that it found
> it in "Bank 0", which on this model CPU only reports L1 instruction cache errors.
> 
> The answer was that Linux doesn't initialize "m->bank" in the case that it finds
> a fatal error in the mce_no_way_out() pre-scan of banks. If this was a local machine
> check, then we pass this partially initialized "struct mce" to mce_panic().
> 
> Fix is simple. Just initialize m->bank in the case that we found a fatal error.
> 
> Fixes: 40c36e2741d7 ("x86/mce: Fix incorrect "Machine check from unknown source" message")
> Cc: stable@...r.kernel.org # v4.18 Note pre-v5.0 arch/x86/kernel/cpu/mce/core.c was called arch/x86/kernel/cpu/mcheck/mce.c
> Signed-off-by: Tony Luck <tony.luck@...el.com>
> ---
>  arch/x86/kernel/cpu/mce/core.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/arch/x86/kernel/cpu/mce/core.c b/arch/x86/kernel/cpu/mce/core.c
> index 672c7225cb1b..6ce290c506d9 100644
> --- a/arch/x86/kernel/cpu/mce/core.c
> +++ b/arch/x86/kernel/cpu/mce/core.c
> @@ -784,6 +784,7 @@ static int mce_no_way_out(struct mce *m, char **msg, unsigned long *validp,
>  			quirk_no_way_out(i, m, regs);
>  
>  		if (mce_severity(m, mca_cfg.tolerant, &tmp, true) >= MCE_PANIC_SEVERITY) {
> +			m->bank = i;

So conceptually this write belongs in...

>  			mce_read_aux(m, i);

... this function, i.e., in mce_read_aux() because it gets the bank
number passed in already. And our calling pattern when populating struct
mce is:

	mce_gather_info()
	mce_read_aux()

so it'll be more robust if we moved it there.

Also, that argument "i" of mce_read_aux() is not very telling and it
should be "bank" but that would complicate the stable backporting so if
you feel like it, you could do a second, cleanup patch ontop to fix that
too.

Thx.

-- 
Regards/Gruss,
    Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ