lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 26 Aug 2019 12:04:16 +0200
From:   Borislav Petkov <bp@...en8.de>
To:     Xiaochun Lee <lixiaochun.2888@....com>
Cc:     tony.luck@...el.com, tglx@...utronix.de, mingo@...hat.com,
        hpa@...or.com, x86@...nel.org, linux-edac@...r.kernel.org,
        linux-kernel@...r.kernel.org, Xiaochun Lee <lixc17@...ovo.com>
Subject: Re: [PATCH] x86/mce: show the status of cmci_disabled to user

On Mon, Aug 26, 2019 at 02:16:04PM +0800, Xiaochun Lee wrote:
> From: Xiaochun Lee <lixc17@...ovo.com>
> 
> When enabled Firmware First mode in UEFI, we need to
> set the cmci_disabled and ignore_ce in mca cfg
> that users can check correct status from
> "/sys/devices/system/machinecheck/machinecheckXXX/cmci_disabled"
> 
> Signed-off-by: Xiaochun Lee <lixc17@...ovo.com>
> ---
>  arch/x86/kernel/cpu/mce/core.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/arch/x86/kernel/cpu/mce/core.c b/arch/x86/kernel/cpu/mce/core.c
> index 743370e..932c701 100644
> --- a/arch/x86/kernel/cpu/mce/core.c
> +++ b/arch/x86/kernel/cpu/mce/core.c
> @@ -1909,6 +1909,8 @@ static void __mce_disable_bank(void *arg)
>  	int bank = *((int *)arg);
>  	__clear_bit(bank, this_cpu_ptr(mce_poll_banks));
>  	cmci_disable_bank(bank);
> +	mca_cfg.cmci_disabled = true;
> +	mca_cfg.ignore_ce = true;

That's the global switch which gets written here for every bank. But
you want to disable it per bank, not globally because the list of banks
arch_apei_enable_cmcff() receives might not be all banks in the system
which are in FF mode.

Then, writing
/sys/devices/system/machinecheck/machinecheckXXX/cmci_disabled from a
different CPU and for a different bank reenables cmci again so you need
to think of a better way how to address the per-bank thing and then to
make it non-modifiable in FF mode so that it cannot be reenabled from
sysfs again.

Thx.

-- 
Regards/Gruss,
    Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ