lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Wed, 11 Sep 2019 21:17:25 +0800
From:   Xiaochun Lee <lixiaochun.2888@....com>
To:     tony.luck@...el.com, bp@...en8.de
Cc:     tglx@...utronix.de, mingo@...hat.com, hpa@...or.com,
        x86@...nel.org, linux-edac@...r.kernel.org,
        linux-kernel@...r.kernel.org, lixiaochun.2888@....com,
        Xiaochun Lee <lixc17@...ovo.com>
Subject: [PATCH V2] x86/mce: set cmci_disabled unmodifiable in FF mode

From: Xiaochun Lee <lixc17@...ovo.com>

When enabled Firmware First mode in UEFI and
all banks are Machine Check Bank, then to make
it non-modifiable so that it can't be reenable
from sysfs again.

Signed-off-by: Xiaochun Lee <lixc17@...ovo.com>
---
 arch/x86/kernel/cpu/mce/core.c     |  4 ++--
 arch/x86/kernel/cpu/mce/intel.c    | 15 ++++++++++++++-
 arch/x86/kernel/cpu/mce/internal.h |  1 +
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kernel/cpu/mce/core.c b/arch/x86/kernel/cpu/mce/core.c
index 743370e..cee4d70 100644
--- a/arch/x86/kernel/cpu/mce/core.c
+++ b/arch/x86/kernel/cpu/mce/core.c
@@ -2164,7 +2164,7 @@ static ssize_t set_ignore_ce(struct device *s,
 			mce_timer_delete_all();
 			on_each_cpu(mce_disable_cmci, NULL, 1);
 			mca_cfg.ignore_ce = true;
-		} else {
+		} else if (!mca_cfg.allbanks_is_mcbank) {
 			/* enable ce features */
 			mca_cfg.ignore_ce = false;
 			on_each_cpu(mce_enable_ce, (void *)1, 1);
@@ -2190,7 +2190,7 @@ static ssize_t set_cmci_disabled(struct device *s,
 			/* disable cmci */
 			on_each_cpu(mce_disable_cmci, NULL, 1);
 			mca_cfg.cmci_disabled = true;
-		} else {
+		} else if (!mca_cfg.allbanks_is_mcbank) {
 			/* enable cmci */
 			mca_cfg.cmci_disabled = false;
 			on_each_cpu(mce_enable_ce, NULL, 1);
diff --git a/arch/x86/kernel/cpu/mce/intel.c b/arch/x86/kernel/cpu/mce/intel.c
index e43eb67..e15b573 100644
--- a/arch/x86/kernel/cpu/mce/intel.c
+++ b/arch/x86/kernel/cpu/mce/intel.c
@@ -267,6 +267,7 @@ static void cmci_discover(int banks)
 	unsigned long flags;
 	int i;
 	int bios_wrong_thresh = 0;
+	unsigned int mce_bank_count = 0;
 
 	raw_spin_lock_irqsave(&cmci_discover_lock, flags);
 	for (i = 0; i < banks; i++) {
@@ -277,8 +278,10 @@ static void cmci_discover(int banks)
 			continue;
 
 		/* Skip banks in firmware first mode */
-		if (test_bit(i, mce_banks_ce_disabled))
+		if (test_bit(i, mce_banks_ce_disabled)) {
+			mce_bank_count++;
 			continue;
+		}
 
 		rdmsrl(MSR_IA32_MCx_CTL2(i), val);
 
@@ -330,6 +333,16 @@ static void cmci_discover(int banks)
 		pr_info_once(
 			"bios_cmci_threshold: Make sure your BIOS supports this boot option\n");
 	}
+	/*
+	 * After the loop exit, if the mce_bank_count
+	 * equal to the banks, it illustrate all the
+	 * banks are belong to the list of Machine
+	 * Check Bank, so here set sysfs interface
+	 * no-modifiable in FF mode.
+	 */
+	if (banks == mce_bank_count)
+		mca_cfg.allbanks_is_mcbank = true;
+
 }
 
 /*
diff --git a/arch/x86/kernel/cpu/mce/internal.h b/arch/x86/kernel/cpu/mce/internal.h
index 43031db..7949c01 100644
--- a/arch/x86/kernel/cpu/mce/internal.h
+++ b/arch/x86/kernel/cpu/mce/internal.h
@@ -110,6 +110,7 @@ struct mca_config {
 	bool dont_log_ce;
 	bool cmci_disabled;
 	bool ignore_ce;
+	bool allbanks_is_mcbank;
 
 	__u64 lmce_disabled		: 1,
 	      disabled			: 1,
-- 
1.8.3.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ