From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751999AbeEQSbT (ORCPT ); Thu, 17 May 2018 14:31:19 -0400 Received: from mx2.suse.de ([195.135.220.15]:35239 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751047AbeEQSbR (ORCPT ); Thu, 17 May 2018 14:31:17 -0400 Date: Thu, 17 May 2018 20:30:58 +0200 From: Borislav Petkov To: "Ghannam, Yazen" Cc: Johannes Hirte , "linux-edac@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "tony.luck@intel.com" , "x86@kernel.org" Subject: [PATCH 1/2] x86/MCE/AMD: Cache SMCA MISC block addresses Message-ID: <20180517183058.GA24312@pd.tnic> References: <20180414004230.GA2033@probook> <20180416115624.GA1543@probook> <20180515093953.GA1746@probook> <20180516224641.GA31929@pd.tnic> <20180517064930.GA26421@probook> <20180517104124.GA25595@pd.tnic> <20180517134415.GC27738@pd.tnic> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.9.3 (2018-01-21) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Borislav Petkov ... into a global, two-dimensional array and service subsequent reads from that cache to avoid rdmsr_on_cpu() calls during CPU hotplug (IPIs with IRQs disabled). In addition, this fixes a KASAN slab-out-of-bounds read due to wrong usage of the bank->blocks pointer. Reported-by: Johannes Hirte Signed-off-by: Borislav Petkov Cc: Yazen Ghannam Fixes: 27bd59502702 ("x86/mce/AMD: Get address from already initialized block") Link: http://lkml.kernel.org/r/20180414004230.GA2033@probook --- arch/x86/kernel/cpu/mcheck/mce_amd.c | 29 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/arch/x86/kernel/cpu/mcheck/mce_amd.c b/arch/x86/kernel/cpu/mcheck/mce_amd.c index f7666eef4a87..c8e038800591 100644 --- a/arch/x86/kernel/cpu/mcheck/mce_amd.c +++ b/arch/x86/kernel/cpu/mcheck/mce_amd.c @@ -94,6 +94,11 @@ static struct smca_bank_name smca_names[] = { [SMCA_SMU] = { "smu", "System Management Unit" }, }; +static u32 smca_bank_addrs[MAX_NR_BANKS][NR_BLOCKS] __ro_after_init = +{ + [0 ... MAX_NR_BANKS - 1] = { [0 ... NR_BLOCKS - 1] = -1 } +}; + const char *smca_get_name(enum smca_bank_types t) { if (t >= N_SMCA_BANK_TYPES) @@ -443,20 +448,26 @@ static u32 smca_get_block_address(unsigned int cpu, unsigned int bank, if (!block) return MSR_AMD64_SMCA_MCx_MISC(bank); + /* Check our cache first: */ + if (smca_bank_addrs[bank][block] != -1) + return smca_bank_addrs[bank][block]; + /* * For SMCA enabled processors, BLKPTR field of the first MISC register * (MCx_MISC0) indicates presence of additional MISC regs set (MISC1-4). */ if (rdmsr_safe_on_cpu(cpu, MSR_AMD64_SMCA_MCx_CONFIG(bank), &low, &high)) - return addr; + goto out; if (!(low & MCI_CONFIG_MCAX)) - return addr; + goto out; if (!rdmsr_safe_on_cpu(cpu, MSR_AMD64_SMCA_MCx_MISC(bank), &low, &high) && (low & MASK_BLKPTR_LO)) - return MSR_AMD64_SMCA_MCx_MISCy(bank, block - 1); + addr = MSR_AMD64_SMCA_MCx_MISCy(bank, block - 1); +out: + smca_bank_addrs[bank][block] = addr; return addr; } @@ -468,18 +479,6 @@ static u32 get_block_address(unsigned int cpu, u32 current_addr, u32 low, u32 hi if ((bank >= mca_cfg.banks) || (block >= NR_BLOCKS)) return addr; - /* Get address from already initialized block. */ - if (per_cpu(threshold_banks, cpu)) { - struct threshold_bank *bankp = per_cpu(threshold_banks, cpu)[bank]; - - if (bankp && bankp->blocks) { - struct threshold_block *blockp = &bankp->blocks[block]; - - if (blockp) - return blockp->address; - } - } - if (mce_flags.smca) return smca_get_block_address(cpu, bank, block); -- 2.17.0.391.g1f1cddd558b5 SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) -- From mboxrd@z Thu Jan 1 00:00:00 1970 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Subject: [1/2] x86/MCE/AMD: Cache SMCA MISC block addresses From: Boris Petkov Message-Id: <20180517183058.GA24312@pd.tnic> Date: Thu, 17 May 2018 20:30:58 +0200 To: "Ghannam, Yazen" Cc: Johannes Hirte , "linux-edac@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "tony.luck@intel.com" , "x86@kernel.org" List-ID: RnJvbTogQm9yaXNsYXYgUGV0a292IDxicEBzdXNlLmRlPgoKLi4uIGludG8gYSBnbG9iYWwsIHR3 by1kaW1lbnNpb25hbCBhcnJheSBhbmQgc2VydmljZSBzdWJzZXF1ZW50IHJlYWRzCmZyb20gdGhh dCBjYWNoZSB0byBhdm9pZCByZG1zcl9vbl9jcHUoKSBjYWxscyBkdXJpbmcgQ1BVIGhvdHBsdWcg KElQSXMKd2l0aCBJUlFzIGRpc2FibGVkKS4KCkluIGFkZGl0aW9uLCB0aGlzIGZpeGVzIGEgS0FT QU4gc2xhYi1vdXQtb2YtYm91bmRzIHJlYWQgZHVlIHRvIHdyb25nCnVzYWdlIG9mIHRoZSBiYW5r LT5ibG9ja3MgcG9pbnRlci4KClJlcG9ydGVkLWJ5OiBKb2hhbm5lcyBIaXJ0ZSA8am9oYW5uZXMu aGlydGVAZGF0ZW5raGFvcy5kZT4KU2lnbmVkLW9mZi1ieTogQm9yaXNsYXYgUGV0a292IDxicEBz dXNlLmRlPgpDYzogWWF6ZW4gR2hhbm5hbSA8eWF6ZW4uZ2hhbm5hbUBhbWQuY29tPgpGaXhlczog MjdiZDU5NTAyNzAyICgieDg2L21jZS9BTUQ6IEdldCBhZGRyZXNzIGZyb20gYWxyZWFkeSBpbml0 aWFsaXplZCBibG9jayIpCkxpbms6IGh0dHA6Ly9sa21sLmtlcm5lbC5vcmcvci8yMDE4MDQxNDAw NDIzMC5HQTIwMzNAcHJvYm9vawotLS0KIGFyY2gveDg2L2tlcm5lbC9jcHUvbWNoZWNrL21jZV9h bWQuYyB8IDI5ICsrKysrKysrKysrKysrLS0tLS0tLS0tLS0tLS0KIDEgZmlsZSBjaGFuZ2VkLCAx NCBpbnNlcnRpb25zKCspLCAxNSBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9hcmNoL3g4Ni9r ZXJuZWwvY3B1L21jaGVjay9tY2VfYW1kLmMgYi9hcmNoL3g4Ni9rZXJuZWwvY3B1L21jaGVjay9t Y2VfYW1kLmMKaW5kZXggZjc2NjZlZWY0YTg3Li5jOGUwMzg4MDA1OTEgMTAwNjQ0Ci0tLSBhL2Fy Y2gveDg2L2tlcm5lbC9jcHUvbWNoZWNrL21jZV9hbWQuYworKysgYi9hcmNoL3g4Ni9rZXJuZWwv Y3B1L21jaGVjay9tY2VfYW1kLmMKQEAgLTk0LDYgKzk0LDExIEBAIHN0YXRpYyBzdHJ1Y3Qgc21j YV9iYW5rX25hbWUgc21jYV9uYW1lc1tdID0gewogCVtTTUNBX1NNVV0JPSB7ICJzbXUiLAkJIlN5 c3RlbSBNYW5hZ2VtZW50IFVuaXQiIH0sCiB9OwogCitzdGF0aWMgdTMyIHNtY2FfYmFua19hZGRy c1tNQVhfTlJfQkFOS1NdW05SX0JMT0NLU10gX19yb19hZnRlcl9pbml0ID0KK3sKKwlbMCAuLi4g TUFYX05SX0JBTktTIC0gMV0gPSB7IFswIC4uLiBOUl9CTE9DS1MgLSAxXSA9IC0xIH0KK307CisK IGNvbnN0IGNoYXIgKnNtY2FfZ2V0X25hbWUoZW51bSBzbWNhX2JhbmtfdHlwZXMgdCkKIHsKIAlp ZiAodCA+PSBOX1NNQ0FfQkFOS19UWVBFUykKQEAgLTQ0MywyMCArNDQ4LDI2IEBAIHN0YXRpYyB1 MzIgc21jYV9nZXRfYmxvY2tfYWRkcmVzcyh1bnNpZ25lZCBpbnQgY3B1LCB1bnNpZ25lZCBpbnQg YmFuaywKIAlpZiAoIWJsb2NrKQogCQlyZXR1cm4gTVNSX0FNRDY0X1NNQ0FfTUN4X01JU0MoYmFu ayk7CiAKKwkvKiBDaGVjayBvdXIgY2FjaGUgZmlyc3Q6ICovCisJaWYgKHNtY2FfYmFua19hZGRy c1tiYW5rXVtibG9ja10gIT0gLTEpCisJCXJldHVybiBzbWNhX2JhbmtfYWRkcnNbYmFua11bYmxv Y2tdOworCiAJLyoKIAkgKiBGb3IgU01DQSBlbmFibGVkIHByb2Nlc3NvcnMsIEJMS1BUUiBmaWVs ZCBvZiB0aGUgZmlyc3QgTUlTQyByZWdpc3RlcgogCSAqIChNQ3hfTUlTQzApIGluZGljYXRlcyBw cmVzZW5jZSBvZiBhZGRpdGlvbmFsIE1JU0MgcmVncyBzZXQgKE1JU0MxLTQpLgogCSAqLwogCWlm IChyZG1zcl9zYWZlX29uX2NwdShjcHUsIE1TUl9BTUQ2NF9TTUNBX01DeF9DT05GSUcoYmFuayks ICZsb3csICZoaWdoKSkKLQkJcmV0dXJuIGFkZHI7CisJCWdvdG8gb3V0OwogCiAJaWYgKCEobG93 ICYgTUNJX0NPTkZJR19NQ0FYKSkKLQkJcmV0dXJuIGFkZHI7CisJCWdvdG8gb3V0OwogCiAJaWYg KCFyZG1zcl9zYWZlX29uX2NwdShjcHUsIE1TUl9BTUQ2NF9TTUNBX01DeF9NSVNDKGJhbmspLCAm bG93LCAmaGlnaCkgJiYKIAkgICAgKGxvdyAmIE1BU0tfQkxLUFRSX0xPKSkKLQkJcmV0dXJuIE1T Ul9BTUQ2NF9TTUNBX01DeF9NSVNDeShiYW5rLCBibG9jayAtIDEpOworCQlhZGRyID0gTVNSX0FN RDY0X1NNQ0FfTUN4X01JU0N5KGJhbmssIGJsb2NrIC0gMSk7CiAKK291dDoKKwlzbWNhX2Jhbmtf YWRkcnNbYmFua11bYmxvY2tdID0gYWRkcjsKIAlyZXR1cm4gYWRkcjsKIH0KIApAQCAtNDY4LDE4 ICs0NzksNiBAQCBzdGF0aWMgdTMyIGdldF9ibG9ja19hZGRyZXNzKHVuc2lnbmVkIGludCBjcHUs IHUzMiBjdXJyZW50X2FkZHIsIHUzMiBsb3csIHUzMiBoaQogCWlmICgoYmFuayA+PSBtY2FfY2Zn LmJhbmtzKSB8fCAoYmxvY2sgPj0gTlJfQkxPQ0tTKSkKIAkJcmV0dXJuIGFkZHI7CiAKLQkvKiBH ZXQgYWRkcmVzcyBmcm9tIGFscmVhZHkgaW5pdGlhbGl6ZWQgYmxvY2suICovCi0JaWYgKHBlcl9j cHUodGhyZXNob2xkX2JhbmtzLCBjcHUpKSB7Ci0JCXN0cnVjdCB0aHJlc2hvbGRfYmFuayAqYmFu a3AgPSBwZXJfY3B1KHRocmVzaG9sZF9iYW5rcywgY3B1KVtiYW5rXTsKLQotCQlpZiAoYmFua3Ag JiYgYmFua3AtPmJsb2NrcykgewotCQkJc3RydWN0IHRocmVzaG9sZF9ibG9jayAqYmxvY2twID0g JmJhbmtwLT5ibG9ja3NbYmxvY2tdOwotCi0JCQlpZiAoYmxvY2twKQotCQkJCXJldHVybiBibG9j a3AtPmFkZHJlc3M7Ci0JCX0KLQl9Ci0KIAlpZiAobWNlX2ZsYWdzLnNtY2EpCiAJCXJldHVybiBz bWNhX2dldF9ibG9ja19hZGRyZXNzKGNwdSwgYmFuaywgYmxvY2spOwogCg==