x86/mce/amd: Publish the bank pointer only after setup has succeeded
authorBorislav Petkov <bp@suse.de>
Tue, 4 Feb 2020 12:28:41 +0000 (13:28 +0100)
committerBorislav Petkov <bp@suse.de>
Thu, 13 Feb 2020 17:58:39 +0000 (18:58 +0100)
commit6e5cf31fbe651bed7ba1df768f2e123531132417
tree71adfc2e4f338edc3cfbf90a0b724a387d72d8fa
parentbb6d3fb354c5ee8d6bde2d576eb7220ea09862b9
x86/mce/amd: Publish the bank pointer only after setup has succeeded

threshold_create_bank() creates a bank descriptor per MCA error
thresholding counter which can be controlled over sysfs. It publishes
the pointer to that bank in a per-CPU variable and then goes on to
create additional thresholding blocks if the bank has such.

However, that creation of additional blocks in
allocate_threshold_blocks() can fail, leading to a use-after-free
through the per-CPU pointer.

Therefore, publish that pointer only after all blocks have been setup
successfully.

Fixes: 019f34fccfd5 ("x86, MCE, AMD: Move shared bank to node descriptor")
Reported-by: Saar Amar <Saar.Amar@microsoft.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20200128140846.phctkvx5btiexvbx@kili.mountain
arch/x86/kernel/cpu/mce/amd.c