| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20171021043919.GF3285@linux-l9pv.suse>
Date: Sat, 21 Oct 2017 12:39:19 +0800
From: joeyli <jlee@...e.com>
To: David Howells <dhowells@...hat.com>
Cc: Alan Cox <gnomes@...rguk.ukuu.org.uk>,
linux-security-module@...r.kernel.org, linux-efi@...r.kernel.org,
matthew.garrett@...ula.com, gregkh@...uxfoundation.org,
linux-kernel@...r.kernel.org, jforbes@...hat.com
Subject: Re: [PATCH 12/27] x86/msr: Restrict MSR access when the kernel is
locked down
On Fri, Oct 20, 2017 at 09:48:16PM +0100, David Howells wrote:
> Alan Cox <gnomes@...rguk.ukuu.org.uk> wrote:
>
> > There are a load of standard tools that use this so I think you are going
> > to need a whitelist. Can you at least log *which* MSR in the failing case
> > so a whitelist can be built over time ?
>
[...snip]
>
> And do you know where wrmsr_safe_regs() might be found? I can see things
> using it and exporting it, but no implementation, so I'm guessing it's
> macroised somewhere.
Looks the definition is in
arch/x86/lib/msr-reg.S
#ifdef CONFIG_X86_64
/*
* int {rdmsr,wrmsr}_safe_regs(u32 gprs[8]);
*
* reg layout: u32 gprs[eax, ecx, edx, ebx, esp, ebp, esi, edi]
*
*/
.macro op_safe_regs op
ENTRY(\op\()_safe_regs)
pushq %rbx
pushq %r12
...
Regards
Joey Lee
Powered by blists - more mailing lists