| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200612175251.GF22660@zn.tnic>
Date: Fri, 12 Jun 2020 19:52:51 +0200
From: Borislav Petkov <bp@...en8.de>
To: Sean Christopherson <sean.j.christopherson@...el.com>
Cc: x86-ml <x86@...nel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
lkml <linux-kernel@...r.kernel.org>
Subject: Re: [RFC PATCH] x86/msr: Filter MSR writes
On Fri, Jun 12, 2020 at 10:43:07AM -0700, Sean Christopherson wrote:
> The problem is a fault on WRMSR doesn't mean the MSR doesn't exist, it only
> means WRMSR faulted. WRMSR can for all intents and purpose trigger completely
> arbitrary microcode flows, e.g. WRMSR 0x79 can fundamentally change the
> behavior of the CPU.
Yes, that case is in the commit message.
> And it's not like the WRMSR->taint is atomic, e.g. changing a platform scoped
> MSR that affects voltage settings or something of that nature could easily
> tank the system on a successful WRMSR before the kernel can be marked tainted.
Yes, yes, I'll taint before the WRMSR.
> 0400 only allows a privelged user to read the parameter, e.g. for parameters
> that are snapshotted at module load time and/or changing the param while the
> module is running would cause breakage.
>
> 0600 allows a priveleged user to read and write the parameter, which AFAICT
> is safe here.
Ok, we can do that.
> 0644 allows a priveleged user to read and write the parameter, and allows an
> unpriveleged user to read the param.
Not so sure about that. Why would the unprivileged user need to read it?
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists