lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 12 Jun 2020 19:52:51 +0200
From:   Borislav Petkov <>
To:     Sean Christopherson <>
Cc:     x86-ml <>,
        Linus Torvalds <>,
        lkml <>
Subject: Re: [RFC PATCH] x86/msr: Filter MSR writes

On Fri, Jun 12, 2020 at 10:43:07AM -0700, Sean Christopherson wrote:
> The problem is a fault on WRMSR doesn't mean the MSR doesn't exist, it only
> means WRMSR faulted.  WRMSR can for all intents and purpose trigger completely
> arbitrary microcode flows, e.g. WRMSR 0x79 can fundamentally change the
> behavior of the CPU.

Yes, that case is in the commit message.

> And it's not like the WRMSR->taint is atomic, e.g. changing a platform scoped
> MSR that affects voltage settings or something of that nature could easily
> tank the system on a successful WRMSR before the kernel can be marked tainted.

Yes, yes, I'll taint before the WRMSR.

> 0400 only allows a privelged user to read the parameter, e.g. for parameters
> that are snapshotted at module load time and/or changing the param while the
> module is running would cause breakage.
> 0600 allows a priveleged user to read and write the parameter, which AFAICT
> is safe here.

Ok, we can do that.

> 0644 allows a priveleged user to read and write the parameter, and allows an
> unpriveleged user to read the param.

Not so sure about that. Why would the unprivileged user need to read it?


Powered by blists - more mailing lists