lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+8MBbKNB3a41rQDqYnLD1AcYDDuQOJeyA=68m17zj4Neg9ZpQ@mail.gmail.com>
Date:   Fri, 12 Jun 2020 22:40:14 -0700
From:   Tony Luck <tony.luck@...il.com>
To:     Peter Zijlstra <peterz@...radead.org>
Cc:     Borislav Petkov <bp@...en8.de>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        x86-ml <x86@...nel.org>, lkml <linux-kernel@...r.kernel.org>
Subject: Re: [RFC PATCH] x86/msr: Filter MSR writes

On Fri, Jun 12, 2020 at 1:41 PM Peter Zijlstra <peterz@...radead.org> wrote:
>
> On Fri, Jun 12, 2020 at 07:48:01PM +0200, Borislav Petkov wrote:
> > On Fri, Jun 12, 2020 at 10:20:03AM -0700, Linus Torvalds wrote:
> > > Since you already added the filtering, this looks fairly sane.
> > >
> > > IOW, what MSR's do we expect people to maybe write to normally? You
> > > added MSR_IA32_ENERGY_PERF_BIAS as an allowed MST, maybe there are
> > > others?
> >
> > Right, this MSR is being written by cpupower in tools/. My search was
> > confined within the kernel source only so there very likely are others.
>
> So that tool writing to /dev/msr has already caused pain; the direct
> result is that the intel pstate driver doesn't want to use an MSR shadow
> variable to avoid RDMSR because that'd loose input.
>
> https://lkml.org/lkml/2019/3/25/310
>
> (sorry, that's what google found me)
>
> So ideally we'd just disallow it too. It already has a sysfs file (per
> those patches):
>
>   Documentation/admin-guide/pm/intel_epb.rst

Some group internal at Intel want something like this, but more extensive,
They want to limit RDMSR to a subset (not exactly sure why, I don't
know of MSRs that have side effects on read ... but then again
not all of the MSR space is documented).

On the write side they divide into categories:
1) Some MSRs can only be cleared.
2) Some MSRs can only have certain bits set
3) Some MSRs allow any write
4) Maybe something else ... this is from memory, and a somewhat
cursory read of their patch.

They have maybe a couple of dozen MSRs split between those classes.

-Tony

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ