lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <8724DF91-5BF0-4265-8091-F9E0C7DC2F1A@linux.alibaba.com>
Date:   Tue, 1 Dec 2020 11:44:52 +0800
From:   wangrongwei <rongwei.wang@...ux.alibaba.com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     catalin.marinas@....com, Will Deacon <will@...nel.org>,
        bjorn.andersson@...aro.org, shawnguo@...nel.org, vkoul@...nel.org,
        geert+renesas@...der.be, Anson.Huang@....com, michael@...le.cc,
        krzk@...nel.org, olof@...om.net, vincenzo.frascino@....com,
        ardb@...nel.org, masahiroy@...nel.org, gshan@...hat.com,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/3] arm64:msr: Add MSR driver

Hi, Boris, Thank your advice very much!
Indeed, I have read the commit message, and it seems that writes data to a system register may cause many problems. Actually, we have taken this into account. In the current version, we have separated the read and write functions to the system registers into two commands, they (rdasr and wrasr) can be found in system-register-tools (https://github.com/alibaba/system-register-tools).

In providing the WRASR function, we consider that users should bear the consequences of rewriting registers during the debugging phase. In fact, most of the time we rarely use WRASR, and only use it when we are very confident.

> 2020年12月1日 上午3:03,Borislav Petkov <bp@...en8.de> 写道:
> 
> On Tue, Dec 01, 2020 at 01:48:30AM +0800, Rongwei Wang wrote:
>> MSR ARM driver aims to provide interfacs for user to read or write
>> data to all system registers.
> 
> Just a warranty from x86 land: if I were an ARM arch maintainer, I would
> never never *ever* take such driver exposing naked hw registers to
> userspace.
> 
> We have been fighting with this on x86 for years:
> 
> a7e1f67ed29f ("x86/msr: Filter MSR writes")
> 
> with userspace tools poking at random MSRs. Read the commit message
> for what can happen. And taking that thing is like opening a huge
> can'o'worms that can't be closed anymore.
> 
> Currently, we're trying to move userspace tools to proper sysfs
> interfaces but it is a huuuge pain. It is a lot easier to have people
> define proper interfaces from the get-go where the kernel can control
> and synchronize access.
> 
> HTH.
> 
> -- 
> Regards/Gruss,
>    Boris.
> 
> https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ