lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4f89671e080eb23b084c0e0942f111e6@kernel.org>
Date:   Thu, 03 Dec 2020 08:35:24 +0000
From:   Marc Zyngier <maz@...nel.org>
To:     Rongwei Wang <rongwei.wang@...ux.alibaba.com>
Cc:     catalin.marinas@....com, Will Deacon <will@...nel.org>,
        bjorn.andersson@...aro.org, shawnguo@...nel.org, gshan@...hat.com,
        geert+renesas@...der.be, Anson.Huang@....com, masahiroy@...nel.org,
        michael@...le.cc, krzk@...nel.org, linux-kernel@...r.kernel.org,
        vkoul@...nel.org, olof@...om.net, vincenzo.frascino@....com,
        ardb@...nel.org, linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH 0/3] arm64:msr: Add MSR driver

On 2020-12-03 05:45, Rongwei Wang wrote:
>> 2020年12月1日 下午11:37,Marc Zyngier <maz@...nel.org> 写道:
>> 
>> On 2020-12-01 14:25, wangrongwei wrote:
>>>> 2020年12月1日 下午4:12,Marc Zyngier <maz@...nel.org> 写道:
>>>> On 2020-12-01 03:09, wangrongwei wrote:
>>>>> Hi
>>>>> We have validate this driver in vm and physical machine, and works 
>>>>> fine.
>>>> But what does "work fine" mean? None of these system registers are 
>>>> supposed
>>>> to be accessible from userspace, so please explain *what* you are 
>>>> trying to
>>>> do with this, other that introducing security holes and general 
>>>> system
>>>> instability?
>>> I think I know what you mean. Do you want me to describe how we 
>>> achieved it?
>>> In x86, the different registers can be accessed directly using the
>>> rdmsr and wrmsr instructions, but in ARM, since these two 
>>> instructions
>>> are missing, so we modify the code segment during runtime, similar to
>>> the principle of static_key.
>> 
>> [...]
>> 
>> These are implementation details, none of which answer my question:
>> 
>> What makes you think this is a good idea? I cannot see any legitimate
> In fact, I think this tool useful mainly in the following scenarios:
> 	1. performance debug
> 	2. Arm-core features test
> 	3. Debug-tool for kernel developer
> Also, for example, MSR-ARM is needed for chip verification and
> system-level functional verification.
> A simple example, perf stat can test pmu, but the overflow interrupt
> function and forced overflow function of pmu is not covered.

But what does it mean to change random system registers while the kernel
itself is using them in parallel? All you are introducing is a bunch of
uncontrolled, unexpected, and possibly fatal side effects.

Introducing such an interface makes the kernel unsafe, insecure, and
and violates all the possible guarantees that we are trying hard to
provide. After all, why would we even try to mitigate side channel
vulnerabilities if we were to introduce such a thing?

> In both cases, we need a special interface to configure it, which can
> be considered as testing requirements, so it can only be tested by
> configuring (access) registers, e.g., devmem command for memmap
> registers, MSR-ARM driver for system registers.

devmem was a terrible mistake. Unprivileged sysreg access is another
instance of the same mistake.

The kernel is not a validation tool. It is designed to operate safely,
securely, and reliably. What you propose is the negation of these goals
for dubious purposes, and I think I represent a large number of kernel
developers when I say that we really do not want it.

This will (hopefully) be my last message on this subject.

Thanks,

         M.
-- 
Jazz is not dead. It just smells funny...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ