lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20230523194949.96149-2-twiederh@redhat.com>
Date:   Tue, 23 May 2023 21:49:49 +0200
From:   Tim Wiederhake <twiederh@...hat.com>
To:     "Borislav Petkov" <bp@...en8.de>,
        "Dave Hansen" <dave.hansen@...ux.intel.com>,
        "H. Peter Anvin" <hpa@...or.com>, "Ingo Molnar" <mingo@...hat.com>,
        "Paolo Bonzini" <pbonzini@...hat.com>,
        "Thomas Gleixner" <tglx@...utronix.de>, kvm@...r.kernel.org,
        linux-kernel@...r.kernel.org, x86@...nel.org
Cc:     Tim Wiederhake <twiederh@...hat.com>
Subject: [PATCH 2/2] x86/msr: Allow unprivileged read access to some MSRs

Delaying access control allows unprivileged processes to
read specific MSRs, such as IA32_CORE_CAPABILITIES and
IA32_ARCH_CAPABILITIES. This is helpful for e.g. qemu and
libvirt who require the raw MSR content to calculate host
CPU capabilities. Other programs might be interested in
IA32_EFER for x86-64-v1 detection.

Signed-off-by: Tim Wiederhake <twiederh@...hat.com>
---
 arch/x86/kernel/msr.c | 38 +++++++++++++++++++++++++++++++++-----
 1 file changed, 33 insertions(+), 5 deletions(-)

diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
index 058f2b67d0c7..9485aa7f8161 100644
--- a/arch/x86/kernel/msr.c
+++ b/arch/x86/kernel/msr.c
@@ -50,6 +50,23 @@ enum allow_write_msrs {
 
 static enum allow_write_msrs allow_writes = MSR_WRITES_DEFAULT;
 
+static int filter_read(struct file *file, u32 reg)
+{
+	if (file->private_data)
+		return 0;
+
+	switch (reg) {
+	case MSR_IA32_CORE_CAPS:
+	case MSR_IA32_ARCH_CAPABILITIES:
+	case MSR_EFER:
+		return 0;
+	default:
+		break;
+	}
+
+	return -EPERM;
+}
+
 static ssize_t msr_read(struct file *file, char __user *buf,
 			size_t count, loff_t *ppos)
 {
@@ -59,6 +76,10 @@ static ssize_t msr_read(struct file *file, char __user *buf,
 	int cpu = iminor(file_inode(file));
 	int err = 0;
 
+	err = filter_read(file, reg);
+	if (err)
+		return err;
+
 	if (count < 8)
 		return -EINVAL;	/* Invalid chunk size */
 
@@ -71,7 +92,7 @@ static ssize_t msr_read(struct file *file, char __user *buf,
 	return 8;
 }
 
-static int filter_write(u32 reg)
+static int filter_write(struct file *file, u32 reg)
 {
 	/*
 	 * MSRs writes usually happen all at once, and can easily saturate kmsg.
@@ -83,6 +104,9 @@ static int filter_write(u32 reg)
 	 */
 	static DEFINE_RATELIMIT_STATE(fw_rs, 30 * HZ, 1);
 
+	if (!file->private_data)
+		return -EPERM;
+
 	switch (allow_writes) {
 	case MSR_WRITES_ON:  return 0;
 	case MSR_WRITES_OFF: return -EPERM;
@@ -113,7 +137,7 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
 	if (err)
 		return err;
 
-	err = filter_write(reg);
+	err = filter_write(file, reg);
 	if (err)
 		return err;
 
@@ -156,6 +180,9 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
 			err = -EFAULT;
 			break;
 		}
+		err = filter_read(file, regs[1]);
+		if (err)
+			return err;
 		err = rdmsr_safe_regs_on_cpu(cpu, regs);
 		if (err)
 			break;
@@ -176,7 +203,7 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
 		if (err)
 			break;
 
-		err = filter_write(regs[1]);
+		err = filter_write(file, regs[1]);
 		if (err)
 			return err;
 
@@ -202,8 +229,7 @@ static int msr_open(struct inode *inode, struct file *file)
 	unsigned int cpu = iminor(file_inode(file));
 	struct cpuinfo_x86 *c;
 
-	if (!capable(CAP_SYS_RAWIO))
-		return -EPERM;
+	file->private_data = (void *)(capable(CAP_SYS_RAWIO));
 
 	if (cpu >= nr_cpu_ids || !cpu_online(cpu))
 		return -ENXIO;	/* No such CPU */
@@ -245,6 +271,8 @@ static int msr_device_destroy(unsigned int cpu)
 
 static char *msr_devnode(const struct device *dev, umode_t *mode)
 {
+	if (mode)
+		*mode = 0644;
 	return kasprintf(GFP_KERNEL, "cpu/%u/msr", MINOR(dev->devt));
 }
 
-- 
2.39.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ