Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752484AbbFZTXt (ORCPT <rfc822;w@1wt.eu>);
	Fri, 26 Jun 2015 15:23:49 -0400
Received: from mail-ob0-f180.google.com ([209.85.214.180]:36832 "EHLO
	mail-ob0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752662AbbFZTXl (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Fri, 26 Jun 2015 15:23:41 -0400
MIME-Version: 1.0
In-Reply-To: <1435341131-3279-1-git-send-email-prarit@redhat.com>
References: <1435341131-3279-1-git-send-email-prarit@redhat.com>
Date: Fri, 26 Jun 2015 15:23:41 -0400
Message-ID: <CAMzpN2j-0s9kNzuCwa9n2ZbxcveK=72r-SP=Ofhu+4uY8Us=_A@mail.gmail.com>
Subject: Re: [PATCH] x86, msr: Allow read access to /dev/cpu/X/msr
From: Brian Gerst <brgerst@gmail.com>
To: Prarit Bhargava <prarit@redhat.com>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        "H. Peter Anvin" <hpa@zytor.com>, Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>,
        "the arch/x86 maintainers" <x86@kernel.org>,
        Len Brown <len.brown@intel.com>,
        Dasaratharaman Chandramouli 
	<dasaratharaman.chandramouli@intel.com>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1434
Lines: 32

On Fri, Jun 26, 2015 at 1:52 PM, Prarit Bhargava <prarit@redhat.com> wrote:
> Customers write system monitoring software for single systems as well as
> clusters.  In load-balancing software it is useful to know how "busy" a
> core is.  Unfortunately the only way to get this data is to run as root,
> or use setcap to allow userspace access for particular programs.  Both of
> these options are clunky at best.
>
> This patch allows read access to the msr dev files which should be okay.
> No damage can be done by reading the MSR values and it allows non-root
> users to run system monitoring software.
>
> The turbostat code specifically checks for CAP_SYS_RAWIO, which it
> shouldn't have to and I've removed that code.  Additionally I've modified
> the turbostat man page to remove documentation about configuring
> CAP_SYS_RAW_IO.
>
> Note: Write access to msr is still restricted with this patch.

Allowing unrestricted read access to all MSRs is wrong.  Some MSRs
contain addresses of kernel data structures, which can be used in
security exploits.

The proper way to do this is to write a driver to only expose the MSRs
that the user tools need, and nothing else.

--
Brian Gerst
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/