Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp633796ybg; Fri, 12 Jun 2020 10:24:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwSdvxpnll1zl2ku4fVoVkn7eesc/p7qWVkdaHX4/rChCMcmnjCVwwq0mfh+Pn2ER8Llvcr X-Received: by 2002:a50:9517:: with SMTP id u23mr12401029eda.332.1591982676141; Fri, 12 Jun 2020 10:24:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591982676; cv=none; d=google.com; s=arc-20160816; b=hD4hnciabxpLqwFsIp8eXqhhOceNrSjfjYcdXZIDeTlBBTs1Mp1kX3X7slPvtx/sZW wimw/r4rLuzOpPsyxEdziiGB+GEgZBSg7tvawpZEvd2c4FecIt5OBjKqTtuXLKEYVAyD Fd0Naw+BkTvv/RS0x9I/leK0W+O7gPch+jeDfevso5h+PNcv0IEBEfGcY+AH7SPoprCF AphisdZCGNG5X8sFrCljKIdIYj3BCUffC4d7mB/G4iW0ARBpGfOpNzVcecyY7hrdAzPo 7geYObibG/QSD8w2SUTvNIDkDNdtnv5ytyyNlt5FogmNDJA2JbYodKwD1YGK30913rrA 2JvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=TseYOsqlKicldlfC8TDdcHanvSbPQ6ayvl06yiOJrtg=; b=Vf2JUIf0/niyecTH8+RwWvu4NAeKyfCTp2nBauWH4qSTc/W9DvAO//5IX76QYRTtUc SmSBeLmgURztYuzNCyRBtc08HYTyefowXpH9UyMCwh9YL1EjRjRuU4fPbaoMgUwDPaen 4NxbEOB329Vr7AsF0DJfpWIDv7RSQfNDcjMJ13CMT8ZOOwtBizrjtUgNLwGZW1PK6RF1 hIdw8WF2lLNrJJRM3P5z90Iao2i+gB4AEhkNO/vZ4wcUfTU3EQSDZuQaGAyOAyQEMk0S ejh+BOy6hJnRWUPk+drEhm4+hQksANFXfGkSLQh1z2FDME285epD63SBrKD/0agL2maV GiDg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=Cu8AHJdC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ly15si3974911ejb.649.2020.06.12.10.24.13; Fri, 12 Jun 2020 10:24:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=Cu8AHJdC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726281AbgFLRUY (ORCPT + 99 others); Fri, 12 Jun 2020 13:20:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54062 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726108AbgFLRUY (ORCPT ); Fri, 12 Jun 2020 13:20:24 -0400 Received: from mail-lf1-x143.google.com (mail-lf1-x143.google.com [IPv6:2a00:1450:4864:20::143]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B187EC03E96F for ; Fri, 12 Jun 2020 10:20:23 -0700 (PDT) Received: by mail-lf1-x143.google.com with SMTP id a26so1445127lfj.13 for ; Fri, 12 Jun 2020 10:20:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=TseYOsqlKicldlfC8TDdcHanvSbPQ6ayvl06yiOJrtg=; b=Cu8AHJdCWY7DEpWHKlBPVUXHrrlhCRklZMN1J6RSuAlkIZhniyvKia2bviBLOWt63z kuK2NDfpzvfkmoohmkCQFTGzwLXZf5XPOsk9y/2h1L2URB9qiy43/g2kYEAc3kW3fSTD kv5rLg24iPdUCAJ5STcLILBsC9g6AWOE44u2c= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=TseYOsqlKicldlfC8TDdcHanvSbPQ6ayvl06yiOJrtg=; b=Y9dk90DhhxVJGy0qDfZwcAxfCtRehVmDR/0lFgYAWpcjW5dVMwk0DUofBzUWQhSrG6 Z7s31XXdLj/1mHgTWyVcIZtZgOniickKtnXWxukw9kTd1XxnMczOok77FJP8p2sUN74x 9QOVdv91TfIaGnPzD0KNv8P7STgbGbPBlf77dMkAuZiEMpP5entVXQ/F5nkYR9YMwzus axKcPhRxhRdeP95SxcIcnR4JYsToW5DCyJavUNDj6zWITXZx1khOfOadoLCicVD/jPWV yKHSFFkx4J6oJb0Jb9pK8QPqkpcp3BSgBAv1Dnh6CRe37gxj92ptn3I2RoivrLVGwzyR b8bg== X-Gm-Message-State: AOAM5324E/bXSn5mqL4R7xFKwfXS/EabrP9ViqfPgAJSpfSc0CXwDeHv /2L7iPaH22P+uDL0Fk8wrucLevb/fCA= X-Received: by 2002:a05:6512:308e:: with SMTP id z14mr7495616lfd.29.1591982421137; Fri, 12 Jun 2020 10:20:21 -0700 (PDT) Received: from mail-lj1-f175.google.com (mail-lj1-f175.google.com. [209.85.208.175]) by smtp.gmail.com with ESMTPSA id 15sm1824547ljw.46.2020.06.12.10.20.20 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 12 Jun 2020 10:20:20 -0700 (PDT) Received: by mail-lj1-f175.google.com with SMTP id 9so11933615ljv.5 for ; Fri, 12 Jun 2020 10:20:20 -0700 (PDT) X-Received: by 2002:a2e:974e:: with SMTP id f14mr7093784ljj.102.1591982419850; Fri, 12 Jun 2020 10:20:19 -0700 (PDT) MIME-Version: 1.0 References: <20200612105026.GA22660@zn.tnic> In-Reply-To: <20200612105026.GA22660@zn.tnic> From: Linus Torvalds Date: Fri, 12 Jun 2020 10:20:03 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH] x86/msr: Filter MSR writes To: Borislav Petkov Cc: x86-ml , lkml Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jun 12, 2020 at 3:50 AM Borislav Petkov wrote: > > Disable writing to MSRs from userspace by default. Writes can still be > allowed by supplying the allow_writes=1 module parameter and the kernel > will be tainted so that it shows in oopses. Since you already added the filtering, this looks fairly sane. IOW, what MSR's do we expect people to maybe write to normally? You added MSR_IA32_ENERGY_PERF_BIAS as an allowed MST, maybe there are others? So I'm not against this, but I suspect the whitelist should be thought through more, and then maybe the "allow_writes" parameter should be yes/no/default/, where "default" is that list of known-normal MSR's. And I suspect it's a lot longer list than your single one. IIRC, people were working around CPU bugs or features by doing MSR writes at startup. So the first phase might be to introduce this, but have the default for non-recognized MSR's be "log", not "deny". Linus