Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp586501pxb; Wed, 27 Jan 2021 15:57:07 -0800 (PST) X-Google-Smtp-Source: ABdhPJxaLzMg6C8wpQEOdwu3G60zQ1vmkL38Yx2WLWKHNF7Olx4pC0CrKwFH/vDaElADSct7fHAQ X-Received: by 2002:aa7:d306:: with SMTP id p6mr11594308edq.351.1611791827510; Wed, 27 Jan 2021 15:57:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611791827; cv=none; d=google.com; s=arc-20160816; b=TLlJOWvHsZqUf16zXaR9TM/37msHMbw3u2R5LdrgwUsuVmPqWMMUtoQo9Ziy7WzMv+ UTQz3dh039oieglwvpyXAgM6VyJQDSZfdo9zPZ7qHEb6Mw5SKnIcFHcVBrr5zjXAT44C ozjZGtyPAolRpyFWKIlGel5uDv9e8d44SUX65KMrjfBo9T2dNofsu1mL1YHGVmqEo3Ti AdDIl6+vJNKHcL2DpTq9CboIDwQcgeZYQ5zwXQt6/SgLsyHtlWtgjU4lpXvUwztGfNTw cKXL/x0/TZh4erwX2e2wOac7pHR+J/ZvoMa/6e/nwPsMLEFA74t28fD0w/T87txFiVRK KMwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:ironport-sdr; bh=SCerszW6Lt97Jgrr4LsytHFtxzixCdXD6Fp1sERgTkY=; b=SUWnyUSp99VWlBZNxHjx4I1WATg1uXxDYh1Ueax6pUMZdd73s01TaL8Wg14MnZJfjj EIir5KpImtSA+YrwQph/oWD0SQjE0iJlUKma4jDBmDume69tX12XrJwjCBefQEyoXo5A xTFcPIAoNquiVJvXe9cIFimuSITsh1bjI0rKfuyXheEY2pvQ/4d15/CdLB8bMBJVls28 TZJxCscSaFNBuu9ORW88OzQkSlTZEBvlxRGxv2LJUNkdGEpUzivWD7xZiTM3FrbTf6+1 NmI3ghjhxSLdRe9dPhlFEMiqaV3ASPX7MTxzteyAuq0LH6rsuSOQnrE8O2yJEatqbkaD 4iAQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id hq36si1536448ejc.590.2021.01.27.15.56.43; Wed, 27 Jan 2021 15:57:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236588AbhA0MYX (ORCPT + 99 others); Wed, 27 Jan 2021 07:24:23 -0500 Received: from esa8.hc1455-7.c3s2.iphmx.com ([139.138.61.253]:64467 "EHLO esa8.hc1455-7.c3s2.iphmx.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237702AbhA0MWd (ORCPT ); Wed, 27 Jan 2021 07:22:33 -0500 X-Greylist: delayed 462 seconds by postgrey-1.27 at vger.kernel.org; Wed, 27 Jan 2021 07:22:32 EST IronPort-SDR: fS/mM9559bN0OSrG9m5SF0zTMlhNhKcH2cabQyJ5LrrwfPLljHi5Soe3Dy4sZS0YVe0vTO6eRX 1Rcs9HrmT8o0Xe4VXkiyN7Vf28LPFxCZl2bF9bvkqp7k5O+SnsqZCkM/2YfbwbTM0PQKepsVgc vOL3PGvdbS4RPlfyNW62AIrVUhVcGbdzlUhrpMOtpHsuUfgH2D8HD/qTb4jvb10thRwmIl3EBR 9F4wBlYesnPhaxKvrhK7iiLJoGpEalToS80WlZ2SwNXulutbCSNCTm/txG4DoLuQEDsHyK/GbG ZAs= X-IronPort-AV: E=McAfee;i="6000,8403,9876"; a="4890707" X-IronPort-AV: E=Sophos;i="5.79,379,1602514800"; d="scan'208";a="4890707" Received: from unknown (HELO oym-r2.gw.nic.fujitsu.com) ([210.162.30.90]) by esa8.hc1455-7.c3s2.iphmx.com with ESMTP; 27 Jan 2021 21:12:31 +0900 Received: from oym-m1.gw.nic.fujitsu.com (oym-nat-oym-m1.gw.nic.fujitsu.com [192.168.87.58]) by oym-r2.gw.nic.fujitsu.com (Postfix) with ESMTP id EE99DE0382 for ; Wed, 27 Jan 2021 21:12:30 +0900 (JST) Received: from g01jpfmpwkw02.exch.g01.fujitsu.local (g01jpfmpwkw02.exch.g01.fujitsu.local [10.0.193.56]) by oym-m1.gw.nic.fujitsu.com (Postfix) with ESMTP id 43C19B4E3E for ; Wed, 27 Jan 2021 21:12:30 +0900 (JST) Received: from G01JPEXCHKW13.g01.fujitsu.local (G01JPEXCHKW13.g01.fujitsu.local [10.0.194.52]) by g01jpfmpwkw02.exch.g01.fujitsu.local (Postfix) with ESMTP id 374B432879F; Wed, 27 Jan 2021 21:12:29 +0900 (JST) Received: from luna3.soft.fujitsu.com (10.124.196.199) by G01JPEXCHKW13.g01.fujitsu.local (10.0.194.52) with Microsoft SMTP Server id 14.3.487.0; Wed, 27 Jan 2021 21:12:29 +0900 From: Misono Tomohiro To: CC: , , , , , Subject: [PATCH] x86/msr: Filter msr write by X86_IOC_WRMSR_REGS ioctl Date: Wed, 27 Jan 2021 21:24:56 +0900 Message-ID: <20210127122456.13939-1-misono.tomohiro@jp.fujitsu.com> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII X-SecurityPolicyCheck-GC: OK by FENCE-Mail X-TM-AS-GCONF: 00 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org commit a7e1f67ed29f ("x86/msr: Filter MSR writes") introduces a module parameter to disable writing to msr device file (and add_taint() upon writing). As msr register can be written by X86_IOC_WRMSR_REGS ioctl too, they should be applied to the ioctl as well. Fixes: a7e1f67ed29f ("x86/msr: Filter MSR writes") Signed-off-by: Misono Tomohiro --- Hello, I just noticed this when I read the code. I'm not sure if anyone uses ioctl interface now, but I tested this by resetting IA32_MPERF by X86_IOC_WRMSR_REGS ioctl. Thanks, arch/x86/kernel/msr.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c index 8a67d1fa8dc5..d774618e75b8 100644 --- a/arch/x86/kernel/msr.c +++ b/arch/x86/kernel/msr.c @@ -182,6 +182,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg) err = security_locked_down(LOCKDOWN_MSR); if (err) break; + err = filter_write(regs[1]); + if (err) + return err; + add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK); err = wrmsr_safe_regs_on_cpu(cpu, regs); if (err) break; -- 2.26.2