Re: [PATCH] x86, msr: Allow read access to /dev/cpu/X/msr

From: Henrique de Moraes Holschuh
Date: Sun Jun 28 2015 - 11:13:30 EST

Next message: Peter Hurley: "Re: [PATCH v2 1/2] tty: add missing rcu_read_lock for task_pgrp"
Previous message: Henrique de Moraes Holschuh: "Re: [PATCH] x86, msr: Allow read access to /dev/cpu/X/msr"
In reply to: Prarit Bhargava: "Re: [PATCH] x86, msr: Allow read access to /dev/cpu/X/msr"
Next in thread: Ingo Molnar: "Re: [PATCH] x86, msr: Allow read access to /dev/cpu/X/msr"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 26 Jun 2015, Prarit Bhargava wrote:
> > The proper way to do this is to write a driver to only expose the MSRs
> > that the user tools need, and nothing else.
>
> Will do -- At least I got everyone's attention with this :).

IMHO we need both a new driver that exposes semanthic functionality instead
of raw MSRs, and also to lock down the current MSR driver using processor
vendor, family and model-aware whitelists.

We have absolutely no idea of the real security impact of the CONFIG_X86_MSR
/dev/cpu/cpu#/msr driver, as that driver allows CAP_SYS_RAWIO userspace to
have complete access to all documented *and undocumented* MSRs.

Maybe we could build on the ideas and data already colleced by the msr-safe
LLNS code?

https://github.com/scalability-llnl/msr-safe
http://www.vi-hps.org/upload/program/espt-sc14/vi-hps-ESPT14-Shoga.pdf

At the very least, their work on building a list of safe MSRs should help...
Their code seems to be licensed under the GPLv3, which is a rather strange
choice of license for a kernel module.

A quick look using Debian's codesearch found these users of
/dev/cpu/cpu#/msr:

* cpufrequtils
* flashrom
* i7z
* intel-gpu-tools
* inteltool
* mcelog
* msrtool, msr-tools
* PAPI (can use msr_safe)
* powertop
* qemu
* slurm-llnl (maybe this can also use msr_safe?)
* stressapptest
* turbostat
* wmlongrun, longrun
* x86info
* xserver-xorg-video-geode

As well as the other stuff that ships from the Linux kernel tree.

Looking at what they need the MSR access for (well, except for msrtools,
which is just a way for shell scripts to easily talk to the MSR driver)
might help define the problem space better.

--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Peter Hurley: "Re: [PATCH v2 1/2] tty: add missing rcu_read_lock for task_pgrp"
Previous message: Henrique de Moraes Holschuh: "Re: [PATCH] x86, msr: Allow read access to /dev/cpu/X/msr"
In reply to: Prarit Bhargava: "Re: [PATCH] x86, msr: Allow read access to /dev/cpu/X/msr"
Next in thread: Ingo Molnar: "Re: [PATCH] x86, msr: Allow read access to /dev/cpu/X/msr"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]