Re: [RFC PATCH] x86: Filter MSR writes from luserspace

From: Ingo Molnar
Date: Wed Nov 27 2019 - 02:11:08 EST

Next message: Peng Ma: "[PATCH] i2c: imx: Defer probing if EDMA not available"
Previous message: Stefan Mavrodiev: "Re: [PATCH 1/1] arm64: dts: allwinner: a64: olinuxino: Add VCC-PG supply"
In reply to: Borislav Petkov: "Re: [RFC PATCH] x86: Filter MSR writes from luserspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Borislav Petkov <bp@xxxxxxxxx> wrote:

> On Tue, Nov 26, 2019 at 12:50:28PM -0800, Andi Kleen wrote:
> > You'll almost certainly violate Linus' golden rule of application
> > compatibility and the whole thing will be reverted in the end.

This objection is bogus, the ABI isn't broken, since this is basically a
tweak of the default security model, by pushing questionable MSR
modifications to a module or boot parameter. Those who know what they are
doing can still do it.

The goal would be to make sure via a whitelist that end user distros
won't have to set this parameter to permissive again, of course.

Thanks,

Ingo

Next message: Peng Ma: "[PATCH] i2c: imx: Defer probing if EDMA not available"
Previous message: Stefan Mavrodiev: "Re: [PATCH 1/1] arm64: dts: allwinner: a64: olinuxino: Add VCC-PG supply"
In reply to: Borislav Petkov: "Re: [RFC PATCH] x86: Filter MSR writes from luserspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]