Re: [PATCH -v2.1] x86/msr: Filter MSR writes

From: Mathieu Chouquet-Stringer
Date: Tue Nov 17 2020 - 16:03:27 EST

Next message: Dan Williams: "Re: [PATCH v4 01/10] Add auxiliary bus support"
Previous message: Kees Cook: "[PATCH] selftests/seccomp: powerpc: Fix typo in macro variable name"
Next in thread: Borislav Petkov: "Re: [PATCH -v2.1] x86/msr: Filter MSR writes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello all,

On Tue, Jul 14, 2020 at 12:17:50PM -0700, Matthew Garrett wrote:
> On Tue, Jul 14, 2020 at 9:04 AM Chris Down <chris@xxxxxxxxxxxxxx> wrote:
> > Either way, again, this isn't really the point. :-) The point is that there
> > _are_ currently widespread cases involving poking MSRs from userspace, however
> > sacrilegious or ugly (which I agree with!), and while people should be told
> > about that, it's excessive to have the potential to take up 80% of kmsg in the
> > default configuration. It doesn't take thousands of messages to get the message
> > across, that's what a custom printk ratelimit is for.

> Agreed - we should now offer all the necessary interfaces to avoid
> userspace having to hit MSRs directly for thermal management, but that
> wasn't always the case, and as a result there's tooling that still
> behaves this way.

I'm late to the party but it seems allowing MSR_IA32_ENERGY_PERF_BIAS
has the downside of flagging the kernel as tainted without telling you
why if you use something like x86_energy_perf_policy (from
tools/power/x86/x86_energy_perf_policy) which itself is used by tuned.

I can taint my kernel manually by just running:
x86_energy_perf_policy -c all performance

The net impact is an OOPS triggered on such kernel won't necessarily be
read by anyone nor analyzed by reporting tools as the kernel is now
considered tainted.

For instance abrt reports the following:
===========8<===========8<===========8<===========8<===========8<===========8<
A kernel problem occurred, but your kernel has been tainted (flags:GS).
Explanation:
S - SMP with CPUs not designed for SMP.
Kernel maintainers are unable to diagnose tainted reports.
===========8<===========8<===========8<===========8<===========8<===========8<

To add to the confusion, kernel documentation
(Documentation/admin-guide/tainted-kernels.rst) is not up to date so
while looking for an explanation, one gets to wonder how what used to be
a regular average computer can now be classified as something using "an
officially SMP incapable processor"...

So while both documentation and tools should be updated as to be clearer
and to not taint the kernel respectively, there's something that remains
to be done to explain why or how the kernel got tainted because of
poking into MSRs...

--
Mathieu Chouquet-Stringer
The sun itself sees not till heaven clears.
-- William Shakespeare --

Next message: Dan Williams: "Re: [PATCH v4 01/10] Add auxiliary bus support"
Previous message: Kees Cook: "[PATCH] selftests/seccomp: powerpc: Fix typo in macro variable name"
Next in thread: Borislav Petkov: "Re: [PATCH -v2.1] x86/msr: Filter MSR writes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]