git.baikalelectronics.ru Git - kernel.git/commit

author	Borislav Petkov <bp@suse.de>
	Wed, 10 Jun 2020 19:37:49 +0000 (21:37 +0200)
committer	Borislav Petkov <bp@suse.de>
	Thu, 25 Jun 2020 08:39:02 +0000 (10:39 +0200)
commit	cf5ae0c6ac9a58a981a2d1f5fd1911ada26620d9
tree	10b7e9527a98dce6e5a008d2c99603dc12a2af05	tree \| snapshot
parent	2e0873da09585b8a2daf9ca8c2facd15f454ec3f	commit \| diff

x86/msr: Filter MSR writes

Add functionality to disable writing to MSRs from userspace. Writes can
still be allowed by supplying the allow_writes=on module parameter. The
kernel will be tainted so that it shows in oopses.

Having unfettered access to all MSRs on a system is and has always been
a disaster waiting to happen. Think performance counter MSRs, MSRs with
sticky or locked bits, MSRs making major system changes like loading
microcode, MTRRs, PAT configuration, TSC counter, security mitigations
MSRs, you name it.

This also destroys all the kernel's caching of MSR values for
performance, as the recent case with MSR_AMD64_LS_CFG showed.

Another example is writing MSRs by mistake by simply typing the wrong
MSR address. System freezes have been experienced that way.

In general, poking at MSRs under the kernel's feet is a bad bad idea.

So log writing to MSRs by default. Longer term, such writes will be
disabled by default.

If userspace still wants to do that, then proper interfaces should be
defined which are under the kernel's control and accesses to those MSRs
can be synchronized and sanitized properly.

[ Fix sparse warnings. ]
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Tested-by: Sean Christopherson <sean.j.christopherson@intel.com>
Link: https://lkml.kernel.org/r/20200612105026.GA22660@zn.tnic