On Fri, Jun 12, 2020 at 06:46:02PM +0200, Borislav Petkov wrote: > On Fri, Jun 12, 2020 at 09:34:06AM -0700, Sean Christopherson wrote: > > The kernel should be tainted if the WRMSR is attempted, regardless of > > whether it succeeds, and it should happen before the WRMSR. E.g. pointing > > MSR_IA32_DS_AREA at a bad address will likely cause an OOPS on the #PF > > If the MSR write fails, MSR_IA32_DS_AREA won't have the bad address. If > the writes fail, nothing has been changed.
DS_AREA takes a virtual (linear) address, i.e. the address can be legal from the CPUs perspective but still lead to a #PF due to the address not being mapped in the page tables. > > This can be 0600, or maybe 0644, i.e. allow the user to enable/disable > > writes after the module has been loaded. > > What for? So users don't have to unload and reload the module just to enable or disable writes. I don't think it changes the protections in any way, a priveleged user still needs to explicitly toggle the control. > crw------- 1 root root 202, 0 Jun 10 19:54 /dev/cpu/0/msr > > You need root to write to the chrdev. > > Also, the intent is *not* to open it more but to close it so that the > incentive to design proper interfaces is there. > > -- > Regards/Gruss, > Boris. > > https://people.kernel.org/tglx/notes-about-netiquette
