Re: [RFC PATCH] x86/msr: Filter MSR writes

[Borislav Petkov]

On Fri, Jun 12, 2020 at 10:43:07AM -0700, Sean Christopherson wrote:
> The problem is a fault on WRMSR doesn't mean the MSR doesn't exist, it only
> means WRMSR faulted.  WRMSR can for all intents and purpose trigger completely
> arbitrary microcode flows, e.g. WRMSR 0x79 can fundamentally change the
> behavior of the CPU.

Yes, that case is in the commit message.

> And it's not like the WRMSR->taint is atomic, e.g. changing a platform scoped
> MSR that affects voltage settings or something of that nature could easily
> tank the system on a successful WRMSR before the kernel can be marked tainted.

Yes, yes, I'll taint before the WRMSR.

> 0400 only allows a privelged user to read the parameter, e.g. for parameters
> that are snapshotted at module load time and/or changing the param while the
> module is running would cause breakage.
> 
> 0600 allows a priveleged user to read and write the parameter, which AFAICT
> is safe here.

Ok, we can do that.

> 0644 allows a priveleged user to read and write the parameter, and allows an
> unpriveleged user to read the param.

Not so sure about that. Why would the unprivileged user need to read it?

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette