Commit c813e8c9 authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'x86-misc-2020-08-03' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 MSR filtering from Ingo Molnar:
 "Filter MSR writes from user-space by default, and print a syslog entry
  if they happen outside the allowed set of MSRs, which is a single one
  for now, MSR_IA32_ENERGY_PERF_BIAS.

  The plan is to eventually disable MSR writes by default (they can
  still be enabled via allow_writes=on)"

* tag 'x86-misc-2020-08-03' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/msr: Filter MSR writes
parents 69094c20 a7e1f67e
...@@ -42,6 +42,14 @@ ...@@ -42,6 +42,14 @@
static struct class *msr_class; static struct class *msr_class;
static enum cpuhp_state cpuhp_msr_state; static enum cpuhp_state cpuhp_msr_state;
enum allow_write_msrs {
MSR_WRITES_ON,
MSR_WRITES_OFF,
MSR_WRITES_DEFAULT,
};
static enum allow_write_msrs allow_writes = MSR_WRITES_DEFAULT;
static ssize_t msr_read(struct file *file, char __user *buf, static ssize_t msr_read(struct file *file, char __user *buf,
size_t count, loff_t *ppos) size_t count, loff_t *ppos)
{ {
...@@ -70,6 +78,24 @@ static ssize_t msr_read(struct file *file, char __user *buf, ...@@ -70,6 +78,24 @@ static ssize_t msr_read(struct file *file, char __user *buf,
return bytes ? bytes : err; return bytes ? bytes : err;
} }
static int filter_write(u32 reg)
{
switch (allow_writes) {
case MSR_WRITES_ON: return 0;
case MSR_WRITES_OFF: return -EPERM;
default: break;
}
if (reg == MSR_IA32_ENERGY_PERF_BIAS)
return 0;
pr_err_ratelimited("Write to unrecognized MSR 0x%x by %s\n"
"Please report to x86@kernel.org\n",
reg, current->comm);
return 0;
}
static ssize_t msr_write(struct file *file, const char __user *buf, static ssize_t msr_write(struct file *file, const char __user *buf,
size_t count, loff_t *ppos) size_t count, loff_t *ppos)
{ {
...@@ -84,6 +110,10 @@ static ssize_t msr_write(struct file *file, const char __user *buf, ...@@ -84,6 +110,10 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
if (err) if (err)
return err; return err;
err = filter_write(reg);
if (err)
return err;
if (count % 8) if (count % 8)
return -EINVAL; /* Invalid chunk size */ return -EINVAL; /* Invalid chunk size */
...@@ -92,9 +122,13 @@ static ssize_t msr_write(struct file *file, const char __user *buf, ...@@ -92,9 +122,13 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
err = -EFAULT; err = -EFAULT;
break; break;
} }
add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK);
err = wrmsr_safe_on_cpu(cpu, reg, data[0], data[1]); err = wrmsr_safe_on_cpu(cpu, reg, data[0], data[1]);
if (err) if (err)
break; break;
tmp += 2; tmp += 2;
bytes += 8; bytes += 8;
} }
...@@ -242,6 +276,41 @@ static void __exit msr_exit(void) ...@@ -242,6 +276,41 @@ static void __exit msr_exit(void)
} }
module_exit(msr_exit) module_exit(msr_exit)
static int set_allow_writes(const char *val, const struct kernel_param *cp)
{
/* val is NUL-terminated, see kernfs_fop_write() */
char *s = strstrip((char *)val);
if (!strcmp(s, "on"))
allow_writes = MSR_WRITES_ON;
else if (!strcmp(s, "off"))
allow_writes = MSR_WRITES_OFF;
else
allow_writes = MSR_WRITES_DEFAULT;
return 0;
}
static int get_allow_writes(char *buf, const struct kernel_param *kp)
{
const char *res;
switch (allow_writes) {
case MSR_WRITES_ON: res = "on"; break;
case MSR_WRITES_OFF: res = "off"; break;
default: res = "default"; break;
}
return sprintf(buf, "%s\n", res);
}
static const struct kernel_param_ops allow_writes_ops = {
.set = set_allow_writes,
.get = get_allow_writes
};
module_param_cb(allow_writes, &allow_writes_ops, NULL, 0600);
MODULE_AUTHOR("H. Peter Anvin <hpa@zytor.com>"); MODULE_AUTHOR("H. Peter Anvin <hpa@zytor.com>");
MODULE_DESCRIPTION("x86 generic MSR driver"); MODULE_DESCRIPTION("x86 generic MSR driver");
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment