Written byMichael Larabel inLinux Kernel on 25 June 2020 at 08:35 AM EDT.1 Comment
The Linux 5.9 kernel is slated to begin introducing new restrictions on allowing writes to CPU model specific registers (MSRs) from user-space.
Via the Linux kernel x86 MSR driver, writes to arbitrary model specific registers from user-space is allowed -- assuming you have root permissions. But even with requiring root access, there are security implications and other issues in allowing any CPU MSRs to be written to from user-space without the intervention of the kernel via /dev/cpu/[CPU-number]/msr .
SUSE's Borislav Petkov has added support to the x86 MSR driver to begin filtering of MSR writes. Petkov reinforced, " Having unfettered access to all MSRs on a system is and has always been a disaster waiting to happen. Think performance counter MSRs, MSRs with sticky or locked bits, MSRs making major system changes like loading microcode, MTRRs, PAT configuration, TSC counter, security mitigations MSRs, you name it. This also destroys all the kernel's caching of MSR values for performance, as the recent case with MSR_AMD64_LS_CFG showed. Another example is writing MSRs by mistake by simply typing the wrong MSR address. System freezes have been experienced that way. In general, poking at MSRs under the kernel's feet is a bad bad idea. "
The new default behavior starting with Linux 5.9 will be to log messages to dmesg whenever a MSR write from user-space happens with a "write to unrecognized MSR" notification.
But this MSR filtering infrastructure also adds the ability to block MSR writes from user-space. Ultimately they will likely transition to that as the default at a later time to ensure MSR writes from user-space do not happen. This behavior right now can be toggled via the msr.allow_writes= kernel module paramrter with on/off/default. Should legitimate use-cases come up where writes to MSRs from user-space are still desired, they may add the infrastructure to selectively grant/deny access to specific MSRs and ensure they are sanitized by the kernel.
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网
猜你喜欢:
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
银行3.0:移动互联时代的银行转型之道
[澳]布莱特·金(Brett King) / 白 宫 施 轶 / 广东经济出版社 / 2014-12 / 88.00元
银行未来会怎样,银行下一步该怎么做?银行如何在客户行为变化、科技变化,以及新的非银行竞争者不断涌入等时代变化的形势下,在未来取得成功? 这是第一本透彻深入地全面呈现当今银行业的内外形势与状况的书,内容涉及技术变化、客户行为变化、涌现的外部竞争者,银行现有组织架构、流程模式、制度思维、人员结构、互动渠道、营销方式等。具体包括低网点化,ATM、网站、呼叫中心的落伍,以及智能手机、社交媒体、移动支......一起来看看 《银行3.0:移动互联时代的银行转型之道》 这本书的介绍吧!
