Linux To Begin Tightening Up Ability To Write To CPU MSRs From User-Space

Written by Michael Larabel in Linux Kernel on 25 June 2020 at 08:35 AM EDT. 17 Comments
LINUX KERNEL
The Linux 5.9 kernel is slated to begin introducing new restrictions on allowing writes to CPU model specific registers (MSRs) from user-space.

Via the Linux kernel x86 MSR driver, writes to arbitrary model specific registers from user-space is allowed -- assuming you have root permissions. But even with requiring root access, there are security implications and other issues in allowing any CPU MSRs to be written to from user-space without the intervention of the kernel via /dev/cpu/[CPU-number]/msr.

SUSE's Borislav Petkov has added support to the x86 MSR driver to begin filtering of MSR writes. Petkov reinforced with the commit, "Having unfettered access to all MSRs on a system is and has always been a disaster waiting to happen. Think performance counter MSRs, MSRs with sticky or locked bits, MSRs making major system changes like loading microcode, MTRRs, PAT configuration, TSC counter, security mitigations MSRs, you name it. This also destroys all the kernel's caching of MSR values for performance, as the recent case with MSR_AMD64_LS_CFG showed. Another example is writing MSRs by mistake by simply typing the wrong MSR address. System freezes have been experienced that way. In general, poking at MSRs under the kernel's feet is a bad bad idea."

The new default behavior starting with Linux 5.9 will be to log messages to dmesg whenever a MSR write from user-space happens with a "write to unrecognized MSR" notification.

But this MSR filtering infrastructure also adds the ability to block MSR writes from user-space. Ultimately they will likely transition to that as the default at a later time to ensure MSR writes from user-space do not happen. This behavior right now can be toggled via the msr.allow_writes= kernel module paramrter with on/off/default. Should legitimate use-cases come up where writes to MSRs from user-space are still desired, they may add the infrastructure to selectively grant/deny access to specific MSRs and ensure they are sanitized by the kernel.
17 Comments
Related News
Linux 6.9-rc5 Released: The Diffstat "Looks A Bit Wonky" But Not Bad
Linux 6.9-rc5 Picking Up Fixes For Intel FRED, BHI & GFNI/VAES Checks
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.9-rc4 Brings More Bcachefs Fixes, Native BHI Mitigation
Linux 6.10 To Account For NUMA Node When Allocating Per-CPU Cpumasks
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
Fedora Linux 40 Cleared For Release Next Week
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Fedora Linux 40 Available For Download As A Wonderful Upgrade
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
openSUSE Factory Achieves Bit-By-Bit Reproducible Builds
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"
MPV 0.38 Media Player Released With New Options & Fixes