Linux Patches Look To Restrict Modules From Poking Certain Registers, Using Select Instructions

Written by Michael Larabel in Linux Kernel on 30 January 2021 at 01:15 PM EST. 26 Comments
Last year the Linux kernel began tightening up the ability to write to select CPU MSRs from user-space. That restricting of user-space access to select registers was done in the name of security as well as not wanting user-space to accidentally or maliciously poke some MSRs that could cause problems with kernel behavior. Now in kernel space there are some yet-to-be-merged patches that would place some new restrictions on kernel modules around poking certain registers or using select CPU instructions.

Originally written last April and now queued as part of his own branch, longtime kernel developer Peter Zijlstra has patches placing new restrictions on kernel modules.

One change is to disallow some CPL0 instructions. What started out with the desire to disallow modules from poking the global descriptor table (GDT) or returning to user-space, further precautions are error out if a module tries to alter the register state or messing with the FS/GS base.

An additional patch is detecting CRn and DRn manipulation. That work is to disallow kernel modules writing to control CRN / XCRn and debug DRn registers. Using the proper accessors is desired rather than poking those control/debug registers directly.

For now these patches are part of Zijlstra's x86/module code but we'll see if they go mainline soon enough in trying to enforce clean kernel module behavior.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week