Linux Patches Look To Restrict Modules From Poking Certain Registers, Using Select Instructions

Written by Michael Larabel in Linux Kernel on 30 January 2021 at 01:15 PM EST. 26 Comments
LINUX KERNEL
Last year the Linux kernel began tightening up the ability to write to select CPU MSRs from user-space. That restricting of user-space access to select registers was done in the name of security as well as not wanting user-space to accidentally or maliciously poke some MSRs that could cause problems with kernel behavior. Now in kernel space there are some yet-to-be-merged patches that would place some new restrictions on kernel modules around poking certain registers or using select CPU instructions.

Originally written last April and now queued as part of his own branch, longtime kernel developer Peter Zijlstra has patches placing new restrictions on kernel modules.

One change is to disallow some CPL0 instructions. What started out with the desire to disallow modules from poking the global descriptor table (GDT) or returning to user-space, further precautions are error out if a module tries to alter the register state or messing with the FS/GS base.


An additional patch is detecting CRn and DRn manipulation. That work is to disallow kernel modules writing to control CRN / XCRn and debug DRn registers. Using the proper accessors is desired rather than poking those control/debug registers directly.

For now these patches are part of Zijlstra's x86/module code but we'll see if they go mainline soon enough in trying to enforce clean kernel module behavior.
26 Comments
Related News
Linux Patches Posted That Would Allow Boot-Time Disabling Of x86 32-bit Processes
Linux 6.4-rc5 Released - The Kernel Is Looking To Be In Good Shape
Updated EEVDF Linux CPU Scheduler Patches Posted That Plan To Replace CFS
Linux 6.3.5 Released With XFS Metadata Corruption Fix
Linux 6.4-rc4 Released As A "Fairly Normal" Release
Linux Preps Hybrid SMP Fix To Avoid Upcoming Laptops Appearing As 11 Socket Monsters
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Red Hat To Stop Shipping LibreOffice In Future RHEL, Limiting Fedora LO Involvement
System76's Coreboot Open Firmware Manages To Disable Intel ME For Raptor Lake
Debian 12 "Bookworm" Set For Release Next Week With Around 100 Known Bugs
NVIDIA R535 Linux Beta Brings New Vulkan Extensions, DMA-BUF v4 Wayland Protocol
Linux 6.3.5 Released With XFS Metadata Corruption Fix
Phoronix.com Turns 19 Years Old For Covering Linux Hardware, Open-Source News
Steam On Linux Use Ticked Higher In May, 25% Of Linux Gamers Are Using The Steam Deck
Ubuntu Details Initial Plans For Immutable Linux Desktop With Ubuntu Core & Snaps