From: Matt Fleming <matt@codeblueprint.co.uk>
To: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
Cc: Prarit Bhargava <prarit@redhat.com>,
Andy Lutomirski <luto@amacapital.net>,
Ingo Molnar <mingo@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, X86 ML <x86@kernel.org>,
Len Brown <len.brown@intel.com>,
Dasaratharaman Chandramouli
<dasaratharaman.chandramouli@intel.com>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Borislav Petkov <bp@alien8.de>, Andy Lutomirski <luto@kernel.org>,
Denys Vlasenko <dvlasenk@redhat.com>,
Brian Gerst <brgerst@gmail.com>,
Arnaldo Carvalho de Melo <acme@infradead.org>
Subject: Re: [PATCH] x86, msr: Allow read access to /dev/cpu/X/msr
Date: Mon, 29 Jun 2015 11:58:53 +0100 [thread overview]
Message-ID: <20150629105853.GE28334@codeblueprint.co.uk> (raw)
In-Reply-To: <20150628151049.GB20989@khazad-dum.debian.net>
On Sun, 28 Jun, at 12:10:49PM, Henrique de Moraes Holschuh wrote:
> On Sun, 28 Jun 2015, Prarit Bhargava wrote:
> > Is it easier to blacklist MSRs we don't want generally exposed, or only expose
> > the ones that we think are safe? That's sort of a devil's advocate sort of
> > question ;) and I'm wondering what the shorter list is.
>
> The only way to make MSR access safe is to allow it only by whitelisting.
> The x86 platform restricts all MSR access to ring 0 for a damn good reason.
Blacklisting also breaks horribly if you run old kernels on new
hardware.
We need to "fail-closed" if someone tries to access an MSR the kernel
doesn't know about.
--
Matt Fleming, Intel Open Source Technology Center
next prev parent reply other threads:[~2015-06-29 10:59 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-26 17:52 [PATCH] x86, msr: Allow read access to /dev/cpu/X/msr Prarit Bhargava
2015-06-26 18:45 ` H. Peter Anvin
2015-06-26 19:23 ` Brian Gerst
2015-06-26 21:26 ` Prarit Bhargava
2015-06-28 15:13 ` Henrique de Moraes Holschuh
2015-06-27 8:33 ` Ingo Molnar
2015-06-27 8:39 ` Ingo Molnar
2015-06-27 15:52 ` Andy Lutomirski
2015-06-28 14:34 ` Prarit Bhargava
2015-06-28 15:10 ` Henrique de Moraes Holschuh
2015-06-29 6:42 ` Ingo Molnar
2015-06-29 10:58 ` Matt Fleming [this message]
2015-06-29 19:51 ` H. Peter Anvin
2015-06-30 12:20 ` Prarit Bhargava
2015-06-30 12:44 ` Peter Zijlstra
2015-06-30 12:57 ` Ingo Molnar
2015-06-30 13:23 ` Prarit Bhargava
2015-07-01 16:38 ` Brown, Len
2015-07-01 17:33 ` Andy Lutomirski
2015-07-02 9:15 ` Ingo Molnar
2015-07-02 19:22 ` H. Peter Anvin
2015-07-02 19:26 ` Andy Lutomirski
2015-07-03 7:42 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150629105853.GE28334@codeblueprint.co.uk \
--to=matt@codeblueprint.co.uk \
--cc=a.p.zijlstra@chello.nl \
--cc=acme@infradead.org \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=dasaratharaman.chandramouli@intel.com \
--cc=dvlasenk@redhat.com \
--cc=hmh@hmh.eng.br \
--cc=hpa@zytor.com \
--cc=len.brown@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=luto@kernel.org \
--cc=mingo@kernel.org \
--cc=mingo@redhat.com \
--cc=prarit@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.