From: Dave Hansen <dave.hansen@intel.com>
To: Tim Wiederhake <twiederh@redhat.com>,
Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
x86@kernel.org
Subject: Re: [PATCH v2] x86/msr: Allow unprivileged read access to some MSRs
Date: Tue, 30 May 2023 10:19:17 -0700 [thread overview]
Message-ID: <ce2badca-089d-34de-c929-075fe75fc0e9@intel.com> (raw)
In-Reply-To: <20230530102358.16430-1-twiederh@redhat.com>
On 5/30/23 03:23, Tim Wiederhake wrote:
> Expose some non-security sensitive MSRs through sysfs to allow access
> for unprivileged processes. This also helps other programs that are
> interested in IA32_EFER for x86-64-v1 detection.
Did you mean "sysfs" or "sysctl"?
I'm still on the fence about whether we should do this. This seems
_marginally_ better than the /dev approach.
But whatever we do we need some *VERY* explicit, tight rules about what
can be exposed via this interface in the future. We absolutely can't
have folks adding to this in the future without following those rules.
A lot of this is implicit in the implementation and even the ABI, but
let's say them out loud, please:
* The MSRs must be read-only. If they are read-write, the snapshot
can get out of date. This can be guaranteed by either:
* Never being written at runtime after they are snapshotted, or
preferably:
* Being defined to be read-only (wrmsr just doesn't work)
* The MSRs must be have the same exact value on all CPUs (because
there is only one file per MSR)
* The value must be static. Not only read-only from the software
point of view, but the hardware and hypervisor must also promise not
to change it.
The first two seem doable. I'm not sure how we deal with the third,
though, especially in the case of microcode updates or clever hypervisors.
prev parent reply other threads:[~2023-05-30 17:19 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-23 19:49 [PATCH 1/2] x86/msr: Read MSRs individually Tim Wiederhake
2023-05-23 19:49 ` [PATCH 2/2] x86/msr: Allow unprivileged read access to some MSRs Tim Wiederhake
2023-05-23 20:31 ` H. Peter Anvin
2023-05-30 10:23 ` [PATCH v2] " Tim Wiederhake
2023-05-30 16:56 ` Jim Mattson
2023-05-30 17:19 ` Dave Hansen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ce2badca-089d-34de-c929-075fe75fc0e9@intel.com \
--to=dave.hansen@intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
--cc=twiederh@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox