cpuctl(formely devcpu) patch test request
Stanislav Sedov
stas at FreeBSD.org
Tue Aug 5 12:21:07 UTC 2008
On Tue, 5 Aug 2008 14:53:15 +0300
Kostik Belousov <kostikbel at gmail.com> mentioned:
> On Tue, Aug 05, 2008 at 02:03:24PM +0400, Stanislav Sedov wrote:
> > On Mon, 16 Jun 2008 14:42:41 -0400
> > Coleman Kane <cokane at FreeBSD.org> mentioned:
> >
> > >
> > > Is it potentially "unsafe" to use RDMSR?
> > >
> >
> > Well, it might disclose some sensitive information,
> > as well as create covert channels. E.g. some of the
> > registers contains kernel thread pointers, etc; some
> > of them undocumented. It won't be very wise to give
> > access to the rdmsr feature to all users on a
> > multi-user machine.
> >
> > Sorry for this taking so long. You messages spotted
> > a bug in my security model for this driver, so I've
> > redone that. Now, the access to the rdmsr and cpuid
> > features will be granted only if the caller has
> > read permissions on the device, and wrmsr/update
> > - only if he've opened the device for writing.
> > This way you can provide fine-grained control to
> > the driver features.
> >
> > I've also added the cpucontrol utility which provided
> > userland accesss to the driver, and allows to apply
> > microcode updates.
> >
> > The latest patch against HEAD is available here:
> > ftp://ftp.SpringDaemons.com/dustheap/cpuctl.4.diff
> >
> > Thanks!
>
> --- a/sys/amd64/amd64/support.S
> +++ b/sys/amd64/amd64/support.S
> @@ -765,6 +765,7 @@ ENTRY(wrmsr_safe)
> */
> ALIGN_TEXT
> msr_onfault:
> - movq $0,PCB_ONFAULT(%r8)
> - movl $EFAULT,%eax
> + movq PCPU(CURPCB),%r8 /* set fault handler */
> + movq $0,PCB_ONFAULT(%r8)
> + movq $EFAULT,%rax
> ret
>
> movq $EFAULT,%rax is better to be replaced by movl, %eax. Amd64 specifies
> automatic zeroing of the upper-half of the registers on the 32bit operation.
>
Yeah, it seems that I thought about this initially, but decided
that this was unsafe lately. Thanks for suggestion!
There's a fixed version:
ftp://ftp.SpringDaemons.com/dustheap/cpuctl.5.diff
--
Stanislav Sedov
ST4096-RIPE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20080805/1648e3b2/attachment.pgp
More information about the freebsd-current
mailing list