Re: RFC: Tainting the kernel on raw I/O access

From: One Thousand Gnomes
Date: Thu Sep 04 2014 - 12:48:20 EST


On Thu, 4 Sep 2014 07:07:39 +0200
Ingo Molnar <mingo@xxxxxxxxxx> wrote:

>
> * H. Peter Anvin <h.peter.anvin@xxxxxxxxx> wrote:
>
> > In a meeting earlier today, we discussed MSR access and that it could be
> > used to do bad things. The same applies to other forms of raw I/O
> > (/dev/mem, /dev/port, ioperm, iopl, etc.)
> >
> > This is basically the same problem with which the secure boot people
> > have been struggling.
> >
> > Peter Z. suggested we should taint the kernel on raw I/O access, and I
> > tend to concur.
>
> Lets start with the 'only for developers and the crazy'
> interfaces, like /dev/msr access, and extend it step by step?

/dev/msr is used by standard distribution tools like powertop, and by
chromeos power management layers like dptf.

msr writes might fit the crazy book but I think you'd need to take a
close look at the standard tools first

This is the need a whitelist problem.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/