Re: cpuctl(formely devcpu) patch test request

From: Stanislav Sedov <stas_at_FreeBSD.org>
Date: Tue, 5 Aug 2008 14:03:24 +0400
On Mon, 16 Jun 2008 14:42:41 -0400
Coleman Kane <cokane_at_FreeBSD.org> mentioned:

> 
> Is it potentially "unsafe" to use RDMSR?
>

Well, it might disclose some sensitive information,
as well as create covert channels. E.g. some of the
registers contains kernel thread pointers, etc; some
of them undocumented. It won't be very wise to give
access to the rdmsr feature to all users on a
multi-user machine.

Sorry for this taking so long. You messages spotted
a bug in my security model for this driver, so I've
redone that. Now, the access to the rdmsr and cpuid
features will be granted only if the caller has
read permissions on the device, and wrmsr/update
 - only if he've opened the device for writing.
This way you can provide fine-grained control to
the driver features.

I've also added the cpucontrol utility which provided
userland accesss to the driver, and allows to apply
microcode updates.

The latest patch against HEAD is available here:
ftp://ftp.SpringDaemons.com/dustheap/cpuctl.4.diff

Thanks!

-- 
Stanislav Sedov
ST4096-RIPE

Received on Tue Aug 05 2008 - 08:20:06 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:33 UTC