From owner-freebsd-current@FreeBSD.ORG Tue Aug 5 10:20:06 2008 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F173D1065677; Tue, 5 Aug 2008 10:20:06 +0000 (UTC) (envelope-from stas@ht-systems.ru) Received: from smtp.ht-systems.ru (mr0.ht-systems.ru [78.110.50.55]) by mx1.freebsd.org (Postfix) with ESMTP id 654558FC12; Tue, 5 Aug 2008 10:20:06 +0000 (UTC) (envelope-from stas@ht-systems.ru) Received: from [83.166.229.34] (helo=sputnik.SpringDaemons.com) by smtp.ht-systems.ru with esmtpa (Exim 4.62) (envelope-from ) id 1KQJKr-0003fM-UB; Tue, 05 Aug 2008 14:00:09 +0400 Received: by sputnik.SpringDaemons.com (Postfix, from userid 1024) id 042E1941D12; Tue, 5 Aug 2008 14:03:34 +0400 (MSD) Date: Tue, 5 Aug 2008 14:03:24 +0400 From: Stanislav Sedov To: Coleman Kane Message-Id: <20080805140324.9f53ba9b.stas@FreeBSD.org> In-Reply-To: <1213641761.2184.0.camel@localhost> References: <20080606020927.8d6675e1.stas@FreeBSD.org> <10261.1212703949@critter.freebsd.dk> <20080606025533.8322ee08.stas@FreeBSD.org> <1212758604.1904.33.camel@localhost> <20080615230250.7f3efae4.stas@FreeBSD.org> <1213557999.1816.15.camel@localhost> <20080616204433.48ad9879.stas@FreeBSD.org> <20080616222740.5cdd9490.stas@FreeBSD.org> <1213641761.2184.0.camel@localhost> Organization: The FreeBSD Project X-XMPP: ssedov@jabber.ru X-Voice: +7 916 849 20 23 X-PGP-Fingerprin: F21E D6CC 5626 9609 6CE2 A385 2BF5 5993 EB26 9581 X-Mailer: carrier-pigeon Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="PGP-SHA1"; boundary="Signature=_Tue__5_Aug_2008_14_03_24_+0400_Fo2AJIKU7ZoFBGeO" Cc: kib@freebsd.org, Poul-Henning Kamp , Rui Paulo , current@freebsd.org, Peter Jeremy Subject: Re: cpuctl(formely devcpu) patch test request X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2008 10:20:07 -0000 --Signature=_Tue__5_Aug_2008_14_03_24_+0400_Fo2AJIKU7ZoFBGeO Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, 16 Jun 2008 14:42:41 -0400 Coleman Kane mentioned: >=20 > Is it potentially "unsafe" to use RDMSR? > Well, it might disclose some sensitive information, as well as create covert channels. E.g. some of the registers contains kernel thread pointers, etc; some of them undocumented. It won't be very wise to give access to the rdmsr feature to all users on a multi-user machine. Sorry for this taking so long. You messages spotted a bug in my security model for this driver, so I've redone that. Now, the access to the rdmsr and cpuid features will be granted only if the caller has read permissions on the device, and wrmsr/update - only if he've opened the device for writing. This way you can provide fine-grained control to the driver features. I've also added the cpucontrol utility which provided userland accesss to the driver, and allows to apply microcode updates. The latest patch against HEAD is available here: ftp://ftp.SpringDaemons.com/dustheap/cpuctl.4.diff Thanks! --=20 Stanislav Sedov ST4096-RIPE --Signature=_Tue__5_Aug_2008_14_03_24_+0400_Fo2AJIKU7ZoFBGeO Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkiYJXYACgkQK/VZk+smlYHrqgCfQ9yu6ZlfOUbMUQLg0SM3uO5x mrgAn00GQ0LUnoVYtymrX+gme5pAB8mo =RzxB -----END PGP SIGNATURE----- --Signature=_Tue__5_Aug_2008_14_03_24_+0400_Fo2AJIKU7ZoFBGeO--