[PATCH] Kernel Lockdown: Add an option to allow raw MSR access even, in confidentiality mode.
Matthew Garrett
mjg59 at google.com
Tue Dec 3 02:16:18 UTC 2019
On Mon, Dec 2, 2019 at 6:01 PM Matt Parnell <mparnell at gmail.com> wrote:
>
> I should also mention the kernel itself thinks it is vulnerable with the
> MSRs locked down:
>
> [ 7.367922] L1TF CPU bug present and SMT on, data leak possible. See
> CVE-2018-3646 and
> https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for
> details.
The lockdown code doesn't touch any of the codepaths the kernel uses
to access MSRs itself (a *lot* would break in that case), so if the
kernel is asserting this inappropriately then that seems like a kernel
bug.
More information about the Linux-security-module-archive
mailing list