Hi David, On Mon, Oct 23, 2017 at 03:49:44PM +0100, David Howells wrote: > Alan Cox <gno...@lxorguk.ukuu.org.uk> wrote: > > > There are a load of standard tools that use this so I think you are going > > to need a whitelist. Can you at least log *which* MSR in the failing case > > so a whitelist can be built over time ? > > Will the attached change work for you? >
It's good to me. Joey Lee > --- > diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c > index a05a97863286..f18cadbc31ce 100644 > --- a/arch/x86/kernel/msr.c > +++ b/arch/x86/kernel/msr.c > @@ -84,8 +84,10 @@ static ssize_t msr_write(struct file *file, const char > __user *buf, > int err = 0; > ssize_t bytes = 0; > > - if (kernel_is_locked_down("Direct MSR access")) > + if (kernel_is_locked_down("Direct MSR access")) { > + pr_info("Direct access to MSR %x\n", reg); > return -EPERM; > + } > > if (count % 8) > return -EINVAL; /* Invalid chunk size */ > @@ -135,6 +137,7 @@ static long msr_ioctl(struct file *file, unsigned int > ioc, unsigned long arg) > break; > } > if (kernel_is_locked_down("Direct MSR access")) { > + pr_info("Direct access to MSR %x\n", reg[1]); /* > Display %ecx */ > err = -EPERM; > break; > }