Software Tuning, Performance Optimization & Platform Monitoring
Discussion regarding monitoring and software tuning methodologies, Performance Monitoring Unit (PMU) of Intel microprocessors, and platform updating.
1787 Discussions

is MSR access in only-read mode safe?

hervem
Beginner
‎07-12-2021 05:14 AM
2,776 Views

Hello,

I developed a tool based on  (Linux) rdmsr to read some MSR registers (RAPL). And I would like to have this tool installed on large computing clusters.

I know that allowing read AND write of MSR registers for all the users is not safe, mainly due to the write capability.

I suppose that allowing only read (even for all users) is safe, but I failed to find literature on it.

Is there any? Is it obvious?

Thanks in advance for your help,

hervem

0 Kudos

Link Copied

4 Replies
McCalpinJohn
Honored Contributor III
‎08-10-2021 07:45 AM
2,722 Views

"Safe" can mean several different things in this context....

Write access to MSRs can fairly easily crash a system.  Read access to MSRs should not be able to crash a system.

Read access to MSRs opens a fair number of security risks.

The project https://github.com/LLNL/msr-safe provides the ability grant different permissions to different MSRs.  Limiting the accessible MSRs to the ones of interest can reduce the uncertainty about security risks.  I have not deployed this package on production systems, but had no trouble getting it to work properly on a test cluster.

0 Kudos
Copy link
hervem
Beginner
‎08-31-2021 04:17 AM
2,674 Views
In response to McCalpinJohn

Thanks for your help.

I agree, msr-safe is a good candidate to limit the risks. I did not use it yet. 

BTW
In HPC context the users allocate usually nodes with exclusivity access (not shared).
NB : If the node is not allocated in an exclusive mode, you can have a look on what is running on the node (from yourself or not), with or without msr_read.

So safe could be understood as :
By using (only) msr_read, can we access information we should not access as a basic user (eg password, code&data of other users) ? or can we modify the cluster behavior ?
I would say NO, but perhaps I am wrong.

In response to McCalpinJohn
0 Kudos
Copy link
urimashi
Beginner
‎05-30-2024 01:00 AM
1,539 Views
In response to McCalpinJohn

Hello McCalpinJohn,

 

What are the risks for read access to the MSRs?

 

Thanks,

Uri

In response to McCalpinJohn
0 Kudos
Copy link
McCalpinJohn
Honored Contributor III
‎05-30-2024 08:40 AM
1,522 Views
In response to urimashi

I routinely read all the MSRs on systems to document the system state -- this has never caused any crashes or misbehavior, so it is "safe" in that limited sense.

Read access to MSRs is "unsafe" in the sense of system security.  It allows any user with access to read a whole lot of state that is supposed to be private to the OS or to other users.  I don't know of any specific exploits that I could name, but some of the problematic content includes:

  • Read the core performance counter programming and performance counter values on any core.
  • Read the CHA/SF/LLC performance counter programming and counter values for any CHA/SF/LLC block.
  • Machine Check Architecture records
    • (May help with RowHammer-type attacks?)

 

In response to urimashi
0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.