dashboard/config/linux: disable MSR writes

Randomly changing MSRs can have unpredictable results.
We tried to protect from writes on descriptions level,
but it does not work well, the fuzzer has figured out:

03:37:28 executing program 3:
syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='fd/3\x00')
pwritev(r0, ...)

Fortunately there is a command line argument that disables all writes.
Use it instead.

Note: older kernels will need:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a7e1f67ed29f
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=02a16aa13574

3 files changed, 2 insertions, 27 deletions

diff --git a/sys/linux/dev_msr.txt b/sys/linux/dev_msr.txt
index 07a3d3554..f3ae87664 100644
--- a/sys/linux/dev_msr.txt
+++ b/sys/linux/dev_msr.txt
@@ -11,5 +11,3 @@ syz_open_dev$MSR(dev ptr[in, string["/dev/cpu/#/msr"]], id intptr, flags const[O
 read$msr(fd fd_msr, buf buffer[out], count len[buf])
 
 ioctl$X86_IOC_RDMSR_REGS(fd fd_msr, cmd const[X86_IOC_RDMSR_REGS], arg ptr[in, array[int32, 8]])
-# Disallow writing to MSRs
-_ = X86_IOC_WRMSR_REGS
diff --git a/sys/linux/init.go b/sys/linux/init.go
index 6fa9665a8..6c486c2ed 100644
--- a/sys/linux/init.go
+++ b/sys/linux/init.go
@@ -48,10 +48,8 @@ func InitTarget(target *prog.Target) {
 		TIOCSSERIAL:                 target.GetConst("TIOCSSERIAL"),
 		TIOCGSERIAL:                 target.GetConst("TIOCGSERIAL"),
 		// These are not present on all arches.
-		ARCH_SET_FS:        target.ConstMap["ARCH_SET_FS"],
-		ARCH_SET_GS:        target.ConstMap["ARCH_SET_GS"],
-		X86_IOC_RDMSR_REGS: target.ConstMap["X86_IOC_RDMSR_REGS"],
-		X86_IOC_WRMSR_REGS: target.ConstMap["X86_IOC_WRMSR_REGS"],
+		ARCH_SET_FS: target.ConstMap["ARCH_SET_FS"],
+		ARCH_SET_GS: target.ConstMap["ARCH_SET_GS"],
 	}
 
 	target.MakeDataMmap = targets.MakePosixMmap(target, true, true)
@@ -160,8 +158,6 @@ type arch struct {
 	USB_MAJOR                   uint64
 	TIOCSSERIAL                 uint64
 	TIOCGSERIAL                 uint64
-	X86_IOC_RDMSR_REGS          uint64
-	X86_IOC_WRMSR_REGS          uint64
 }
 
 func (arch *arch) neutralize(c *prog.Call) {
@@ -337,12 +333,6 @@ func (arch *arch) neutralizeIoctl(c *prog.Call) {
 		// and would be nice to test, if/when we can neutralize based on sandbox value
 		// we could prohibit it only under sandbox=none.
 		cmd.Val = arch.TIOCGSERIAL
-	case arch.X86_IOC_WRMSR_REGS:
-		// Enabling X86_IOC_WRMSR_REGS would cause havoc as it can write to any MSR registers
-		// and there are a lot of things that could go wrong.
-		// TODO: Ideally, it would be great if we can have a restricted set of inputs for this
-		// such that we can write values only from that set.
-		cmd.Val = arch.X86_IOC_RDMSR_REGS
 	}
 }
 
diff --git a/sys/linux/init_test.go b/sys/linux/init_test.go
index 8c236af5d..8c4c07ba4 100644
--- a/sys/linux/init_test.go
+++ b/sys/linux/init_test.go
@@ -133,19 +133,6 @@ syz_open_dev$tty1(0xc, 0x4, 0x1)
 `,
 		},
 		{
-			In: `syz_open_dev$MSR(0x0, 0x0, 0x0)`,
-		},
-		{
-			In: `
-ioctl$X86_IOC_RDMSR_REGS(0xa, 0xc02063a0, 0x0)
-ioctl$X86_IOC_RDMSR_REGS(0xa, 0xc02063a1, 0x0)
-`,
-			Out: `
-ioctl$X86_IOC_RDMSR_REGS(0xa, 0xc02063a0, 0x0)
-ioctl$X86_IOC_RDMSR_REGS(0xa, 0xc02063a0, 0x0)
-`,
-		},
-		{
 			In:  `sched_setattr(0x0, &(0x7f00000002c0)={0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)`,
 			Out: `sched_setattr(0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x3}, 0x0)`,
 		},