coretempd: disable MSR fallback, use /scheme/sys/cpu exclusively

Kernel has a use-after-free bug in sys_read triggered by /scheme/sys/msr
access. The probe guard prevents most crashes but the kernel bug can still
trigger during MSR read paths. Removing the MSR fallback eliminates this
crash path entirely. Vendor detection now uses /scheme/sys/cpu only.
This commit is contained in:
2026-06-02 09:22:47 +03:00
parent ca8f583a23
commit 6d14a378c3
2 changed files with 15 additions and 8 deletions
+12
View File
@@ -633,3 +633,15 @@ path = "/etc/environment.d/90-dbus.conf"
data = """
DBUS_SYSTEM_BUS_ADDRESS=unix:path=/run/dbus/system_bus_socket
"""
[[files]]
path = "/home/user"
data = ""
directory = true
mode = 0o755
[[files]]
path = "/root"
data = ""
directory = true
mode = 0o700
@@ -63,14 +63,9 @@ fn detect_vendor(cpu: u32) -> Vendor {
return Vendor::Amd;
}
}
// Fall back to MSR probing if platform info unavailable
if read_msr(cpu, IA32_THERM_STATUS).is_some() {
Vendor::Intel
} else if read_msr(cpu, AMD_TCTL).is_some() {
Vendor::Amd
} else {
Vendor::Unknown
}
// MSR probing disabled: even with the probe guard, the kernel can UAF
// during sys_read on /scheme/sys/msr. Use /scheme/sys/cpu exclusively.
Vendor::Unknown
}
fn detect_cpus() -> Vec<u32> {