1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* ----------------------------------------------------------------------- * 3 * 4 * Copyright 2000-2008 H. Peter Anvin - All Rights Reserved 5 * Copyright 2009 Intel Corporation; author: H. Peter Anvin 6 * 7 * ----------------------------------------------------------------------- */ 8 9 /* 10 * x86 MSR access device 11 * 12 * This device is accessed by lseek() to the appropriate register number 13 * and then read/write in chunks of 8 bytes. A larger size means multiple 14 * reads or writes of the same register. 15 * 16 * This driver uses /dev/cpu/%d/msr where %d is the minor number, and on 17 * an SMP box will direct the access to CPU %d. 18 */ 19 20 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 21 22 #include <linux/module.h> 23 24 #include <linux/types.h> 25 #include <linux/errno.h> 26 #include <linux/fcntl.h> 27 #include <linux/init.h> 28 #include <linux/poll.h> 29 #include <linux/smp.h> 30 #include <linux/major.h> 31 #include <linux/fs.h> 32 #include <linux/device.h> 33 #include <linux/cpu.h> 34 #include <linux/notifier.h> 35 #include <linux/uaccess.h> 36 #include <linux/gfp.h> 37 #include <linux/security.h> 38 39 #include <asm/cpufeature.h> 40 #include <asm/msr.h> 41 42 static struct class *msr_class; 43 static enum cpuhp_state cpuhp_msr_state; 44 45 enum allow_write_msrs { 46 MSR_WRITES_ON, 47 MSR_WRITES_OFF, 48 MSR_WRITES_DEFAULT, 49 }; 50 51 static enum allow_write_msrs allow_writes = MSR_WRITES_DEFAULT; 52 53 static ssize_t msr_read(struct file *file, char __user *buf, 54 size_t count, loff_t *ppos) 55 { 56 u32 __user *tmp = (u32 __user *) buf; 57 u32 data[2]; 58 u32 reg = *ppos; 59 int cpu = iminor(file_inode(file)); 60 int err = 0; 61 ssize_t bytes = 0; 62 63 if (count % 8) 64 return -EINVAL; /* Invalid chunk size */ 65 66 for (; count; count -= 8) { 67 err = rdmsr_safe_on_cpu(cpu, reg, &data[0], &data[1]); 68 if (err) 69 break; 70 if (copy_to_user(tmp, &data, 8)) { 71 err = -EFAULT; 72 break; 73 } 74 tmp += 2; 75 bytes += 8; 76 } 77 78 return bytes ? bytes : err; 79 } 80 81 static int filter_write(u32 reg) 82 { 83 /* 84 * MSRs writes usually happen all at once, and can easily saturate kmsg. 85 * Only allow one message every 30 seconds. 86 * 87 * It's possible to be smarter here and do it (for example) per-MSR, but 88 * it would certainly be more complex, and this is enough at least to 89 * avoid saturating the ring buffer. 90 */ 91 static DEFINE_RATELIMIT_STATE(fw_rs, 30 * HZ, 1); 92 93 switch (allow_writes) { 94 case MSR_WRITES_ON: return 0; 95 case MSR_WRITES_OFF: return -EPERM; 96 default: break; 97 } 98 99 if (!__ratelimit(&fw_rs)) 100 return 0; 101 102 pr_warn("Write to unrecognized MSR 0x%x by %s (pid: %d).\n", 103 reg, current->comm, current->pid); 104 pr_warn("See https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/about for details.\n"); 105 106 return 0; 107 } 108 109 static ssize_t msr_write(struct file *file, const char __user *buf, 110 size_t count, loff_t *ppos) 111 { 112 const u32 __user *tmp = (const u32 __user *)buf; 113 u32 data[2]; 114 u32 reg = *ppos; 115 int cpu = iminor(file_inode(file)); 116 int err = 0; 117 ssize_t bytes = 0; 118 119 err = security_locked_down(LOCKDOWN_MSR); 120 if (err) 121 return err; 122 123 err = filter_write(reg); 124 if (err) 125 return err; 126 127 if (count % 8) 128 return -EINVAL; /* Invalid chunk size */ 129 130 for (; count; count -= 8) { 131 if (copy_from_user(&data, tmp, 8)) { 132 err = -EFAULT; 133 break; 134 } 135 136 add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK); 137 138 err = wrmsr_safe_on_cpu(cpu, reg, data[0], data[1]); 139 if (err) 140 break; 141 142 tmp += 2; 143 bytes += 8; 144 } 145 146 return bytes ? bytes : err; 147 } 148 149 static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg) 150 { 151 u32 __user *uregs = (u32 __user *)arg; 152 u32 regs[8]; 153 int cpu = iminor(file_inode(file)); 154 int err; 155 156 switch (ioc) { 157 case X86_IOC_RDMSR_REGS: 158 if (!(file->f_mode & FMODE_READ)) { 159 err = -EBADF; 160 break; 161 } 162 if (copy_from_user(®s, uregs, sizeof(regs))) { 163 err = -EFAULT; 164 break; 165 } 166 err = rdmsr_safe_regs_on_cpu(cpu, regs); 167 if (err) 168 break; 169 if (copy_to_user(uregs, ®s, sizeof(regs))) 170 err = -EFAULT; 171 break; 172 173 case X86_IOC_WRMSR_REGS: 174 if (!(file->f_mode & FMODE_WRITE)) { 175 err = -EBADF; 176 break; 177 } 178 if (copy_from_user(®s, uregs, sizeof(regs))) { 179 err = -EFAULT; 180 break; 181 } 182 err = security_locked_down(LOCKDOWN_MSR); 183 if (err) 184 break; 185 err = wrmsr_safe_regs_on_cpu(cpu, regs); 186 if (err) 187 break; 188 if (copy_to_user(uregs, ®s, sizeof(regs))) 189 err = -EFAULT; 190 break; 191 192 default: 193 err = -ENOTTY; 194 break; 195 } 196 197 return err; 198 } 199 200 static int msr_open(struct inode *inode, struct file *file) 201 { 202 unsigned int cpu = iminor(file_inode(file)); 203 struct cpuinfo_x86 *c; 204 205 if (!capable(CAP_SYS_RAWIO)) 206 return -EPERM; 207 208 if (cpu >= nr_cpu_ids || !cpu_online(cpu)) 209 return -ENXIO; /* No such CPU */ 210 211 c = &cpu_data(cpu); 212 if (!cpu_has(c, X86_FEATURE_MSR)) 213 return -EIO; /* MSR not supported */ 214 215 return 0; 216 } 217 218 /* 219 * File operations we support 220 */ 221 static const struct file_operations msr_fops = { 222 .owner = THIS_MODULE, 223 .llseek = no_seek_end_llseek, 224 .read = msr_read, 225 .write = msr_write, 226 .open = msr_open, 227 .unlocked_ioctl = msr_ioctl, 228 .compat_ioctl = msr_ioctl, 229 }; 230 231 static int msr_device_create(unsigned int cpu) 232 { 233 struct device *dev; 234 235 dev = device_create(msr_class, NULL, MKDEV(MSR_MAJOR, cpu), NULL, 236 "msr%d", cpu); 237 return PTR_ERR_OR_ZERO(dev); 238 } 239 240 static int msr_device_destroy(unsigned int cpu) 241 { 242 device_destroy(msr_class, MKDEV(MSR_MAJOR, cpu)); 243 return 0; 244 } 245 246 static char *msr_devnode(struct device *dev, umode_t *mode) 247 { 248 return kasprintf(GFP_KERNEL, "cpu/%u/msr", MINOR(dev->devt)); 249 } 250 251 static int __init msr_init(void) 252 { 253 int err; 254 255 if (__register_chrdev(MSR_MAJOR, 0, NR_CPUS, "cpu/msr", &msr_fops)) { 256 pr_err("unable to get major %d for msr\n", MSR_MAJOR); 257 return -EBUSY; 258 } 259 msr_class = class_create(THIS_MODULE, "msr"); 260 if (IS_ERR(msr_class)) { 261 err = PTR_ERR(msr_class); 262 goto out_chrdev; 263 } 264 msr_class->devnode = msr_devnode; 265 266 err = cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "x86/msr:online", 267 msr_device_create, msr_device_destroy); 268 if (err < 0) 269 goto out_class; 270 cpuhp_msr_state = err; 271 return 0; 272 273 out_class: 274 class_destroy(msr_class); 275 out_chrdev: 276 __unregister_chrdev(MSR_MAJOR, 0, NR_CPUS, "cpu/msr"); 277 return err; 278 } 279 module_init(msr_init); 280 281 static void __exit msr_exit(void) 282 { 283 cpuhp_remove_state(cpuhp_msr_state); 284 class_destroy(msr_class); 285 __unregister_chrdev(MSR_MAJOR, 0, NR_CPUS, "cpu/msr"); 286 } 287 module_exit(msr_exit) 288 289 static int set_allow_writes(const char *val, const struct kernel_param *cp) 290 { 291 /* val is NUL-terminated, see kernfs_fop_write() */ 292 char *s = strstrip((char *)val); 293 294 if (!strcmp(s, "on")) 295 allow_writes = MSR_WRITES_ON; 296 else if (!strcmp(s, "off")) 297 allow_writes = MSR_WRITES_OFF; 298 else 299 allow_writes = MSR_WRITES_DEFAULT; 300 301 return 0; 302 } 303 304 static int get_allow_writes(char *buf, const struct kernel_param *kp) 305 { 306 const char *res; 307 308 switch (allow_writes) { 309 case MSR_WRITES_ON: res = "on"; break; 310 case MSR_WRITES_OFF: res = "off"; break; 311 default: res = "default"; break; 312 } 313 314 return sprintf(buf, "%s\n", res); 315 } 316 317 static const struct kernel_param_ops allow_writes_ops = { 318 .set = set_allow_writes, 319 .get = get_allow_writes 320 }; 321 322 module_param_cb(allow_writes, &allow_writes_ops, NULL, 0600); 323 324 MODULE_AUTHOR("H. Peter Anvin <hpa@zytor.com>"); 325 MODULE_DESCRIPTION("x86 generic MSR driver"); 326 MODULE_LICENSE("GPL"); 327