xref: /linux/arch/x86/kernel/msr.c (revision 0c8a32eed1625a65798286fb73fea8710a908545)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* ----------------------------------------------------------------------- *
3  *
4  *   Copyright 2000-2008 H. Peter Anvin - All Rights Reserved
5  *   Copyright 2009 Intel Corporation; author: H. Peter Anvin
6  *
7  * ----------------------------------------------------------------------- */
8 
9 /*
10  * x86 MSR access device
11  *
12  * This device is accessed by lseek() to the appropriate register number
13  * and then read/write in chunks of 8 bytes.  A larger size means multiple
14  * reads or writes of the same register.
15  *
16  * This driver uses /dev/cpu/%d/msr where %d is the minor number, and on
17  * an SMP box will direct the access to CPU %d.
18  */
19 
20 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
21 
22 #include <linux/module.h>
23 
24 #include <linux/types.h>
25 #include <linux/errno.h>
26 #include <linux/fcntl.h>
27 #include <linux/init.h>
28 #include <linux/poll.h>
29 #include <linux/smp.h>
30 #include <linux/major.h>
31 #include <linux/fs.h>
32 #include <linux/device.h>
33 #include <linux/cpu.h>
34 #include <linux/notifier.h>
35 #include <linux/uaccess.h>
36 #include <linux/gfp.h>
37 #include <linux/security.h>
38 
39 #include <asm/cpufeature.h>
40 #include <asm/msr.h>
41 
42 static struct class *msr_class;
43 static enum cpuhp_state cpuhp_msr_state;
44 
45 enum allow_write_msrs {
46 	MSR_WRITES_ON,
47 	MSR_WRITES_OFF,
48 	MSR_WRITES_DEFAULT,
49 };
50 
51 static enum allow_write_msrs allow_writes = MSR_WRITES_DEFAULT;
52 
53 static ssize_t msr_read(struct file *file, char __user *buf,
54 			size_t count, loff_t *ppos)
55 {
56 	u32 __user *tmp = (u32 __user *) buf;
57 	u32 data[2];
58 	u32 reg = *ppos;
59 	int cpu = iminor(file_inode(file));
60 	int err = 0;
61 	ssize_t bytes = 0;
62 
63 	if (count % 8)
64 		return -EINVAL;	/* Invalid chunk size */
65 
66 	for (; count; count -= 8) {
67 		err = rdmsr_safe_on_cpu(cpu, reg, &data[0], &data[1]);
68 		if (err)
69 			break;
70 		if (copy_to_user(tmp, &data, 8)) {
71 			err = -EFAULT;
72 			break;
73 		}
74 		tmp += 2;
75 		bytes += 8;
76 	}
77 
78 	return bytes ? bytes : err;
79 }
80 
81 static int filter_write(u32 reg)
82 {
83 	/*
84 	 * MSRs writes usually happen all at once, and can easily saturate kmsg.
85 	 * Only allow one message every 30 seconds.
86 	 *
87 	 * It's possible to be smarter here and do it (for example) per-MSR, but
88 	 * it would certainly be more complex, and this is enough at least to
89 	 * avoid saturating the ring buffer.
90 	 */
91 	static DEFINE_RATELIMIT_STATE(fw_rs, 30 * HZ, 1);
92 
93 	switch (allow_writes) {
94 	case MSR_WRITES_ON:  return 0;
95 	case MSR_WRITES_OFF: return -EPERM;
96 	default: break;
97 	}
98 
99 	if (!__ratelimit(&fw_rs))
100 		return 0;
101 
102 	pr_warn("Write to unrecognized MSR 0x%x by %s (pid: %d).\n",
103 	        reg, current->comm, current->pid);
104 	pr_warn("See https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/about for details.\n");
105 
106 	return 0;
107 }
108 
109 static ssize_t msr_write(struct file *file, const char __user *buf,
110 			 size_t count, loff_t *ppos)
111 {
112 	const u32 __user *tmp = (const u32 __user *)buf;
113 	u32 data[2];
114 	u32 reg = *ppos;
115 	int cpu = iminor(file_inode(file));
116 	int err = 0;
117 	ssize_t bytes = 0;
118 
119 	err = security_locked_down(LOCKDOWN_MSR);
120 	if (err)
121 		return err;
122 
123 	err = filter_write(reg);
124 	if (err)
125 		return err;
126 
127 	if (count % 8)
128 		return -EINVAL;	/* Invalid chunk size */
129 
130 	for (; count; count -= 8) {
131 		if (copy_from_user(&data, tmp, 8)) {
132 			err = -EFAULT;
133 			break;
134 		}
135 
136 		add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK);
137 
138 		err = wrmsr_safe_on_cpu(cpu, reg, data[0], data[1]);
139 		if (err)
140 			break;
141 
142 		tmp += 2;
143 		bytes += 8;
144 	}
145 
146 	return bytes ? bytes : err;
147 }
148 
149 static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
150 {
151 	u32 __user *uregs = (u32 __user *)arg;
152 	u32 regs[8];
153 	int cpu = iminor(file_inode(file));
154 	int err;
155 
156 	switch (ioc) {
157 	case X86_IOC_RDMSR_REGS:
158 		if (!(file->f_mode & FMODE_READ)) {
159 			err = -EBADF;
160 			break;
161 		}
162 		if (copy_from_user(&regs, uregs, sizeof(regs))) {
163 			err = -EFAULT;
164 			break;
165 		}
166 		err = rdmsr_safe_regs_on_cpu(cpu, regs);
167 		if (err)
168 			break;
169 		if (copy_to_user(uregs, &regs, sizeof(regs)))
170 			err = -EFAULT;
171 		break;
172 
173 	case X86_IOC_WRMSR_REGS:
174 		if (!(file->f_mode & FMODE_WRITE)) {
175 			err = -EBADF;
176 			break;
177 		}
178 		if (copy_from_user(&regs, uregs, sizeof(regs))) {
179 			err = -EFAULT;
180 			break;
181 		}
182 		err = security_locked_down(LOCKDOWN_MSR);
183 		if (err)
184 			break;
185 		err = wrmsr_safe_regs_on_cpu(cpu, regs);
186 		if (err)
187 			break;
188 		if (copy_to_user(uregs, &regs, sizeof(regs)))
189 			err = -EFAULT;
190 		break;
191 
192 	default:
193 		err = -ENOTTY;
194 		break;
195 	}
196 
197 	return err;
198 }
199 
200 static int msr_open(struct inode *inode, struct file *file)
201 {
202 	unsigned int cpu = iminor(file_inode(file));
203 	struct cpuinfo_x86 *c;
204 
205 	if (!capable(CAP_SYS_RAWIO))
206 		return -EPERM;
207 
208 	if (cpu >= nr_cpu_ids || !cpu_online(cpu))
209 		return -ENXIO;	/* No such CPU */
210 
211 	c = &cpu_data(cpu);
212 	if (!cpu_has(c, X86_FEATURE_MSR))
213 		return -EIO;	/* MSR not supported */
214 
215 	return 0;
216 }
217 
218 /*
219  * File operations we support
220  */
221 static const struct file_operations msr_fops = {
222 	.owner = THIS_MODULE,
223 	.llseek = no_seek_end_llseek,
224 	.read = msr_read,
225 	.write = msr_write,
226 	.open = msr_open,
227 	.unlocked_ioctl = msr_ioctl,
228 	.compat_ioctl = msr_ioctl,
229 };
230 
231 static int msr_device_create(unsigned int cpu)
232 {
233 	struct device *dev;
234 
235 	dev = device_create(msr_class, NULL, MKDEV(MSR_MAJOR, cpu), NULL,
236 			    "msr%d", cpu);
237 	return PTR_ERR_OR_ZERO(dev);
238 }
239 
240 static int msr_device_destroy(unsigned int cpu)
241 {
242 	device_destroy(msr_class, MKDEV(MSR_MAJOR, cpu));
243 	return 0;
244 }
245 
246 static char *msr_devnode(struct device *dev, umode_t *mode)
247 {
248 	return kasprintf(GFP_KERNEL, "cpu/%u/msr", MINOR(dev->devt));
249 }
250 
251 static int __init msr_init(void)
252 {
253 	int err;
254 
255 	if (__register_chrdev(MSR_MAJOR, 0, NR_CPUS, "cpu/msr", &msr_fops)) {
256 		pr_err("unable to get major %d for msr\n", MSR_MAJOR);
257 		return -EBUSY;
258 	}
259 	msr_class = class_create(THIS_MODULE, "msr");
260 	if (IS_ERR(msr_class)) {
261 		err = PTR_ERR(msr_class);
262 		goto out_chrdev;
263 	}
264 	msr_class->devnode = msr_devnode;
265 
266 	err  = cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "x86/msr:online",
267 				 msr_device_create, msr_device_destroy);
268 	if (err < 0)
269 		goto out_class;
270 	cpuhp_msr_state = err;
271 	return 0;
272 
273 out_class:
274 	class_destroy(msr_class);
275 out_chrdev:
276 	__unregister_chrdev(MSR_MAJOR, 0, NR_CPUS, "cpu/msr");
277 	return err;
278 }
279 module_init(msr_init);
280 
281 static void __exit msr_exit(void)
282 {
283 	cpuhp_remove_state(cpuhp_msr_state);
284 	class_destroy(msr_class);
285 	__unregister_chrdev(MSR_MAJOR, 0, NR_CPUS, "cpu/msr");
286 }
287 module_exit(msr_exit)
288 
289 static int set_allow_writes(const char *val, const struct kernel_param *cp)
290 {
291 	/* val is NUL-terminated, see kernfs_fop_write() */
292 	char *s = strstrip((char *)val);
293 
294 	if (!strcmp(s, "on"))
295 		allow_writes = MSR_WRITES_ON;
296 	else if (!strcmp(s, "off"))
297 		allow_writes = MSR_WRITES_OFF;
298 	else
299 		allow_writes = MSR_WRITES_DEFAULT;
300 
301 	return 0;
302 }
303 
304 static int get_allow_writes(char *buf, const struct kernel_param *kp)
305 {
306 	const char *res;
307 
308 	switch (allow_writes) {
309 	case MSR_WRITES_ON:  res = "on"; break;
310 	case MSR_WRITES_OFF: res = "off"; break;
311 	default: res = "default"; break;
312 	}
313 
314 	return sprintf(buf, "%s\n", res);
315 }
316 
317 static const struct kernel_param_ops allow_writes_ops = {
318 	.set = set_allow_writes,
319 	.get = get_allow_writes
320 };
321 
322 module_param_cb(allow_writes, &allow_writes_ops, NULL, 0600);
323 
324 MODULE_AUTHOR("H. Peter Anvin <hpa@zytor.com>");
325 MODULE_DESCRIPTION("x86 generic MSR driver");
326 MODULE_LICENSE("GPL");
327