1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* ----------------------------------------------------------------------- * 3 * 4 * Copyright 2000-2008 H. Peter Anvin - All Rights Reserved 5 * Copyright 2009 Intel Corporation; author: H. Peter Anvin 6 * 7 * ----------------------------------------------------------------------- */ 8 9 /* 10 * x86 MSR access device 11 * 12 * This device is accessed by lseek() to the appropriate register number 13 * and then read/write in chunks of 8 bytes. A larger size means multiple 14 * reads or writes of the same register. 15 * 16 * This driver uses /dev/cpu/%d/msr where %d is the minor number, and on 17 * an SMP box will direct the access to CPU %d. 18 */ 19 20 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 21 22 #include <linux/module.h> 23 24 #include <linux/types.h> 25 #include <linux/errno.h> 26 #include <linux/fcntl.h> 27 #include <linux/init.h> 28 #include <linux/poll.h> 29 #include <linux/smp.h> 30 #include <linux/major.h> 31 #include <linux/fs.h> 32 #include <linux/device.h> 33 #include <linux/cpu.h> 34 #include <linux/notifier.h> 35 #include <linux/uaccess.h> 36 #include <linux/gfp.h> 37 #include <linux/security.h> 38 39 #include <asm/cpufeature.h> 40 #include <asm/msr.h> 41 42 static struct class *msr_class; 43 static enum cpuhp_state cpuhp_msr_state; 44 45 enum allow_write_msrs { 46 MSR_WRITES_ON, 47 MSR_WRITES_OFF, 48 MSR_WRITES_DEFAULT, 49 }; 50 51 static enum allow_write_msrs allow_writes = MSR_WRITES_DEFAULT; 52 53 static ssize_t msr_read(struct file *file, char __user *buf, 54 size_t count, loff_t *ppos) 55 { 56 u32 __user *tmp = (u32 __user *) buf; 57 u32 data[2]; 58 u32 reg = *ppos; 59 int cpu = iminor(file_inode(file)); 60 int err = 0; 61 ssize_t bytes = 0; 62 63 if (count % 8) 64 return -EINVAL; /* Invalid chunk size */ 65 66 for (; count; count -= 8) { 67 err = rdmsr_safe_on_cpu(cpu, reg, &data[0], &data[1]); 68 if (err) 69 break; 70 if (copy_to_user(tmp, &data, 8)) { 71 err = -EFAULT; 72 break; 73 } 74 tmp += 2; 75 bytes += 8; 76 } 77 78 return bytes ? bytes : err; 79 } 80 81 static int filter_write(u32 reg) 82 { 83 /* 84 * MSRs writes usually happen all at once, and can easily saturate kmsg. 85 * Only allow one message every 30 seconds. 86 * 87 * It's possible to be smarter here and do it (for example) per-MSR, but 88 * it would certainly be more complex, and this is enough at least to 89 * avoid saturating the ring buffer. 90 */ 91 static DEFINE_RATELIMIT_STATE(fw_rs, 30 * HZ, 1); 92 93 switch (allow_writes) { 94 case MSR_WRITES_ON: return 0; 95 case MSR_WRITES_OFF: return -EPERM; 96 default: break; 97 } 98 99 if (!__ratelimit(&fw_rs)) 100 return 0; 101 102 if (reg == MSR_IA32_ENERGY_PERF_BIAS) 103 return 0; 104 105 pr_err("Write to unrecognized MSR 0x%x by %s (pid: %d). Please report to x86@kernel.org.\n", 106 reg, current->comm, current->pid); 107 108 return 0; 109 } 110 111 static ssize_t msr_write(struct file *file, const char __user *buf, 112 size_t count, loff_t *ppos) 113 { 114 const u32 __user *tmp = (const u32 __user *)buf; 115 u32 data[2]; 116 u32 reg = *ppos; 117 int cpu = iminor(file_inode(file)); 118 int err = 0; 119 ssize_t bytes = 0; 120 121 err = security_locked_down(LOCKDOWN_MSR); 122 if (err) 123 return err; 124 125 err = filter_write(reg); 126 if (err) 127 return err; 128 129 if (count % 8) 130 return -EINVAL; /* Invalid chunk size */ 131 132 for (; count; count -= 8) { 133 if (copy_from_user(&data, tmp, 8)) { 134 err = -EFAULT; 135 break; 136 } 137 138 add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK); 139 140 err = wrmsr_safe_on_cpu(cpu, reg, data[0], data[1]); 141 if (err) 142 break; 143 144 tmp += 2; 145 bytes += 8; 146 } 147 148 return bytes ? bytes : err; 149 } 150 151 static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg) 152 { 153 u32 __user *uregs = (u32 __user *)arg; 154 u32 regs[8]; 155 int cpu = iminor(file_inode(file)); 156 int err; 157 158 switch (ioc) { 159 case X86_IOC_RDMSR_REGS: 160 if (!(file->f_mode & FMODE_READ)) { 161 err = -EBADF; 162 break; 163 } 164 if (copy_from_user(®s, uregs, sizeof(regs))) { 165 err = -EFAULT; 166 break; 167 } 168 err = rdmsr_safe_regs_on_cpu(cpu, regs); 169 if (err) 170 break; 171 if (copy_to_user(uregs, ®s, sizeof(regs))) 172 err = -EFAULT; 173 break; 174 175 case X86_IOC_WRMSR_REGS: 176 if (!(file->f_mode & FMODE_WRITE)) { 177 err = -EBADF; 178 break; 179 } 180 if (copy_from_user(®s, uregs, sizeof(regs))) { 181 err = -EFAULT; 182 break; 183 } 184 err = security_locked_down(LOCKDOWN_MSR); 185 if (err) 186 break; 187 err = wrmsr_safe_regs_on_cpu(cpu, regs); 188 if (err) 189 break; 190 if (copy_to_user(uregs, ®s, sizeof(regs))) 191 err = -EFAULT; 192 break; 193 194 default: 195 err = -ENOTTY; 196 break; 197 } 198 199 return err; 200 } 201 202 static int msr_open(struct inode *inode, struct file *file) 203 { 204 unsigned int cpu = iminor(file_inode(file)); 205 struct cpuinfo_x86 *c; 206 207 if (!capable(CAP_SYS_RAWIO)) 208 return -EPERM; 209 210 if (cpu >= nr_cpu_ids || !cpu_online(cpu)) 211 return -ENXIO; /* No such CPU */ 212 213 c = &cpu_data(cpu); 214 if (!cpu_has(c, X86_FEATURE_MSR)) 215 return -EIO; /* MSR not supported */ 216 217 return 0; 218 } 219 220 /* 221 * File operations we support 222 */ 223 static const struct file_operations msr_fops = { 224 .owner = THIS_MODULE, 225 .llseek = no_seek_end_llseek, 226 .read = msr_read, 227 .write = msr_write, 228 .open = msr_open, 229 .unlocked_ioctl = msr_ioctl, 230 .compat_ioctl = msr_ioctl, 231 }; 232 233 static int msr_device_create(unsigned int cpu) 234 { 235 struct device *dev; 236 237 dev = device_create(msr_class, NULL, MKDEV(MSR_MAJOR, cpu), NULL, 238 "msr%d", cpu); 239 return PTR_ERR_OR_ZERO(dev); 240 } 241 242 static int msr_device_destroy(unsigned int cpu) 243 { 244 device_destroy(msr_class, MKDEV(MSR_MAJOR, cpu)); 245 return 0; 246 } 247 248 static char *msr_devnode(struct device *dev, umode_t *mode) 249 { 250 return kasprintf(GFP_KERNEL, "cpu/%u/msr", MINOR(dev->devt)); 251 } 252 253 static int __init msr_init(void) 254 { 255 int err; 256 257 if (__register_chrdev(MSR_MAJOR, 0, NR_CPUS, "cpu/msr", &msr_fops)) { 258 pr_err("unable to get major %d for msr\n", MSR_MAJOR); 259 return -EBUSY; 260 } 261 msr_class = class_create(THIS_MODULE, "msr"); 262 if (IS_ERR(msr_class)) { 263 err = PTR_ERR(msr_class); 264 goto out_chrdev; 265 } 266 msr_class->devnode = msr_devnode; 267 268 err = cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "x86/msr:online", 269 msr_device_create, msr_device_destroy); 270 if (err < 0) 271 goto out_class; 272 cpuhp_msr_state = err; 273 return 0; 274 275 out_class: 276 class_destroy(msr_class); 277 out_chrdev: 278 __unregister_chrdev(MSR_MAJOR, 0, NR_CPUS, "cpu/msr"); 279 return err; 280 } 281 module_init(msr_init); 282 283 static void __exit msr_exit(void) 284 { 285 cpuhp_remove_state(cpuhp_msr_state); 286 class_destroy(msr_class); 287 __unregister_chrdev(MSR_MAJOR, 0, NR_CPUS, "cpu/msr"); 288 } 289 module_exit(msr_exit) 290 291 static int set_allow_writes(const char *val, const struct kernel_param *cp) 292 { 293 /* val is NUL-terminated, see kernfs_fop_write() */ 294 char *s = strstrip((char *)val); 295 296 if (!strcmp(s, "on")) 297 allow_writes = MSR_WRITES_ON; 298 else if (!strcmp(s, "off")) 299 allow_writes = MSR_WRITES_OFF; 300 else 301 allow_writes = MSR_WRITES_DEFAULT; 302 303 return 0; 304 } 305 306 static int get_allow_writes(char *buf, const struct kernel_param *kp) 307 { 308 const char *res; 309 310 switch (allow_writes) { 311 case MSR_WRITES_ON: res = "on"; break; 312 case MSR_WRITES_OFF: res = "off"; break; 313 default: res = "default"; break; 314 } 315 316 return sprintf(buf, "%s\n", res); 317 } 318 319 static const struct kernel_param_ops allow_writes_ops = { 320 .set = set_allow_writes, 321 .get = get_allow_writes 322 }; 323 324 module_param_cb(allow_writes, &allow_writes_ops, NULL, 0600); 325 326 MODULE_AUTHOR("H. Peter Anvin <hpa@zytor.com>"); 327 MODULE_DESCRIPTION("x86 generic MSR driver"); 328 MODULE_LICENSE("GPL"); 329