1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* ----------------------------------------------------------------------- * 3 * 4 * Copyright 2000-2008 H. Peter Anvin - All Rights Reserved 5 * Copyright 2009 Intel Corporation; author: H. Peter Anvin 6 * 7 * ----------------------------------------------------------------------- */ 8 9 /* 10 * x86 MSR access device 11 * 12 * This device is accessed by lseek() to the appropriate register number 13 * and then read/write in chunks of 8 bytes. A larger size means multiple 14 * reads or writes of the same register. 15 * 16 * This driver uses /dev/cpu/%d/msr where %d is the minor number, and on 17 * an SMP box will direct the access to CPU %d. 18 */ 19 20 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 21 22 #include <linux/module.h> 23 24 #include <linux/types.h> 25 #include <linux/errno.h> 26 #include <linux/fcntl.h> 27 #include <linux/init.h> 28 #include <linux/poll.h> 29 #include <linux/smp.h> 30 #include <linux/major.h> 31 #include <linux/fs.h> 32 #include <linux/device.h> 33 #include <linux/cpu.h> 34 #include <linux/notifier.h> 35 #include <linux/uaccess.h> 36 #include <linux/gfp.h> 37 #include <linux/security.h> 38 39 #include <asm/cpufeature.h> 40 #include <asm/msr.h> 41 42 static struct class *msr_class; 43 static enum cpuhp_state cpuhp_msr_state; 44 45 enum allow_write_msrs { 46 MSR_WRITES_ON, 47 MSR_WRITES_OFF, 48 MSR_WRITES_DEFAULT, 49 }; 50 51 static enum allow_write_msrs allow_writes = MSR_WRITES_DEFAULT; 52 53 static ssize_t msr_read(struct file *file, char __user *buf, 54 size_t count, loff_t *ppos) 55 { 56 u32 __user *tmp = (u32 __user *) buf; 57 u32 data[2]; 58 u32 reg = *ppos; 59 int cpu = iminor(file_inode(file)); 60 int err = 0; 61 ssize_t bytes = 0; 62 63 if (count % 8) 64 return -EINVAL; /* Invalid chunk size */ 65 66 for (; count; count -= 8) { 67 err = rdmsr_safe_on_cpu(cpu, reg, &data[0], &data[1]); 68 if (err) 69 break; 70 if (copy_to_user(tmp, &data, 8)) { 71 err = -EFAULT; 72 break; 73 } 74 tmp += 2; 75 bytes += 8; 76 } 77 78 return bytes ? bytes : err; 79 } 80 81 static int filter_write(u32 reg) 82 { 83 /* 84 * MSRs writes usually happen all at once, and can easily saturate kmsg. 85 * Only allow one message every 30 seconds. 86 * 87 * It's possible to be smarter here and do it (for example) per-MSR, but 88 * it would certainly be more complex, and this is enough at least to 89 * avoid saturating the ring buffer. 90 */ 91 static DEFINE_RATELIMIT_STATE(fw_rs, 30 * HZ, 1); 92 93 switch (allow_writes) { 94 case MSR_WRITES_ON: return 0; 95 case MSR_WRITES_OFF: return -EPERM; 96 default: break; 97 } 98 99 if (!__ratelimit(&fw_rs)) 100 return 0; 101 102 pr_warn("Write to unrecognized MSR 0x%x by %s (pid: %d).\n", 103 reg, current->comm, current->pid); 104 pr_warn("See https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/about for details.\n"); 105 106 return 0; 107 } 108 109 static ssize_t msr_write(struct file *file, const char __user *buf, 110 size_t count, loff_t *ppos) 111 { 112 const u32 __user *tmp = (const u32 __user *)buf; 113 u32 data[2]; 114 u32 reg = *ppos; 115 int cpu = iminor(file_inode(file)); 116 int err = 0; 117 ssize_t bytes = 0; 118 119 err = security_locked_down(LOCKDOWN_MSR); 120 if (err) 121 return err; 122 123 err = filter_write(reg); 124 if (err) 125 return err; 126 127 if (count % 8) 128 return -EINVAL; /* Invalid chunk size */ 129 130 for (; count; count -= 8) { 131 if (copy_from_user(&data, tmp, 8)) { 132 err = -EFAULT; 133 break; 134 } 135 136 add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK); 137 138 err = wrmsr_safe_on_cpu(cpu, reg, data[0], data[1]); 139 if (err) 140 break; 141 142 tmp += 2; 143 bytes += 8; 144 } 145 146 return bytes ? bytes : err; 147 } 148 149 static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg) 150 { 151 u32 __user *uregs = (u32 __user *)arg; 152 u32 regs[8]; 153 int cpu = iminor(file_inode(file)); 154 int err; 155 156 switch (ioc) { 157 case X86_IOC_RDMSR_REGS: 158 if (!(file->f_mode & FMODE_READ)) { 159 err = -EBADF; 160 break; 161 } 162 if (copy_from_user(®s, uregs, sizeof(regs))) { 163 err = -EFAULT; 164 break; 165 } 166 err = rdmsr_safe_regs_on_cpu(cpu, regs); 167 if (err) 168 break; 169 if (copy_to_user(uregs, ®s, sizeof(regs))) 170 err = -EFAULT; 171 break; 172 173 case X86_IOC_WRMSR_REGS: 174 if (!(file->f_mode & FMODE_WRITE)) { 175 err = -EBADF; 176 break; 177 } 178 if (copy_from_user(®s, uregs, sizeof(regs))) { 179 err = -EFAULT; 180 break; 181 } 182 err = security_locked_down(LOCKDOWN_MSR); 183 if (err) 184 break; 185 186 err = filter_write(regs[1]); 187 if (err) 188 return err; 189 190 add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK); 191 192 err = wrmsr_safe_regs_on_cpu(cpu, regs); 193 if (err) 194 break; 195 if (copy_to_user(uregs, ®s, sizeof(regs))) 196 err = -EFAULT; 197 break; 198 199 default: 200 err = -ENOTTY; 201 break; 202 } 203 204 return err; 205 } 206 207 static int msr_open(struct inode *inode, struct file *file) 208 { 209 unsigned int cpu = iminor(file_inode(file)); 210 struct cpuinfo_x86 *c; 211 212 if (!capable(CAP_SYS_RAWIO)) 213 return -EPERM; 214 215 if (cpu >= nr_cpu_ids || !cpu_online(cpu)) 216 return -ENXIO; /* No such CPU */ 217 218 c = &cpu_data(cpu); 219 if (!cpu_has(c, X86_FEATURE_MSR)) 220 return -EIO; /* MSR not supported */ 221 222 return 0; 223 } 224 225 /* 226 * File operations we support 227 */ 228 static const struct file_operations msr_fops = { 229 .owner = THIS_MODULE, 230 .llseek = no_seek_end_llseek, 231 .read = msr_read, 232 .write = msr_write, 233 .open = msr_open, 234 .unlocked_ioctl = msr_ioctl, 235 .compat_ioctl = msr_ioctl, 236 }; 237 238 static int msr_device_create(unsigned int cpu) 239 { 240 struct device *dev; 241 242 dev = device_create(msr_class, NULL, MKDEV(MSR_MAJOR, cpu), NULL, 243 "msr%d", cpu); 244 return PTR_ERR_OR_ZERO(dev); 245 } 246 247 static int msr_device_destroy(unsigned int cpu) 248 { 249 device_destroy(msr_class, MKDEV(MSR_MAJOR, cpu)); 250 return 0; 251 } 252 253 static char *msr_devnode(struct device *dev, umode_t *mode) 254 { 255 return kasprintf(GFP_KERNEL, "cpu/%u/msr", MINOR(dev->devt)); 256 } 257 258 static int __init msr_init(void) 259 { 260 int err; 261 262 if (__register_chrdev(MSR_MAJOR, 0, NR_CPUS, "cpu/msr", &msr_fops)) { 263 pr_err("unable to get major %d for msr\n", MSR_MAJOR); 264 return -EBUSY; 265 } 266 msr_class = class_create(THIS_MODULE, "msr"); 267 if (IS_ERR(msr_class)) { 268 err = PTR_ERR(msr_class); 269 goto out_chrdev; 270 } 271 msr_class->devnode = msr_devnode; 272 273 err = cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "x86/msr:online", 274 msr_device_create, msr_device_destroy); 275 if (err < 0) 276 goto out_class; 277 cpuhp_msr_state = err; 278 return 0; 279 280 out_class: 281 class_destroy(msr_class); 282 out_chrdev: 283 __unregister_chrdev(MSR_MAJOR, 0, NR_CPUS, "cpu/msr"); 284 return err; 285 } 286 module_init(msr_init); 287 288 static void __exit msr_exit(void) 289 { 290 cpuhp_remove_state(cpuhp_msr_state); 291 class_destroy(msr_class); 292 __unregister_chrdev(MSR_MAJOR, 0, NR_CPUS, "cpu/msr"); 293 } 294 module_exit(msr_exit) 295 296 static int set_allow_writes(const char *val, const struct kernel_param *cp) 297 { 298 /* val is NUL-terminated, see kernfs_fop_write() */ 299 char *s = strstrip((char *)val); 300 301 if (!strcmp(s, "on")) 302 allow_writes = MSR_WRITES_ON; 303 else if (!strcmp(s, "off")) 304 allow_writes = MSR_WRITES_OFF; 305 else 306 allow_writes = MSR_WRITES_DEFAULT; 307 308 return 0; 309 } 310 311 static int get_allow_writes(char *buf, const struct kernel_param *kp) 312 { 313 const char *res; 314 315 switch (allow_writes) { 316 case MSR_WRITES_ON: res = "on"; break; 317 case MSR_WRITES_OFF: res = "off"; break; 318 default: res = "default"; break; 319 } 320 321 return sprintf(buf, "%s\n", res); 322 } 323 324 static const struct kernel_param_ops allow_writes_ops = { 325 .set = set_allow_writes, 326 .get = get_allow_writes 327 }; 328 329 module_param_cb(allow_writes, &allow_writes_ops, NULL, 0600); 330 331 MODULE_AUTHOR("H. Peter Anvin <hpa@zytor.com>"); 332 MODULE_DESCRIPTION("x86 generic MSR driver"); 333 MODULE_LICENSE("GPL"); 334