LXR linux/arch/x86/kernel/msr.c

   1// SPDX-License-Identifier: GPL-2.0-or-later
   2/* ----------------------------------------------------------------------- *
   3 *
   4 *   Copyright 2000-2008 H. Peter Anvin - All Rights Reserved
   5 *   Copyright 2009 Intel Corporation; author: H. Peter Anvin
   6 *
   7 * ----------------------------------------------------------------------- */
   8
   9/*
  10 * x86 MSR access device
  11 *
  12 * This device is accessed by lseek() to the appropriate register number
  13 * and then read/write in chunks of 8 bytes.  A larger size means multiple
  14 * reads or writes of the same register.
  15 *
  16 * This driver uses /dev/cpu/%d/msr where %d is the minor number, and on
  17 * an SMP box will direct the access to CPU %d.
  18 */
  19
  20#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  21
  22#include <linux/module.h>
  23
  24#include <linux/types.h>
  25#include <linux/errno.h>
  26#include <linux/fcntl.h>
  27#include <linux/init.h>
  28#include <linux/poll.h>
  29#include <linux/smp.h>
  30#include <linux/major.h>
  31#include <linux/fs.h>
  32#include <linux/device.h>
  33#include <linux/cpu.h>
  34#include <linux/notifier.h>
  35#include <linux/uaccess.h>
  36#include <linux/gfp.h>
  37#include <linux/security.h>
  38
  39#include <asm/cpufeature.h>
  40#include <asm/msr.h>
  41
  42static struct class *msr_class;
  43static enum cpuhp_state cpuhp_msr_state;
  44
  45enum allow_write_msrs {
  46        MSR_WRITES_ON,
  47        MSR_WRITES_OFF,
  48        MSR_WRITES_DEFAULT,
  49};
  50
  51static enum allow_write_msrs allow_writes = MSR_WRITES_DEFAULT;
  52
  53static ssize_t msr_read(struct file *file, char __user *buf,
  54                        size_t count, loff_t *ppos)
  55{
  56        u32 __user *tmp = (u32 __user *) buf;
  57        u32 data[2];
  58        u32 reg = *ppos;
  59        int cpu = iminor(file_inode(file));
  60        int err = 0;
  61        ssize_t bytes = 0;
  62
  63        if (count % 8)
  64                return -EINVAL; /* Invalid chunk size */
  65
  66        for (; count; count -= 8) {
  67                err = rdmsr_safe_on_cpu(cpu, reg, &data[0], &data[1]);
  68                if (err)
  69                        break;
  70                if (copy_to_user(tmp, &data, 8)) {
  71                        err = -EFAULT;
  72                        break;
  73                }
  74                tmp += 2;
  75                bytes += 8;
  76        }
  77
  78        return bytes ? bytes : err;
  79}
  80
  81static int filter_write(u32 reg)
  82{
  83        /*
  84         * MSRs writes usually happen all at once, and can easily saturate kmsg.
  85         * Only allow one message every 30 seconds.
  86         *
  87         * It's possible to be smarter here and do it (for example) per-MSR, but
  88         * it would certainly be more complex, and this is enough at least to
  89         * avoid saturating the ring buffer.
  90         */
  91        static DEFINE_RATELIMIT_STATE(fw_rs, 30 * HZ, 1);
  92
  93        switch (allow_writes) {
  94        case MSR_WRITES_ON:  return 0;
  95        case MSR_WRITES_OFF: return -EPERM;
  96        default: break;
  97        }
  98
  99        if (!__ratelimit(&fw_rs))
 100                return 0;
 101
 102        pr_warn("Write to unrecognized MSR 0x%x by %s (pid: %d).\n",
 103                reg, current->comm, current->pid);
 104        pr_warn("See https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/about for details.\n");
 105
 106        return 0;
 107}
 108
 109static ssize_t msr_write(struct file *file, const char __user *buf,
 110                         size_t count, loff_t *ppos)
 111{
 112        const u32 __user *tmp = (const u32 __user *)buf;
 113        u32 data[2];
 114        u32 reg = *ppos;
 115        int cpu = iminor(file_inode(file));
 116        int err = 0;
 117        ssize_t bytes = 0;
 118
 119        err = security_locked_down(LOCKDOWN_MSR);
 120        if (err)
 121                return err;
 122
 123        err = filter_write(reg);
 124        if (err)
 125                return err;
 126
 127        if (count % 8)
 128                return -EINVAL; /* Invalid chunk size */
 129
 130        for (; count; count -= 8) {
 131                if (copy_from_user(&data, tmp, 8)) {
 132                        err = -EFAULT;
 133                        break;
 134                }
 135
 136                add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK);
 137
 138                err = wrmsr_safe_on_cpu(cpu, reg, data[0], data[1]);
 139                if (err)
 140                        break;
 141
 142                tmp += 2;
 143                bytes += 8;
 144        }
 145
 146        return bytes ? bytes : err;
 147}
 148
 149static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
 150{
 151        u32 __user *uregs = (u32 __user *)arg;
 152        u32 regs[8];
 153        int cpu = iminor(file_inode(file));
 154        int err;
 155
 156        switch (ioc) {
 157        case X86_IOC_RDMSR_REGS:
 158                if (!(file->f_mode & FMODE_READ)) {
 159                        err = -EBADF;
 160                        break;
 161                }
 162                if (copy_from_user(&regs, uregs, sizeof(regs))) {
 163                        err = -EFAULT;
 164                        break;
 165                }
 166                err = rdmsr_safe_regs_on_cpu(cpu, regs);
 167                if (err)
 168                        break;
 169                if (copy_to_user(uregs, &regs, sizeof(regs)))
 170                        err = -EFAULT;
 171                break;
 172
 173        case X86_IOC_WRMSR_REGS:
 174                if (!(file->f_mode & FMODE_WRITE)) {
 175                        err = -EBADF;
 176                        break;
 177                }
 178                if (copy_from_user(&regs, uregs, sizeof(regs))) {
 179                        err = -EFAULT;
 180                        break;
 181                }
 182                err = security_locked_down(LOCKDOWN_MSR);
 183                if (err)
 184                        break;
 185
 186                err = filter_write(regs[1]);
 187                if (err)
 188                        return err;
 189
 190                add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK);
 191
 192                err = wrmsr_safe_regs_on_cpu(cpu, regs);
 193                if (err)
 194                        break;
 195                if (copy_to_user(uregs, &regs, sizeof(regs)))
 196                        err = -EFAULT;
 197                break;
 198
 199        default:
 200                err = -ENOTTY;
 201                break;
 202        }
 203
 204        return err;
 205}
 206
 207static int msr_open(struct inode *inode, struct file *file)
 208{
 209        unsigned int cpu = iminor(file_inode(file));
 210        struct cpuinfo_x86 *c;
 211
 212        if (!capable(CAP_SYS_RAWIO))
 213                return -EPERM;
 214
 215        if (cpu >= nr_cpu_ids || !cpu_online(cpu))
 216                return -ENXIO;  /* No such CPU */
 217
 218        c = &cpu_data(cpu);
 219        if (!cpu_has(c, X86_FEATURE_MSR))
 220                return -EIO;    /* MSR not supported */
 221
 222        return 0;
 223}
 224
 225/*
 226 * File operations we support
 227 */
 228static const struct file_operations msr_fops = {
 229        .owner = THIS_MODULE,
 230        .llseek = no_seek_end_llseek,
 231        .read = msr_read,
 232        .write = msr_write,
 233        .open = msr_open,
 234        .unlocked_ioctl = msr_ioctl,
 235        .compat_ioctl = msr_ioctl,
 236};
 237
 238static int msr_device_create(unsigned int cpu)
 239{
 240        struct device *dev;
 241
 242        dev = device_create(msr_class, NULL, MKDEV(MSR_MAJOR, cpu), NULL,
 243                            "msr%d", cpu);
 244        return PTR_ERR_OR_ZERO(dev);
 245}
 246
 247static int msr_device_destroy(unsigned int cpu)
 248{
 249        device_destroy(msr_class, MKDEV(MSR_MAJOR, cpu));
 250        return 0;
 251}
 252
 253static char *msr_devnode(struct device *dev, umode_t *mode)
 254{
 255        return kasprintf(GFP_KERNEL, "cpu/%u/msr", MINOR(dev->devt));
 256}
 257
 258static int __init msr_init(void)
 259{
 260        int err;
 261
 262        if (__register_chrdev(MSR_MAJOR, 0, NR_CPUS, "cpu/msr", &msr_fops)) {
 263                pr_err("unable to get major %d for msr\n", MSR_MAJOR);
 264                return -EBUSY;
 265        }
 266        msr_class = class_create(THIS_MODULE, "msr");
 267        if (IS_ERR(msr_class)) {
 268                err = PTR_ERR(msr_class);
 269                goto out_chrdev;
 270        }
 271        msr_class->devnode = msr_devnode;
 272
 273        err  = cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "x86/msr:online",
 274                                 msr_device_create, msr_device_destroy);
 275        if (err < 0)
 276                goto out_class;
 277        cpuhp_msr_state = err;
 278        return 0;
 279
 280out_class:
 281        class_destroy(msr_class);
 282out_chrdev:
 283        __unregister_chrdev(MSR_MAJOR, 0, NR_CPUS, "cpu/msr");
 284        return err;
 285}
 286module_init(msr_init);
 287
 288static void __exit msr_exit(void)
 289{
 290        cpuhp_remove_state(cpuhp_msr_state);
 291        class_destroy(msr_class);
 292        __unregister_chrdev(MSR_MAJOR, 0, NR_CPUS, "cpu/msr");
 293}
 294module_exit(msr_exit)
 295
 296static int set_allow_writes(const char *val, const struct kernel_param *cp)
 297{
 298        /* val is NUL-terminated, see kernfs_fop_write() */
 299        char *s = strstrip((char *)val);
 300
 301        if (!strcmp(s, "on"))
 302                allow_writes = MSR_WRITES_ON;
 303        else if (!strcmp(s, "off"))
 304                allow_writes = MSR_WRITES_OFF;
 305        else
 306                allow_writes = MSR_WRITES_DEFAULT;
 307
 308        return 0;
 309}
 310
 311static int get_allow_writes(char *buf, const struct kernel_param *kp)
 312{
 313        const char *res;
 314
 315        switch (allow_writes) {
 316        case MSR_WRITES_ON:  res = "on"; break;
 317        case MSR_WRITES_OFF: res = "off"; break;
 318        default: res = "default"; break;
 319        }
 320
 321        return sprintf(buf, "%s\n", res);
 322}
 323
 324static const struct kernel_param_ops allow_writes_ops = {
 325        .set = set_allow_writes,
 326        .get = get_allow_writes
 327};
 328
 329module_param_cb(allow_writes, &allow_writes_ops, NULL, 0600);
 330
 331MODULE_AUTHOR("H. Peter Anvin <hpa@zytor.com>");
 332MODULE_DESCRIPTION("x86 generic MSR driver");
 333MODULE_LICENSE("GPL");
 334