From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1h23M5-0005sk-Gf for mharc-grub-devel@gnu.org; Thu, 07 Mar 2019 19:27:17 -0500 Received: from eggs.gnu.org ([209.51.188.92]:47521) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h23M2-0005qO-6d for grub-devel@gnu.org; Thu, 07 Mar 2019 19:27:16 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h23Lz-0002wo-Kk for grub-devel@gnu.org; Thu, 07 Mar 2019 19:27:14 -0500 Received: from mail-wm1-x331.google.com ([2a00:1450:4864:20::331]:40258) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1h23Lz-0002ue-6G for grub-devel@gnu.org; Thu, 07 Mar 2019 19:27:11 -0500 Received: by mail-wm1-x331.google.com with SMTP id g20so10856843wmh.5 for ; Thu, 07 Mar 2019 16:27:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=kpN0UO8B+mV4XkyVd2Ve7quP3rYJZPvtv5tdWpIZirI=; b=mE2xqGcR6+HNFrvcsF3VFpkwf2auGiShDLNvtmKa6cA486Ur6VDIBBe+eC4fmtq/lM 2aIGCy4iqkGZnlkLR4SL23Yt82DkU9E8I3lBBui4zV1OsjtOMEgo+E3q74gOQJmeqUgn iIGj0X2Yby4vJvGgkVms6bsDZRQHlBk9lRRb/8ljBtHblfUuTZZkQxOOs9O8/wXOVu97 LMu45opaf/U9DqSJkPAJFND/Kddw+aed6FqumrXIPCrL2YBZmQK0z719bPqEvjF20Mob SJkBTgNfqJFql25P6la6xhACVlNZBfS7QLXAUTvrJaKkf8kXrGOUDPUex1X/EgWOxjSJ 98TQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=kpN0UO8B+mV4XkyVd2Ve7quP3rYJZPvtv5tdWpIZirI=; b=kOMJUzi10n+2zEiId3v0KwlPkOa4CmB1tfl4/EpHtp+3VT/xGCfi0Ay55D4gw+zv2Z ezN8k3B43rearuGUso69/r3Ji1JDedUTX6LXFcnxMPa2U0QuAgpB8yb5R32T/YZYTZCY T+44DLhH4YySQcHTH2qSCUuOoej4hLBO9xhef20n6K80rRIHAnUq54M5TfXtncQh5+Ud g5VH5la3q/Moz4ACLwQVLFFHq/0pEcGliLxGOAy/kGK0KOZ+M//YV/lDzn8YkpaWUakM sGnrwjB4ZpneCr+v/FE6TU/+ocp7+xoDGYFbco2/4R6TYvytarUT8eSIPpEk5zsPca4i DclA== X-Gm-Message-State: APjAAAX2UCvToTJVxjlbDAWuOSmtHPEn4v6xUxEFeKKDdc/wiyyH4erE i1qWbwa2OHCXcJXTV6QloapNklHm X-Google-Smtp-Source: APXvYqzlxc+wmM3zpwUUv8GDDLWM0NKIHfHRAeKQNFjpvDNjwkIX+lEhb0bGNy9CmL3YgEphn/XDqQ== X-Received: by 2002:a1c:c5cb:: with SMTP id v194mr7625858wmf.150.1552004829678; Thu, 07 Mar 2019 16:27:09 -0800 (PST) Received: from izanagi.home.vikt0ry.com (112.red-81-47-147.staticip.rima-tde.net. [81.47.147.112]) by smtp.gmail.com with ESMTPSA id o8sm10436916wma.1.2019.03.07.16.27.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 07 Mar 2019 16:27:09 -0800 (PST) From: =?UTF-8?q?Jes=C3=BAs=20Di=C3=A9guez=20Fern=C3=A1ndez?= To: grub-devel@gnu.org Cc: =?UTF-8?q?Jes=C3=BAs=20Di=C3=A9guez=20Fern=C3=A1ndez?= Subject: [PATCH v3 2/2] Add new MSR modules (rdmsr/wrmsr) Date: Fri, 8 Mar 2019 01:26:37 +0100 Message-Id: <20190308002637.31530-3-jesusdf@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190308002637.31530-1-jesusdf@gmail.com> References: <20190308002637.31530-1-jesusdf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::331 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Mar 2019 00:27:16 -0000 In order to be able to read from and write to model-specific registers, two new modules are added. They are i386 specific, as the cpuid module. rdmsr module registers the command rdmsr that allows reading from a MSR. wrmsr module registers the command wrmsr that allows writing to a MSR. wrmsr module is disabled if UEFI secure boot is enabled. Please note that on SMP systems, interacting with a MSR that has a scope per hardware thread, implies that the value only applies to the particular cpu/core/thread that ran the command. Also, if you specify a reserved or unimplemented MSR address, it will cause a general protection exception (which is not currently being handled) and the system will reboot. Signed-off-by: Jesús Diéguez Fernández --- docs/grub.texi | 53 +++++++++++++-- grub-core/Makefile.core.def | 10 +++ grub-core/commands/efi/shim_lock.c | 2 +- grub-core/commands/i386/rdmsr.c | 101 +++++++++++++++++++++++++++++ grub-core/commands/i386/wrmsr.c | 92 ++++++++++++++++++++++++++ include/grub/i386/rdmsr.h | 34 ++++++++++ include/grub/i386/wrmsr.h | 32 +++++++++ 7 files changed, 318 insertions(+), 6 deletions(-) create mode 100644 grub-core/commands/i386/rdmsr.c create mode 100644 grub-core/commands/i386/wrmsr.c create mode 100644 include/grub/i386/rdmsr.h create mode 100644 include/grub/i386/wrmsr.h diff --git a/docs/grub.texi b/docs/grub.texi index ecaba9d5c..4a636319f 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -3931,6 +3931,7 @@ you forget a command, you can run the command @command{help} * play:: Play a tune * probe:: Retrieve device info * pxe_unload:: Unload the PXE environment +* rdmsr:: Read values from model-specific registers * read:: Read user input * reboot:: Reboot your computer * regexp:: Test if regular expression matches string @@ -3953,6 +3954,7 @@ you forget a command, you can run the command @command{help} * verify_detached:: Verify detached digital signature * videoinfo:: List available video modes @comment * xen_*:: Xen boot commands for AArch64 +* wrmsr:: Write values to model-specific registers * xen_hypervisor:: Load xen hypervisor binary (only on AArch64) * xen_module:: Load xen modules for xen hypervisor (only on AArch64) @end menu @@ -4785,6 +4787,24 @@ This command is only available on PC BIOS systems. @end deffn +@node rdmsr +@subsection rdmsr + +@deffn Command: rdmsr 0xADDR [-v VARNAME] +Read a model-specific register at address 0xADDR. If the parameter +@option{-v} is used and an environment variable @var{VARNAME} is +given, set that environment variable to the value that was read. + +Please note that on SMP systems, reading from a MSR that has a +scope per hardware thread, implies that the value that is returned +only applies to the particular cpu/core/thread that runs the command. + +Also, if you specify a reserved or unimplemented MSR address, it will +cause a general protection exception (which is not currently being handled) +and the system will reboot. +@end deffn + + @node read @subsection read @@ -5223,6 +5243,21 @@ successfully. If validation fails, it is set to a non-zero value. List available video modes. If resolution is given, show only matching modes. @end deffn +@node wrmsr +@subsection wrmsr + +@deffn Command: wrmsr 0xADDR 0xVALUE +Write a 0xVALUE to a model-specific register at address 0xADDR. + +Please note that on SMP systems, writing to a MSR that has a scope +per hardware thread, implies that the value that is written +only applies to the particular cpu/core/thread that runs the command. + +Also, if you specify a reserved or unimplemented MSR address, it will +cause a general protection exception (which is not currently being handled) +and the system will reboot. +@end deffn + @node xen_hypervisor @subsection xen_hypervisor @@ -5716,11 +5751,11 @@ boot and the shim. This functionality is provided by the shim_lock module. It is recommend to build in this and other required modules into the @file{core.img}. All modules not stored in the @file{core.img} and the ACPI tables for the @command{acpi} command have to be signed, e.g. using PGP. Additionally, the -@command{iorw} and the @command{memrw} commands are prohibited if the UEFI -secure boot is enabled. This is done due to security reasons. All above -mentioned requirements are enforced by the shim_lock module. And itself it -is a persistent module which means that it cannot be unloaded if it was -loaded into the memory. +@command{iorw}, the @command{memrw} and the @command{wrmsr} commands are +prohibited if the UEFI secure boot is enabled. This is done due to +security reasons. All above mentioned requirements are enforced by the +shim_lock module. And itself it is a persistent module which means that +it cannot be unloaded if it was loaded into the memory. @node Measured Boot @section Measuring boot components @@ -5831,6 +5866,8 @@ to install to is specified, UUID is used instead as well. @item USB @tab yes @tab yes @tab yes @tab yes @item chainloader @tab local @tab yes @tab yes @tab no @item cpuid @tab partial @tab partial @tab partial @tab partial +@item rdmsr @tab partial @tab partial @tab partial @tab partial +@item wrmsr @tab partial @tab partial @tab partial @tab partial @item hints @tab guess @tab guess @tab guess @tab guess @item PCI @tab yes @tab yes @tab yes @tab yes @item badram @tab yes @tab yes @tab yes @tab yes @@ -5850,6 +5887,8 @@ to install to is specified, UUID is used instead as well. @item USB @tab yes @tab yes @tab yes @tab no @item chainloader @tab local @tab local @tab no @tab local @item cpuid @tab partial @tab partial @tab partial @tab no +@item rdmsr @tab partial @tab partial @tab partial @tab no +@item wrmsr @tab partial @tab partial @tab partial @tab no @item hints @tab guess @tab guess @tab good @tab guess @item PCI @tab yes @tab yes @tab yes @tab no @item badram @tab yes @tab yes @tab no @tab yes @@ -5869,6 +5908,8 @@ to install to is specified, UUID is used instead as well. @item USB @tab yes @tab no @tab no @tab no @item chainloader @tab yes @tab no @tab no @tab no @item cpuid @tab no @tab no @tab no @tab no +@item rdmsr @tab no @tab no @tab no @tab no +@item wrmsr @tab no @tab no @tab no @tab no @item hints @tab good @tab good @tab good @tab no @item PCI @tab yes @tab no @tab no @tab no @item badram @tab yes (*) @tab no @tab no @tab no @@ -5888,6 +5929,8 @@ to install to is specified, UUID is used instead as well. @item USB @tab N/A @tab yes @tab no @item chainloader @tab yes @tab no @tab yes @item cpuid @tab no @tab no @tab yes +@item rdmsr @tab no @tab no @tab yes +@item wrmsr @tab no @tab no @tab yes @item hints @tab guess @tab no @tab no @item PCI @tab no @tab no @tab no @item badram @tab yes (*) @tab no @tab no diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def index 58df4ab07..dbc7eb3a5 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -2484,3 +2484,13 @@ module = { common = loader/i386/xen_file64.c; extra_dist = loader/i386/xen_fileXX.c; }; +module = { + name = rdmsr; + common = commands/i386/rdmsr.c; + enable = x86; +}; +module = { + name = wrmsr; + common = commands/i386/wrmsr.c; + enable = x86; +}; diff --git a/grub-core/commands/efi/shim_lock.c b/grub-core/commands/efi/shim_lock.c index 83568cb2b..764098cfc 100644 --- a/grub-core/commands/efi/shim_lock.c +++ b/grub-core/commands/efi/shim_lock.c @@ -43,7 +43,7 @@ static grub_efi_guid_t shim_lock_guid = GRUB_EFI_SHIM_LOCK_GUID; static grub_efi_shim_lock_protocol_t *sl; /* List of modules which cannot be loaded if UEFI secure boot mode is enabled. */ -static const char * const disabled_mods[] = {"iorw", "memrw", NULL}; +static const char * const disabled_mods[] = {"iorw", "memrw", "wrmsr", NULL}; static grub_err_t shim_lock_init (grub_file_t io, enum grub_file_type type, diff --git a/grub-core/commands/i386/rdmsr.c b/grub-core/commands/i386/rdmsr.c new file mode 100644 index 000000000..0ec91e2e5 --- /dev/null +++ b/grub-core/commands/i386/rdmsr.c @@ -0,0 +1,101 @@ +/* rdmsr.c - Read CPU model-specific registers */ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2019 Free Software Foundation, Inc. + * Based on gcc/gcc/config/i386/driver-i386.c + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +GRUB_MOD_LICENSE("GPLv3+"); + +static grub_extcmd_t cmd_read; + +static const struct grub_arg_option options[] = +{ + {0, 'v', 0, N_("Save read value into variable VARNAME."), + N_("VARNAME"), ARG_TYPE_STRING}, + {0, 0, 0, 0, 0, 0} +}; + +static grub_err_t +grub_cmd_msr_read (grub_extcmd_context_t ctxt, int argc, char **argv) +{ + grub_uint32_t manufacturer[3], max_cpuid, a, b, c, features, addr; + grub_uint64_t value; + char *ptr; + char buf[sizeof("1122334455667788")]; + + /* The CPUID instruction should be used to determine whether MSRs + are supported. (CPUID.01H:EDX[5] = 1) */ + if (! grub_cpu_is_cpuid_supported ()) + return grub_error (GRUB_ERR_BUG, N_("unsupported instruction")); + + grub_cpuid (0, max_cpuid, manufacturer[0], manufacturer[2], manufacturer[1]); + + if (max_cpuid < 1) + return grub_error (GRUB_ERR_BUG, N_("unsupported instruction")); + + grub_cpuid (1, a, b, c, features); + + if (! (features & (1 << 5))) + return grub_error (GRUB_ERR_BUG, N_("unsupported instruction")); + + if (argc != 1) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected")); + + grub_errno = GRUB_ERR_NONE; + ptr = argv[0]; + addr = grub_strtoul (ptr, &ptr, 0); + + if (grub_errno != GRUB_ERR_NONE) + return grub_errno; + if (*ptr != '\0') + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("invalid argument")); + + value = grub_msr_read (addr); + + if (ctxt->state[0].set) + { + grub_snprintf (buf, sizeof(buf), "%llx", value); + grub_env_set (ctxt->state[0].arg, buf); + } + else + grub_printf ("0x%llx\n", value); + + return GRUB_ERR_NONE; +} + +GRUB_MOD_INIT(rdmsr) +{ + cmd_read = grub_register_extcmd ("rdmsr", grub_cmd_msr_read, 0, + N_("ADDR"), + N_("Read a CPU model specific register."), + options); +} + +GRUB_MOD_FINI(rdmsr) +{ + grub_unregister_extcmd (cmd_read); +} diff --git a/grub-core/commands/i386/wrmsr.c b/grub-core/commands/i386/wrmsr.c new file mode 100644 index 000000000..8ebc21150 --- /dev/null +++ b/grub-core/commands/i386/wrmsr.c @@ -0,0 +1,92 @@ +/* wrmsr.c - Write CPU model-specific registers */ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2019 Free Software Foundation, Inc. + * Based on gcc/gcc/config/i386/driver-i386.c + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +GRUB_MOD_LICENSE("GPLv3+"); + +static grub_command_t cmd_write; + +static grub_err_t +grub_cmd_msr_write (grub_command_t cmd, int argc, char **argv) +{ + grub_uint32_t manufacturer[3], max_cpuid, a, b, c, features, addr; + grub_uint64_t value; + char *ptr; + + /* The CPUID instruction should be used to determine whether MSRs + are supported. (CPUID.01H:EDX[5] = 1) */ + if (! grub_cpu_is_cpuid_supported ()) + return grub_error (GRUB_ERR_BUG, N_("unsupported instruction")); + + grub_cpuid (0, max_cpuid, manufacturer[0], manufacturer[2], manufacturer[1]); + + if (max_cpuid < 1) + return grub_error (GRUB_ERR_BUG, N_("unsupported instruction")); + + grub_cpuid (1, a, b, c, features); + + if (! (features & (1 << 5))) + return grub_error (GRUB_ERR_BUG, N_("unsupported instruction")); + + if (argc != 2) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("two arguments expected")); + + grub_errno = GRUB_ERR_NONE; + ptr = argv[0]; + addr = grub_strtoul (ptr, &ptr, 0); + + if (grub_errno != GRUB_ERR_NONE) + return grub_errno; + if (*ptr != '\0') + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("invalid argument")); + + ptr = argv[1]; + value = grub_strtoull (ptr, &ptr, 0); + + if (grub_errno != GRUB_ERR_NONE) + return grub_errno; + if (*ptr != '\0') + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("invalid argument")); + + grub_msr_write (addr, value); + + return GRUB_ERR_NONE; +} + +GRUB_MOD_INIT(wrmsr) +{ + cmd_write = grub_register_command ("wrmsr", grub_cmd_msr_write, + N_("ADDR VALUE"), + N_("Write a value to a CPU model specific register.")); +} + +GRUB_MOD_FINI(wrmsr) +{ + grub_unregister_command (cmd_write); +} diff --git a/include/grub/i386/rdmsr.h b/include/grub/i386/rdmsr.h new file mode 100644 index 000000000..f6d7b72ca --- /dev/null +++ b/include/grub/i386/rdmsr.h @@ -0,0 +1,34 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2019 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#ifndef GRUB_RDMSR_H +#define GRUB_RDMSR_H 1 + +/* TODO: Add a general protection exception handler. + Accessing a reserved or unimplemented MSR address results in a GP#. */ + +extern __inline grub_uint64_t grub_msr_read (grub_uint32_t msr_id) +{ + grub_uint32_t low, high; + + asm volatile ( "rdmsr" : "=a"(low), "=d"(high) : "c"(msr_id) ); + + return ((grub_uint64_t)high << 32) | low; +} + +#endif /* GRUB_RDMSR_H */ diff --git a/include/grub/i386/wrmsr.h b/include/grub/i386/wrmsr.h new file mode 100644 index 000000000..f20f5fdf2 --- /dev/null +++ b/include/grub/i386/wrmsr.h @@ -0,0 +1,32 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2019 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#ifndef GRUB_WRMSR_H +#define GRUB_WRMSR_H 1 + +/* TODO: Add a general protection exception handler. + Accessing a reserved or unimplemented MSR address results in a GP#. */ + +extern __inline void grub_msr_write(grub_uint32_t msr_id, grub_uint64_t msr_value) +{ + grub_uint32_t low = msr_value, high = msr_value >> 32; + + asm volatile ( "wrmsr" : : "c"(msr_id), "a"(low), "d"(high) ); +} + +#endif /* GRUB_WRMSR_H */ -- 2.17.1