Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Reading /dev/cpu/*/msr from userspace: operation not permitted

I am trying to write a simple application that can read msr registers, and am running this application from userspace.

I have loaded the msr module and given read permissions for everyone to /dev/cpu/*/msr. But still the user is not able to access these files but the root can.

The permissions look like this:

crw-r--r-- 1 root root 202, 0 sep  6 17:55 /dev/cpu/0/msr

crw-r--r-- 1 root root 202, 1 sep  6 17:55 /dev/cpu/1/msr

crw-r--r-- 1 root root 202, 2 sep  6 17:55 /dev/cpu/2/msr

crw-r--r-- 1 root root 202, 3 sep  6 17:55 /dev/cpu/3/msr

I keep getting "Operation not permitted" error message when I try to read these files from userspace but works fine when root tries to access them. What am I doing wrong? I am on Ubuntu 13.04 with kernel version 3.11.0.

like image 539
futureishere Avatar asked Sep 06 '13 16:09

futureishere


2 Answers

Changes in the mainline Linux kernel since around 3.7 now require an executable to have capability CAP_SYS_RAWIO to open the MSR device file [2]. Besides loading the MSR kernel module and setting the appropriate file permissions on the msr device file, one must grant the CAP_SYS_RAWIO capability to any user executable that needs access to the MSR driver, using the command below:

sudo setcap cap_sys_rawio=ep <user_executable>
like image 52
PaulUTK Avatar answered Sep 20 '22 17:09

PaulUTK


For me (on debian) it helped to set the device permissions after loading the msr module. In addition to the answer of PaulUTK, as root:

setcap cap_sys_rawio=ep <user_executable>

Setting device permission (check before):

ls -l /dev/cpu/*/msr
crw------- ... /dev/cpu/0/msr

I added a group msr and assigned it. As root:

chgrp msr /dev/cpu/*/msr
chmod g+rw /dev/cpu/*/msr
ls -l /dev/cpu/*/msr
crw-rw---- ... /dev/cpu/0/msr

Assign the group to the user:

usermod -aG msr hardworkinguser

Bonus hint:

Apply the group as the hardworkinguser without relogin:

newgrp msr

I also heard secure boot must be disabled.

like image 35
Benjamin Peter Avatar answered Sep 23 '22 17:09

Benjamin Peter