Is it possible to do rdmsr instruction in android? it's a ring-0 instruction.

Is it possible to do rdmsr instruction in android? it's a ring-0 instruction.

Bild des Benutzers yannseng

Hi, I am just wondering is it possible to have application to execute ring-0 instruction like RDMSR in Android OS with Intel Architecture? ~yannseng

7 Beiträge / 0 neu
Letzter Beitrag
Nähere Informationen zur Compiler-Optimierung finden Sie in unserem Optimierungshinweis.
Bild des Benutzers Alexander Weggerle (Intel)

Hi,

it's always possible to write a kernel module to execute ring-0
instructions.

On my test device the msr0 and msr1 are accessible through the
/dev directory. So depending on your needs you can use the files there.

I'm curious. Why you need to access the MSRs?

Thanks,
Alex

Bild des Benutzers qdb

yes, you can execute on ring0
it's not the best feature though, it opens the door for root kits and such....

QDB
Bild des Benutzers yannseng

Hi Alex, I don't think it is possible to write a kernel module within an application though even with NDK. Not going to deploy OS. I just saw /dev/msr0 in my android x86 emulator but how do i use it? for example how do i read MSR 0x1A0. Just trying to read CPU temperature with RDMSR. Thanks, YannSeng

Bild des Benutzers Patrick Fay (Intel)

Below is typical code to read MSRs on linux.
The only change for android is to the pathname.
You may need to do 'modprobe msr' before running the code.
Pat

int rdmsr_for_pat (int CPU_number, unsigned int MsrNum, unsigned long long *MsrVal)
{
static int nodriver=0;
char msrname[PATH_MAX];
unsigned char MsrBuffer[8];
int fh;
off_t offset, fpos;
/* Ok, use the /dev/CPU interface */
#ifdef __ANDROID__
snprintf (msrname,sizeof(msrname), "/dev/msr%d", CPU_number);
#else
snprintf (msrname,sizeof(msrname), "/dev/cpu/%d/msr", CPU_number);
#endif
fh = open (msrname, O_RDONLY);
if (fh != -1) {
offset = (off_t)MsrNum;
fpos = lseek (fh, offset, SEEK_SET);
if(fpos != offset)
{
printf("seek %s to offset= 0x%x failed at %s %d\n",
msrname, MsrNum, __FILE__, __LINE__);
return -1;
}
read (fh, MsrBuffer, sizeof(MsrBuffer));
if (MsrVal!=0) *MsrVal = (*(unsigned long long *)MsrBuffer);
close (fh);
return 0;
} else {
/* Something went wrong, just get out. */
printf("Open of msr dev= '%s' failed at %s %d\n", msrname, __FILE__, __LINE__);
printf("You may need to do (as root) 'modprobe msr'\n");
return -1;
}
}

Bild des Benutzers Alexander Weggerle (Intel)

Hi, I just took the code from Patrick and made a full example out of it to try it out. See below. The code is working on the phone. Please note that I guessed the TJunction Max temperature for the CPU. An issue you will be facing is that accessing the MSRs is only allowed for root.

#include 
#include 
#include 

#define IA32_THERMAL_STATUS 0x19C
//just a guess
#define TJ_MAX 90

int rdmsr_for_pat (int CPU_number, unsigned int MsrNum, unsigned long long *MsrVal) {
        static int nodriver=0;
        char msrname[PATH_MAX];
        unsigned char MsrBuffer[8];
        int fh;
        off_t offset, fpos;
        /* Ok, use the /dev/CPU interface */
        #ifdef __ANDROID__
                snprintf (msrname,sizeof(msrname), "/dev/msr%d", CPU_number);
        #else
                snprintf (msrname,sizeof(msrname), "/dev/cpu/%d/msr", CPU_number);
        #endif
        fh = open (msrname, O_RDONLY);
        if (fh != -1) {
                offset = (off_t)MsrNum;
                fpos = lseek (fh, offset, SEEK_SET);
                if(fpos != offset) {
                        printf("seek %s to offset= 0x%x failed at %s %dn",
                        msrname, MsrNum, __FILE__, __LINE__);
                        return -1;
                }
                read (fh, MsrBuffer, sizeof(MsrBuffer));
                if (MsrVal!=0) *MsrVal = (*(unsigned long long *)MsrBuffer);
                close (fh);
                return 0;
        } else {
                /* Something went wrong, just get out. */
                printf("Open of msr dev= '%s' failed at %s %dn", msrname, __FILE__, __LINE__);
                printf("You may need to do (as root) 'modprobe msr'n");
                return -1;
        }
}

int main() {
        unsigned long long ret = 0;
        rdmsr_for_pat(0, IA32_THERMAL_STATUS, &ret);
        printf("Result from MSR: %llxn", ret);
        unsigned int thermal_status = (unsigned int) ret;
        if (thermal_status && 1<<31) {
                int dsr = ((thermal_status>>16) & 0x7F);
                printf("DSR reading: %un", dsr);
                printf("Temperature: %un", TJ_MAX-dsr);
        } else {
                printf("Invalid thermal status reading (Bit31 is not set)n");
        }
}
Thanks, Alex
Bild des Benutzers yannseng
Thank you so much for the replies, guys!

However, that's awful. Is there anyway to get root access for the phone? Else, all of this is meaningless.

Melden Sie sich an, um einen Kommentar zu hinterlassen.