1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
|
// SPDX-License-Identifier: GPL-2.0-only
#include <asm/msr-index.h>
#include <stdint.h>
#include "kvm_util.h"
#include "processor.h"
/* Use HYPERVISOR for MSRs that are emulated unconditionally (as is HYPERVISOR). */
#define X86_FEATURE_NONE X86_FEATURE_HYPERVISOR
struct kvm_msr {
const struct kvm_x86_cpu_feature feature;
const struct kvm_x86_cpu_feature feature2;
const char *name;
const u64 reset_val;
const u64 write_val;
const u64 rsvd_val;
const u32 index;
const bool is_kvm_defined;
};
#define ____MSR_TEST(msr, str, val, rsvd, reset, feat, f2, is_kvm) \
{ \
.index = msr, \
.name = str, \
.write_val = val, \
.rsvd_val = rsvd, \
.reset_val = reset, \
.feature = X86_FEATURE_ ##feat, \
.feature2 = X86_FEATURE_ ##f2, \
.is_kvm_defined = is_kvm, \
}
#define __MSR_TEST(msr, str, val, rsvd, reset, feat) \
____MSR_TEST(msr, str, val, rsvd, reset, feat, feat, false)
#define MSR_TEST_NON_ZERO(msr, val, rsvd, reset, feat) \
__MSR_TEST(msr, #msr, val, rsvd, reset, feat)
#define MSR_TEST(msr, val, rsvd, feat) \
__MSR_TEST(msr, #msr, val, rsvd, 0, feat)
#define MSR_TEST2(msr, val, rsvd, feat, f2) \
____MSR_TEST(msr, #msr, val, rsvd, 0, feat, f2, false)
/*
* Note, use a page aligned value for the canonical value so that the value
* is compatible with MSRs that use bits 11:0 for things other than addresses.
*/
static const u64 canonical_val = 0x123456789000ull;
/*
* Arbitrary value with bits set in every byte, but not all bits set. This is
* also a non-canonical value, but that's coincidental (any 64-bit value with
* an alternating 0s/1s pattern will be non-canonical).
*/
static const u64 u64_val = 0xaaaa5555aaaa5555ull;
#define MSR_TEST_CANONICAL(msr, feat) \
__MSR_TEST(msr, #msr, canonical_val, NONCANONICAL, 0, feat)
#define MSR_TEST_KVM(msr, val, rsvd, feat) \
____MSR_TEST(KVM_REG_ ##msr, #msr, val, rsvd, 0, feat, feat, true)
/*
* The main struct must be scoped to a function due to the use of structures to
* define features. For the global structure, allocate enough space for the
* foreseeable future without getting too ridiculous, to minimize maintenance
* costs (bumping the array size every time an MSR is added is really annoying).
*/
static struct kvm_msr msrs[128];
static int idx;
static bool ignore_unsupported_msrs;
static u64 fixup_rdmsr_val(u32 msr, u64 want)
{
/*
* AMD CPUs drop bits 63:32 on some MSRs that Intel CPUs support. KVM
* is supposed to emulate that behavior based on guest vendor model
* (which is the same as the host vendor model for this test).
*/
if (!host_cpu_is_amd)
return want;
switch (msr) {
case MSR_IA32_SYSENTER_ESP:
case MSR_IA32_SYSENTER_EIP:
case MSR_TSC_AUX:
return want & GENMASK_ULL(31, 0);
default:
return want;
}
}
static void __rdmsr(u32 msr, u64 want)
{
u64 val;
u8 vec;
vec = rdmsr_safe(msr, &val);
__GUEST_ASSERT(!vec, "Unexpected %s on RDMSR(0x%x)", ex_str(vec), msr);
__GUEST_ASSERT(val == want, "Wanted 0x%lx from RDMSR(0x%x), got 0x%lx",
want, msr, val);
}
static void __wrmsr(u32 msr, u64 val)
{
u8 vec;
vec = wrmsr_safe(msr, val);
__GUEST_ASSERT(!vec, "Unexpected %s on WRMSR(0x%x, 0x%lx)",
ex_str(vec), msr, val);
__rdmsr(msr, fixup_rdmsr_val(msr, val));
}
static void guest_test_supported_msr(const struct kvm_msr *msr)
{
__rdmsr(msr->index, msr->reset_val);
__wrmsr(msr->index, msr->write_val);
GUEST_SYNC(fixup_rdmsr_val(msr->index, msr->write_val));
__rdmsr(msr->index, msr->reset_val);
}
static void guest_test_unsupported_msr(const struct kvm_msr *msr)
{
u64 val;
u8 vec;
/*
* KVM's ABI with respect to ignore_msrs is a mess and largely beyond
* repair, just skip the unsupported MSR tests.
*/
if (ignore_unsupported_msrs)
goto skip_wrmsr_gp;
/*
* {S,U}_CET exist if IBT or SHSTK is supported, but with bits that are
* writable only if their associated feature is supported. Skip the
* RDMSR #GP test if the secondary feature is supported, but perform
* the WRMSR #GP test as the to-be-written value is tied to the primary
* feature. For all other MSRs, simply do nothing.
*/
if (this_cpu_has(msr->feature2)) {
if (msr->index != MSR_IA32_U_CET &&
msr->index != MSR_IA32_S_CET)
goto skip_wrmsr_gp;
goto skip_rdmsr_gp;
}
vec = rdmsr_safe(msr->index, &val);
__GUEST_ASSERT(vec == GP_VECTOR, "Wanted #GP on RDMSR(0x%x), got %s",
msr->index, ex_str(vec));
skip_rdmsr_gp:
vec = wrmsr_safe(msr->index, msr->write_val);
__GUEST_ASSERT(vec == GP_VECTOR, "Wanted #GP on WRMSR(0x%x, 0x%lx), got %s",
msr->index, msr->write_val, ex_str(vec));
skip_wrmsr_gp:
GUEST_SYNC(0);
}
void guest_test_reserved_val(const struct kvm_msr *msr)
{
/* Skip reserved value checks as well, ignore_msrs is trully a mess. */
if (ignore_unsupported_msrs)
return;
/*
* If the CPU will truncate the written value (e.g. SYSENTER on AMD),
* expect success and a truncated value, not #GP.
*/
if (!this_cpu_has(msr->feature) ||
msr->rsvd_val == fixup_rdmsr_val(msr->index, msr->rsvd_val)) {
u8 vec = wrmsr_safe(msr->index, msr->rsvd_val);
__GUEST_ASSERT(vec == GP_VECTOR,
"Wanted #GP on WRMSR(0x%x, 0x%lx), got %s",
msr->index, msr->rsvd_val, ex_str(vec));
} else {
__wrmsr(msr->index, msr->rsvd_val);
__wrmsr(msr->index, msr->reset_val);
}
}
static void guest_main(void)
{
for (;;) {
const struct kvm_msr *msr = &msrs[READ_ONCE(idx)];
if (this_cpu_has(msr->feature))
guest_test_supported_msr(msr);
else
guest_test_unsupported_msr(msr);
if (msr->rsvd_val)
guest_test_reserved_val(msr);
GUEST_SYNC(msr->reset_val);
}
}
static bool has_one_reg;
static bool use_one_reg;
#define KVM_X86_MAX_NR_REGS 1
static bool vcpu_has_reg(struct kvm_vcpu *vcpu, u64 reg)
{
struct {
struct kvm_reg_list list;
u64 regs[KVM_X86_MAX_NR_REGS];
} regs = {};
int r, i;
/*
* If KVM_GET_REG_LIST succeeds with n=0, i.e. there are no supported
* regs, then the vCPU obviously doesn't support the reg.
*/
r = __vcpu_ioctl(vcpu, KVM_GET_REG_LIST, ®s.list);
if (!r)
return false;
TEST_ASSERT_EQ(errno, E2BIG);
/*
* KVM x86 is expected to support enumerating a relative small number
* of regs. The majority of registers supported by KVM_{G,S}ET_ONE_REG
* are enumerated via other ioctls, e.g. KVM_GET_MSR_INDEX_LIST. For
* simplicity, hardcode the maximum number of regs and manually update
* the test as necessary.
*/
TEST_ASSERT(regs.list.n <= KVM_X86_MAX_NR_REGS,
"KVM reports %llu regs, test expects at most %u regs, stale test?",
regs.list.n, KVM_X86_MAX_NR_REGS);
vcpu_ioctl(vcpu, KVM_GET_REG_LIST, ®s.list);
for (i = 0; i < regs.list.n; i++) {
if (regs.regs[i] == reg)
return true;
}
return false;
}
static void host_test_kvm_reg(struct kvm_vcpu *vcpu)
{
bool has_reg = vcpu_cpuid_has(vcpu, msrs[idx].feature);
u64 reset_val = msrs[idx].reset_val;
u64 write_val = msrs[idx].write_val;
u64 rsvd_val = msrs[idx].rsvd_val;
u32 reg = msrs[idx].index;
u64 val;
int r;
if (!use_one_reg)
return;
TEST_ASSERT_EQ(vcpu_has_reg(vcpu, KVM_X86_REG_KVM(reg)), has_reg);
if (!has_reg) {
r = __vcpu_get_reg(vcpu, KVM_X86_REG_KVM(reg), &val);
TEST_ASSERT(r && errno == EINVAL,
"Expected failure on get_reg(0x%x)", reg);
rsvd_val = 0;
goto out;
}
val = vcpu_get_reg(vcpu, KVM_X86_REG_KVM(reg));
TEST_ASSERT(val == reset_val, "Wanted 0x%lx from get_reg(0x%x), got 0x%lx",
reset_val, reg, val);
vcpu_set_reg(vcpu, KVM_X86_REG_KVM(reg), write_val);
val = vcpu_get_reg(vcpu, KVM_X86_REG_KVM(reg));
TEST_ASSERT(val == write_val, "Wanted 0x%lx from get_reg(0x%x), got 0x%lx",
write_val, reg, val);
out:
r = __vcpu_set_reg(vcpu, KVM_X86_REG_KVM(reg), rsvd_val);
TEST_ASSERT(r, "Expected failure on set_reg(0x%x, 0x%lx)", reg, rsvd_val);
}
static void host_test_msr(struct kvm_vcpu *vcpu, u64 guest_val)
{
u64 reset_val = msrs[idx].reset_val;
u32 msr = msrs[idx].index;
u64 val;
if (!kvm_cpu_has(msrs[idx].feature))
return;
val = vcpu_get_msr(vcpu, msr);
TEST_ASSERT(val == guest_val, "Wanted 0x%lx from get_msr(0x%x), got 0x%lx",
guest_val, msr, val);
if (use_one_reg)
vcpu_set_reg(vcpu, KVM_X86_REG_MSR(msr), reset_val);
else
vcpu_set_msr(vcpu, msr, reset_val);
val = vcpu_get_msr(vcpu, msr);
TEST_ASSERT(val == reset_val, "Wanted 0x%lx from get_msr(0x%x), got 0x%lx",
reset_val, msr, val);
if (!has_one_reg)
return;
val = vcpu_get_reg(vcpu, KVM_X86_REG_MSR(msr));
TEST_ASSERT(val == reset_val, "Wanted 0x%lx from get_reg(0x%x), got 0x%lx",
reset_val, msr, val);
}
static void do_vcpu_run(struct kvm_vcpu *vcpu)
{
struct ucall uc;
for (;;) {
vcpu_run(vcpu);
switch (get_ucall(vcpu, &uc)) {
case UCALL_SYNC:
host_test_msr(vcpu, uc.args[1]);
return;
case UCALL_PRINTF:
pr_info("%s", uc.buffer);
break;
case UCALL_ABORT:
REPORT_GUEST_ASSERT(uc);
case UCALL_DONE:
TEST_FAIL("Unexpected UCALL_DONE");
default:
TEST_FAIL("Unexpected ucall: %lu", uc.cmd);
}
}
}
static void vcpus_run(struct kvm_vcpu **vcpus, const int NR_VCPUS)
{
int i;
for (i = 0; i < NR_VCPUS; i++)
do_vcpu_run(vcpus[i]);
}
#define MISC_ENABLES_RESET_VAL (MSR_IA32_MISC_ENABLE_PEBS_UNAVAIL | MSR_IA32_MISC_ENABLE_BTS_UNAVAIL)
static void test_msrs(void)
{
const struct kvm_msr __msrs[] = {
MSR_TEST_NON_ZERO(MSR_IA32_MISC_ENABLE,
MISC_ENABLES_RESET_VAL | MSR_IA32_MISC_ENABLE_FAST_STRING,
MSR_IA32_MISC_ENABLE_FAST_STRING, MISC_ENABLES_RESET_VAL, NONE),
MSR_TEST_NON_ZERO(MSR_IA32_CR_PAT, 0x07070707, 0, 0x7040600070406, NONE),
/*
* TSC_AUX is supported if RDTSCP *or* RDPID is supported. Add
* entries for each features so that TSC_AUX doesn't exists for
* the "unsupported" vCPU, and obviously to test both cases.
*/
MSR_TEST2(MSR_TSC_AUX, 0x12345678, u64_val, RDTSCP, RDPID),
MSR_TEST2(MSR_TSC_AUX, 0x12345678, u64_val, RDPID, RDTSCP),
MSR_TEST(MSR_IA32_SYSENTER_CS, 0x1234, 0, NONE),
/*
* SYSENTER_{ESP,EIP} are technically non-canonical on Intel,
* but KVM doesn't emulate that behavior on emulated writes,
* i.e. this test will observe different behavior if the MSR
* writes are handed by hardware vs. KVM. KVM's behavior is
* intended (though far from ideal), so don't bother testing
* non-canonical values.
*/
MSR_TEST(MSR_IA32_SYSENTER_ESP, canonical_val, 0, NONE),
MSR_TEST(MSR_IA32_SYSENTER_EIP, canonical_val, 0, NONE),
MSR_TEST_CANONICAL(MSR_FS_BASE, LM),
MSR_TEST_CANONICAL(MSR_GS_BASE, LM),
MSR_TEST_CANONICAL(MSR_KERNEL_GS_BASE, LM),
MSR_TEST_CANONICAL(MSR_LSTAR, LM),
MSR_TEST_CANONICAL(MSR_CSTAR, LM),
MSR_TEST(MSR_SYSCALL_MASK, 0xffffffff, 0, LM),
MSR_TEST2(MSR_IA32_S_CET, CET_SHSTK_EN, CET_RESERVED, SHSTK, IBT),
MSR_TEST2(MSR_IA32_S_CET, CET_ENDBR_EN, CET_RESERVED, IBT, SHSTK),
MSR_TEST2(MSR_IA32_U_CET, CET_SHSTK_EN, CET_RESERVED, SHSTK, IBT),
MSR_TEST2(MSR_IA32_U_CET, CET_ENDBR_EN, CET_RESERVED, IBT, SHSTK),
MSR_TEST_CANONICAL(MSR_IA32_PL0_SSP, SHSTK),
MSR_TEST(MSR_IA32_PL0_SSP, canonical_val, canonical_val | 1, SHSTK),
MSR_TEST_CANONICAL(MSR_IA32_PL1_SSP, SHSTK),
MSR_TEST(MSR_IA32_PL1_SSP, canonical_val, canonical_val | 1, SHSTK),
MSR_TEST_CANONICAL(MSR_IA32_PL2_SSP, SHSTK),
MSR_TEST(MSR_IA32_PL2_SSP, canonical_val, canonical_val | 1, SHSTK),
MSR_TEST_CANONICAL(MSR_IA32_PL3_SSP, SHSTK),
MSR_TEST(MSR_IA32_PL3_SSP, canonical_val, canonical_val | 1, SHSTK),
MSR_TEST_KVM(GUEST_SSP, canonical_val, NONCANONICAL, SHSTK),
};
const struct kvm_x86_cpu_feature feat_none = X86_FEATURE_NONE;
const struct kvm_x86_cpu_feature feat_lm = X86_FEATURE_LM;
/*
* Create three vCPUs, but run them on the same task, to validate KVM's
* context switching of MSR state. Don't pin the task to a pCPU to
* also validate KVM's handling of cross-pCPU migration. Use the full
* set of features for the first two vCPUs, but clear all features in
* third vCPU in order to test both positive and negative paths.
*/
const int NR_VCPUS = 3;
struct kvm_vcpu *vcpus[NR_VCPUS];
struct kvm_vm *vm;
int i;
kvm_static_assert(sizeof(__msrs) <= sizeof(msrs));
kvm_static_assert(ARRAY_SIZE(__msrs) <= ARRAY_SIZE(msrs));
memcpy(msrs, __msrs, sizeof(__msrs));
ignore_unsupported_msrs = kvm_is_ignore_msrs();
vm = vm_create_with_vcpus(NR_VCPUS, guest_main, vcpus);
sync_global_to_guest(vm, msrs);
sync_global_to_guest(vm, ignore_unsupported_msrs);
/*
* Clear features in the "unsupported features" vCPU. This needs to be
* done before the first vCPU run as KVM's ABI is that guest CPUID is
* immutable once the vCPU has been run.
*/
for (idx = 0; idx < ARRAY_SIZE(__msrs); idx++) {
/*
* Don't clear LM; selftests are 64-bit only, and KVM doesn't
* honor LM=0 for MSRs that are supposed to exist if and only
* if the vCPU is a 64-bit model. Ditto for NONE; clearing a
* fake feature flag will result in false failures.
*/
if (memcmp(&msrs[idx].feature, &feat_lm, sizeof(feat_lm)) &&
memcmp(&msrs[idx].feature, &feat_none, sizeof(feat_none)))
vcpu_clear_cpuid_feature(vcpus[2], msrs[idx].feature);
}
for (idx = 0; idx < ARRAY_SIZE(__msrs); idx++) {
struct kvm_msr *msr = &msrs[idx];
if (msr->is_kvm_defined) {
for (i = 0; i < NR_VCPUS; i++)
host_test_kvm_reg(vcpus[i]);
continue;
}
/*
* Verify KVM_GET_SUPPORTED_CPUID and KVM_GET_MSR_INDEX_LIST
* are consistent with respect to MSRs whose existence is
* enumerated via CPUID. Skip the check for FS/GS.base MSRs,
* as they aren't reported in the save/restore list since their
* state is managed via SREGS.
*/
TEST_ASSERT(msr->index == MSR_FS_BASE || msr->index == MSR_GS_BASE ||
kvm_msr_is_in_save_restore_list(msr->index) ==
(kvm_cpu_has(msr->feature) || kvm_cpu_has(msr->feature2)),
"%s %s in save/restore list, but %s according to CPUID", msr->name,
kvm_msr_is_in_save_restore_list(msr->index) ? "is" : "isn't",
(kvm_cpu_has(msr->feature) || kvm_cpu_has(msr->feature2)) ?
"supported" : "unsupported");
sync_global_to_guest(vm, idx);
vcpus_run(vcpus, NR_VCPUS);
vcpus_run(vcpus, NR_VCPUS);
}
kvm_vm_free(vm);
}
int main(void)
{
has_one_reg = kvm_has_cap(KVM_CAP_ONE_REG);
test_msrs();
if (has_one_reg) {
use_one_reg = true;
test_msrs();
}
}
|
