external_aborts.c 9.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /*
  3. * external_abort - Tests for userspace external abort injection
  4. *
  5. * Copyright (c) 2024 Google LLC
  6. */
  7. #include "processor.h"
  8. #include "test_util.h"
  9. #define MMIO_ADDR 0x8000000ULL
  10. #define EXPECTED_SERROR_ISS (ESR_ELx_ISV | 0x1d1ed)
  11. static u64 expected_abort_pc;
  12. static void expect_sea_handler(struct ex_regs *regs)
  13. {
  14. u64 esr = read_sysreg(esr_el1);
  15. GUEST_ASSERT_EQ(regs->pc, expected_abort_pc);
  16. GUEST_ASSERT_EQ(ESR_ELx_EC(esr), ESR_ELx_EC_DABT_CUR);
  17. GUEST_ASSERT_EQ(esr & ESR_ELx_FSC_TYPE, ESR_ELx_FSC_EXTABT);
  18. GUEST_DONE();
  19. }
  20. static void unexpected_dabt_handler(struct ex_regs *regs)
  21. {
  22. GUEST_FAIL("Unexpected data abort at PC: %lx\n", regs->pc);
  23. }
  24. static struct kvm_vm *vm_create_with_dabt_handler(struct kvm_vcpu **vcpu, void *guest_code,
  25. handler_fn dabt_handler)
  26. {
  27. struct kvm_vm *vm = vm_create_with_one_vcpu(vcpu, guest_code);
  28. vm_init_descriptor_tables(vm);
  29. vcpu_init_descriptor_tables(*vcpu);
  30. vm_install_sync_handler(vm, VECTOR_SYNC_CURRENT, ESR_ELx_EC_DABT_CUR, dabt_handler);
  31. virt_map(vm, MMIO_ADDR, MMIO_ADDR, 1);
  32. return vm;
  33. }
  34. static void vcpu_inject_sea(struct kvm_vcpu *vcpu)
  35. {
  36. struct kvm_vcpu_events events = {};
  37. events.exception.ext_dabt_pending = true;
  38. vcpu_events_set(vcpu, &events);
  39. }
  40. static bool vcpu_has_ras(struct kvm_vcpu *vcpu)
  41. {
  42. u64 pfr0 = vcpu_get_reg(vcpu, KVM_ARM64_SYS_REG(SYS_ID_AA64PFR0_EL1));
  43. return SYS_FIELD_GET(ID_AA64PFR0_EL1, RAS, pfr0);
  44. }
  45. static bool guest_has_ras(void)
  46. {
  47. return SYS_FIELD_GET(ID_AA64PFR0_EL1, RAS, read_sysreg(id_aa64pfr0_el1));
  48. }
  49. static void vcpu_inject_serror(struct kvm_vcpu *vcpu)
  50. {
  51. struct kvm_vcpu_events events = {};
  52. events.exception.serror_pending = true;
  53. if (vcpu_has_ras(vcpu)) {
  54. events.exception.serror_has_esr = true;
  55. events.exception.serror_esr = EXPECTED_SERROR_ISS;
  56. }
  57. vcpu_events_set(vcpu, &events);
  58. }
  59. static void __vcpu_run_expect(struct kvm_vcpu *vcpu, unsigned int cmd)
  60. {
  61. struct ucall uc;
  62. vcpu_run(vcpu);
  63. switch (get_ucall(vcpu, &uc)) {
  64. case UCALL_ABORT:
  65. REPORT_GUEST_ASSERT(uc);
  66. break;
  67. default:
  68. if (uc.cmd == cmd)
  69. return;
  70. TEST_FAIL("Unexpected ucall: %lu", uc.cmd);
  71. }
  72. }
  73. static void vcpu_run_expect_done(struct kvm_vcpu *vcpu)
  74. {
  75. __vcpu_run_expect(vcpu, UCALL_DONE);
  76. }
  77. static void vcpu_run_expect_sync(struct kvm_vcpu *vcpu)
  78. {
  79. __vcpu_run_expect(vcpu, UCALL_SYNC);
  80. }
  81. extern char test_mmio_abort_insn;
  82. static noinline void test_mmio_abort_guest(void)
  83. {
  84. WRITE_ONCE(expected_abort_pc, (u64)&test_mmio_abort_insn);
  85. asm volatile("test_mmio_abort_insn:\n\t"
  86. "ldr x0, [%0]\n\t"
  87. : : "r" (MMIO_ADDR) : "x0", "memory");
  88. GUEST_FAIL("MMIO instruction should not retire");
  89. }
  90. /*
  91. * Test that KVM doesn't complete MMIO emulation when userspace has made an
  92. * external abort pending for the instruction.
  93. */
  94. static void test_mmio_abort(void)
  95. {
  96. struct kvm_vcpu *vcpu;
  97. struct kvm_vm *vm = vm_create_with_dabt_handler(&vcpu, test_mmio_abort_guest,
  98. expect_sea_handler);
  99. struct kvm_run *run = vcpu->run;
  100. vcpu_run(vcpu);
  101. TEST_ASSERT_KVM_EXIT_REASON(vcpu, KVM_EXIT_MMIO);
  102. TEST_ASSERT_EQ(run->mmio.phys_addr, MMIO_ADDR);
  103. TEST_ASSERT_EQ(run->mmio.len, sizeof(unsigned long));
  104. TEST_ASSERT(!run->mmio.is_write, "Expected MMIO read");
  105. vcpu_inject_sea(vcpu);
  106. vcpu_run_expect_done(vcpu);
  107. kvm_vm_free(vm);
  108. }
  109. extern char test_mmio_nisv_insn;
  110. static void test_mmio_nisv_guest(void)
  111. {
  112. WRITE_ONCE(expected_abort_pc, (u64)&test_mmio_nisv_insn);
  113. asm volatile("test_mmio_nisv_insn:\n\t"
  114. "ldr x0, [%0], #8\n\t"
  115. : : "r" (MMIO_ADDR) : "x0", "memory");
  116. GUEST_FAIL("MMIO instruction should not retire");
  117. }
  118. /*
  119. * Test that the KVM_RUN ioctl fails for ESR_EL2.ISV=0 MMIO aborts if userspace
  120. * hasn't enabled KVM_CAP_ARM_NISV_TO_USER.
  121. */
  122. static void test_mmio_nisv(void)
  123. {
  124. struct kvm_vcpu *vcpu;
  125. struct kvm_vm *vm = vm_create_with_dabt_handler(&vcpu, test_mmio_nisv_guest,
  126. unexpected_dabt_handler);
  127. TEST_ASSERT(_vcpu_run(vcpu), "Expected nonzero return code from KVM_RUN");
  128. TEST_ASSERT_EQ(errno, ENOSYS);
  129. kvm_vm_free(vm);
  130. }
  131. /*
  132. * Test that ESR_EL2.ISV=0 MMIO aborts reach userspace and that an injected SEA
  133. * reaches the guest.
  134. */
  135. static void test_mmio_nisv_abort(void)
  136. {
  137. struct kvm_vcpu *vcpu;
  138. struct kvm_vm *vm = vm_create_with_dabt_handler(&vcpu, test_mmio_nisv_guest,
  139. expect_sea_handler);
  140. struct kvm_run *run = vcpu->run;
  141. vm_enable_cap(vm, KVM_CAP_ARM_NISV_TO_USER, 1);
  142. vcpu_run(vcpu);
  143. TEST_ASSERT_KVM_EXIT_REASON(vcpu, KVM_EXIT_ARM_NISV);
  144. TEST_ASSERT_EQ(run->arm_nisv.fault_ipa, MMIO_ADDR);
  145. vcpu_inject_sea(vcpu);
  146. vcpu_run_expect_done(vcpu);
  147. kvm_vm_free(vm);
  148. }
  149. static void unexpected_serror_handler(struct ex_regs *regs)
  150. {
  151. GUEST_FAIL("Took unexpected SError exception");
  152. }
  153. static void test_serror_masked_guest(void)
  154. {
  155. GUEST_ASSERT(read_sysreg(isr_el1) & ISR_EL1_A);
  156. isb();
  157. GUEST_DONE();
  158. }
  159. static void test_serror_masked(void)
  160. {
  161. struct kvm_vcpu *vcpu;
  162. struct kvm_vm *vm = vm_create_with_dabt_handler(&vcpu, test_serror_masked_guest,
  163. unexpected_dabt_handler);
  164. vm_install_exception_handler(vm, VECTOR_ERROR_CURRENT, unexpected_serror_handler);
  165. vcpu_inject_serror(vcpu);
  166. vcpu_run_expect_done(vcpu);
  167. kvm_vm_free(vm);
  168. }
  169. static void expect_serror_handler(struct ex_regs *regs)
  170. {
  171. u64 esr = read_sysreg(esr_el1);
  172. GUEST_ASSERT_EQ(ESR_ELx_EC(esr), ESR_ELx_EC_SERROR);
  173. if (guest_has_ras())
  174. GUEST_ASSERT_EQ(ESR_ELx_ISS(esr), EXPECTED_SERROR_ISS);
  175. GUEST_DONE();
  176. }
  177. static void test_serror_guest(void)
  178. {
  179. GUEST_ASSERT(read_sysreg(isr_el1) & ISR_EL1_A);
  180. local_serror_enable();
  181. isb();
  182. local_serror_disable();
  183. GUEST_FAIL("Should've taken pending SError exception");
  184. }
  185. static void test_serror(void)
  186. {
  187. struct kvm_vcpu *vcpu;
  188. struct kvm_vm *vm = vm_create_with_dabt_handler(&vcpu, test_serror_guest,
  189. unexpected_dabt_handler);
  190. vm_install_exception_handler(vm, VECTOR_ERROR_CURRENT, expect_serror_handler);
  191. vcpu_inject_serror(vcpu);
  192. vcpu_run_expect_done(vcpu);
  193. kvm_vm_free(vm);
  194. }
  195. static void expect_sea_s1ptw_handler(struct ex_regs *regs)
  196. {
  197. u64 esr = read_sysreg(esr_el1);
  198. GUEST_ASSERT_EQ(regs->pc, expected_abort_pc);
  199. GUEST_ASSERT_EQ(ESR_ELx_EC(esr), ESR_ELx_EC_DABT_CUR);
  200. GUEST_ASSERT_EQ((esr & ESR_ELx_FSC), ESR_ELx_FSC_SEA_TTW(3));
  201. GUEST_DONE();
  202. }
  203. static noinline void test_s1ptw_abort_guest(void)
  204. {
  205. extern char test_s1ptw_abort_insn;
  206. WRITE_ONCE(expected_abort_pc, (u64)&test_s1ptw_abort_insn);
  207. asm volatile("test_s1ptw_abort_insn:\n\t"
  208. "ldr x0, [%0]\n\t"
  209. : : "r" (MMIO_ADDR) : "x0", "memory");
  210. GUEST_FAIL("Load on S1PTW abort should not retire");
  211. }
  212. static void test_s1ptw_abort(void)
  213. {
  214. struct kvm_vcpu *vcpu;
  215. u64 *ptep, bad_pa;
  216. struct kvm_vm *vm = vm_create_with_dabt_handler(&vcpu, test_s1ptw_abort_guest,
  217. expect_sea_s1ptw_handler);
  218. ptep = virt_get_pte_hva_at_level(vm, MMIO_ADDR, 2);
  219. bad_pa = BIT(vm->pa_bits) - vm->page_size;
  220. *ptep &= ~GENMASK(47, 12);
  221. *ptep |= bad_pa;
  222. vcpu_run_expect_done(vcpu);
  223. kvm_vm_free(vm);
  224. }
  225. static void test_serror_emulated_guest(void)
  226. {
  227. GUEST_ASSERT(!(read_sysreg(isr_el1) & ISR_EL1_A));
  228. local_serror_enable();
  229. GUEST_SYNC(0);
  230. local_serror_disable();
  231. GUEST_FAIL("Should've taken unmasked SError exception");
  232. }
  233. static void test_serror_emulated(void)
  234. {
  235. struct kvm_vcpu *vcpu;
  236. struct kvm_vm *vm = vm_create_with_dabt_handler(&vcpu, test_serror_emulated_guest,
  237. unexpected_dabt_handler);
  238. vm_install_exception_handler(vm, VECTOR_ERROR_CURRENT, expect_serror_handler);
  239. vcpu_run_expect_sync(vcpu);
  240. vcpu_inject_serror(vcpu);
  241. vcpu_run_expect_done(vcpu);
  242. kvm_vm_free(vm);
  243. }
  244. static void test_mmio_ease_guest(void)
  245. {
  246. sysreg_clear_set_s(SYS_SCTLR2_EL1, 0, SCTLR2_EL1_EASE);
  247. isb();
  248. test_mmio_abort_guest();
  249. }
  250. /*
  251. * Test that KVM doesn't complete MMIO emulation when userspace has made an
  252. * external abort pending for the instruction.
  253. */
  254. static void test_mmio_ease(void)
  255. {
  256. struct kvm_vcpu *vcpu;
  257. struct kvm_vm *vm = vm_create_with_dabt_handler(&vcpu, test_mmio_ease_guest,
  258. unexpected_dabt_handler);
  259. struct kvm_run *run = vcpu->run;
  260. u64 pfr1;
  261. pfr1 = vcpu_get_reg(vcpu, KVM_ARM64_SYS_REG(SYS_ID_AA64PFR1_EL1));
  262. if (!SYS_FIELD_GET(ID_AA64PFR1_EL1, DF2, pfr1)) {
  263. pr_debug("Skipping %s\n", __func__);
  264. return;
  265. }
  266. /*
  267. * SCTLR2_ELx.EASE changes the exception vector to the SError vector but
  268. * doesn't further modify the exception context (e.g. ESR_ELx, FAR_ELx).
  269. */
  270. vm_install_exception_handler(vm, VECTOR_ERROR_CURRENT, expect_sea_handler);
  271. vcpu_run(vcpu);
  272. TEST_ASSERT_KVM_EXIT_REASON(vcpu, KVM_EXIT_MMIO);
  273. TEST_ASSERT_EQ(run->mmio.phys_addr, MMIO_ADDR);
  274. TEST_ASSERT_EQ(run->mmio.len, sizeof(unsigned long));
  275. TEST_ASSERT(!run->mmio.is_write, "Expected MMIO read");
  276. vcpu_inject_sea(vcpu);
  277. vcpu_run_expect_done(vcpu);
  278. kvm_vm_free(vm);
  279. }
  280. static void test_serror_amo_guest(void)
  281. {
  282. /*
  283. * The ISB is entirely unnecessary (and highlights how FEAT_NV2 is borked)
  284. * since the write is redirected to memory. But don't write (intentionally)
  285. * broken code!
  286. */
  287. sysreg_clear_set(hcr_el2, HCR_EL2_AMO | HCR_EL2_TGE, 0);
  288. isb();
  289. GUEST_SYNC(0);
  290. GUEST_ASSERT(read_sysreg(isr_el1) & ISR_EL1_A);
  291. /*
  292. * KVM treats the effective value of AMO as 1 when
  293. * HCR_EL2.{E2H,TGE} = {1, 0}, meaning the SError will be taken when
  294. * unmasked.
  295. */
  296. local_serror_enable();
  297. isb();
  298. local_serror_disable();
  299. GUEST_FAIL("Should've taken pending SError exception");
  300. }
  301. static void test_serror_amo(void)
  302. {
  303. struct kvm_vcpu *vcpu;
  304. struct kvm_vm *vm = vm_create_with_dabt_handler(&vcpu, test_serror_amo_guest,
  305. unexpected_dabt_handler);
  306. vm_install_exception_handler(vm, VECTOR_ERROR_CURRENT, expect_serror_handler);
  307. vcpu_run_expect_sync(vcpu);
  308. vcpu_inject_serror(vcpu);
  309. vcpu_run_expect_done(vcpu);
  310. kvm_vm_free(vm);
  311. }
  312. int main(void)
  313. {
  314. test_mmio_abort();
  315. test_mmio_nisv();
  316. test_mmio_nisv_abort();
  317. test_serror();
  318. test_serror_masked();
  319. test_serror_emulated();
  320. test_mmio_ease();
  321. test_s1ptw_abort();
  322. if (!test_supports_el2())
  323. return 0;
  324. test_serror_amo();
  325. }