state_test.c 8.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /*
  3. * KVM_GET/SET_* tests
  4. *
  5. * Copyright (C) 2018, Red Hat, Inc.
  6. *
  7. * Tests for vCPU state save/restore, including nested guest state.
  8. */
  9. #include <fcntl.h>
  10. #include <stdio.h>
  11. #include <stdlib.h>
  12. #include <string.h>
  13. #include <sys/ioctl.h>
  14. #include "test_util.h"
  15. #include "kvm_util.h"
  16. #include "processor.h"
  17. #include "vmx.h"
  18. #include "svm_util.h"
  19. #define L2_GUEST_STACK_SIZE 256
  20. void svm_l2_guest_code(void)
  21. {
  22. GUEST_SYNC(4);
  23. /* Exit to L1 */
  24. vmcall();
  25. GUEST_SYNC(6);
  26. /* Done, exit to L1 and never come back. */
  27. vmcall();
  28. }
  29. static void svm_l1_guest_code(struct svm_test_data *svm)
  30. {
  31. unsigned long l2_guest_stack[L2_GUEST_STACK_SIZE];
  32. struct vmcb *vmcb = svm->vmcb;
  33. GUEST_ASSERT(svm->vmcb_gpa);
  34. /* Prepare for L2 execution. */
  35. generic_svm_setup(svm, svm_l2_guest_code,
  36. &l2_guest_stack[L2_GUEST_STACK_SIZE]);
  37. GUEST_SYNC(3);
  38. run_guest(vmcb, svm->vmcb_gpa);
  39. GUEST_ASSERT(vmcb->control.exit_code == SVM_EXIT_VMMCALL);
  40. GUEST_SYNC(5);
  41. vmcb->save.rip += 3;
  42. run_guest(vmcb, svm->vmcb_gpa);
  43. GUEST_ASSERT(vmcb->control.exit_code == SVM_EXIT_VMMCALL);
  44. GUEST_SYNC(7);
  45. }
  46. void vmx_l2_guest_code(void)
  47. {
  48. GUEST_SYNC(6);
  49. /* Exit to L1 */
  50. vmcall();
  51. /* L1 has now set up a shadow VMCS for us. */
  52. GUEST_ASSERT(vmreadz(GUEST_RIP) == 0xc0ffee);
  53. GUEST_SYNC(10);
  54. GUEST_ASSERT(vmreadz(GUEST_RIP) == 0xc0ffee);
  55. GUEST_ASSERT(!vmwrite(GUEST_RIP, 0xc0fffee));
  56. GUEST_SYNC(11);
  57. GUEST_ASSERT(vmreadz(GUEST_RIP) == 0xc0fffee);
  58. GUEST_ASSERT(!vmwrite(GUEST_RIP, 0xc0ffffee));
  59. GUEST_SYNC(12);
  60. /* Done, exit to L1 and never come back. */
  61. vmcall();
  62. }
  63. static void vmx_l1_guest_code(struct vmx_pages *vmx_pages)
  64. {
  65. unsigned long l2_guest_stack[L2_GUEST_STACK_SIZE];
  66. GUEST_ASSERT(vmx_pages->vmcs_gpa);
  67. GUEST_ASSERT(prepare_for_vmx_operation(vmx_pages));
  68. GUEST_SYNC(3);
  69. GUEST_ASSERT(load_vmcs(vmx_pages));
  70. GUEST_ASSERT(vmptrstz() == vmx_pages->vmcs_gpa);
  71. GUEST_SYNC(4);
  72. GUEST_ASSERT(vmptrstz() == vmx_pages->vmcs_gpa);
  73. prepare_vmcs(vmx_pages, vmx_l2_guest_code,
  74. &l2_guest_stack[L2_GUEST_STACK_SIZE]);
  75. GUEST_SYNC(5);
  76. GUEST_ASSERT(vmptrstz() == vmx_pages->vmcs_gpa);
  77. GUEST_ASSERT(!vmlaunch());
  78. GUEST_ASSERT(vmptrstz() == vmx_pages->vmcs_gpa);
  79. GUEST_ASSERT(vmreadz(VM_EXIT_REASON) == EXIT_REASON_VMCALL);
  80. /* Check that the launched state is preserved. */
  81. GUEST_ASSERT(vmlaunch());
  82. GUEST_ASSERT(!vmresume());
  83. GUEST_ASSERT(vmreadz(VM_EXIT_REASON) == EXIT_REASON_VMCALL);
  84. GUEST_SYNC(7);
  85. GUEST_ASSERT(vmreadz(VM_EXIT_REASON) == EXIT_REASON_VMCALL);
  86. GUEST_ASSERT(!vmresume());
  87. GUEST_ASSERT(vmreadz(VM_EXIT_REASON) == EXIT_REASON_VMCALL);
  88. vmwrite(GUEST_RIP, vmreadz(GUEST_RIP) + 3);
  89. vmwrite(SECONDARY_VM_EXEC_CONTROL, SECONDARY_EXEC_SHADOW_VMCS);
  90. vmwrite(VMCS_LINK_POINTER, vmx_pages->shadow_vmcs_gpa);
  91. GUEST_ASSERT(!vmptrld(vmx_pages->shadow_vmcs_gpa));
  92. GUEST_ASSERT(vmlaunch());
  93. GUEST_SYNC(8);
  94. GUEST_ASSERT(vmlaunch());
  95. GUEST_ASSERT(vmresume());
  96. vmwrite(GUEST_RIP, 0xc0ffee);
  97. GUEST_SYNC(9);
  98. GUEST_ASSERT(vmreadz(GUEST_RIP) == 0xc0ffee);
  99. GUEST_ASSERT(!vmptrld(vmx_pages->vmcs_gpa));
  100. GUEST_ASSERT(!vmresume());
  101. GUEST_ASSERT(vmreadz(VM_EXIT_REASON) == EXIT_REASON_VMCALL);
  102. GUEST_ASSERT(!vmptrld(vmx_pages->shadow_vmcs_gpa));
  103. GUEST_ASSERT(vmreadz(GUEST_RIP) == 0xc0ffffee);
  104. GUEST_ASSERT(vmlaunch());
  105. GUEST_ASSERT(vmresume());
  106. GUEST_SYNC(13);
  107. GUEST_ASSERT(vmreadz(GUEST_RIP) == 0xc0ffffee);
  108. GUEST_ASSERT(vmlaunch());
  109. GUEST_ASSERT(vmresume());
  110. }
  111. static void __attribute__((__flatten__)) guest_code(void *arg)
  112. {
  113. GUEST_SYNC(1);
  114. if (this_cpu_has(X86_FEATURE_XSAVE)) {
  115. uint64_t supported_xcr0 = this_cpu_supported_xcr0();
  116. uint8_t buffer[PAGE_SIZE];
  117. memset(buffer, 0xcc, sizeof(buffer));
  118. /*
  119. * Modify state for all supported xfeatures to take them out of
  120. * their "init" state, i.e. to make them show up in XSTATE_BV.
  121. *
  122. * Note off-by-default features, e.g. AMX, are out of scope for
  123. * this particular testcase as they have a different ABI.
  124. */
  125. GUEST_ASSERT(supported_xcr0 & XFEATURE_MASK_FP);
  126. asm volatile ("fincstp");
  127. GUEST_ASSERT(supported_xcr0 & XFEATURE_MASK_SSE);
  128. asm volatile ("vmovdqu %0, %%xmm0" :: "m" (buffer));
  129. if (supported_xcr0 & XFEATURE_MASK_YMM)
  130. asm volatile ("vmovdqu %0, %%ymm0" :: "m" (buffer));
  131. if (supported_xcr0 & XFEATURE_MASK_AVX512) {
  132. asm volatile ("kmovq %0, %%k1" :: "r" (-1ull));
  133. asm volatile ("vmovupd %0, %%zmm0" :: "m" (buffer));
  134. asm volatile ("vmovupd %0, %%zmm16" :: "m" (buffer));
  135. }
  136. if (this_cpu_has(X86_FEATURE_MPX)) {
  137. uint64_t bounds[2] = { 10, 0xffffffffull };
  138. uint64_t output[2] = { };
  139. GUEST_ASSERT(supported_xcr0 & XFEATURE_MASK_BNDREGS);
  140. GUEST_ASSERT(supported_xcr0 & XFEATURE_MASK_BNDCSR);
  141. /*
  142. * Don't bother trying to get BNDCSR into the INUSE
  143. * state. MSR_IA32_BNDCFGS doesn't count as it isn't
  144. * managed via XSAVE/XRSTOR, and BNDCFGU can only be
  145. * modified by XRSTOR. Stuffing XSTATE_BV in the host
  146. * is simpler than doing XRSTOR here in the guest.
  147. *
  148. * However, temporarily enable MPX in BNDCFGS so that
  149. * BNDMOV actually loads BND1. If MPX isn't *fully*
  150. * enabled, all MPX instructions are treated as NOPs.
  151. *
  152. * Hand encode "bndmov (%rax),%bnd1" as support for MPX
  153. * mnemonics/registers has been removed from gcc and
  154. * clang (and was never fully supported by clang).
  155. */
  156. wrmsr(MSR_IA32_BNDCFGS, BIT_ULL(0));
  157. asm volatile (".byte 0x66,0x0f,0x1a,0x08" :: "a" (bounds));
  158. /*
  159. * Hand encode "bndmov %bnd1, (%rax)" to sanity check
  160. * that BND1 actually got loaded.
  161. */
  162. asm volatile (".byte 0x66,0x0f,0x1b,0x08" :: "a" (output));
  163. wrmsr(MSR_IA32_BNDCFGS, 0);
  164. GUEST_ASSERT_EQ(bounds[0], output[0]);
  165. GUEST_ASSERT_EQ(bounds[1], output[1]);
  166. }
  167. if (this_cpu_has(X86_FEATURE_PKU)) {
  168. GUEST_ASSERT(supported_xcr0 & XFEATURE_MASK_PKRU);
  169. set_cr4(get_cr4() | X86_CR4_PKE);
  170. GUEST_ASSERT(this_cpu_has(X86_FEATURE_OSPKE));
  171. wrpkru(-1u);
  172. }
  173. }
  174. GUEST_SYNC(2);
  175. if (arg) {
  176. if (this_cpu_has(X86_FEATURE_SVM))
  177. svm_l1_guest_code(arg);
  178. else
  179. vmx_l1_guest_code(arg);
  180. }
  181. GUEST_DONE();
  182. }
  183. int main(int argc, char *argv[])
  184. {
  185. uint64_t *xstate_bv, saved_xstate_bv;
  186. vm_vaddr_t nested_gva = 0;
  187. struct kvm_cpuid2 empty_cpuid = {};
  188. struct kvm_regs regs1, regs2;
  189. struct kvm_vcpu *vcpu, *vcpuN;
  190. struct kvm_vm *vm;
  191. struct kvm_x86_state *state;
  192. struct ucall uc;
  193. int stage;
  194. /* Create VM */
  195. vm = vm_create_with_one_vcpu(&vcpu, guest_code);
  196. vcpu_regs_get(vcpu, &regs1);
  197. if (kvm_has_cap(KVM_CAP_NESTED_STATE)) {
  198. if (kvm_cpu_has(X86_FEATURE_SVM))
  199. vcpu_alloc_svm(vm, &nested_gva);
  200. else if (kvm_cpu_has(X86_FEATURE_VMX))
  201. vcpu_alloc_vmx(vm, &nested_gva);
  202. }
  203. if (!nested_gva)
  204. pr_info("will skip nested state checks\n");
  205. vcpu_args_set(vcpu, 1, nested_gva);
  206. for (stage = 1;; stage++) {
  207. vcpu_run(vcpu);
  208. TEST_ASSERT_KVM_EXIT_REASON(vcpu, KVM_EXIT_IO);
  209. switch (get_ucall(vcpu, &uc)) {
  210. case UCALL_ABORT:
  211. REPORT_GUEST_ASSERT(uc);
  212. /* NOT REACHED */
  213. case UCALL_SYNC:
  214. break;
  215. case UCALL_DONE:
  216. goto done;
  217. default:
  218. TEST_FAIL("Unknown ucall %lu", uc.cmd);
  219. }
  220. /* UCALL_SYNC is handled here. */
  221. TEST_ASSERT(!strcmp((const char *)uc.args[0], "hello") &&
  222. uc.args[1] == stage, "Stage %d: Unexpected register values vmexit, got %lx",
  223. stage, (ulong)uc.args[1]);
  224. state = vcpu_save_state(vcpu);
  225. memset(&regs1, 0, sizeof(regs1));
  226. vcpu_regs_get(vcpu, &regs1);
  227. kvm_vm_release(vm);
  228. /* Restore state in a new VM. */
  229. vcpu = vm_recreate_with_one_vcpu(vm);
  230. vcpu_load_state(vcpu, state);
  231. /*
  232. * Restore XSAVE state in a dummy vCPU, first without doing
  233. * KVM_SET_CPUID2, and then with an empty guest CPUID. Except
  234. * for off-by-default xfeatures, e.g. AMX, KVM is supposed to
  235. * allow KVM_SET_XSAVE regardless of guest CPUID. Manually
  236. * load only XSAVE state, MSRs in particular have a much more
  237. * convoluted ABI.
  238. *
  239. * Load two versions of XSAVE state: one with the actual guest
  240. * XSAVE state, and one with all supported features forced "on"
  241. * in xstate_bv, e.g. to ensure that KVM allows loading all
  242. * supported features, even if something goes awry in saving
  243. * the original snapshot.
  244. */
  245. xstate_bv = (void *)&((uint8_t *)state->xsave->region)[512];
  246. saved_xstate_bv = *xstate_bv;
  247. vcpuN = __vm_vcpu_add(vm, vcpu->id + 1);
  248. vcpu_xsave_set(vcpuN, state->xsave);
  249. *xstate_bv = kvm_cpu_supported_xcr0();
  250. vcpu_xsave_set(vcpuN, state->xsave);
  251. vcpu_init_cpuid(vcpuN, &empty_cpuid);
  252. vcpu_xsave_set(vcpuN, state->xsave);
  253. *xstate_bv = saved_xstate_bv;
  254. vcpu_xsave_set(vcpuN, state->xsave);
  255. kvm_x86_state_cleanup(state);
  256. memset(&regs2, 0, sizeof(regs2));
  257. vcpu_regs_get(vcpu, &regs2);
  258. TEST_ASSERT(!memcmp(&regs1, &regs2, sizeof(regs2)),
  259. "Unexpected register values after vcpu_load_state; rdi: %lx rsi: %lx",
  260. (ulong) regs2.rdi, (ulong) regs2.rsi);
  261. }
  262. done:
  263. kvm_vm_free(vm);
  264. }