From patchwork Thu Aug 15 11:45:09 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arthur Chunqi Li X-Patchwork-Id: 2845126 Return-Path: X-Original-To: patchwork-kvm@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 5E0039F2F4 for ; Thu, 15 Aug 2013 11:45:50 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 46CBB201E0 for ; Thu, 15 Aug 2013 11:45:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 58EDF202FF for ; Thu, 15 Aug 2013 11:45:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756780Ab3HOLpi (ORCPT ); Thu, 15 Aug 2013 07:45:38 -0400 Received: from mail-pb0-f42.google.com ([209.85.160.42]:33798 "EHLO mail-pb0-f42.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754182Ab3HOLph (ORCPT ); Thu, 15 Aug 2013 07:45:37 -0400 Received: by mail-pb0-f42.google.com with SMTP id un15so636250pbc.15 for ; Thu, 15 Aug 2013 04:45:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=imfLm+lGl5Ac3wXnheqkoowCWLughgZOaMf6/hdHR3I=; b=SeAqi6NhTn9zjhgeF1EzE5HfZ8FD21SqVuNXFopJDgzXdipgTeabBlu9QCkSZyb+/g jvQhC9BNlLQLBkkU8m9yadZQx+CTV1GEDCNnG1rznQN2B8ctiItuYj+FDgkS5XVw0CBl IHL1st3VCUa/rl0Ku/6JPEAXgtnuWW2VM+rvC1Ukm5r8sb0UogOYlmYsjFS8zlD5ct6a TWzXJ/3ULe3lNUcJR0WApEWbfyTgUMfRwuKdrb3ycEviPuWzt7fiBwE9UOGaAwpIm8tO +yaE23fV6UB9zngE/XnRr/Sg9iTSq7BcweJD5+3ZwmXTFDIBJzOd00bi/atOXTi1c+y5 yigg== X-Received: by 10.68.196.37 with SMTP id ij5mr2455660pbc.175.1376567136998; Thu, 15 Aug 2013 04:45:36 -0700 (PDT) Received: from Blade1-02.Blade1-02 ([162.105.146.101]) by mx.google.com with ESMTPSA id om2sm56378153pbb.34.2013.08.15.04.45.33 for (version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 15 Aug 2013 04:45:35 -0700 (PDT) From: Arthur Chunqi Li To: kvm@vger.kernel.org Cc: jan.kiszka@web.de, gleb@redhat.com, pbonzini@redhat.com, Arthur Chunqi Li Subject: [PATCH v2 4/4] kvm-unit-tests: VMX: Add test cases for instruction interception Date: Thu, 15 Aug 2013 19:45:09 +0800 Message-Id: <1376567109-20834-5-git-send-email-yzt356@gmail.com> X-Mailer: git-send-email 1.7.9.5 In-Reply-To: <1376567109-20834-1-git-send-email-yzt356@gmail.com> References: <1376567109-20834-1-git-send-email-yzt356@gmail.com> Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Add test cases for instruction interception, including four types: 1. Primary Processor-Based VM-Execution Controls (HLT/INVLPG/MWAIT/ RDPMC/RDTSC/MONITOR/PAUSE) 2. Secondary Processor-Based VM-Execution Controls (WBINVD) 3. No control flag, always trap (CPUID/INVD) 4. Instructions always pass Signed-off-by: Arthur Chunqi Li --- x86/vmx.c | 3 +- x86/vmx.h | 7 +++ x86/vmx_tests.c | 152 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 160 insertions(+), 2 deletions(-) diff --git a/x86/vmx.c b/x86/vmx.c index ca36d35..c346070 100644 --- a/x86/vmx.c +++ b/x86/vmx.c @@ -336,8 +336,7 @@ static void init_vmx(void) : MSR_IA32_VMX_ENTRY_CTLS); ctrl_cpu_rev[0].val = rdmsr(basic.ctrl ? MSR_IA32_VMX_TRUE_PROC : MSR_IA32_VMX_PROCBASED_CTLS); - if (ctrl_cpu_rev[0].set & CPU_SECONDARY) - ctrl_cpu_rev[1].val = rdmsr(MSR_IA32_VMX_PROCBASED_CTLS2); + ctrl_cpu_rev[1].val = rdmsr(MSR_IA32_VMX_PROCBASED_CTLS2); if (ctrl_cpu_rev[1].set & CPU_EPT || ctrl_cpu_rev[1].set & CPU_VPID) ept_vpid.val = rdmsr(MSR_IA32_VMX_EPT_VPID_CAP); diff --git a/x86/vmx.h b/x86/vmx.h index dba8b20..2784ac6 100644 --- a/x86/vmx.h +++ b/x86/vmx.h @@ -354,12 +354,17 @@ enum Ctrl0 { CPU_INTR_WINDOW = 1ul << 2, CPU_HLT = 1ul << 7, CPU_INVLPG = 1ul << 9, + CPU_MWAIT = 1ul << 10, + CPU_RDPMC = 1ul << 11, + CPU_RDTSC = 1ul << 12, CPU_CR3_LOAD = 1ul << 15, CPU_CR3_STORE = 1ul << 16, CPU_TPR_SHADOW = 1ul << 21, CPU_NMI_WINDOW = 1ul << 22, CPU_IO = 1ul << 24, CPU_IO_BITMAP = 1ul << 25, + CPU_MONITOR = 1ul << 29, + CPU_PAUSE = 1ul << 30, CPU_MSR_BITMAP = 1ul << 28, CPU_SECONDARY = 1ul << 31, }; @@ -368,6 +373,8 @@ enum Ctrl1 { CPU_EPT = 1ul << 1, CPU_VPID = 1ul << 5, CPU_URG = 1ul << 7, + CPU_WBINVD = 1ul << 6, + CPU_RDRAND = 1ul << 11, }; #define SAVE_GPR \ diff --git a/x86/vmx_tests.c b/x86/vmx_tests.c index cd4dd99..be3e3b4 100644 --- a/x86/vmx_tests.c +++ b/x86/vmx_tests.c @@ -22,6 +22,16 @@ static inline void set_stage(u32 s) barrier(); } +static inline u32 get_stage() +{ + u32 s; + + barrier(); + s = stage; + barrier(); + return s; +} + void basic_init() { } @@ -630,6 +640,146 @@ static int iobmp_exit_handler() return VMX_TEST_VMEXIT; } +#define INSN_CPU0 0 +#define INSN_CPU1 1 +#define INSN_ALWAYS_TRAP 2 +#define INSN_NEVER_TRAP 3 + +#define FIELD_EXIT_QUAL 0 +#define FIELD_INSN_INFO 1 + +asm( + "insn_hlt: hlt;ret\n\t" + "insn_invlpg: invlpg 0x12345678;ret\n\t" + "insn_mwait: mwait;ret\n\t" + "insn_rdpmc: rdpmc;ret\n\t" + "insn_rdtsc: rdtsc;ret\n\t" + "insn_monitor: monitor;ret\n\t" + "insn_pause: pause;ret\n\t" + "insn_wbinvd: wbinvd;ret\n\t" + "insn_cpuid: cpuid;ret\n\t" + "insn_invd: invd;ret\n\t" +); +extern void insn_hlt(); +extern void insn_invlpg(); +extern void insn_mwait(); +extern void insn_rdpmc(); +extern void insn_rdtsc(); +extern void insn_monitor(); +extern void insn_pause(); +extern void insn_wbinvd(); +extern void insn_cpuid(); +extern void insn_invd(); + +u32 cur_insn; + +struct insn_table { + const char *name; + u32 flag; + void (*insn_func)(); + u32 type; + u32 reason; + ulong exit_qual; + u32 insn_info; + // Use FIELD_EXIT_QUAL and FIELD_INSN_INFO to efines + // which field need to be tested, reason is always tested + u32 test_field; +}; + +static struct insn_table insn_table[] = { + // Flags for Primary Processor-Based VM-Execution Controls + {"HLT", CPU_HLT, insn_hlt, INSN_CPU0, 12, 0, 0, 0}, + {"INVLPG", CPU_INVLPG, insn_invlpg, INSN_CPU0, 14, + 0x12345678, 0, FIELD_EXIT_QUAL}, + {"MWAIT", CPU_MWAIT, insn_mwait, INSN_CPU0, 36, 0, 0, 0}, + {"RDPMC", CPU_RDPMC, insn_rdpmc, INSN_CPU0, 15, 0, 0, 0}, + {"RDTSC", CPU_RDTSC, insn_rdtsc, INSN_CPU0, 16, 0, 0, 0}, + {"MONITOR", CPU_MONITOR, insn_monitor, INSN_CPU0, 39, 0, 0, 0}, + {"PAUSE", CPU_PAUSE, insn_pause, INSN_CPU0, 40, 0, 0, 0}, + // Flags for Secondary Processor-Based VM-Execution Controls + {"WBINVD", CPU_WBINVD, insn_wbinvd, INSN_CPU1, 54, 0, 0, 0}, + // Instructions always trap + {"CPUID", 0, insn_cpuid, INSN_ALWAYS_TRAP, 10, 0, 0, 0}, + {"INVD", 0, insn_invd, INSN_ALWAYS_TRAP, 13, 0, 0, 0}, + // Instructions never trap + {NULL}, +}; + +static void insn_intercept_init() +{ + u32 ctrl_cpu[2]; + + ctrl_cpu[0] = vmcs_read(CPU_EXEC_CTRL0); + ctrl_cpu[0] |= CPU_HLT | CPU_INVLPG | CPU_MWAIT | CPU_RDPMC | CPU_RDTSC | + CPU_MONITOR | CPU_PAUSE | CPU_SECONDARY; + ctrl_cpu[0] &= ctrl_cpu_rev[0].clr; + vmcs_write(CPU_EXEC_CTRL0, ctrl_cpu[0]); + ctrl_cpu[1] = vmcs_read(CPU_EXEC_CTRL1); + ctrl_cpu[1] |= CPU_WBINVD | CPU_RDRAND; + ctrl_cpu[1] &= ctrl_cpu_rev[1].clr; + vmcs_write(CPU_EXEC_CTRL1, ctrl_cpu[1]); +} + +static void insn_intercept_main() +{ + cur_insn = 0; + while(insn_table[cur_insn].name != NULL) { + set_stage(cur_insn); + if ((insn_table[cur_insn].type == INSN_CPU0 + && !(ctrl_cpu_rev[0].clr & insn_table[cur_insn].flag)) + || (insn_table[cur_insn].type == INSN_CPU1 + && !(ctrl_cpu_rev[1].clr & insn_table[cur_insn].flag))) { + printf("\tCPU_CTRL1.CPU_%s is not supported.\n", + insn_table[cur_insn].name); + continue; + } + insn_table[cur_insn].insn_func(); + switch (insn_table[cur_insn].type) { + case INSN_CPU0: + case INSN_CPU1: + case INSN_ALWAYS_TRAP: + if (stage != cur_insn + 1) + report(insn_table[cur_insn].name, 0); + else + report(insn_table[cur_insn].name, 1); + break; + case INSN_NEVER_TRAP: + if (stage == cur_insn + 1) + report(insn_table[cur_insn].name, 0); + else + report(insn_table[cur_insn].name, 1); + break; + } + cur_insn ++; + } +} + +static int insn_intercept_exit_handler() +{ + u64 guest_rip; + u32 reason; + ulong exit_qual; + u32 insn_len; + u32 insn_info; + bool pass; + + guest_rip = vmcs_read(GUEST_RIP); + reason = vmcs_read(EXI_REASON) & 0xff; + exit_qual = vmcs_read(EXI_QUALIFICATION); + insn_len = vmcs_read(EXI_INST_LEN); + insn_info = vmcs_read(EXI_INST_INFO); + pass = (cur_insn == get_stage()) && + insn_table[cur_insn].reason == reason; + if (insn_table[cur_insn].test_field & FIELD_EXIT_QUAL) + pass = pass && insn_table[cur_insn].exit_qual == exit_qual; + if (insn_table[cur_insn].test_field & FIELD_INSN_INFO) + pass = pass && insn_table[cur_insn].insn_info == insn_info; + if (pass) + set_stage(stage + 1); + vmcs_write(GUEST_RIP, guest_rip + insn_len); + return VMX_TEST_RESUME; +} + /* name/init/guest_main/exit_handler/syscall_handler/guest_regs basic_* just implement some basic functions */ struct vmx_test vmx_tests[] = { @@ -645,5 +795,7 @@ struct vmx_test vmx_tests[] = { cr_shadowing_exit_handler, basic_syscall_handler, {0} }, { "I/O bitmap", iobmp_init, iobmp_main, iobmp_exit_handler, basic_syscall_handler, {0} }, + { "instruction intercept", insn_intercept_init, insn_intercept_main, + insn_intercept_exit_handler, basic_syscall_handler, {0} }, { NULL, NULL, NULL, NULL, NULL, {0} }, };