Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Test TEST PROTECTION emulation.
4 *
5 * Copyright IBM Corp. 2021
6 */
7#include <sys/mman.h>
8#include "test_util.h"
9#include "kvm_util.h"
10#include "kselftest.h"
11#include "ucall_common.h"
12#include "processor.h"
13
14#define CR0_FETCH_PROTECTION_OVERRIDE (1UL << (63 - 38))
15#define CR0_STORAGE_PROTECTION_OVERRIDE (1UL << (63 - 39))
16
17static __aligned(PAGE_SIZE) u8 pages[2][PAGE_SIZE];
18static u8 *const page_store_prot = pages[0];
19static u8 *const page_fetch_prot = pages[1];
20
21/* Nonzero return value indicates that address not mapped */
22static int set_storage_key(void *addr, u8 key)
23{
24 int not_mapped = 0;
25
26 asm volatile (
27 "lra %[addr], 0(0,%[addr])\n"
28 " jz 0f\n"
29 " llill %[not_mapped],1\n"
30 " j 1f\n"
31 "0: sske %[key], %[addr]\n"
32 "1:"
33 : [addr] "+&a" (addr), [not_mapped] "+r" (not_mapped)
34 : [key] "r" (key)
35 : "cc"
36 );
37 return -not_mapped;
38}
39
40enum permission {
41 READ_WRITE = 0,
42 READ = 1,
43 RW_PROTECTED = 2,
44 TRANSL_UNAVAIL = 3,
45};
46
47static enum permission test_protection(void *addr, u8 key)
48{
49 u64 mask;
50
51 asm volatile (
52 "tprot %[addr], 0(%[key])\n"
53 " ipm %[mask]\n"
54 : [mask] "=r" (mask)
55 : [addr] "Q" (*(char *)addr),
56 [key] "a" (key)
57 : "cc"
58 );
59
60 return (enum permission)(mask >> 28);
61}
62
63enum stage {
64 STAGE_INIT_SIMPLE,
65 TEST_SIMPLE,
66 STAGE_INIT_FETCH_PROT_OVERRIDE,
67 TEST_FETCH_PROT_OVERRIDE,
68 TEST_STORAGE_PROT_OVERRIDE,
69 STAGE_END /* must be the last entry (it's the amount of tests) */
70};
71
72struct test {
73 enum stage stage;
74 void *addr;
75 u8 key;
76 enum permission expected;
77} tests[] = {
78 /*
79 * We perform each test in the array by executing TEST PROTECTION on
80 * the specified addr with the specified key and checking if the returned
81 * permissions match the expected value.
82 * Both guest and host cooperate to set up the required test conditions.
83 * A central condition is that the page targeted by addr has to be DAT
84 * protected in the host mappings, in order for KVM to emulate the
85 * TEST PROTECTION instruction.
86 * Since the page tables are shared, the host uses mprotect to achieve
87 * this.
88 *
89 * Test resulting in RW_PROTECTED/TRANSL_UNAVAIL will be interpreted
90 * by SIE, not KVM, but there is no harm in testing them also.
91 * See Enhanced Suppression-on-Protection Facilities in the
92 * Interpretive-Execution Mode
93 */
94 /*
95 * guest: set storage key of page_store_prot to 1
96 * storage key of page_fetch_prot to 9 and enable
97 * protection for it
98 * STAGE_INIT_SIMPLE
99 * host: write protect both via mprotect
100 */
101 /* access key 0 matches any storage key -> RW */
102 { TEST_SIMPLE, page_store_prot, 0x00, READ_WRITE },
103 /* access key matches storage key -> RW */
104 { TEST_SIMPLE, page_store_prot, 0x10, READ_WRITE },
105 /* mismatched keys, but no fetch protection -> RO */
106 { TEST_SIMPLE, page_store_prot, 0x20, READ },
107 /* access key 0 matches any storage key -> RW */
108 { TEST_SIMPLE, page_fetch_prot, 0x00, READ_WRITE },
109 /* access key matches storage key -> RW */
110 { TEST_SIMPLE, page_fetch_prot, 0x90, READ_WRITE },
111 /* mismatched keys, fetch protection -> inaccessible */
112 { TEST_SIMPLE, page_fetch_prot, 0x10, RW_PROTECTED },
113 /* page 0 not mapped yet -> translation not available */
114 { TEST_SIMPLE, (void *)0x00, 0x10, TRANSL_UNAVAIL },
115 /*
116 * host: try to map page 0
117 * guest: set storage key of page 0 to 9 and enable fetch protection
118 * STAGE_INIT_FETCH_PROT_OVERRIDE
119 * host: write protect page 0
120 * enable fetch protection override
121 */
122 /* mismatched keys, fetch protection, but override applies -> RO */
123 { TEST_FETCH_PROT_OVERRIDE, (void *)0x00, 0x10, READ },
124 /* mismatched keys, fetch protection, override applies to 0-2048 only -> inaccessible */
125 { TEST_FETCH_PROT_OVERRIDE, (void *)2049, 0x10, RW_PROTECTED },
126 /*
127 * host: enable storage protection override
128 */
129 /* mismatched keys, but override applies (storage key 9) -> RW */
130 { TEST_STORAGE_PROT_OVERRIDE, page_fetch_prot, 0x10, READ_WRITE },
131 /* mismatched keys, no fetch protection, override doesn't apply -> RO */
132 { TEST_STORAGE_PROT_OVERRIDE, page_store_prot, 0x20, READ },
133 /* mismatched keys, but override applies (storage key 9) -> RW */
134 { TEST_STORAGE_PROT_OVERRIDE, (void *)2049, 0x10, READ_WRITE },
135 /* end marker */
136 { STAGE_END, 0, 0, 0 },
137};
138
139static enum stage perform_next_stage(int *i, bool mapped_0)
140{
141 enum stage stage = tests[*i].stage;
142 enum permission result;
143 bool skip;
144
145 for (; tests[*i].stage == stage; (*i)++) {
146 /*
147 * Some fetch protection override tests require that page 0
148 * be mapped, however, when the hosts tries to map that page via
149 * vm_alloc, it may happen that some other page gets mapped
150 * instead.
151 * In order to skip these tests we detect this inside the guest
152 */
153 skip = tests[*i].addr < (void *)PAGE_SIZE &&
154 tests[*i].expected != TRANSL_UNAVAIL &&
155 !mapped_0;
156 if (!skip) {
157 result = test_protection(tests[*i].addr, tests[*i].key);
158 __GUEST_ASSERT(result == tests[*i].expected,
159 "Wanted %u, got %u, for i = %u",
160 tests[*i].expected, result, *i);
161 }
162 }
163 return stage;
164}
165
166static void guest_code(void)
167{
168 bool mapped_0;
169 int i = 0;
170
171 GUEST_ASSERT_EQ(set_storage_key(page_store_prot, 0x10), 0);
172 GUEST_ASSERT_EQ(set_storage_key(page_fetch_prot, 0x98), 0);
173 GUEST_SYNC(STAGE_INIT_SIMPLE);
174 GUEST_SYNC(perform_next_stage(&i, false));
175
176 /* Fetch-protection override */
177 mapped_0 = !set_storage_key((void *)0, 0x98);
178 GUEST_SYNC(STAGE_INIT_FETCH_PROT_OVERRIDE);
179 GUEST_SYNC(perform_next_stage(&i, mapped_0));
180
181 /* Storage-protection override */
182 GUEST_SYNC(perform_next_stage(&i, mapped_0));
183}
184
185#define HOST_SYNC_NO_TAP(vcpup, stage) \
186({ \
187 struct kvm_vcpu *__vcpu = (vcpup); \
188 struct ucall uc; \
189 int __stage = (stage); \
190 \
191 vcpu_run(__vcpu); \
192 get_ucall(__vcpu, &uc); \
193 if (uc.cmd == UCALL_ABORT) \
194 REPORT_GUEST_ASSERT(uc); \
195 TEST_ASSERT_EQ(uc.cmd, UCALL_SYNC); \
196 TEST_ASSERT_EQ(uc.args[1], __stage); \
197})
198
199#define HOST_SYNC(vcpu, stage) \
200({ \
201 HOST_SYNC_NO_TAP(vcpu, stage); \
202 ksft_test_result_pass("" #stage "\n"); \
203})
204
205int main(int argc, char *argv[])
206{
207 struct kvm_vcpu *vcpu;
208 struct kvm_vm *vm;
209 struct kvm_run *run;
210 gva_t guest_0_page;
211
212 ksft_print_header();
213 ksft_set_plan(STAGE_END);
214
215 vm = vm_create_with_one_vcpu(&vcpu, guest_code);
216 run = vcpu->run;
217
218 HOST_SYNC(vcpu, STAGE_INIT_SIMPLE);
219 mprotect(addr_gva2hva(vm, (gva_t)pages), PAGE_SIZE * 2, PROT_READ);
220 HOST_SYNC(vcpu, TEST_SIMPLE);
221
222 guest_0_page = vm_alloc(vm, PAGE_SIZE, 0);
223 if (guest_0_page != 0) {
224 /* Use NO_TAP so we don't get a PASS print */
225 HOST_SYNC_NO_TAP(vcpu, STAGE_INIT_FETCH_PROT_OVERRIDE);
226 ksft_test_result_skip("STAGE_INIT_FETCH_PROT_OVERRIDE - "
227 "Did not allocate page at 0\n");
228 } else {
229 HOST_SYNC(vcpu, STAGE_INIT_FETCH_PROT_OVERRIDE);
230 }
231 if (guest_0_page == 0)
232 mprotect(addr_gva2hva(vm, (gva_t)0), PAGE_SIZE, PROT_READ);
233 run->s.regs.crs[0] |= CR0_FETCH_PROTECTION_OVERRIDE;
234 run->kvm_dirty_regs = KVM_SYNC_CRS;
235 HOST_SYNC(vcpu, TEST_FETCH_PROT_OVERRIDE);
236
237 run->s.regs.crs[0] |= CR0_STORAGE_PROTECTION_OVERRIDE;
238 run->kvm_dirty_regs = KVM_SYNC_CRS;
239 HOST_SYNC(vcpu, TEST_STORAGE_PROT_OVERRIDE);
240
241 kvm_vm_free(vm);
242
243 ksft_finished(); /* Print results and exit() accordingly */
244}