Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1// SPDX-License-Identifier: GPL-2.0-only
2#include <asm/msr-index.h>
3
4#include <stdint.h>
5
6#include "kvm_util.h"
7#include "processor.h"
8
9/* Use HYPERVISOR for MSRs that are emulated unconditionally (as is HYPERVISOR). */
10#define X86_FEATURE_NONE X86_FEATURE_HYPERVISOR
11
12struct kvm_msr {
13 const struct kvm_x86_cpu_feature feature;
14 const struct kvm_x86_cpu_feature feature2;
15 const char *name;
16 const u64 reset_val;
17 const u64 write_val;
18 const u64 rsvd_val;
19 const u32 index;
20 const bool is_kvm_defined;
21};
22
23#define ____MSR_TEST(msr, str, val, rsvd, reset, feat, f2, is_kvm) \
24{ \
25 .index = msr, \
26 .name = str, \
27 .write_val = val, \
28 .rsvd_val = rsvd, \
29 .reset_val = reset, \
30 .feature = X86_FEATURE_ ##feat, \
31 .feature2 = X86_FEATURE_ ##f2, \
32 .is_kvm_defined = is_kvm, \
33}
34
35#define __MSR_TEST(msr, str, val, rsvd, reset, feat) \
36 ____MSR_TEST(msr, str, val, rsvd, reset, feat, feat, false)
37
38#define MSR_TEST_NON_ZERO(msr, val, rsvd, reset, feat) \
39 __MSR_TEST(msr, #msr, val, rsvd, reset, feat)
40
41#define MSR_TEST(msr, val, rsvd, feat) \
42 __MSR_TEST(msr, #msr, val, rsvd, 0, feat)
43
44#define MSR_TEST2(msr, val, rsvd, feat, f2) \
45 ____MSR_TEST(msr, #msr, val, rsvd, 0, feat, f2, false)
46
47/*
48 * Note, use a page aligned value for the canonical value so that the value
49 * is compatible with MSRs that use bits 11:0 for things other than addresses.
50 */
51static const u64 canonical_val = 0x123456789000ull;
52
53/*
54 * Arbitrary value with bits set in every byte, but not all bits set. This is
55 * also a non-canonical value, but that's coincidental (any 64-bit value with
56 * an alternating 0s/1s pattern will be non-canonical).
57 */
58static const u64 u64_val = 0xaaaa5555aaaa5555ull;
59
60#define MSR_TEST_CANONICAL(msr, feat) \
61 __MSR_TEST(msr, #msr, canonical_val, NONCANONICAL, 0, feat)
62
63#define MSR_TEST_KVM(msr, val, rsvd, feat) \
64 ____MSR_TEST(KVM_REG_ ##msr, #msr, val, rsvd, 0, feat, feat, true)
65
66/*
67 * The main struct must be scoped to a function due to the use of structures to
68 * define features. For the global structure, allocate enough space for the
69 * foreseeable future without getting too ridiculous, to minimize maintenance
70 * costs (bumping the array size every time an MSR is added is really annoying).
71 */
72static struct kvm_msr msrs[128];
73static int idx;
74
75static bool ignore_unsupported_msrs;
76
77static u64 fixup_rdmsr_val(u32 msr, u64 want)
78{
79 /*
80 * AMD CPUs drop bits 63:32 on some MSRs that Intel CPUs support. KVM
81 * is supposed to emulate that behavior based on guest vendor model
82 * (which is the same as the host vendor model for this test).
83 */
84 if (!host_cpu_is_amd_compatible)
85 return want;
86
87 switch (msr) {
88 case MSR_IA32_SYSENTER_ESP:
89 case MSR_IA32_SYSENTER_EIP:
90 case MSR_TSC_AUX:
91 return want & GENMASK_ULL(31, 0);
92 default:
93 return want;
94 }
95}
96
97static void __rdmsr(u32 msr, u64 want)
98{
99 u64 val;
100 u8 vec;
101
102 vec = rdmsr_safe(msr, &val);
103 __GUEST_ASSERT(!vec, "Unexpected %s on RDMSR(0x%x)", ex_str(vec), msr);
104
105 __GUEST_ASSERT(val == want, "Wanted 0x%lx from RDMSR(0x%x), got 0x%lx",
106 want, msr, val);
107}
108
109static void __wrmsr(u32 msr, u64 val)
110{
111 u8 vec;
112
113 vec = wrmsr_safe(msr, val);
114 __GUEST_ASSERT(!vec, "Unexpected %s on WRMSR(0x%x, 0x%lx)",
115 ex_str(vec), msr, val);
116 __rdmsr(msr, fixup_rdmsr_val(msr, val));
117}
118
119static void guest_test_supported_msr(const struct kvm_msr *msr)
120{
121 __rdmsr(msr->index, msr->reset_val);
122 __wrmsr(msr->index, msr->write_val);
123 GUEST_SYNC(fixup_rdmsr_val(msr->index, msr->write_val));
124
125 __rdmsr(msr->index, msr->reset_val);
126}
127
128static void guest_test_unsupported_msr(const struct kvm_msr *msr)
129{
130 u64 val;
131 u8 vec;
132
133 /*
134 * KVM's ABI with respect to ignore_msrs is a mess and largely beyond
135 * repair, just skip the unsupported MSR tests.
136 */
137 if (ignore_unsupported_msrs)
138 goto skip_wrmsr_gp;
139
140 /*
141 * {S,U}_CET exist if IBT or SHSTK is supported, but with bits that are
142 * writable only if their associated feature is supported. Skip the
143 * RDMSR #GP test if the secondary feature is supported, but perform
144 * the WRMSR #GP test as the to-be-written value is tied to the primary
145 * feature. For all other MSRs, simply do nothing.
146 */
147 if (this_cpu_has(msr->feature2)) {
148 if (msr->index != MSR_IA32_U_CET &&
149 msr->index != MSR_IA32_S_CET)
150 goto skip_wrmsr_gp;
151
152 goto skip_rdmsr_gp;
153 }
154
155 vec = rdmsr_safe(msr->index, &val);
156 __GUEST_ASSERT(vec == GP_VECTOR, "Wanted #GP on RDMSR(0x%x), got %s",
157 msr->index, ex_str(vec));
158
159skip_rdmsr_gp:
160 vec = wrmsr_safe(msr->index, msr->write_val);
161 __GUEST_ASSERT(vec == GP_VECTOR, "Wanted #GP on WRMSR(0x%x, 0x%lx), got %s",
162 msr->index, msr->write_val, ex_str(vec));
163
164skip_wrmsr_gp:
165 GUEST_SYNC(0);
166}
167
168void guest_test_reserved_val(const struct kvm_msr *msr)
169{
170 /* Skip reserved value checks as well, ignore_msrs is trully a mess. */
171 if (ignore_unsupported_msrs)
172 return;
173
174 /*
175 * If the CPU will truncate the written value (e.g. SYSENTER on AMD),
176 * expect success and a truncated value, not #GP.
177 */
178 if ((!this_cpu_has(msr->feature) && !this_cpu_has(msr->feature2)) ||
179 msr->rsvd_val == fixup_rdmsr_val(msr->index, msr->rsvd_val)) {
180 u8 vec = wrmsr_safe(msr->index, msr->rsvd_val);
181
182 __GUEST_ASSERT(vec == GP_VECTOR,
183 "Wanted #GP on WRMSR(0x%x, 0x%lx), got %s",
184 msr->index, msr->rsvd_val, ex_str(vec));
185 } else {
186 __wrmsr(msr->index, msr->rsvd_val);
187 __wrmsr(msr->index, msr->reset_val);
188 }
189}
190
191static void guest_main(void)
192{
193 for (;;) {
194 const struct kvm_msr *msr = &msrs[READ_ONCE(idx)];
195
196 if (this_cpu_has(msr->feature))
197 guest_test_supported_msr(msr);
198 else
199 guest_test_unsupported_msr(msr);
200
201 if (msr->rsvd_val)
202 guest_test_reserved_val(msr);
203
204 GUEST_SYNC(msr->reset_val);
205 }
206}
207
208static bool has_one_reg;
209static bool use_one_reg;
210
211#define KVM_X86_MAX_NR_REGS 1
212
213static bool vcpu_has_reg(struct kvm_vcpu *vcpu, u64 reg)
214{
215 struct {
216 struct kvm_reg_list list;
217 u64 regs[KVM_X86_MAX_NR_REGS];
218 } regs = {};
219 int r, i;
220
221 /*
222 * If KVM_GET_REG_LIST succeeds with n=0, i.e. there are no supported
223 * regs, then the vCPU obviously doesn't support the reg.
224 */
225 r = __vcpu_ioctl(vcpu, KVM_GET_REG_LIST, ®s.list);
226 if (!r)
227 return false;
228
229 TEST_ASSERT_EQ(errno, E2BIG);
230
231 /*
232 * KVM x86 is expected to support enumerating a relative small number
233 * of regs. The majority of registers supported by KVM_{G,S}ET_ONE_REG
234 * are enumerated via other ioctls, e.g. KVM_GET_MSR_INDEX_LIST. For
235 * simplicity, hardcode the maximum number of regs and manually update
236 * the test as necessary.
237 */
238 TEST_ASSERT(regs.list.n <= KVM_X86_MAX_NR_REGS,
239 "KVM reports %llu regs, test expects at most %u regs, stale test?",
240 regs.list.n, KVM_X86_MAX_NR_REGS);
241
242 vcpu_ioctl(vcpu, KVM_GET_REG_LIST, ®s.list);
243 for (i = 0; i < regs.list.n; i++) {
244 if (regs.regs[i] == reg)
245 return true;
246 }
247
248 return false;
249}
250
251static void host_test_kvm_reg(struct kvm_vcpu *vcpu)
252{
253 bool has_reg = vcpu_cpuid_has(vcpu, msrs[idx].feature);
254 u64 reset_val = msrs[idx].reset_val;
255 u64 write_val = msrs[idx].write_val;
256 u64 rsvd_val = msrs[idx].rsvd_val;
257 u32 reg = msrs[idx].index;
258 u64 val;
259 int r;
260
261 if (!use_one_reg)
262 return;
263
264 TEST_ASSERT_EQ(vcpu_has_reg(vcpu, KVM_X86_REG_KVM(reg)), has_reg);
265
266 if (!has_reg) {
267 r = __vcpu_get_reg(vcpu, KVM_X86_REG_KVM(reg), &val);
268 TEST_ASSERT(r && errno == EINVAL,
269 "Expected failure on get_reg(0x%x)", reg);
270 rsvd_val = 0;
271 goto out;
272 }
273
274 val = vcpu_get_reg(vcpu, KVM_X86_REG_KVM(reg));
275 TEST_ASSERT(val == reset_val, "Wanted 0x%lx from get_reg(0x%x), got 0x%lx",
276 reset_val, reg, val);
277
278 vcpu_set_reg(vcpu, KVM_X86_REG_KVM(reg), write_val);
279 val = vcpu_get_reg(vcpu, KVM_X86_REG_KVM(reg));
280 TEST_ASSERT(val == write_val, "Wanted 0x%lx from get_reg(0x%x), got 0x%lx",
281 write_val, reg, val);
282
283out:
284 r = __vcpu_set_reg(vcpu, KVM_X86_REG_KVM(reg), rsvd_val);
285 TEST_ASSERT(r, "Expected failure on set_reg(0x%x, 0x%lx)", reg, rsvd_val);
286}
287
288static void host_test_msr(struct kvm_vcpu *vcpu, u64 guest_val)
289{
290 u64 reset_val = msrs[idx].reset_val;
291 u32 msr = msrs[idx].index;
292 u64 val;
293
294 if (!kvm_cpu_has(msrs[idx].feature))
295 return;
296
297 val = vcpu_get_msr(vcpu, msr);
298 TEST_ASSERT(val == guest_val, "Wanted 0x%lx from get_msr(0x%x), got 0x%lx",
299 guest_val, msr, val);
300
301 if (use_one_reg)
302 vcpu_set_reg(vcpu, KVM_X86_REG_MSR(msr), reset_val);
303 else
304 vcpu_set_msr(vcpu, msr, reset_val);
305
306 val = vcpu_get_msr(vcpu, msr);
307 TEST_ASSERT(val == reset_val, "Wanted 0x%lx from get_msr(0x%x), got 0x%lx",
308 reset_val, msr, val);
309
310 if (!has_one_reg)
311 return;
312
313 val = vcpu_get_reg(vcpu, KVM_X86_REG_MSR(msr));
314 TEST_ASSERT(val == reset_val, "Wanted 0x%lx from get_reg(0x%x), got 0x%lx",
315 reset_val, msr, val);
316}
317
318static void do_vcpu_run(struct kvm_vcpu *vcpu)
319{
320 struct ucall uc;
321
322 for (;;) {
323 vcpu_run(vcpu);
324
325 switch (get_ucall(vcpu, &uc)) {
326 case UCALL_SYNC:
327 host_test_msr(vcpu, uc.args[1]);
328 return;
329 case UCALL_PRINTF:
330 pr_info("%s", uc.buffer);
331 break;
332 case UCALL_ABORT:
333 REPORT_GUEST_ASSERT(uc);
334 case UCALL_DONE:
335 TEST_FAIL("Unexpected UCALL_DONE");
336 default:
337 TEST_FAIL("Unexpected ucall: %lu", uc.cmd);
338 }
339 }
340}
341
342static void vcpus_run(struct kvm_vcpu **vcpus, const int NR_VCPUS)
343{
344 int i;
345
346 for (i = 0; i < NR_VCPUS; i++)
347 do_vcpu_run(vcpus[i]);
348}
349
350#define MISC_ENABLES_RESET_VAL (MSR_IA32_MISC_ENABLE_PEBS_UNAVAIL | MSR_IA32_MISC_ENABLE_BTS_UNAVAIL)
351
352static void test_msrs(void)
353{
354 const struct kvm_msr __msrs[] = {
355 MSR_TEST_NON_ZERO(MSR_IA32_MISC_ENABLE,
356 MISC_ENABLES_RESET_VAL | MSR_IA32_MISC_ENABLE_FAST_STRING,
357 MSR_IA32_MISC_ENABLE_FAST_STRING, MISC_ENABLES_RESET_VAL, NONE),
358 MSR_TEST_NON_ZERO(MSR_IA32_CR_PAT, 0x07070707, 0, 0x7040600070406, NONE),
359
360 /*
361 * TSC_AUX is supported if RDTSCP *or* RDPID is supported. Add
362 * entries for each features so that TSC_AUX doesn't exists for
363 * the "unsupported" vCPU, and obviously to test both cases.
364 */
365 MSR_TEST2(MSR_TSC_AUX, 0x12345678, u64_val, RDTSCP, RDPID),
366 MSR_TEST2(MSR_TSC_AUX, 0x12345678, u64_val, RDPID, RDTSCP),
367
368 MSR_TEST(MSR_IA32_SYSENTER_CS, 0x1234, 0, NONE),
369 /*
370 * SYSENTER_{ESP,EIP} are technically non-canonical on Intel,
371 * but KVM doesn't emulate that behavior on emulated writes,
372 * i.e. this test will observe different behavior if the MSR
373 * writes are handed by hardware vs. KVM. KVM's behavior is
374 * intended (though far from ideal), so don't bother testing
375 * non-canonical values.
376 */
377 MSR_TEST(MSR_IA32_SYSENTER_ESP, canonical_val, 0, NONE),
378 MSR_TEST(MSR_IA32_SYSENTER_EIP, canonical_val, 0, NONE),
379
380 MSR_TEST_CANONICAL(MSR_FS_BASE, LM),
381 MSR_TEST_CANONICAL(MSR_GS_BASE, LM),
382 MSR_TEST_CANONICAL(MSR_KERNEL_GS_BASE, LM),
383 MSR_TEST_CANONICAL(MSR_LSTAR, LM),
384 MSR_TEST_CANONICAL(MSR_CSTAR, LM),
385 MSR_TEST(MSR_SYSCALL_MASK, 0xffffffff, 0, LM),
386
387 MSR_TEST2(MSR_IA32_S_CET, CET_SHSTK_EN, CET_RESERVED, SHSTK, IBT),
388 MSR_TEST2(MSR_IA32_S_CET, CET_ENDBR_EN, CET_RESERVED, IBT, SHSTK),
389 MSR_TEST2(MSR_IA32_U_CET, CET_SHSTK_EN, CET_RESERVED, SHSTK, IBT),
390 MSR_TEST2(MSR_IA32_U_CET, CET_ENDBR_EN, CET_RESERVED, IBT, SHSTK),
391 MSR_TEST_CANONICAL(MSR_IA32_PL0_SSP, SHSTK),
392 MSR_TEST(MSR_IA32_PL0_SSP, canonical_val, canonical_val | 1, SHSTK),
393 MSR_TEST_CANONICAL(MSR_IA32_PL1_SSP, SHSTK),
394 MSR_TEST(MSR_IA32_PL1_SSP, canonical_val, canonical_val | 1, SHSTK),
395 MSR_TEST_CANONICAL(MSR_IA32_PL2_SSP, SHSTK),
396 MSR_TEST(MSR_IA32_PL2_SSP, canonical_val, canonical_val | 1, SHSTK),
397 MSR_TEST_CANONICAL(MSR_IA32_PL3_SSP, SHSTK),
398 MSR_TEST(MSR_IA32_PL3_SSP, canonical_val, canonical_val | 1, SHSTK),
399
400 MSR_TEST_KVM(GUEST_SSP, canonical_val, NONCANONICAL, SHSTK),
401 };
402
403 const struct kvm_x86_cpu_feature feat_none = X86_FEATURE_NONE;
404 const struct kvm_x86_cpu_feature feat_lm = X86_FEATURE_LM;
405
406 /*
407 * Create three vCPUs, but run them on the same task, to validate KVM's
408 * context switching of MSR state. Don't pin the task to a pCPU to
409 * also validate KVM's handling of cross-pCPU migration. Use the full
410 * set of features for the first two vCPUs, but clear all features in
411 * third vCPU in order to test both positive and negative paths.
412 */
413 const int NR_VCPUS = 3;
414 struct kvm_vcpu *vcpus[NR_VCPUS];
415 struct kvm_vm *vm;
416 int i;
417
418 kvm_static_assert(sizeof(__msrs) <= sizeof(msrs));
419 kvm_static_assert(ARRAY_SIZE(__msrs) <= ARRAY_SIZE(msrs));
420 memcpy(msrs, __msrs, sizeof(__msrs));
421
422 ignore_unsupported_msrs = kvm_is_ignore_msrs();
423
424 vm = vm_create_with_vcpus(NR_VCPUS, guest_main, vcpus);
425
426 sync_global_to_guest(vm, msrs);
427 sync_global_to_guest(vm, ignore_unsupported_msrs);
428
429 /*
430 * Clear features in the "unsupported features" vCPU. This needs to be
431 * done before the first vCPU run as KVM's ABI is that guest CPUID is
432 * immutable once the vCPU has been run.
433 */
434 for (idx = 0; idx < ARRAY_SIZE(__msrs); idx++) {
435 /*
436 * Don't clear LM; selftests are 64-bit only, and KVM doesn't
437 * honor LM=0 for MSRs that are supposed to exist if and only
438 * if the vCPU is a 64-bit model. Ditto for NONE; clearing a
439 * fake feature flag will result in false failures.
440 */
441 if (memcmp(&msrs[idx].feature, &feat_lm, sizeof(feat_lm)) &&
442 memcmp(&msrs[idx].feature, &feat_none, sizeof(feat_none)))
443 vcpu_clear_cpuid_feature(vcpus[2], msrs[idx].feature);
444 }
445
446 for (idx = 0; idx < ARRAY_SIZE(__msrs); idx++) {
447 struct kvm_msr *msr = &msrs[idx];
448
449 if (msr->is_kvm_defined) {
450 for (i = 0; i < NR_VCPUS; i++)
451 host_test_kvm_reg(vcpus[i]);
452 continue;
453 }
454
455 /*
456 * Verify KVM_GET_SUPPORTED_CPUID and KVM_GET_MSR_INDEX_LIST
457 * are consistent with respect to MSRs whose existence is
458 * enumerated via CPUID. Skip the check for FS/GS.base MSRs,
459 * as they aren't reported in the save/restore list since their
460 * state is managed via SREGS.
461 */
462 TEST_ASSERT(msr->index == MSR_FS_BASE || msr->index == MSR_GS_BASE ||
463 kvm_msr_is_in_save_restore_list(msr->index) ==
464 (kvm_cpu_has(msr->feature) || kvm_cpu_has(msr->feature2)),
465 "%s %s in save/restore list, but %s according to CPUID", msr->name,
466 kvm_msr_is_in_save_restore_list(msr->index) ? "is" : "isn't",
467 (kvm_cpu_has(msr->feature) || kvm_cpu_has(msr->feature2)) ?
468 "supported" : "unsupported");
469
470 sync_global_to_guest(vm, idx);
471
472 vcpus_run(vcpus, NR_VCPUS);
473 vcpus_run(vcpus, NR_VCPUS);
474 }
475
476 kvm_vm_free(vm);
477}
478
479int main(void)
480{
481 has_one_reg = kvm_has_cap(KVM_CAP_ONE_REG);
482
483 test_msrs();
484
485 if (has_one_reg) {
486 use_one_reg = true;
487 test_msrs();
488 }
489}