blob: 16b9dfd8c773869899b32933abf3b6751c0343c1 [file] [log] [blame] [edit]
#include "svm.h"
#include "libcflat.h"
#include "processor.h"
#include "desc.h"
#include "msr.h"
#include "vm.h"
#include "smp.h"
#include "types.h"
#include "alloc_page.h"
#include "isr.h"
#include "apic.h"
#define SVM_EXIT_MAX_DR_INTERCEPT 0x3f
static void *scratch_page;
#define LATENCY_RUNS 1000000
u64 tsc_start;
u64 tsc_end;
u64 vmrun_sum, vmexit_sum;
u64 vmsave_sum, vmload_sum;
u64 stgi_sum, clgi_sum;
u64 latvmrun_max;
u64 latvmrun_min;
u64 latvmexit_max;
u64 latvmexit_min;
u64 latvmload_max;
u64 latvmload_min;
u64 latvmsave_max;
u64 latvmsave_min;
u64 latstgi_max;
u64 latstgi_min;
u64 latclgi_max;
u64 latclgi_min;
u64 runs;
static void null_test(struct svm_test *test)
{
}
static bool null_check(struct svm_test *test)
{
return vmcb->control.exit_code == SVM_EXIT_VMMCALL;
}
static void prepare_no_vmrun_int(struct svm_test *test)
{
vmcb->control.intercept &= ~(1ULL << INTERCEPT_VMRUN);
}
static bool check_no_vmrun_int(struct svm_test *test)
{
return vmcb->control.exit_code == SVM_EXIT_ERR;
}
static void test_vmrun(struct svm_test *test)
{
asm volatile ("vmrun %0" : : "a"(virt_to_phys(vmcb)));
}
static bool check_vmrun(struct svm_test *test)
{
return vmcb->control.exit_code == SVM_EXIT_VMRUN;
}
static void prepare_cr3_intercept(struct svm_test *test)
{
default_prepare(test);
vmcb->control.intercept_cr_read |= 1 << 3;
}
static void test_cr3_intercept(struct svm_test *test)
{
asm volatile ("mov %%cr3, %0" : "=r"(test->scratch) : : "memory");
}
static bool check_cr3_intercept(struct svm_test *test)
{
return vmcb->control.exit_code == SVM_EXIT_READ_CR3;
}
static bool check_cr3_nointercept(struct svm_test *test)
{
return null_check(test) && test->scratch == read_cr3();
}
static void corrupt_cr3_intercept_bypass(void *_test)
{
struct svm_test *test = _test;
extern volatile u32 mmio_insn;
while (!__sync_bool_compare_and_swap(&test->scratch, 1, 2))
pause();
pause();
pause();
pause();
mmio_insn = 0x90d8200f; // mov %cr3, %rax; nop
}
static void prepare_cr3_intercept_bypass(struct svm_test *test)
{
default_prepare(test);
vmcb->control.intercept_cr_read |= 1 << 3;
on_cpu_async(1, corrupt_cr3_intercept_bypass, test);
}
static void test_cr3_intercept_bypass(struct svm_test *test)
{
ulong a = 0xa0000;
test->scratch = 1;
while (test->scratch != 2)
barrier();
asm volatile ("mmio_insn: mov %0, (%0); nop"
: "+a"(a) : : "memory");
test->scratch = a;
}
static void prepare_dr_intercept(struct svm_test *test)
{
default_prepare(test);
vmcb->control.intercept_dr_read = 0xff;
vmcb->control.intercept_dr_write = 0xff;
}
static void test_dr_intercept(struct svm_test *test)
{
unsigned int i, failcnt = 0;
/* Loop testing debug register reads */
for (i = 0; i < 8; i++) {
switch (i) {
case 0:
asm volatile ("mov %%dr0, %0" : "=r"(test->scratch) : : "memory");
break;
case 1:
asm volatile ("mov %%dr1, %0" : "=r"(test->scratch) : : "memory");
break;
case 2:
asm volatile ("mov %%dr2, %0" : "=r"(test->scratch) : : "memory");
break;
case 3:
asm volatile ("mov %%dr3, %0" : "=r"(test->scratch) : : "memory");
break;
case 4:
asm volatile ("mov %%dr4, %0" : "=r"(test->scratch) : : "memory");
break;
case 5:
asm volatile ("mov %%dr5, %0" : "=r"(test->scratch) : : "memory");
break;
case 6:
asm volatile ("mov %%dr6, %0" : "=r"(test->scratch) : : "memory");
break;
case 7:
asm volatile ("mov %%dr7, %0" : "=r"(test->scratch) : : "memory");
break;
}
if (test->scratch != i) {
report(false, "dr%u read intercept", i);
failcnt++;
}
}
/* Loop testing debug register writes */
for (i = 0; i < 8; i++) {
switch (i) {
case 0:
asm volatile ("mov %0, %%dr0" : : "r"(test->scratch) : "memory");
break;
case 1:
asm volatile ("mov %0, %%dr1" : : "r"(test->scratch) : "memory");
break;
case 2:
asm volatile ("mov %0, %%dr2" : : "r"(test->scratch) : "memory");
break;
case 3:
asm volatile ("mov %0, %%dr3" : : "r"(test->scratch) : "memory");
break;
case 4:
asm volatile ("mov %0, %%dr4" : : "r"(test->scratch) : "memory");
break;
case 5:
asm volatile ("mov %0, %%dr5" : : "r"(test->scratch) : "memory");
break;
case 6:
asm volatile ("mov %0, %%dr6" : : "r"(test->scratch) : "memory");
break;
case 7:
asm volatile ("mov %0, %%dr7" : : "r"(test->scratch) : "memory");
break;
}
if (test->scratch != i) {
report(false, "dr%u write intercept", i);
failcnt++;
}
}
test->scratch = failcnt;
}
static bool dr_intercept_finished(struct svm_test *test)
{
ulong n = (vmcb->control.exit_code - SVM_EXIT_READ_DR0);
/* Only expect DR intercepts */
if (n > (SVM_EXIT_MAX_DR_INTERCEPT - SVM_EXIT_READ_DR0))
return true;
/*
* Compute debug register number.
* Per Appendix C "SVM Intercept Exit Codes" of AMD64 Architecture
* Programmer's Manual Volume 2 - System Programming:
* http://support.amd.com/TechDocs/24593.pdf
* there are 16 VMEXIT codes each for DR read and write.
*/
test->scratch = (n % 16);
/* Jump over MOV instruction */
vmcb->save.rip += 3;
return false;
}
static bool check_dr_intercept(struct svm_test *test)
{
return !test->scratch;
}
static bool next_rip_supported(void)
{
return this_cpu_has(X86_FEATURE_NRIPS);
}
static void prepare_next_rip(struct svm_test *test)
{
vmcb->control.intercept |= (1ULL << INTERCEPT_RDTSC);
}
static void test_next_rip(struct svm_test *test)
{
asm volatile ("rdtsc\n\t"
".globl exp_next_rip\n\t"
"exp_next_rip:\n\t" ::: "eax", "edx");
}
static bool check_next_rip(struct svm_test *test)
{
extern char exp_next_rip;
unsigned long address = (unsigned long)&exp_next_rip;
return address == vmcb->control.next_rip;
}
extern u8 *msr_bitmap;
static void prepare_msr_intercept(struct svm_test *test)
{
default_prepare(test);
vmcb->control.intercept |= (1ULL << INTERCEPT_MSR_PROT);
vmcb->control.intercept_exceptions |= (1ULL << GP_VECTOR);
memset(msr_bitmap, 0xff, MSR_BITMAP_SIZE);
}
static void test_msr_intercept(struct svm_test *test)
{
unsigned long msr_value = 0xef8056791234abcd; /* Arbitrary value */
unsigned long msr_index;
for (msr_index = 0; msr_index <= 0xc0011fff; msr_index++) {
if (msr_index == 0xC0010131 /* MSR_SEV_STATUS */) {
/*
* Per section 15.34.10 "SEV_STATUS MSR" of AMD64 Architecture
* Programmer's Manual volume 2 - System Programming:
* http://support.amd.com/TechDocs/24593.pdf
* SEV_STATUS MSR (C001_0131) is a non-interceptable MSR.
*/
continue;
}
/* Skips gaps between supported MSR ranges */
if (msr_index == 0x2000)
msr_index = 0xc0000000;
else if (msr_index == 0xc0002000)
msr_index = 0xc0010000;
test->scratch = -1;
rdmsr(msr_index);
/* Check that a read intercept occurred for MSR at msr_index */
if (test->scratch != msr_index)
report(false, "MSR 0x%lx read intercept", msr_index);
/*
* Poor man approach to generate a value that
* seems arbitrary each time around the loop.
*/
msr_value += (msr_value << 1);
wrmsr(msr_index, msr_value);
/* Check that a write intercept occurred for MSR with msr_value */
if (test->scratch != msr_value)
report(false, "MSR 0x%lx write intercept", msr_index);
}
test->scratch = -2;
}
static bool msr_intercept_finished(struct svm_test *test)
{
u32 exit_code = vmcb->control.exit_code;
u64 exit_info_1;
u8 *opcode;
if (exit_code == SVM_EXIT_MSR) {
exit_info_1 = vmcb->control.exit_info_1;
} else {
/*
* If #GP exception occurs instead, check that it was
* for RDMSR/WRMSR and set exit_info_1 accordingly.
*/
if (exit_code != (SVM_EXIT_EXCP_BASE + GP_VECTOR))
return true;
opcode = (u8 *)vmcb->save.rip;
if (opcode[0] != 0x0f)
return true;
switch (opcode[1]) {
case 0x30: /* WRMSR */
exit_info_1 = 1;
break;
case 0x32: /* RDMSR */
exit_info_1 = 0;
break;
default:
return true;
}
/*
* Warn that #GP exception occured instead.
* RCX holds the MSR index.
*/
printf("%s 0x%lx #GP exception\n",
exit_info_1 ? "WRMSR" : "RDMSR", get_regs().rcx);
}
/* Jump over RDMSR/WRMSR instruction */
vmcb->save.rip += 2;
/*
* Test whether the intercept was for RDMSR/WRMSR.
* For RDMSR, test->scratch is set to the MSR index;
* RCX holds the MSR index.
* For WRMSR, test->scratch is set to the MSR value;
* RDX holds the upper 32 bits of the MSR value,
* while RAX hold its lower 32 bits.
*/
if (exit_info_1)
test->scratch =
((get_regs().rdx << 32) | (vmcb->save.rax & 0xffffffff));
else
test->scratch = get_regs().rcx;
return false;
}
static bool check_msr_intercept(struct svm_test *test)
{
memset(msr_bitmap, 0, MSR_BITMAP_SIZE);
return (test->scratch == -2);
}
static void prepare_mode_switch(struct svm_test *test)
{
vmcb->control.intercept_exceptions |= (1ULL << GP_VECTOR)
| (1ULL << UD_VECTOR)
| (1ULL << DF_VECTOR)
| (1ULL << PF_VECTOR);
test->scratch = 0;
}
static void test_mode_switch(struct svm_test *test)
{
asm volatile(" cli\n"
" ljmp *1f\n" /* jump to 32-bit code segment */
"1:\n"
" .long 2f\n"
" .long " xstr(KERNEL_CS32) "\n"
".code32\n"
"2:\n"
" movl %%cr0, %%eax\n"
" btcl $31, %%eax\n" /* clear PG */
" movl %%eax, %%cr0\n"
" movl $0xc0000080, %%ecx\n" /* EFER */
" rdmsr\n"
" btcl $8, %%eax\n" /* clear LME */
" wrmsr\n"
" movl %%cr4, %%eax\n"
" btcl $5, %%eax\n" /* clear PAE */
" movl %%eax, %%cr4\n"
" movw %[ds16], %%ax\n"
" movw %%ax, %%ds\n"
" ljmpl %[cs16], $3f\n" /* jump to 16 bit protected-mode */
".code16\n"
"3:\n"
" movl %%cr0, %%eax\n"
" btcl $0, %%eax\n" /* clear PE */
" movl %%eax, %%cr0\n"
" ljmpl $0, $4f\n" /* jump to real-mode */
"4:\n"
" vmmcall\n"
" movl %%cr0, %%eax\n"
" btsl $0, %%eax\n" /* set PE */
" movl %%eax, %%cr0\n"
" ljmpl %[cs32], $5f\n" /* back to protected mode */
".code32\n"
"5:\n"
" movl %%cr4, %%eax\n"
" btsl $5, %%eax\n" /* set PAE */
" movl %%eax, %%cr4\n"
" movl $0xc0000080, %%ecx\n" /* EFER */
" rdmsr\n"
" btsl $8, %%eax\n" /* set LME */
" wrmsr\n"
" movl %%cr0, %%eax\n"
" btsl $31, %%eax\n" /* set PG */
" movl %%eax, %%cr0\n"
" ljmpl %[cs64], $6f\n" /* back to long mode */
".code64\n\t"
"6:\n"
" vmmcall\n"
:: [cs16] "i"(KERNEL_CS16), [ds16] "i"(KERNEL_DS16),
[cs32] "i"(KERNEL_CS32), [cs64] "i"(KERNEL_CS64)
: "rax", "rbx", "rcx", "rdx", "memory");
}
static bool mode_switch_finished(struct svm_test *test)
{
u64 cr0, cr4, efer;
cr0 = vmcb->save.cr0;
cr4 = vmcb->save.cr4;
efer = vmcb->save.efer;
/* Only expect VMMCALL intercepts */
if (vmcb->control.exit_code != SVM_EXIT_VMMCALL)
return true;
/* Jump over VMMCALL instruction */
vmcb->save.rip += 3;
/* Do sanity checks */
switch (test->scratch) {
case 0:
/* Test should be in real mode now - check for this */
if ((cr0 & 0x80000001) || /* CR0.PG, CR0.PE */
(cr4 & 0x00000020) || /* CR4.PAE */
(efer & 0x00000500)) /* EFER.LMA, EFER.LME */
return true;
break;
case 2:
/* Test should be back in long-mode now - check for this */
if (((cr0 & 0x80000001) != 0x80000001) || /* CR0.PG, CR0.PE */
((cr4 & 0x00000020) != 0x00000020) || /* CR4.PAE */
((efer & 0x00000500) != 0x00000500)) /* EFER.LMA, EFER.LME */
return true;
break;
}
/* one step forward */
test->scratch += 1;
return test->scratch == 2;
}
static bool check_mode_switch(struct svm_test *test)
{
return test->scratch == 2;
}
extern u8 *io_bitmap;
static void prepare_ioio(struct svm_test *test)
{
vmcb->control.intercept |= (1ULL << INTERCEPT_IOIO_PROT);
test->scratch = 0;
memset(io_bitmap, 0, 8192);
io_bitmap[8192] = 0xFF;
}
static void test_ioio(struct svm_test *test)
{
// stage 0, test IO pass
inb(0x5000);
outb(0x0, 0x5000);
if (get_test_stage(test) != 0)
goto fail;
// test IO width, in/out
io_bitmap[0] = 0xFF;
inc_test_stage(test);
inb(0x0);
if (get_test_stage(test) != 2)
goto fail;
outw(0x0, 0x0);
if (get_test_stage(test) != 3)
goto fail;
inl(0x0);
if (get_test_stage(test) != 4)
goto fail;
// test low/high IO port
io_bitmap[0x5000 / 8] = (1 << (0x5000 % 8));
inb(0x5000);
if (get_test_stage(test) != 5)
goto fail;
io_bitmap[0x9000 / 8] = (1 << (0x9000 % 8));
inw(0x9000);
if (get_test_stage(test) != 6)
goto fail;
// test partial pass
io_bitmap[0x5000 / 8] = (1 << (0x5000 % 8));
inl(0x4FFF);
if (get_test_stage(test) != 7)
goto fail;
// test across pages
inc_test_stage(test);
inl(0x7FFF);
if (get_test_stage(test) != 8)
goto fail;
inc_test_stage(test);
io_bitmap[0x8000 / 8] = 1 << (0x8000 % 8);
inl(0x7FFF);
if (get_test_stage(test) != 10)
goto fail;
io_bitmap[0] = 0;
inl(0xFFFF);
if (get_test_stage(test) != 11)
goto fail;
io_bitmap[0] = 0xFF;
io_bitmap[8192] = 0;
inl(0xFFFF);
inc_test_stage(test);
if (get_test_stage(test) != 12)
goto fail;
return;
fail:
report(false, "stage %d", get_test_stage(test));
test->scratch = -1;
}
static bool ioio_finished(struct svm_test *test)
{
unsigned port, size;
/* Only expect IOIO intercepts */
if (vmcb->control.exit_code == SVM_EXIT_VMMCALL)
return true;
if (vmcb->control.exit_code != SVM_EXIT_IOIO)
return true;
/* one step forward */
test->scratch += 1;
port = vmcb->control.exit_info_1 >> 16;
size = (vmcb->control.exit_info_1 >> SVM_IOIO_SIZE_SHIFT) & 7;
while (size--) {
io_bitmap[port / 8] &= ~(1 << (port & 7));
port++;
}
return false;
}
static bool check_ioio(struct svm_test *test)
{
memset(io_bitmap, 0, 8193);
return test->scratch != -1;
}
static void prepare_asid_zero(struct svm_test *test)
{
vmcb->control.asid = 0;
}
static void test_asid_zero(struct svm_test *test)
{
asm volatile ("vmmcall\n\t");
}
static bool check_asid_zero(struct svm_test *test)
{
return vmcb->control.exit_code == SVM_EXIT_ERR;
}
static void sel_cr0_bug_prepare(struct svm_test *test)
{
vmcb_ident(vmcb);
vmcb->control.intercept |= (1ULL << INTERCEPT_SELECTIVE_CR0);
}
static bool sel_cr0_bug_finished(struct svm_test *test)
{
return true;
}
static void sel_cr0_bug_test(struct svm_test *test)
{
unsigned long cr0;
/* read cr0, clear CD, and write back */
cr0 = read_cr0();
cr0 |= (1UL << 30);
write_cr0(cr0);
/*
* If we are here the test failed, not sure what to do now because we
* are not in guest-mode anymore so we can't trigger an intercept.
* Trigger a tripple-fault for now.
*/
report(false, "sel_cr0 test. Can not recover from this - exiting");
exit(report_summary());
}
static bool sel_cr0_bug_check(struct svm_test *test)
{
return vmcb->control.exit_code == SVM_EXIT_CR0_SEL_WRITE;
}
static void npt_nx_prepare(struct svm_test *test)
{
u64 *pte;
vmcb_ident(vmcb);
pte = npt_get_pte((u64)null_test);
*pte |= (1ULL << 63);
}
static bool npt_nx_check(struct svm_test *test)
{
u64 *pte = npt_get_pte((u64)null_test);
*pte &= ~(1ULL << 63);
vmcb->save.efer |= (1 << 11);
return (vmcb->control.exit_code == SVM_EXIT_NPF)
&& (vmcb->control.exit_info_1 == 0x100000015ULL);
}
static void npt_us_prepare(struct svm_test *test)
{
u64 *pte;
scratch_page = alloc_page();
vmcb_ident(vmcb);
pte = npt_get_pte((u64)scratch_page);
*pte &= ~(1ULL << 2);
}
static void npt_us_test(struct svm_test *test)
{
(void) *(volatile u64 *)scratch_page;
}
static bool npt_us_check(struct svm_test *test)
{
u64 *pte = npt_get_pte((u64)scratch_page);
*pte |= (1ULL << 2);
return (vmcb->control.exit_code == SVM_EXIT_NPF)
&& (vmcb->control.exit_info_1 == 0x100000005ULL);
}
u64 save_pde;
static void npt_rsvd_prepare(struct svm_test *test)
{
u64 *pde;
vmcb_ident(vmcb);
pde = npt_get_pde((u64) null_test);
save_pde = *pde;
*pde = (1ULL << 19) | (1ULL << 7) | 0x27;
}
static bool npt_rsvd_check(struct svm_test *test)
{
u64 *pde = npt_get_pde((u64) null_test);
*pde = save_pde;
return (vmcb->control.exit_code == SVM_EXIT_NPF)
&& (vmcb->control.exit_info_1 == 0x10000001dULL);
}
static void npt_rw_prepare(struct svm_test *test)
{
u64 *pte;
vmcb_ident(vmcb);
pte = npt_get_pte(0x80000);
*pte &= ~(1ULL << 1);
}
static void npt_rw_test(struct svm_test *test)
{
u64 *data = (void*)(0x80000);
*data = 0;
}
static bool npt_rw_check(struct svm_test *test)
{
u64 *pte = npt_get_pte(0x80000);
*pte |= (1ULL << 1);
return (vmcb->control.exit_code == SVM_EXIT_NPF)
&& (vmcb->control.exit_info_1 == 0x100000007ULL);
}
static void npt_rw_pfwalk_prepare(struct svm_test *test)
{
u64 *pte;
vmcb_ident(vmcb);
pte = npt_get_pte(read_cr3());
*pte &= ~(1ULL << 1);
}
static bool npt_rw_pfwalk_check(struct svm_test *test)
{
u64 *pte = npt_get_pte(read_cr3());
*pte |= (1ULL << 1);
return (vmcb->control.exit_code == SVM_EXIT_NPF)
&& (vmcb->control.exit_info_1 == 0x200000006ULL)
&& (vmcb->control.exit_info_2 == read_cr3());
}
static void npt_rsvd_pfwalk_prepare(struct svm_test *test)
{
u64 *pdpe;
vmcb_ident(vmcb);
pdpe = npt_get_pdpe();
pdpe[0] |= (1ULL << 8);
}
static bool npt_rsvd_pfwalk_check(struct svm_test *test)
{
u64 *pdpe = npt_get_pdpe();
pdpe[0] &= ~(1ULL << 8);
return (vmcb->control.exit_code == SVM_EXIT_NPF)
&& (vmcb->control.exit_info_1 == 0x20000000eULL);
}
static void npt_l1mmio_prepare(struct svm_test *test)
{
vmcb_ident(vmcb);
}
u32 nested_apic_version1;
u32 nested_apic_version2;
static void npt_l1mmio_test(struct svm_test *test)
{
volatile u32 *data = (volatile void*)(0xfee00030UL);
nested_apic_version1 = *data;
nested_apic_version2 = *data;
}
static bool npt_l1mmio_check(struct svm_test *test)
{
volatile u32 *data = (volatile void*)(0xfee00030);
u32 lvr = *data;
return nested_apic_version1 == lvr && nested_apic_version2 == lvr;
}
static void npt_rw_l1mmio_prepare(struct svm_test *test)
{
u64 *pte;
vmcb_ident(vmcb);
pte = npt_get_pte(0xfee00080);
*pte &= ~(1ULL << 1);
}
static void npt_rw_l1mmio_test(struct svm_test *test)
{
volatile u32 *data = (volatile void*)(0xfee00080);
*data = *data;
}
static bool npt_rw_l1mmio_check(struct svm_test *test)
{
u64 *pte = npt_get_pte(0xfee00080);
*pte |= (1ULL << 1);
return (vmcb->control.exit_code == SVM_EXIT_NPF)
&& (vmcb->control.exit_info_1 == 0x100000007ULL);
}
#define TSC_ADJUST_VALUE (1ll << 32)
#define TSC_OFFSET_VALUE (-1ll << 48)
static bool ok;
static void tsc_adjust_prepare(struct svm_test *test)
{
default_prepare(test);
vmcb->control.tsc_offset = TSC_OFFSET_VALUE;
wrmsr(MSR_IA32_TSC_ADJUST, -TSC_ADJUST_VALUE);
int64_t adjust = rdmsr(MSR_IA32_TSC_ADJUST);
ok = adjust == -TSC_ADJUST_VALUE;
}
static void tsc_adjust_test(struct svm_test *test)
{
int64_t adjust = rdmsr(MSR_IA32_TSC_ADJUST);
ok &= adjust == -TSC_ADJUST_VALUE;
uint64_t l1_tsc = rdtsc() - TSC_OFFSET_VALUE;
wrmsr(MSR_IA32_TSC, l1_tsc - TSC_ADJUST_VALUE);
adjust = rdmsr(MSR_IA32_TSC_ADJUST);
ok &= adjust <= -2 * TSC_ADJUST_VALUE;
uint64_t l1_tsc_end = rdtsc() - TSC_OFFSET_VALUE;
ok &= (l1_tsc_end + TSC_ADJUST_VALUE - l1_tsc) < TSC_ADJUST_VALUE;
uint64_t l1_tsc_msr = rdmsr(MSR_IA32_TSC) - TSC_OFFSET_VALUE;
ok &= (l1_tsc_msr + TSC_ADJUST_VALUE - l1_tsc) < TSC_ADJUST_VALUE;
}
static bool tsc_adjust_check(struct svm_test *test)
{
int64_t adjust = rdmsr(MSR_IA32_TSC_ADJUST);
wrmsr(MSR_IA32_TSC_ADJUST, 0);
return ok && adjust <= -2 * TSC_ADJUST_VALUE;
}
static void latency_prepare(struct svm_test *test)
{
default_prepare(test);
runs = LATENCY_RUNS;
latvmrun_min = latvmexit_min = -1ULL;
latvmrun_max = latvmexit_max = 0;
vmrun_sum = vmexit_sum = 0;
tsc_start = rdtsc();
}
static void latency_test(struct svm_test *test)
{
u64 cycles;
start:
tsc_end = rdtsc();
cycles = tsc_end - tsc_start;
if (cycles > latvmrun_max)
latvmrun_max = cycles;
if (cycles < latvmrun_min)
latvmrun_min = cycles;
vmrun_sum += cycles;
tsc_start = rdtsc();
asm volatile ("vmmcall" : : : "memory");
goto start;
}
static bool latency_finished(struct svm_test *test)
{
u64 cycles;
tsc_end = rdtsc();
cycles = tsc_end - tsc_start;
if (cycles > latvmexit_max)
latvmexit_max = cycles;
if (cycles < latvmexit_min)
latvmexit_min = cycles;
vmexit_sum += cycles;
vmcb->save.rip += 3;
runs -= 1;
tsc_end = rdtsc();
return runs == 0;
}
static bool latency_check(struct svm_test *test)
{
printf(" Latency VMRUN : max: %ld min: %ld avg: %ld\n", latvmrun_max,
latvmrun_min, vmrun_sum / LATENCY_RUNS);
printf(" Latency VMEXIT: max: %ld min: %ld avg: %ld\n", latvmexit_max,
latvmexit_min, vmexit_sum / LATENCY_RUNS);
return true;
}
static void lat_svm_insn_prepare(struct svm_test *test)
{
default_prepare(test);
runs = LATENCY_RUNS;
latvmload_min = latvmsave_min = latstgi_min = latclgi_min = -1ULL;
latvmload_max = latvmsave_max = latstgi_max = latclgi_max = 0;
vmload_sum = vmsave_sum = stgi_sum = clgi_sum;
}
static bool lat_svm_insn_finished(struct svm_test *test)
{
u64 vmcb_phys = virt_to_phys(vmcb);
u64 cycles;
for ( ; runs != 0; runs--) {
tsc_start = rdtsc();
asm volatile("vmload %0\n\t" : : "a"(vmcb_phys) : "memory");
cycles = rdtsc() - tsc_start;
if (cycles > latvmload_max)
latvmload_max = cycles;
if (cycles < latvmload_min)
latvmload_min = cycles;
vmload_sum += cycles;
tsc_start = rdtsc();
asm volatile("vmsave %0\n\t" : : "a"(vmcb_phys) : "memory");
cycles = rdtsc() - tsc_start;
if (cycles > latvmsave_max)
latvmsave_max = cycles;
if (cycles < latvmsave_min)
latvmsave_min = cycles;
vmsave_sum += cycles;
tsc_start = rdtsc();
asm volatile("stgi\n\t");
cycles = rdtsc() - tsc_start;
if (cycles > latstgi_max)
latstgi_max = cycles;
if (cycles < latstgi_min)
latstgi_min = cycles;
stgi_sum += cycles;
tsc_start = rdtsc();
asm volatile("clgi\n\t");
cycles = rdtsc() - tsc_start;
if (cycles > latclgi_max)
latclgi_max = cycles;
if (cycles < latclgi_min)
latclgi_min = cycles;
clgi_sum += cycles;
}
tsc_end = rdtsc();
return true;
}
static bool lat_svm_insn_check(struct svm_test *test)
{
printf(" Latency VMLOAD: max: %ld min: %ld avg: %ld\n", latvmload_max,
latvmload_min, vmload_sum / LATENCY_RUNS);
printf(" Latency VMSAVE: max: %ld min: %ld avg: %ld\n", latvmsave_max,
latvmsave_min, vmsave_sum / LATENCY_RUNS);
printf(" Latency STGI: max: %ld min: %ld avg: %ld\n", latstgi_max,
latstgi_min, stgi_sum / LATENCY_RUNS);
printf(" Latency CLGI: max: %ld min: %ld avg: %ld\n", latclgi_max,
latclgi_min, clgi_sum / LATENCY_RUNS);
return true;
}
bool pending_event_ipi_fired;
bool pending_event_guest_run;
static void pending_event_ipi_isr(isr_regs_t *regs)
{
pending_event_ipi_fired = true;
eoi();
}
static void pending_event_prepare(struct svm_test *test)
{
int ipi_vector = 0xf1;
default_prepare(test);
pending_event_ipi_fired = false;
handle_irq(ipi_vector, pending_event_ipi_isr);
pending_event_guest_run = false;
vmcb->control.intercept |= (1ULL << INTERCEPT_INTR);
vmcb->control.int_ctl |= V_INTR_MASKING_MASK;
apic_icr_write(APIC_DEST_SELF | APIC_DEST_PHYSICAL |
APIC_DM_FIXED | ipi_vector, 0);
set_test_stage(test, 0);
}
static void pending_event_test(struct svm_test *test)
{
pending_event_guest_run = true;
}
static bool pending_event_finished(struct svm_test *test)
{
switch (get_test_stage(test)) {
case 0:
if (vmcb->control.exit_code != SVM_EXIT_INTR) {
report(false, "VMEXIT not due to pending interrupt. Exit reason 0x%x",
vmcb->control.exit_code);
return true;
}
vmcb->control.intercept &= ~(1ULL << INTERCEPT_INTR);
vmcb->control.int_ctl &= ~V_INTR_MASKING_MASK;
if (pending_event_guest_run) {
report(false, "Guest ran before host received IPI\n");
return true;
}
irq_enable();
asm volatile ("nop");
irq_disable();
if (!pending_event_ipi_fired) {
report(false, "Pending interrupt not dispatched after IRQ enabled\n");
return true;
}
break;
case 1:
if (!pending_event_guest_run) {
report(false, "Guest did not resume when no interrupt\n");
return true;
}
break;
}
inc_test_stage(test);
return get_test_stage(test) == 2;
}
static bool pending_event_check(struct svm_test *test)
{
return get_test_stage(test) == 2;
}
static void pending_event_cli_prepare(struct svm_test *test)
{
default_prepare(test);
pending_event_ipi_fired = false;
handle_irq(0xf1, pending_event_ipi_isr);
apic_icr_write(APIC_DEST_SELF | APIC_DEST_PHYSICAL |
APIC_DM_FIXED | 0xf1, 0);
set_test_stage(test, 0);
}
static void pending_event_cli_prepare_gif_clear(struct svm_test *test)
{
asm("cli");
}
static void pending_event_cli_test(struct svm_test *test)
{
if (pending_event_ipi_fired == true) {
set_test_stage(test, -1);
report(false, "Interrupt preceeded guest");
vmmcall();
}
/* VINTR_MASKING is zero. This should cause the IPI to fire. */
irq_enable();
asm volatile ("nop");
irq_disable();
if (pending_event_ipi_fired != true) {
set_test_stage(test, -1);
report(false, "Interrupt not triggered by guest");
}
vmmcall();
/*
* Now VINTR_MASKING=1, but no interrupt is pending so
* the VINTR interception should be clear in VMCB02. Check
* that L0 did not leave a stale VINTR in the VMCB.
*/
irq_enable();
asm volatile ("nop");
irq_disable();
}
static bool pending_event_cli_finished(struct svm_test *test)
{
if ( vmcb->control.exit_code != SVM_EXIT_VMMCALL) {
report(false, "VM_EXIT return to host is not EXIT_VMMCALL exit reason 0x%x",
vmcb->control.exit_code);
return true;
}
switch (get_test_stage(test)) {
case 0:
vmcb->save.rip += 3;
pending_event_ipi_fired = false;
vmcb->control.int_ctl |= V_INTR_MASKING_MASK;
/* Now entering again with VINTR_MASKING=1. */
apic_icr_write(APIC_DEST_SELF | APIC_DEST_PHYSICAL |
APIC_DM_FIXED | 0xf1, 0);
break;
case 1:
if (pending_event_ipi_fired == true) {
report(false, "Interrupt triggered by guest");
return true;
}
irq_enable();
asm volatile ("nop");
irq_disable();
if (pending_event_ipi_fired != true) {
report(false, "Interrupt not triggered by host");
return true;
}
break;
default:
return true;
}
inc_test_stage(test);
return get_test_stage(test) == 2;
}
static bool pending_event_cli_check(struct svm_test *test)
{
return get_test_stage(test) == 2;
}
#define TIMER_VECTOR 222
static volatile bool timer_fired;
static void timer_isr(isr_regs_t *regs)
{
timer_fired = true;
apic_write(APIC_EOI, 0);
}
static void interrupt_prepare(struct svm_test *test)
{
default_prepare(test);
handle_irq(TIMER_VECTOR, timer_isr);
timer_fired = false;
set_test_stage(test, 0);
}
static void interrupt_test(struct svm_test *test)
{
long long start, loops;
apic_write(APIC_LVTT, TIMER_VECTOR);
irq_enable();
apic_write(APIC_TMICT, 1); //Timer Initial Count Register 0x380 one-shot
for (loops = 0; loops < 10000000 && !timer_fired; loops++)
asm volatile ("nop");
report(timer_fired, "direct interrupt while running guest");
if (!timer_fired) {
set_test_stage(test, -1);
vmmcall();
}
apic_write(APIC_TMICT, 0);
irq_disable();
vmmcall();
timer_fired = false;
apic_write(APIC_TMICT, 1);
for (loops = 0; loops < 10000000 && !timer_fired; loops++)
asm volatile ("nop");
report(timer_fired, "intercepted interrupt while running guest");
if (!timer_fired) {
set_test_stage(test, -1);
vmmcall();
}
irq_enable();
apic_write(APIC_TMICT, 0);
irq_disable();
timer_fired = false;
start = rdtsc();
apic_write(APIC_TMICT, 1000000);
asm volatile ("sti; hlt");
report(rdtsc() - start > 10000 && timer_fired,
"direct interrupt + hlt");
if (!timer_fired) {
set_test_stage(test, -1);
vmmcall();
}
apic_write(APIC_TMICT, 0);
irq_disable();
vmmcall();
timer_fired = false;
start = rdtsc();
apic_write(APIC_TMICT, 1000000);
asm volatile ("hlt");
report(rdtsc() - start > 10000 && timer_fired,
"intercepted interrupt + hlt");
if (!timer_fired) {
set_test_stage(test, -1);
vmmcall();
}
apic_write(APIC_TMICT, 0);
irq_disable();
}
static bool interrupt_finished(struct svm_test *test)
{
switch (get_test_stage(test)) {
case 0:
case 2:
if (vmcb->control.exit_code != SVM_EXIT_VMMCALL) {
report(false, "VMEXIT not due to vmmcall. Exit reason 0x%x",
vmcb->control.exit_code);
return true;
}
vmcb->save.rip += 3;
vmcb->control.intercept |= (1ULL << INTERCEPT_INTR);
vmcb->control.int_ctl |= V_INTR_MASKING_MASK;
break;
case 1:
case 3:
if (vmcb->control.exit_code != SVM_EXIT_INTR) {
report(false, "VMEXIT not due to intr intercept. Exit reason 0x%x",
vmcb->control.exit_code);
return true;
}
irq_enable();
asm volatile ("nop");
irq_disable();
vmcb->control.intercept &= ~(1ULL << INTERCEPT_INTR);
vmcb->control.int_ctl &= ~V_INTR_MASKING_MASK;
break;
case 4:
break;
default:
return true;
}
inc_test_stage(test);
return get_test_stage(test) == 5;
}
static bool interrupt_check(struct svm_test *test)
{
return get_test_stage(test) == 5;
}
#define TEST(name) { #name, .v2 = name }
/*
* v2 tests
*/
static void basic_guest_main(struct svm_test *test)
{
}
static void svm_guest_state_test(void)
{
u64 efer_saved = vmcb->save.efer;
u64 efer = efer_saved;
test_set_guest(basic_guest_main);
report (svm_vmrun() == SVM_EXIT_VMMCALL, "EFER.SVME: %lx", efer);
efer &= ~EFER_SVME;
vmcb->save.efer = efer;
report (svm_vmrun() == SVM_EXIT_ERR, "EFER.SVME: %lx", efer);
vmcb->save.efer = efer_saved;
}
struct svm_test svm_tests[] = {
{ "null", default_supported, default_prepare,
default_prepare_gif_clear, null_test,
default_finished, null_check },
{ "vmrun", default_supported, default_prepare,
default_prepare_gif_clear, test_vmrun,
default_finished, check_vmrun },
{ "ioio", default_supported, prepare_ioio,
default_prepare_gif_clear, test_ioio,
ioio_finished, check_ioio },
{ "vmrun intercept check", default_supported, prepare_no_vmrun_int,
default_prepare_gif_clear, null_test, default_finished,
check_no_vmrun_int },
{ "cr3 read intercept", default_supported,
prepare_cr3_intercept, default_prepare_gif_clear,
test_cr3_intercept, default_finished, check_cr3_intercept },
{ "cr3 read nointercept", default_supported, default_prepare,
default_prepare_gif_clear, test_cr3_intercept, default_finished,
check_cr3_nointercept },
{ "cr3 read intercept emulate", smp_supported,
prepare_cr3_intercept_bypass, default_prepare_gif_clear,
test_cr3_intercept_bypass, default_finished, check_cr3_intercept },
{ "dr intercept check", default_supported, prepare_dr_intercept,
default_prepare_gif_clear, test_dr_intercept, dr_intercept_finished,
check_dr_intercept },
{ "next_rip", next_rip_supported, prepare_next_rip,
default_prepare_gif_clear, test_next_rip,
default_finished, check_next_rip },
{ "msr intercept check", default_supported, prepare_msr_intercept,
default_prepare_gif_clear, test_msr_intercept,
msr_intercept_finished, check_msr_intercept },
{ "mode_switch", default_supported, prepare_mode_switch,
default_prepare_gif_clear, test_mode_switch,
mode_switch_finished, check_mode_switch },
{ "asid_zero", default_supported, prepare_asid_zero,
default_prepare_gif_clear, test_asid_zero,
default_finished, check_asid_zero },
{ "sel_cr0_bug", default_supported, sel_cr0_bug_prepare,
default_prepare_gif_clear, sel_cr0_bug_test,
sel_cr0_bug_finished, sel_cr0_bug_check },
{ "npt_nx", npt_supported, npt_nx_prepare,
default_prepare_gif_clear, null_test,
default_finished, npt_nx_check },
{ "npt_us", npt_supported, npt_us_prepare,
default_prepare_gif_clear, npt_us_test,
default_finished, npt_us_check },
{ "npt_rsvd", npt_supported, npt_rsvd_prepare,
default_prepare_gif_clear, null_test,
default_finished, npt_rsvd_check },
{ "npt_rw", npt_supported, npt_rw_prepare,
default_prepare_gif_clear, npt_rw_test,
default_finished, npt_rw_check },
{ "npt_rsvd_pfwalk", npt_supported, npt_rsvd_pfwalk_prepare,
default_prepare_gif_clear, null_test,
default_finished, npt_rsvd_pfwalk_check },
{ "npt_rw_pfwalk", npt_supported, npt_rw_pfwalk_prepare,
default_prepare_gif_clear, null_test,
default_finished, npt_rw_pfwalk_check },
{ "npt_l1mmio", npt_supported, npt_l1mmio_prepare,
default_prepare_gif_clear, npt_l1mmio_test,
default_finished, npt_l1mmio_check },
{ "npt_rw_l1mmio", npt_supported, npt_rw_l1mmio_prepare,
default_prepare_gif_clear, npt_rw_l1mmio_test,
default_finished, npt_rw_l1mmio_check },
{ "tsc_adjust", default_supported, tsc_adjust_prepare,
default_prepare_gif_clear, tsc_adjust_test,
default_finished, tsc_adjust_check },
{ "latency_run_exit", default_supported, latency_prepare,
default_prepare_gif_clear, latency_test,
latency_finished, latency_check },
{ "latency_svm_insn", default_supported, lat_svm_insn_prepare,
default_prepare_gif_clear, null_test,
lat_svm_insn_finished, lat_svm_insn_check },
{ "pending_event", default_supported, pending_event_prepare,
default_prepare_gif_clear,
pending_event_test, pending_event_finished, pending_event_check },
{ "pending_event_cli", default_supported, pending_event_cli_prepare,
pending_event_cli_prepare_gif_clear,
pending_event_cli_test, pending_event_cli_finished,
pending_event_cli_check },
{ "interrupt", default_supported, interrupt_prepare,
default_prepare_gif_clear, interrupt_test,
interrupt_finished, interrupt_check },
TEST(svm_guest_state_test),
{ NULL, NULL, NULL, NULL, NULL, NULL, NULL }
};