From: Krish Sadhukhan <krish.sadhukhan@oracle.com>
To: kvm@vger.kernel.org
Cc: rkrcmar@redhat.com, pbonzini@redhat.com, jmattson@google.com
Subject: [PATCH 4/4] kvm-unit-test: nVMX: Check GUEST_DEBUGCTL and GUEST_DR7 on vmentry of nested guests
Date: Thu, 29 Aug 2019 16:56:35 -0400 [thread overview]
Message-ID: <20190829205635.20189-5-krish.sadhukhan@oracle.com> (raw)
In-Reply-To: <20190829205635.20189-1-krish.sadhukhan@oracle.com>
According to section "Checks on Guest Control Registers, Debug Registers, and
and MSRs" in Intel SDM vol 3C, the following checks are performed on vmentry
of nested guests:
If the "load debug controls" VM-entry control is 1,
- bits reserved in the IA32_DEBUGCTL MSR must be 0 in the field for
that register. The first processors to support the virtual-machine
extensions supported only the 1-setting of this control and thus
performed this check unconditionally.
- bits 63:32 in the DR7 field must be 0.
Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Reviewed-by: Karl Heubaum <karl.heubaum@oracle.com>
---
x86/vmx_tests.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 59 insertions(+)
diff --git a/x86/vmx_tests.c b/x86/vmx_tests.c
index 8ad2674..0207caf 100644
--- a/x86/vmx_tests.c
+++ b/x86/vmx_tests.c
@@ -7154,6 +7154,64 @@ static void test_load_guest_pat(void)
test_pat(GUEST_PAT, "GUEST_PAT", ENT_CONTROLS, ENT_LOAD_PAT);
}
+/*
+ * If the “load debug controls” VM-entry control is 1,
+ *
+ * - bits reserved in the IA32_DEBUGCTL MSR must be 0 in the field for
+ * that register.
+ * - bits 63:32 in the DR7 field must be 0.
+ */
+static void test_debugctl(void)
+{
+ u64 debugctl_saved = vmcs_read(GUEST_DEBUGCTL);
+ u32 entry_ctl_saved = vmcs_read(ENT_CONTROLS);
+ u64 tmp;
+ int i;
+ u64 dr7_saved = vmcs_read(GUEST_DR7);
+
+ if (!(ctrl_exit_rev.clr & ENT_LOAD_DBGCTLS)) {
+ printf("\"IA32_DEBUGCTL\" VM-entry control not supported\n");
+ return;
+ }
+
+ vmx_set_test_stage(1);
+ test_set_guest(guest_state_test_main);
+
+#define DEBUGCTL_RESERVED_BITS 0xFFFFFFFFFFFF203C
+
+ if (!(entry_ctl_saved & ENT_LOAD_DBGCTLS))
+ vmcs_write(ENT_CONTROLS, entry_ctl_saved | ENT_LOAD_DBGCTLS);
+
+ for (i = 2; i < 32; (i >= 16 ? i = i + 4 : i++)) {
+ if (!((1 << i) & DEBUGCTL_RESERVED_BITS))
+ continue;
+ tmp = debugctl_saved | (1 << i);
+ vmcs_write(GUEST_DEBUGCTL, tmp);
+ enter_guest_with_invalid_guest_state();
+ report_guest_state_test("ENT_LOAD_DBGCTLS enabled",
+ VMX_FAIL_STATE | VMX_ENTRY_FAILURE,
+ tmp, "GUEST_DEBUGCTL");
+ }
+
+ for (i = 32; i < 64; i = i + 4) {
+ tmp = dr7_saved | (1ull << i);
+ vmcs_write(GUEST_DR7, tmp);
+ enter_guest_with_invalid_guest_state();
+ report_guest_state_test("ENT_LOAD_DBGCTLS enabled",
+ VMX_FAIL_STATE | VMX_ENTRY_FAILURE,
+ tmp, "GUEST_DR7");
+ }
+
+ /*
+ * Let the guest finish execution
+ */
+ vmx_set_test_stage(2);
+ vmcs_write(GUEST_DEBUGCTL, debugctl_saved);
+ vmcs_write(ENT_CONTROLS, entry_ctl_saved);
+ vmcs_write(GUEST_DR7, dr7_saved);
+ enter_guest();
+}
+
/*
* Check that the virtual CPU checks the VMX Guest State Area as
* documented in the Intel SDM.
@@ -7161,6 +7219,7 @@ static void test_load_guest_pat(void)
static void vmx_guest_state_area_test(void)
{
test_load_guest_pat();
+ test_debugctl();
}
static bool valid_vmcs_for_vmentry(void)
--
2.20.1
next prev parent reply other threads:[~2019-08-29 21:30 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-29 20:56 [PATCH 0/4] KVM: nVMX: Check GUEST_DEBUGCTL and GUEST_DR7 on vmentry of nested guests Krish Sadhukhan
2019-08-29 20:56 ` [PATCH 1/4] KVM: nVMX: Check GUEST_DEBUGCTL " Krish Sadhukhan
2019-08-29 22:12 ` Jim Mattson
2019-08-30 23:26 ` Krish Sadhukhan
2019-09-01 23:55 ` Jim Mattson
2019-08-29 20:56 ` [PATCH 2/4] KVM: nVMX: Check GUEST_DR7 " Krish Sadhukhan
2019-08-29 22:26 ` Jim Mattson
2019-08-30 23:07 ` Krish Sadhukhan
2019-08-30 23:15 ` Jim Mattson
2019-09-02 0:33 ` Jim Mattson
[not found] ` <e229bea2-acb2-e268-6281-d8e467c3282e@oracle.com>
2019-09-04 16:44 ` Jim Mattson
2019-09-04 16:58 ` Sean Christopherson
2019-09-04 18:05 ` Krish Sadhukhan
2019-09-04 18:20 ` Jim Mattson
2019-09-09 4:11 ` Krish Sadhukhan
2019-09-09 15:56 ` Jim Mattson
2019-09-04 17:14 ` Sean Christopherson
2019-12-20 23:45 ` Jim Mattson
2019-12-21 0:27 ` Jim Mattson
2019-08-29 20:56 ` [PATCH 3/4] kvm-unit-test: nVMX: __enter_guest() should not set "launched" state when VM-entry fails Krish Sadhukhan
2019-09-04 15:42 ` Sean Christopherson
2019-09-13 20:37 ` Krish Sadhukhan
2019-09-13 21:06 ` Sean Christopherson
2019-09-16 19:12 ` Krish Sadhukhan
2019-08-29 20:56 ` Krish Sadhukhan [this message]
2019-08-29 23:17 ` [PATCH 4/4] kvm-unit-test: nVMX: Check GUEST_DEBUGCTL and GUEST_DR7 on vmentry of nested guests Jim Mattson
2019-08-30 1:12 ` Nadav Amit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190829205635.20189-5-krish.sadhukhan@oracle.com \
--to=krish.sadhukhan@oracle.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rkrcmar@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.