[PATCH kvm-unit-tests 0/2] More nvmx unit tests changes

[PATCH kvm-unit-tests 0/2] More nvmx unit tests changes

[Bandan Das]

A couple more updates to test_vmxon, test_vmptrld
and test_vmclear based on kvm commits -

3573e22cfecaac83f82ef4f6847d90e466fc8e10
KVM: nVMX: additional checks on vmxon region

96ec146330d18a938b4773be8d6dd1f93399507c
KVM: nVMX: fail on invalid vmclear/vmptrld pointer

Bandan Das (2):
  VMX: Add more checks to test_vmxon
  VMX: Updated test_vmclear and test_vmptrld

 x86/vmx.c | 109 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 103 insertions(+), 6 deletions(-)

-- 
1.8.3.1

[PATCH kvm-unit-tests 1/2] VMX: checks for validity of vmxon region

[Bandan Das]

Verify that vmon fails with unaligned vmxon region or
any bits set beyong the physical address width. Also verify
failure with an invalid revision identifier.

Signed-off-by: Bandan Das <bsd@redhat.com>
---
 x86/vmx.c | 46 +++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 43 insertions(+), 3 deletions(-)

diff --git a/x86/vmx.c b/x86/vmx.c
index 1182eef..207eb81 100644
--- a/x86/vmx.c
+++ b/x86/vmx.c
@@ -37,7 +37,7 @@
 #include "smp.h"
 #include "io.h"
 
-u32 *vmxon_region;
+u64 *vmxon_region;
 struct vmcs *vmcs_root;
 u32 vpid_cnt;
 void *guest_stack, *guest_syscall_stack;
@@ -598,13 +598,53 @@ static int test_vmx_feature_control(void)
 
 static int test_vmxon(void)
 {
-	int ret;
+	int ret, ret1;
 	u64 rflags;
+	u64 *tmp_region = vmxon_region;
+	int width = cpuid(0x80000008).a & 0xff;
+
+	/* Unaligned page access */
+	vmxon_region = (u64 *)((intptr_t)vmxon_region + 1);
+	rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF;
+	write_rflags(rflags);
+	ret1 = vmx_on();
+	report("test vmxon with unaligned vmxon region", ret1);
+	if (!ret1) {
+		ret = 1;
+		goto out;
+	}
 
+	/* gpa bits beyond physical address width are set*/
+	vmxon_region = (u64 *)((intptr_t)tmp_region | ((u64)1 << (width+1)));
+	rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF;
+	write_rflags(rflags);
+	ret1 = vmx_on();
+	report("test vmxon with bits set beyond physical address width", ret1);
+	if (!ret1) {
+		ret = 1;
+		goto out;
+	}
+
+	/* invalid revision indentifier */
+	vmxon_region = tmp_region;
+	*vmxon_region = 0xba9da9;
+	rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF;
+	write_rflags(rflags);
+	ret1 = vmx_on();
+	report("test vmxon with invalid revision identifier", ret1);
+	if (!ret1) {
+		ret = 1;
+		goto out;
+	}
+
+	/* and finally a valid region */
+	*vmxon_region = basic.revision;
 	rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF;
 	write_rflags(rflags);
 	ret = vmx_on();
-	report("test vmxon", !ret);
+	report("test vmxon with valid vmxon region", !ret);
+
+out:
 	return ret;
 }
 
-- 
1.8.3.1

[PATCH kvm-unit-tests 2/2] VMX: Check for validity of vmcs region when calling vmclear/vmptrld

[Bandan Das]

Check if the vmcs pointer is not aligned to page size,
and if bits beyond physical address width are set. Also,
vmclear and vmptrld should fail if the vmxon region is
supplied instead of the vmcs

Signed-off-by: Bandan Das <bsd@redhat.com>
---
 x86/vmx.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 60 insertions(+), 3 deletions(-)

diff --git a/x86/vmx.c b/x86/vmx.c
index 207eb81..64c46aa 100644
--- a/x86/vmx.c
+++ b/x86/vmx.c
@@ -130,10 +130,43 @@ void print_vmexit_info()
 static void test_vmclear(void)
 {
 	u64 rflags;
+	struct vmcs *tmp_root;
+	int width = cpuid(0x80000008).a & 0xff;
+
+	/*
+	 * Note- The tests below do not necessarily have a
+	 * valid VMCS, but that's ok since the invalid vmcs
+	 * is only used for a specific test and is discarded
+	 * without touching its contents
+	 */
+
+	/* Unaligned page access */
+	tmp_root = (struct vmcs *)((intptr_t)vmcs_root + 1);
+	rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF;
+	write_rflags(rflags);
+	report("test vmclear with unaligned vmcs",
+	       vmcs_clear(tmp_root) == 1);
+
+	/* gpa bits beyond physical address width are set*/
+	tmp_root = (struct vmcs *)((intptr_t)vmcs_root |
+				   ((u64)1 << (width+1)));
+	rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF;
+	write_rflags(rflags);
+	report("test vmclear with vmcs address bits set beyond physical address width",
+	       vmcs_clear(tmp_root) == 1);
 
+	/* Pass VMXON region */
+	tmp_root = (struct vmcs *)vmxon_region;
 	rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF;
 	write_rflags(rflags);
-	report("test vmclear", vmcs_clear(vmcs_root) == 0);
+	report("test vmclear with vmxon region",
+	       vmcs_clear(tmp_root) == 1);
+
+	/* Valid VMCS */
+	rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF;
+	write_rflags(rflags);
+	report("test vmclear with valid vmcs region", vmcs_clear(vmcs_root) == 0);
+
 }
 
 static void test_vmxoff(void)
@@ -651,13 +684,37 @@ out:
 static void test_vmptrld(void)
 {
 	u64 rflags;
-	struct vmcs *vmcs;
+	struct vmcs *vmcs, *tmp_root;
+	int width = cpuid(0x80000008).a & 0xff;
 
 	vmcs = alloc_page();
 	vmcs->revision_id = basic.revision;
+
+	/* Unaligned page access */
+	tmp_root = (struct vmcs *)((intptr_t)vmcs + 1);
+	rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF;
+	write_rflags(rflags);
+	report("test vmptrld with unaligned vmcs",
+	       make_vmcs_current(tmp_root) == 1);
+
+	/* gpa bits beyond physical address width are set*/
+	tmp_root = (struct vmcs *)((intptr_t)vmcs |
+				   ((u64)1 << (width+1)));
+	rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF;
+	write_rflags(rflags);
+	report("test vmptrld with vmcs address bits set beyond physical address width",
+	       make_vmcs_current(tmp_root) == 1);
+
+	/* Pass VMXON region */
+	tmp_root = (struct vmcs *)vmxon_region;
+	rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF;
+	write_rflags(rflags);
+	report("test vmptrld with vmxon region",
+	       make_vmcs_current(tmp_root) == 1);
+
 	rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF;
 	write_rflags(rflags);
-	report("test vmptrld", make_vmcs_current(vmcs) == 0);
+	report("test vmptrld with valid vmcs", make_vmcs_current(vmcs) == 0);
 }
 
 static void test_vmptrst(void)
-- 
1.8.3.1

Re: [PATCH kvm-unit-tests 1/2] VMX: checks for validity of vmxon region

[Jan Kiszka]

On 2014-06-04 23:17, Bandan Das wrote:
> Verify that vmon fails with unaligned vmxon region or
> any bits set beyong the physical address width. Also verify
> failure with an invalid revision identifier.
> 
> Signed-off-by: Bandan Das <bsd@redhat.com>
> ---
>  x86/vmx.c | 46 +++++++++++++++++++++++++++++++++++++++++++---
>  1 file changed, 43 insertions(+), 3 deletions(-)
> 
> diff --git a/x86/vmx.c b/x86/vmx.c
> index 1182eef..207eb81 100644
> --- a/x86/vmx.c
> +++ b/x86/vmx.c
> @@ -37,7 +37,7 @@
>  #include "smp.h"
>  #include "io.h"
>  
> -u32 *vmxon_region;
> +u64 *vmxon_region;
>  struct vmcs *vmcs_root;
>  u32 vpid_cnt;
>  void *guest_stack, *guest_syscall_stack;
> @@ -598,13 +598,53 @@ static int test_vmx_feature_control(void)
>  
>  static int test_vmxon(void)
>  {
> -	int ret;
> +	int ret, ret1;
>  	u64 rflags;
> +	u64 *tmp_region = vmxon_region;
> +	int width = cpuid(0x80000008).a & 0xff;
> +
> +	/* Unaligned page access */
> +	vmxon_region = (u64 *)((intptr_t)vmxon_region + 1);
> +	rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF;
> +	write_rflags(rflags);
> +	ret1 = vmx_on();

Can we ensure that the compiler doesn't inject any ops between
write_rflags and the vmxon that overwrite CF or ZF? If you want those
flags in a specific state, maybe it's better to pass that to vmx_on and
do this in the assembly block with vmxon.

> +	report("test vmxon with unaligned vmxon region", ret1);
> +	if (!ret1) {
> +		ret = 1;
> +		goto out;
> +	}
>  
> +	/* gpa bits beyond physical address width are set*/
> +	vmxon_region = (u64 *)((intptr_t)tmp_region | ((u64)1 << (width+1)));
> +	rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF;
> +	write_rflags(rflags);
> +	ret1 = vmx_on();
> +	report("test vmxon with bits set beyond physical address width", ret1);
> +	if (!ret1) {
> +		ret = 1;
> +		goto out;
> +	}
> +
> +	/* invalid revision indentifier */
> +	vmxon_region = tmp_region;
> +	*vmxon_region = 0xba9da9;
> +	rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF;
> +	write_rflags(rflags);
> +	ret1 = vmx_on();
> +	report("test vmxon with invalid revision identifier", ret1);
> +	if (!ret1) {
> +		ret = 1;
> +		goto out;
> +	}
> +
> +	/* and finally a valid region */
> +	*vmxon_region = basic.revision;
>  	rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF;
>  	write_rflags(rflags);
>  	ret = vmx_on();

Oh, this pattern is not by you! OK, but let's address this first, then
add the new tests on top.

Jan

> -	report("test vmxon", !ret);
> +	report("test vmxon with valid vmxon region", !ret);
> +
> +out:
>  	return ret;
>  }
>  
> 

-- 
Siemens AG, Corporate Technology, CT RTC ITP SES-DE
Corporate Competence Center Embedded Linux

Re: [PATCH kvm-unit-tests 1/2] VMX: checks for validity of vmxon region

[Paolo Bonzini]

Il 05/06/2014 09:00, Jan Kiszka ha scritto:
>> > +	rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF;
>> > +	write_rflags(rflags);
>> > +	ret1 = vmx_on();
> Can we ensure that the compiler doesn't inject any ops between
> write_rflags and the vmxon that overwrite CF or ZF?

No, in fact if vmx_on were not inlined, building the stack frame with 
"sub" would overwrite the flags.

Paolo

> If you want those
> flags in a specific state, maybe it's better to pass that to vmx_on and
> do this in the assembly block with vmxon.
>