* [PATCH 0/2] kvm-unit-test: nVMX: Test GUEST_BNDCFGS VM-Entry control on vmentry of nested guests
@ 2020-03-17 1:21 Krish Sadhukhan
2020-03-17 1:21 ` [PATCH 1/2] kvm-unit-test: VMX: Add enum for GUEST_BNDCFGS field and LOAD_BNDCFGS vmentry control field Krish Sadhukhan
2020-03-17 1:21 ` [PATCH 2/2] kvm-unit-test: nVMX: Test GUEST_BNDCFGS VM-Entry control on vmentry of nested guests Krish Sadhukhan
0 siblings, 2 replies; 4+ messages in thread
From: Krish Sadhukhan @ 2020-03-17 1:21 UTC (permalink / raw)
To: kvm; +Cc: pbonzini, jmattson, sean.j.christopherson
Patch# 1: Adds the required enum values to the header file
Patch# 2: Adds the test code
[PATCH 1/2] kvm-unit-test: VMX: Add enum for GUEST_BNDCFGS field and LOAD_BNDCFGS
[PATCH 2/2] kvm-unit-test: nVMX: Test GUEST_BNDCFGS VM-Entry control on vmentry of
x86/vmx.h | 2 ++
x86/vmx_tests.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 55 insertions(+)
Krish Sadhukhan (2):
VMX: Add enum for GUEST_BNDCFGS field and LOAD_BNDCFGS vmentry control fie
nVMX: Test GUEST_BNDCFGS VM-Entry control on vmentry of nested guests
^ permalink raw reply [flat|nested] 4+ messages in thread* [PATCH 1/2] kvm-unit-test: VMX: Add enum for GUEST_BNDCFGS field and LOAD_BNDCFGS vmentry control field 2020-03-17 1:21 [PATCH 0/2] kvm-unit-test: nVMX: Test GUEST_BNDCFGS VM-Entry control on vmentry of nested guests Krish Sadhukhan @ 2020-03-17 1:21 ` Krish Sadhukhan 2020-03-17 1:21 ` [PATCH 2/2] kvm-unit-test: nVMX: Test GUEST_BNDCFGS VM-Entry control on vmentry of nested guests Krish Sadhukhan 1 sibling, 0 replies; 4+ messages in thread From: Krish Sadhukhan @ 2020-03-17 1:21 UTC (permalink / raw) To: kvm; +Cc: pbonzini, jmattson, sean.j.christopherson Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com> --- x86/vmx.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/x86/vmx.h b/x86/vmx.h index 6adf091..beefc2e 100644 --- a/x86/vmx.h +++ b/x86/vmx.h @@ -171,6 +171,7 @@ enum Encoding { GUEST_PAT = 0x2804ul, GUEST_PERF_GLOBAL_CTRL = 0x2808ul, GUEST_PDPTE = 0x280aul, + GUEST_BNDCFGS = 0x2812ul, /* 64-Bit Host State */ HOST_PAT = 0x2c00ul, @@ -373,6 +374,7 @@ enum Ctrl_ent { ENT_LOAD_PERF = 1UL << 13, ENT_LOAD_PAT = 1UL << 14, ENT_LOAD_EFER = 1UL << 15, + ENT_LOAD_BNDCFGS = 1UL << 16 }; enum Ctrl_pin { -- 1.8.3.1 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] kvm-unit-test: nVMX: Test GUEST_BNDCFGS VM-Entry control on vmentry of nested guests 2020-03-17 1:21 [PATCH 0/2] kvm-unit-test: nVMX: Test GUEST_BNDCFGS VM-Entry control on vmentry of nested guests Krish Sadhukhan 2020-03-17 1:21 ` [PATCH 1/2] kvm-unit-test: VMX: Add enum for GUEST_BNDCFGS field and LOAD_BNDCFGS vmentry control field Krish Sadhukhan @ 2020-03-17 1:21 ` Krish Sadhukhan 2020-03-17 15:46 ` Paolo Bonzini 1 sibling, 1 reply; 4+ messages in thread From: Krish Sadhukhan @ 2020-03-17 1:21 UTC (permalink / raw) To: kvm; +Cc: pbonzini, jmattson, sean.j.christopherson According to section "Checks on Guest Control Registers, Debug Registers, and MSRs" in Intel SDM vol 3C, the following checks are performed on vmentry of nested guests: If the "load IA32_BNDCFGS" VM-entry control is 1, the following checks are performed on the field for the IA32_BNDCFGS MSR: — Bits reserved in the IA32_BNDCFGS MSR must be 0. — The linear address in bits 63:12 must be canonical. Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com> --- x86/vmx_tests.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/x86/vmx_tests.c b/x86/vmx_tests.c index a7abd63..5ea15d0 100644 --- a/x86/vmx_tests.c +++ b/x86/vmx_tests.c @@ -7681,6 +7681,58 @@ static void test_load_guest_pat(void) test_pat(GUEST_PAT, "GUEST_PAT", ENT_CONTROLS, ENT_LOAD_PAT); } +#define MSR_IA32_BNDCFGS_RSVD_MASK 0x00000ffc + +/* + * If the “load IA32_BNDCFGS” VM-entry control is 1, the following + * checks are performed on the field for the IA32_BNDCFGS MSR: + * + * — Bits reserved in the IA32_BNDCFGS MSR must be 0. + * — The linear address in bits 63:12 must be canonical. + * + * [Intel SDM] + */ +static void test_load_guest_bndcfgs(void) +{ + u64 bndcfgs_saved = vmcs_read(GUEST_BNDCFGS); + u64 bndcfgs; + + if (!(ctrl_enter_rev.clr & ENT_LOAD_BNDCFGS)) { + printf("\"Load-IA32-BNDCFGS\" entry control not supported\n"); + return; + } + + vmcs_clear_bits(ENT_CONTROLS, ENT_LOAD_BNDCFGS); + + vmcs_write(GUEST_BNDCFGS, NONCANONICAL); + enter_guest(); + report_guest_state_test("ENT_LOAD_BNDCFGS disabled", + VMX_VMCALL, NONCANONICAL, "GUEST_BNDCFGS"); + + bndcfgs = bndcfgs_saved | MSR_IA32_BNDCFGS_RSVD_MASK; + vmcs_write(GUEST_BNDCFGS, bndcfgs); + enter_guest(); + report_guest_state_test("ENT_LOAD_BNDCFGS disabled", + VMX_VMCALL, bndcfgs, "GUEST_BNDCFGS"); + + vmcs_set_bits(ENT_CONTROLS, ENT_LOAD_BNDCFGS); + + vmcs_write(GUEST_BNDCFGS, NONCANONICAL); + enter_guest_with_invalid_guest_state(); + report_guest_state_test("ENT_LOAD_BNDCFGS enabled", + VMX_FAIL_STATE | VMX_ENTRY_FAILURE, + NONCANONICAL, "GUEST_BNDCFGS"); + + bndcfgs = bndcfgs_saved | MSR_IA32_BNDCFGS_RSVD_MASK; + vmcs_write(GUEST_BNDCFGS, bndcfgs); + enter_guest_with_invalid_guest_state(); + report_guest_state_test("ENT_LOAD_BNDCFGS enabled", + VMX_FAIL_STATE | VMX_ENTRY_FAILURE, bndcfgs, + "GUEST_BNDCFGS"); + + vmcs_write(GUEST_BNDCFGS, bndcfgs_saved); +} + /* * Check that the virtual CPU checks the VMX Guest State Area as * documented in the Intel SDM. @@ -7701,6 +7753,7 @@ static void vmx_guest_state_area_test(void) test_load_guest_pat(); test_guest_efer(); test_load_guest_perf_global_ctrl(); + test_load_guest_bndcfgs(); /* * Let the guest finish execution -- 1.8.3.1 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 2/2] kvm-unit-test: nVMX: Test GUEST_BNDCFGS VM-Entry control on vmentry of nested guests 2020-03-17 1:21 ` [PATCH 2/2] kvm-unit-test: nVMX: Test GUEST_BNDCFGS VM-Entry control on vmentry of nested guests Krish Sadhukhan @ 2020-03-17 15:46 ` Paolo Bonzini 0 siblings, 0 replies; 4+ messages in thread From: Paolo Bonzini @ 2020-03-17 15:46 UTC (permalink / raw) To: Krish Sadhukhan, kvm; +Cc: jmattson, sean.j.christopherson On 17/03/20 02:21, Krish Sadhukhan wrote: > According to section "Checks on Guest Control Registers, Debug Registers, > and MSRs" in Intel SDM vol 3C, the following checks are performed on > vmentry of nested guests: > > If the "load IA32_BNDCFGS" VM-entry control is 1, the following > checks are performed on the field for the IA32_BNDCFGS MSR: > > — Bits reserved in the IA32_BNDCFGS MSR must be 0. > — The linear address in bits 63:12 must be canonical. Can you please rebase? test_guest_state has replaced enter_guest_with_invalid_guest_state and report_guest_state_test. Thanks, Paolo > Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com> > --- > x86/vmx_tests.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 53 insertions(+) > > diff --git a/x86/vmx_tests.c b/x86/vmx_tests.c > index a7abd63..5ea15d0 100644 > --- a/x86/vmx_tests.c > +++ b/x86/vmx_tests.c > @@ -7681,6 +7681,58 @@ static void test_load_guest_pat(void) > test_pat(GUEST_PAT, "GUEST_PAT", ENT_CONTROLS, ENT_LOAD_PAT); > } > > +#define MSR_IA32_BNDCFGS_RSVD_MASK 0x00000ffc > + > +/* > + * If the “load IA32_BNDCFGS” VM-entry control is 1, the following > + * checks are performed on the field for the IA32_BNDCFGS MSR: > + * > + * — Bits reserved in the IA32_BNDCFGS MSR must be 0. > + * — The linear address in bits 63:12 must be canonical. > + * > + * [Intel SDM] > + */ > +static void test_load_guest_bndcfgs(void) > +{ > + u64 bndcfgs_saved = vmcs_read(GUEST_BNDCFGS); > + u64 bndcfgs; > + > + if (!(ctrl_enter_rev.clr & ENT_LOAD_BNDCFGS)) { > + printf("\"Load-IA32-BNDCFGS\" entry control not supported\n"); > + return; > + } > + > + vmcs_clear_bits(ENT_CONTROLS, ENT_LOAD_BNDCFGS); > + > + vmcs_write(GUEST_BNDCFGS, NONCANONICAL); > + enter_guest(); > + report_guest_state_test("ENT_LOAD_BNDCFGS disabled", > + VMX_VMCALL, NONCANONICAL, "GUEST_BNDCFGS"); > + > + bndcfgs = bndcfgs_saved | MSR_IA32_BNDCFGS_RSVD_MASK; > + vmcs_write(GUEST_BNDCFGS, bndcfgs); > + enter_guest(); > + report_guest_state_test("ENT_LOAD_BNDCFGS disabled", > + VMX_VMCALL, bndcfgs, "GUEST_BNDCFGS"); > + > + vmcs_set_bits(ENT_CONTROLS, ENT_LOAD_BNDCFGS); > + > + vmcs_write(GUEST_BNDCFGS, NONCANONICAL); > + enter_guest_with_invalid_guest_state(); > + report_guest_state_test("ENT_LOAD_BNDCFGS enabled", > + VMX_FAIL_STATE | VMX_ENTRY_FAILURE, > + NONCANONICAL, "GUEST_BNDCFGS"); > + > + bndcfgs = bndcfgs_saved | MSR_IA32_BNDCFGS_RSVD_MASK; > + vmcs_write(GUEST_BNDCFGS, bndcfgs); > + enter_guest_with_invalid_guest_state(); > + report_guest_state_test("ENT_LOAD_BNDCFGS enabled", > + VMX_FAIL_STATE | VMX_ENTRY_FAILURE, bndcfgs, > + "GUEST_BNDCFGS"); > + > + vmcs_write(GUEST_BNDCFGS, bndcfgs_saved); > +} > + > /* > * Check that the virtual CPU checks the VMX Guest State Area as > * documented in the Intel SDM. > @@ -7701,6 +7753,7 @@ static void vmx_guest_state_area_test(void) > test_load_guest_pat(); > test_guest_efer(); > test_load_guest_perf_global_ctrl(); > + test_load_guest_bndcfgs(); > > /* > * Let the guest finish execution > ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-03-17 15:46 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-03-17 1:21 [PATCH 0/2] kvm-unit-test: nVMX: Test GUEST_BNDCFGS VM-Entry control on vmentry of nested guests Krish Sadhukhan 2020-03-17 1:21 ` [PATCH 1/2] kvm-unit-test: VMX: Add enum for GUEST_BNDCFGS field and LOAD_BNDCFGS vmentry control field Krish Sadhukhan 2020-03-17 1:21 ` [PATCH 2/2] kvm-unit-test: nVMX: Test GUEST_BNDCFGS VM-Entry control on vmentry of nested guests Krish Sadhukhan 2020-03-17 15:46 ` Paolo Bonzini
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).