From: Krish Sadhukhan <krish.sadhukhan@oracle.com>
To: kvm@vger.kernel.org
Cc: rkrcmar@redhat.com, pbonzini@redhat.com, jmattson@google.com
Subject: [PATCH 4/4] kvm-unit-test: nVMX: Check GUEST_DEBUGCTL and GUEST_DR7 on vmentry of nested guests
Date: Thu, 29 Aug 2019 16:56:35 -0400 [thread overview]
Message-ID: <20190829205635.20189-5-krish.sadhukhan@oracle.com> (raw)
In-Reply-To: <20190829205635.20189-1-krish.sadhukhan@oracle.com>
According to section "Checks on Guest Control Registers, Debug Registers, and
and MSRs" in Intel SDM vol 3C, the following checks are performed on vmentry
of nested guests:
If the "load debug controls" VM-entry control is 1,
- bits reserved in the IA32_DEBUGCTL MSR must be 0 in the field for
that register. The first processors to support the virtual-machine
extensions supported only the 1-setting of this control and thus
performed this check unconditionally.
- bits 63:32 in the DR7 field must be 0.
Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Reviewed-by: Karl Heubaum <karl.heubaum@oracle.com>
---
x86/vmx_tests.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 59 insertions(+)
diff --git a/x86/vmx_tests.c b/x86/vmx_tests.c
index 8ad2674..0207caf 100644
--- a/x86/vmx_tests.c
+++ b/x86/vmx_tests.c
@@ -7154,6 +7154,64 @@ static void test_load_guest_pat(void)
test_pat(GUEST_PAT, "GUEST_PAT", ENT_CONTROLS, ENT_LOAD_PAT);
}
+/*
+ * If the “load debug controls” VM-entry control is 1,
+ *
+ * - bits reserved in the IA32_DEBUGCTL MSR must be 0 in the field for
+ * that register.
+ * - bits 63:32 in the DR7 field must be 0.
+ */
+static void test_debugctl(void)
+{
+ u64 debugctl_saved = vmcs_read(GUEST_DEBUGCTL);
+ u32 entry_ctl_saved = vmcs_read(ENT_CONTROLS);
+ u64 tmp;
+ int i;
+ u64 dr7_saved = vmcs_read(GUEST_DR7);
+
+ if (!(ctrl_exit_rev.clr & ENT_LOAD_DBGCTLS)) {
+ printf("\"IA32_DEBUGCTL\" VM-entry control not supported\n");
+ return;
+ }
+
+ vmx_set_test_stage(1);
+ test_set_guest(guest_state_test_main);
+
+#define DEBUGCTL_RESERVED_BITS 0xFFFFFFFFFFFF203C
+
+ if (!(entry_ctl_saved & ENT_LOAD_DBGCTLS))
+ vmcs_write(ENT_CONTROLS, entry_ctl_saved | ENT_LOAD_DBGCTLS);
+
+ for (i = 2; i < 32; (i >= 16 ? i = i + 4 : i++)) {
+ if (!((1 << i) & DEBUGCTL_RESERVED_BITS))
+ continue;
+ tmp = debugctl_saved | (1 << i);
+ vmcs_write(GUEST_DEBUGCTL, tmp);
+ enter_guest_with_invalid_guest_state();
+ report_guest_state_test("ENT_LOAD_DBGCTLS enabled",
+ VMX_FAIL_STATE | VMX_ENTRY_FAILURE,
+ tmp, "GUEST_DEBUGCTL");
+ }
+
+ for (i = 32; i < 64; i = i + 4) {
+ tmp = dr7_saved | (1ull << i);
+ vmcs_write(GUEST_DR7, tmp);
+ enter_guest_with_invalid_guest_state();
+ report_guest_state_test("ENT_LOAD_DBGCTLS enabled",
+ VMX_FAIL_STATE | VMX_ENTRY_FAILURE,
+ tmp, "GUEST_DR7");
+ }
+
+ /*
+ * Let the guest finish execution
+ */
+ vmx_set_test_stage(2);
+ vmcs_write(GUEST_DEBUGCTL, debugctl_saved);
+ vmcs_write(ENT_CONTROLS, entry_ctl_saved);
+ vmcs_write(GUEST_DR7, dr7_saved);
+ enter_guest();
+}
+
/*
* Check that the virtual CPU checks the VMX Guest State Area as
* documented in the Intel SDM.
@@ -7161,6 +7219,7 @@ static void test_load_guest_pat(void)
static void vmx_guest_state_area_test(void)
{
test_load_guest_pat();
+ test_debugctl();
}
static bool valid_vmcs_for_vmentry(void)
--
2.20.1
next prev parent reply other threads:[~2019-08-29 21:30 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-29 20:56 [PATCH 0/4] KVM: nVMX: Check GUEST_DEBUGCTL and GUEST_DR7 on vmentry of nested guests Krish Sadhukhan
2019-08-29 20:56 ` [PATCH 1/4] KVM: nVMX: Check GUEST_DEBUGCTL " Krish Sadhukhan
2019-08-29 22:12 ` Jim Mattson
2019-08-30 23:26 ` Krish Sadhukhan
2019-09-01 23:55 ` Jim Mattson
2019-08-29 20:56 ` [PATCH 2/4] KVM: nVMX: Check GUEST_DR7 " Krish Sadhukhan
2019-08-29 22:26 ` Jim Mattson
2019-08-30 23:07 ` Krish Sadhukhan
2019-08-30 23:15 ` Jim Mattson
2019-09-02 0:33 ` Jim Mattson
[not found] ` <e229bea2-acb2-e268-6281-d8e467c3282e@oracle.com>
2019-09-04 16:44 ` Jim Mattson
2019-09-04 16:58 ` Sean Christopherson
2019-09-04 18:05 ` Krish Sadhukhan
2019-09-04 18:20 ` Jim Mattson
2019-09-09 4:11 ` Krish Sadhukhan
2019-09-09 15:56 ` Jim Mattson
2019-09-04 17:14 ` Sean Christopherson
2019-12-20 23:45 ` Jim Mattson
2019-12-21 0:27 ` Jim Mattson
2019-08-29 20:56 ` [PATCH 3/4] kvm-unit-test: nVMX: __enter_guest() should not set "launched" state when VM-entry fails Krish Sadhukhan
2019-09-04 15:42 ` Sean Christopherson
2019-09-13 20:37 ` Krish Sadhukhan
2019-09-13 21:06 ` Sean Christopherson
2019-09-16 19:12 ` Krish Sadhukhan
2019-08-29 20:56 ` Krish Sadhukhan [this message]
2019-08-29 23:17 ` [PATCH 4/4] kvm-unit-test: nVMX: Check GUEST_DEBUGCTL and GUEST_DR7 on vmentry of nested guests Jim Mattson
2019-08-30 1:12 ` Nadav Amit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190829205635.20189-5-krish.sadhukhan@oracle.com \
--to=krish.sadhukhan@oracle.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rkrcmar@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).