kvm.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Paolo Bonzini <pbonzini@redhat.com>
To: Maxim Levitsky <mlevitsk@redhat.com>, kvm@vger.kernel.org
Cc: Wei Huang <wei.huang2@amd.com>, Bandan Das <bsd@redhat.com>
Subject: Re: [PATCH] Add a reproducer for the AMD nested virtualization errata
Date: Mon, 18 Jan 2021 18:14:40 +0100	[thread overview]
Message-ID: <d3ddd14b-5595-ab16-d130-2bced3f6536c@redhat.com> (raw)
In-Reply-To: <20210114122159.1147290-1-mlevitsk@redhat.com>

On 14/01/21 13:21, Maxim Levitsky wrote:
> While this test doesn't test every case of this errata, it should
> reproduce it on all systems where the errata is known to exist.
> 
> Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
> ---
>   x86/svm_tests.c   | 68 +++++++++++++++++++++++++++++++++++++++++++++++
>   x86/unittests.cfg |  2 +-
>   2 files changed, 69 insertions(+), 1 deletion(-)
> 
> diff --git a/x86/svm_tests.c b/x86/svm_tests.c
> index dc86efd..0c75400 100644
> --- a/x86/svm_tests.c
> +++ b/x86/svm_tests.c
> @@ -2315,6 +2315,73 @@ static void svm_guest_state_test(void)
>   	test_dr();
>   }
>   
> +
> +static bool volatile svm_errata_reproduced = false;
> +static unsigned long volatile physical = 0;
> +
> +
> +/*
> + *
> + * Test the following errata:
> + * If the VMRUN/VMSAVE/VMLOAD are attempted by the nested guest,
> + * the CPU would first check the EAX against host reserved memory
> + * regions (so far only SMM_ADDR/SMM_MASK are known to cause it),
> + * and only then signal #VMexit
> + *
> + * Try to reproduce this by trying vmsave on each possible 4K aligned memory
> + * address in the low 4G where the SMM area has to reside.
> + */
> +
> +static void gp_isr(struct ex_regs *r)
> +{
> +    svm_errata_reproduced = true;
> +    /* skip over the vmsave instruction*/
> +    r->rip += 3;
> +}
> +
> +static void svm_vmrun_errata_test(void)
> +{
> +    unsigned long *last_page = NULL;
> +
> +    handle_exception(GP_VECTOR, gp_isr);
> +
> +    while (!svm_errata_reproduced) {
> +
> +        unsigned long *page = alloc_pages(1);
> +
> +        if (!page) {
> +            report(true, "All guest memory tested, no bug found");;
> +            break;
> +        }
> +
> +        physical = virt_to_phys(page);
> +
> +        asm volatile (
> +            "mov %[_physical], %%rax\n\t"
> +            "vmsave\n\t"
> +
> +            : [_physical] "=m" (physical)
> +            : /* no inputs*/
> +            : "rax" /*clobbers*/
> +        );
> +
> +        if (svm_errata_reproduced) {
> +            report(false, "Got #GP exception - svm errata reproduced at 0x%lx",
> +                   physical);
> +            break;
> +        }
> +
> +        *page = (unsigned long)last_page;
> +        last_page = page;
> +    }
> +
> +    while (last_page) {
> +        unsigned long *page = last_page;
> +        last_page = (unsigned long *)*last_page;
> +        free_pages_by_order(page, 1);
> +    }
> +}
> +
>   struct svm_test svm_tests[] = {
>       { "null", default_supported, default_prepare,
>         default_prepare_gif_clear, null_test,
> @@ -2427,5 +2494,6 @@ struct svm_test svm_tests[] = {
>         init_intercept_finished, init_intercept_check, .on_vcpu = 2 },
>       TEST(svm_cr4_osxsave_test),
>       TEST(svm_guest_state_test),
> +    TEST(svm_vmrun_errata_test),
>       { NULL, NULL, NULL, NULL, NULL, NULL, NULL }
>   };
> diff --git a/x86/unittests.cfg b/x86/unittests.cfg
> index b48c98b..f4ea370 100644
> --- a/x86/unittests.cfg
> +++ b/x86/unittests.cfg
> @@ -213,7 +213,7 @@ arch = x86_64
>   [svm]
>   file = svm.flat
>   smp = 2
> -extra_params = -cpu host,+svm
> +extra_params = -cpu host,+svm -m 4g
>   arch = x86_64
>   
>   [taskswitch]
> 

Queued, thanks.

Paolo


      reply	other threads:[~2021-01-18 17:17 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-01-14 12:21 [PATCH] Add a reproducer for the AMD nested virtualization errata Maxim Levitsky
2021-01-18 17:14 ` Paolo Bonzini [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d3ddd14b-5595-ab16-d130-2bced3f6536c@redhat.com \
    --to=pbonzini@redhat.com \
    --cc=bsd@redhat.com \
    --cc=kvm@vger.kernel.org \
    --cc=mlevitsk@redhat.com \
    --cc=wei.huang2@amd.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).