From: Alexandru Elisei <alexandru.elisei@arm.com>
To: kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu
Cc: maz@kernel.org, andre.przywara@arm.com, pbonzini@redhat.com
Subject: [kvm-unit-tests RFC PATCH 04/16] arm/arm64: selftest: Add prefetch abort test
Date: Wed, 28 Aug 2019 14:38:19 +0100 [thread overview]
Message-ID: <1566999511-24916-5-git-send-email-alexandru.elisei@arm.com> (raw)
In-Reply-To: <1566999511-24916-1-git-send-email-alexandru.elisei@arm.com>
When a guest tries to execute code from MMIO memory, KVM injects an
external abort into that guest. We have now fixed the psci test to not
fetch instructions from the I/O region, and it's not that often that a
guest misbehaves in such a way. Let's expand our coverage by adding a
proper test targetting this corner case.
Signed-off-by: Alexandru Elisei <alexandru.elisei@arm.com>
---
The fault injection path is broken for nested guests [1]. You can use the
last patch from the thread [2] to successfully run the test at EL2.
[1] https://www.spinics.net/lists/arm-kernel/msg745391.html
[2] https://www.spinics.net/lists/arm-kernel/msg750310.html
lib/arm64/asm/esr.h | 3 ++
arm/selftest.c | 96 +++++++++++++++++++++++++++++++++++++++++++++++++++--
2 files changed, 96 insertions(+), 3 deletions(-)
diff --git a/lib/arm64/asm/esr.h b/lib/arm64/asm/esr.h
index 8e5af4d90767..8c351631b0a0 100644
--- a/lib/arm64/asm/esr.h
+++ b/lib/arm64/asm/esr.h
@@ -44,4 +44,7 @@
#define ESR_EL1_EC_BKPT32 (0x38)
#define ESR_EL1_EC_BRK64 (0x3C)
+#define ESR_EL1_FSC_MASK (0x3F)
+#define ESR_EL1_FSC_EXTABT (0x10)
+
#endif /* _ASMARM64_ESR_H_ */
diff --git a/arm/selftest.c b/arm/selftest.c
index 176231f32ee1..18cc0ad8f729 100644
--- a/arm/selftest.c
+++ b/arm/selftest.c
@@ -16,6 +16,8 @@
#include <asm/psci.h>
#include <asm/smp.h>
#include <asm/barrier.h>
+#include <asm/mmu.h>
+#include <asm/pgtable.h>
static void __user_psci_system_off(void)
{
@@ -60,9 +62,38 @@ static void check_setup(int argc, char **argv)
report_abort("missing input");
}
+extern pgd_t *mmu_idmap;
+static void prep_io_exec(void)
+{
+ pgd_t *pgd = pgd_offset(mmu_idmap, 0);
+ unsigned long sctlr;
+
+ /*
+ * AArch64 treats all regions writable at EL0 as PXN. Clear the user bit
+ * so we can execute code from the bottom I/O space (0G-1G) to simulate
+ * a misbehaved guest.
+ */
+ pgd_val(*pgd) &= ~PMD_SECT_USER;
+ flush_dcache_addr((unsigned long)pgd);
+ flush_tlb_page(0);
+
+ /* Make sure we can actually execute from a writable region */
+#ifdef __arm__
+ asm volatile("mrc p15, 0, %0, c1, c0, 0": "=r" (sctlr));
+ sctlr &= ~CR_ST;
+ asm volatile("mcr p15, 0, %0, c1, c0, 0" :: "r" (sctlr));
+#else
+ sctlr = read_sysreg(sctlr_el1);
+ sctlr &= ~SCTLR_EL1_WXN;
+ write_sysreg(sctlr, sctlr_el1);
+#endif
+ isb();
+}
+
static struct pt_regs expected_regs;
static bool und_works;
static bool svc_works;
+static bool pabt_works;
#if defined(__arm__)
/*
* Capture the current register state and execute an instruction
@@ -86,7 +117,7 @@ static bool svc_works;
"str r1, [r0, #" xstr(S_PC) "]\n" \
excptn_insn "\n" \
post_insns "\n" \
- :: "r" (&expected_regs) : "r0", "r1")
+ :: "r" (&expected_regs) : "r0", "r1", "r2")
static bool check_regs(struct pt_regs *regs)
{
@@ -166,6 +197,32 @@ static void user_psci_system_off(struct pt_regs *regs)
{
__user_psci_system_off();
}
+
+static void check_pabt_exit(void)
+{
+ install_exception_handler(EXCPTN_PABT, NULL);
+
+ report("pabt", pabt_works);
+ exit(report_summary());
+}
+
+static void pabt_handler(struct pt_regs *regs)
+{
+ expected_regs.ARM_pc = 0;
+ pabt_works = check_regs(regs);
+
+ regs->ARM_pc = (unsigned long)&check_pabt_exit;
+}
+
+static void check_pabt(void)
+{
+ install_exception_handler(EXCPTN_PABT, pabt_handler);
+
+ prep_io_exec();
+
+ test_exception("mov r2, #0x0", "bx r2", "");
+ __builtin_unreachable();
+}
#elif defined(__aarch64__)
/*
@@ -207,7 +264,7 @@ static void user_psci_system_off(struct pt_regs *regs)
"stp x0, x1, [x1]\n" \
"1:" excptn_insn "\n" \
post_insns "\n" \
- :: "r" (&expected_regs) : "x0", "x1")
+ :: "r" (&expected_regs) : "x0", "x1", "x2")
static bool check_regs(struct pt_regs *regs)
{
@@ -279,6 +336,37 @@ static bool check_svc(void)
return svc_works;
}
+static void check_pabt_exit(void)
+{
+ install_exception_handler(EL1H_SYNC, ESR_EL1_EC_IABT_EL1, NULL);
+
+ report("pabt", pabt_works);
+ exit(report_summary());
+}
+
+static void pabt_handler(struct pt_regs *regs, unsigned int esr)
+{
+ bool is_extabt;
+
+ expected_regs.pc = 0;
+ is_extabt = (esr & ESR_EL1_FSC_MASK) == ESR_EL1_FSC_EXTABT;
+ pabt_works = check_regs(regs) && is_extabt;
+
+ regs->pc = (u64)&check_pabt_exit;
+}
+
+static void check_pabt(void)
+{
+ enum vector v = check_vector_prep();
+
+ install_exception_handler(v, ESR_EL1_EC_IABT_EL1, pabt_handler);
+
+ prep_io_exec();
+
+ test_exception("mov x2, xzr", "br x2", "");
+ __builtin_unreachable();
+}
+
static void user_psci_system_off(struct pt_regs *regs, unsigned int esr)
{
__user_psci_system_off();
@@ -289,7 +377,9 @@ static void check_vectors(void *arg __unused)
{
report("und", check_und());
report("svc", check_svc());
- if (is_user()) {
+ if (!is_user()) {
+ check_pabt();
+ } else {
#ifdef __arm__
install_exception_handler(EXCPTN_UND, user_psci_system_off);
#else
--
2.7.4
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
next prev parent reply other threads:[~2019-08-28 13:39 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-28 13:38 [kvm-unit-tests RFC PATCH 00/16] arm64: Run at EL2 Alexandru Elisei
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 01/16] arm: selftest.c: Remove redundant check for Exception Level Alexandru Elisei
2019-08-28 14:32 ` Andrew Jones
2019-08-28 15:39 ` Alexandru Elisei
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 02/16] arm/arm64: psci: Don't run C code without stack or vectors Alexandru Elisei
2019-08-28 14:45 ` Andrew Jones
2019-08-28 15:14 ` Alexandru Elisei
2019-09-02 14:55 ` Alexandru Elisei
2019-09-03 6:37 ` Andrew Jones
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 03/16] lib: arm/arm64: Add missing include for alloc_page.h in pgtable.h Alexandru Elisei
2019-08-28 14:47 ` Andrew Jones
2019-08-28 13:38 ` Alexandru Elisei [this message]
2019-08-28 14:09 ` [kvm-unit-tests RFC PATCH 04/16] arm/arm64: selftest: Add prefetch abort test Mark Rutland
2019-08-29 8:18 ` Alexandru Elisei
2019-08-29 10:19 ` Mark Rutland
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 05/16] arm64: timer: Write to ICENABLER to disable timer IRQ Alexandru Elisei
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 06/16] arm64: timer: EOIR the interrupt after masking the timer Alexandru Elisei
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 07/16] arm64: timer: Test behavior when timer disabled or masked Alexandru Elisei
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 08/16] lib: arm/arm64: Refuse to disable the MMU with non-identity stack pointer Alexandru Elisei
2019-08-28 14:55 ` Andrew Jones
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 09/16] lib: arm/arm64: Invalidate TLB before enabling MMU Alexandru Elisei
2019-08-28 14:59 ` Andrew Jones
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 10/16] lib: Add UL and ULL definitions to linux/const.h Alexandru Elisei
2019-08-28 15:10 ` Andrew Jones
2019-08-28 15:46 ` Alexandru Elisei
2019-08-28 16:19 ` Andrew Jones
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 11/16] lib: arm64: Run existing tests at EL2 Alexandru Elisei
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 12/16] arm64: timer: Add test for EL2 timers Alexandru Elisei
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 13/16] arm64: selftest: Add basic test for EL2 Alexandru Elisei
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 14/16] lib: arm64: Add support for disabling and re-enabling VHE Alexandru Elisei
2019-08-28 14:19 ` Mark Rutland
2019-08-29 8:36 ` Alexandru Elisei
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 15/16] arm64: selftest: Expand EL2 test to disable and re-enable VHE Alexandru Elisei
2019-08-28 13:38 ` [kvm-unit-tests RFC PATCH 16/16] arm64: timer: Run tests with VHE disabled Alexandru Elisei
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1566999511-24916-5-git-send-email-alexandru.elisei@arm.com \
--to=alexandru.elisei@arm.com \
--cc=andre.przywara@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=maz@kernel.org \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).