x86: Add a few functions for gdt manipulation

Add a few functions that will be used to manipulate various
segment bases that are loaded via GDT.

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>

x86: Add a few functions for gdt manipulation

Add a few functions that will be used to manipulate various
segment bases that are loaded via GDT.

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Link: https://lore.kernel.org/r/20240907005440.500075-3-mlevitsk@redhat.com
Link: https://lore.kernel.org/r/20250215013018.1210432-3-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>

show more ...

x86: Add vendor specific exception vectors

Intel and AMD have some vendor specific exception vectors, namely:
- Intel only: #VE (20),
- AMD only: #HV (28), #VC (29) and #SX (30).

Also Intel's #XM (

x86: Add vendor specific exception vectors

Intel and AMD have some vendor specific exception vectors, namely:
- Intel only: #VE (20),
- AMD only: #HV (28), #VC (29) and #SX (30).

Also Intel's #XM (19) is called #XF for AMD.

Add definitions for all of these and add comments stating they're vendor
specific.

Signed-off-by: Mathias Krause <minipli@grsecurity.net>
Link: https://lore.kernel.org/r/20230413184219.36404-4-minipli@grsecurity.net
Signed-off-by: Sean Christopherson <seanjc@google.com>

show more ...

x86: Use symbolic names in exception_mnemonic()

Use existing symbolic definitions for vector numbers instead of plain
numbers and streamline the stringification further by using a macro.

While at i

x86: Use symbolic names in exception_mnemonic()

Use existing symbolic definitions for vector numbers instead of plain
numbers and streamline the stringification further by using a macro.

While at it, add the missing case for #CP.

Signed-off-by: Mathias Krause <minipli@grsecurity.net>
Link: https://lore.kernel.org/r/20230413184219.36404-3-minipli@grsecurity.net
Signed-off-by: Sean Christopherson <seanjc@google.com>

show more ...

x86: Handle all known exceptions with ASM_TRY()

Install the ASM_TRY() exception handler for all known exception vectors
so that ASM_TRY() can be used for other exceptions, e.g. #PF. ASM_TRY()
might

x86: Handle all known exceptions with ASM_TRY()

Install the ASM_TRY() exception handler for all known exception vectors
so that ASM_TRY() can be used for other exceptions, e.g. #PF. ASM_TRY()
might not Just Work in all cases, but there's no good reason to limit
usage to just #DE, #UD, and #GP.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Link: https://lore.kernel.org/r/20220930232450.1677811-2-seanjc@google.com

show more ...

x86: Use "safe" helpers to implement unsafe CRs accessors

Use the "safe" helpers to read and write CR0, CR3, and CR4, so that an
unexpected fault results in a detailed message instead of an generic

x86: Use "safe" helpers to implement unsafe CRs accessors

Use the "safe" helpers to read and write CR0, CR3, and CR4, so that an
unexpected fault results in a detailed message instead of an generic
"unexpected fault" explosion.

Do not give RDMSR/WRMSR the same treatment. KUT's exception fixup uses
per-CPU data and thus needs a stable GS.base. Various tests modify
MSR_GS_BASE and routing them through the safe variants will cause
fireworks when trying to clear/read the exception vector with a garbage
GS.base.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Link: https://lore.kernel.org/r/20220608235238.3881916-5-seanjc@google.com

show more ...

x86: Use "safe" terminology instead of "checking"

Rename all helpers that eat (and return) exceptions to use "safe" instead
of "checking". This aligns KUT with the kernel and KVM selftests.

Signed

x86: Use "safe" terminology instead of "checking"

Rename all helpers that eat (and return) exceptions to use "safe" instead
of "checking". This aligns KUT with the kernel and KVM selftests.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Link: https://lore.kernel.org/r/20220608235238.3881916-4-seanjc@google.com

show more ...

x86: Move load_gdt_tss() to desc.c

Split load_gdt_tss() functionality into:
1. Load gdt/tss
2. Setup segments in 64-bit mode and update %cs via far-return

and move load_gdt_tss() to desc.c to share

x86: Move load_gdt_tss() to desc.c

Split load_gdt_tss() functionality into:
1. Load gdt/tss
2. Setup segments in 64-bit mode and update %cs via far-return

and move load_gdt_tss() to desc.c to share this code between
EFI and non-EFI tests.

Move the segment setup code specific to EFI into
setup.c:setup_segments64().

Signed-off-by: Varad Gautam <varad.gautam@suse.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Link: https://lore.kernel.org/r/20220615232943.1465490-7-seanjc@google.com

show more ...

x86: desc: Split IDT entry setup into a generic helper

EFI bootstrapping code configures a call gate in a later commit to jump
from 16-bit to 32-bit code.

Introduce a set_desc_entry() routine which

x86: desc: Split IDT entry setup into a generic helper

EFI bootstrapping code configures a call gate in a later commit to jump
from 16-bit to 32-bit code.

Introduce a set_desc_entry() routine which can be used to fill both
an interrupt descriptor and a call gate descriptor on x86.

Signed-off-by: Varad Gautam <varad.gautam@suse.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Link: https://lore.kernel.org/r/20220615232943.1465490-6-seanjc@google.com

show more ...

x86: Move load_idt() to desc.c

This allows sharing IDT setup code between EFI (-fPIC) and
non-EFI builds.

Signed-off-by: Varad Gautam <varad.gautam@suse.com>
Signed-off-by: Sean Christopherson <sea

x86: Move load_idt() to desc.c

This allows sharing IDT setup code between EFI (-fPIC) and
non-EFI builds.

Signed-off-by: Varad Gautam <varad.gautam@suse.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Link: https://lore.kernel.org/r/20220615232943.1465490-5-seanjc@google.com

show more ...

x86: Add proper helpers for per-cpu reads/writes

Add helpers to read/write per-cpu data instead of open coding access
with gs: and magic numbers. Keeping track of what offsets are used for
what and

x86: Add proper helpers for per-cpu reads/writes

Add helpers to read/write per-cpu data instead of open coding access
with gs: and magic numbers. Keeping track of what offsets are used for
what and by whom is a nightmare.

No functional change intended.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20220121231852.1439917-6-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: desc: Replace spaces with tabs

Replace spaces with tabs in smp.c, and opportunistically clean up a
handful of minor coding style violations.

No functional change intended.

Signed-off-by: Sean

x86: desc: Replace spaces with tabs

Replace spaces with tabs in smp.c, and opportunistically clean up a
handful of minor coding style violations.

No functional change intended.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20220121231852.1439917-5-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: Make exception_mnemonic() visible to the tests

exception_mnemonic() is a useful function for more than just desc.c.
Make it global, so it can be used in other KUT tests.

Signed-off-by: Aaron L

x86: Make exception_mnemonic() visible to the tests

exception_mnemonic() is a useful function for more than just desc.c.
Make it global, so it can be used in other KUT tests.

Signed-off-by: Aaron Lewis <aaronlewis@google.com>
Reviewed-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20220125203127.1161838-2-aaronlewis@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: Move 32-bit GDT and TSS to desc.c

Move the GDT and TSS data structures from x86/cstart.S to
lib/x86/desc.c, for consistency with the 64-bit version.

Signed-off-by: Paolo Bonzini <pbonzini@redh

x86: Move 32-bit GDT and TSS to desc.c

Move the GDT and TSS data structures from x86/cstart.S to
lib/x86/desc.c, for consistency with the 64-bit version.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: Move 64-bit GDT and TSS to desc.c

Move the GDT and TSS data structures from x86/cstart64.S to
lib/x86/desc.c, so that the follow-up UEFI support commits can reuse
these definitions, without re-

x86: Move 64-bit GDT and TSS to desc.c

Move the GDT and TSS data structures from x86/cstart64.S to
lib/x86/desc.c, so that the follow-up UEFI support commits can reuse
these definitions, without re-defining them in UEFI's boot up assembly
code.

Signed-off-by: Zixuan Wang <zixuanwang@google.com>
Message-Id: <20211004204931.1537823-2-zxwang42@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: unify name of 32-bit and 64-bit GDT

There's no need to distinguish gdt32 and gdt64, since the same C functions
operate on both and selector numbers are mostly unified between 32-
and 64-bit ver

x86: unify name of 32-bit and 64-bit GDT

There's no need to distinguish gdt32 and gdt64, since the same C functions
operate on both and selector numbers are mostly unified between 32-
and 64-bit versions.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: Move IDT to desc.c

Move the IDT data structures from x86/cstart.S and x86/cstart64.S to
lib/x86/desc.c, so that the follow-up UEFI support commits can reuse
these definitions, without re-defini

x86: Move IDT to desc.c

Move the IDT data structures from x86/cstart.S and x86/cstart64.S to
lib/x86/desc.c, so that the follow-up UEFI support commits can reuse
these definitions, without re-defining them in UEFI's boot up assembly
code.

Extracted by a patch by Zixuan Wang <zxwang42@gmail.com> and ported
to 32-bit too.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

replace tss_descr global with a function

tss_descr is declared as a struct descriptor_table_ptr but it is actualy
pointing to an _entry_ in the GDT. Also it is different per CPU, but
tss_descr does

replace tss_descr global with a function

tss_descr is declared as a struct descriptor_table_ptr but it is actualy
pointing to an _entry_ in the GDT. Also it is different per CPU, but
tss_descr does not recognize that. Fix both by reusing the code
(already present e.g. in the vmware_backdoors test) that extracts
the base from the GDT entry; and also provide a helper to retrieve
the limit, which is needed in vmx.c.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

unify field names and definitions for GDT descriptors

Use the same names and definitions (apart from the high base field)
for GDT descriptors in both 32-bit and 64-bit code. The next patch
will als

unify field names and definitions for GDT descriptors

Use the same names and definitions (apart from the high base field)
for GDT descriptors in both 32-bit and 64-bit code. The next patch
will also reuse gdt_entry_t in the 16-byte struct definition, for now
some duplication remains.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: fix call to set_gdt_entry

The low four bits of the fourth argument are unused, make them
zero in all the callers.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

x86: Force the compiler to retrieve exception info from per-cpu area

Tag the exception vector/error code/flags inline asm as volatile so that
it's not elided by the compiler. Without "volatile", th

x86: Force the compiler to retrieve exception info from per-cpu area

Tag the exception vector/error code/flags inline asm as volatile so that
it's not elided by the compiler. Without "volatile", the compiler may
omit the instruction if it inlines the helper and observes that the
memory isn't modified between the store in TRY_CATCH() and the load in
the helper.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20210422030504.3488253-6-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86/cstart: Don't use MSR_GS_BASE in 32-bit boot code

Add per-cpu selectors to the GDT, and set GS_BASE by
loading a "real" segment. Using MSR_GS_BASE is wrong and broken,
it's a 64-bit only MSR an

x86/cstart: Don't use MSR_GS_BASE in 32-bit boot code

Add per-cpu selectors to the GDT, and set GS_BASE by
loading a "real" segment. Using MSR_GS_BASE is wrong and broken,
it's a 64-bit only MSR and does not exist on 32-bit CPUs. The current
code works only because 32-bit KVM VMX incorrectly disables interception
of MSR_GS_BASE, and no one runs KVM on an actual 32-bit physical CPU,
i.e. the MSR exists in hardware and so everything "works".

32-bit KVM SVM is not buggy and correctly injects #GP on the WRMSR, i.e.
the tests have never worked on 32-bit SVM.

While at it, tweak the TSS setup to look like the percpu setup; both
are setting up the address field of the descriptor.

Fixes: dfe6cb6 ("Add 32 bit smp initialization code")
Reported-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20210422030504.3488253-2-seanjc@google.com>
[Patch rewritten, keeping Sean's commit message. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: Add test cases for user-mode CET validation

This unit test is intended to test user-mode CET support of KVM,
it's tested on Intel new platform. Two CET features: Shadow Stack
Protection(SHSTK)

x86: Add test cases for user-mode CET validation

This unit test is intended to test user-mode CET support of KVM,
it's tested on Intel new platform. Two CET features: Shadow Stack
Protection(SHSTK) and Indirect-Branch Tracking(IBT) are enclosed.

In SHSTK test, if the function return-address in normal stack is
tampered with a value not equal to the one on shadow-stack, #CP
(Control Protection Exception)will generated on function returning.
This feature is supported by processor itself, no compiler/link
option is required.

However, to enabled IBT, we need to add -fcf-protection=full in
compiler options, this makes the compiler insert endbr64 at the
very beginning of each jmp/call target given the binary is for
x86_64.

To get PASS results, the following conditions must be met:
1) The processor is powered with CET feature.
2) The kernel is patched with the latest CET kernel patches.
3) The KVM and QEMU are patched with the latest CET patches.
4) Use CET-enabled gcc to compile the test app.

v2:
- Removed extra dependency on test framework for user/kernel mode switch.
- Directly set #CP handler instead of through TSS.

Signed-off-by: Yang Weijiang <weijiang.yang@intel.com>
Message-Id: <20200506082110.25441-12-weijiang.yang@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: remove memory constraint from "mov" instruction

Remove a bogus memory contraint as x86 does not have a generic
memory-to-memory "mov" instruction.

Signed-off-by: Bill Wendling <morbo@google.co

x86: remove memory constraint from "mov" instruction

Remove a bogus memory contraint as x86 does not have a generic
memory-to-memory "mov" instruction.

Signed-off-by: Bill Wendling <morbo@google.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: Remove duplicate definitions of write_cr4_checking() and put it in library

..so that it can be re-used.

Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Reviewed-by: Karl Heubaum <

x86: Remove duplicate definitions of write_cr4_checking() and put it in library

..so that it can be re-used.

Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Reviewed-by: Karl Heubaum <karl.heubaum@oracle.com>
[Add 32-bit version of ASM_TRY. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: Add missing prototypes and mark more local functions as static

To be able to compile with -Wmissing-prototypes, we also need prototypes
for functions that are called from assembler code. We put

x86: Add missing prototypes and mark more local functions as static

To be able to compile with -Wmissing-prototypes, we also need prototypes
for functions that are called from assembler code. We put the prototypes
into the .c files and not into header files here, since these functions
are not called from other .c files.
While we're at it, also mark some more functions as static in these
files which are only used locally.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1538123582-17442-3-git-send-email-thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...