x86: Fix the name for the SMEP CPUID bit

Fix the X86_FEATURE_* name for SMEP, which is incorrectly named
X86_FEATURE_INVPCID_SINGLE and is a wee bit confusing when looking at
the SMEP unit tests.

N

x86: Fix the name for the SMEP CPUID bit

Fix the X86_FEATURE_* name for SMEP, which is incorrectly named
X86_FEATURE_INVPCID_SINGLE and is a wee bit confusing when looking at
the SMEP unit tests.

Note, there is no INVPCID_SINGLE CPUID bit, the bogus name likely came
from the Linux kernel, which has a synthetic feature flag for
INVPCID_SINGLE in word 7, bit 7 (CPUID 0x7.EBX is stored in word 9).

Fixes: 6ddcc29 ("kvm-unit-test: x86: Implement a generic wrapper for cpuid/cpuid_indexed functions")
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Reviewed-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: add tests for MSR_IA32_TSX_CTRL

Tested-by: Jim Mattson <jmattson@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

kvm-unit-test: x86: Add RDPRU test

Ensure that support for RDPRU is not enumerated in the guest's CPUID
and that the RDPRU instruction raises #UD.

Signed-off-by: Jim Mattson <jmattson@google.com>
R

kvm-unit-test: x86: Add RDPRU test

Ensure that support for RDPRU is not enumerated in the guest's CPUID
and that the RDPRU instruction raises #UD.

Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Peter Shier <pshier@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

kvm-unit-test: nVMX: Fix 95d6d2c32288 ("nVMX: Test Host Segment Registers and Descriptor Tables on vmentry of nested guests")

Commit 95d6d2c32288 added a test for the Segment Selector VMCS field. Th

kvm-unit-test: nVMX: Fix 95d6d2c32288 ("nVMX: Test Host Segment Registers and Descriptor Tables on vmentry of nested guests")

Commit 95d6d2c32288 added a test for the Segment Selector VMCS field. That test
sets the "host address-space size" VM-exit control to zero and as a result, on
VM-exit the guest exits as 32-bit. Since vmx tests are 64-bit, this results in
a hardware error.
This patch also cleans up a few other areas in commit 95d6d2c32288, including
replacing make_non_canonical() with NONCANONICAL.

Reported-by: Nadav Amit <nadav.amit@gmail.com>
Signed-off-by: Krish Sadhukhan <kris.sadhukhan@oracle.com>
Reviewed-by: Karl Heubaum <karl.heubaum@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

kvm-unit-test: x86: Replace cpuid/cpuid_indexed calls with this_cpu_has()

Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Reviewed-by: Karl Heubaum <karl.heubaum@oracle.com>
Signed-off-b

kvm-unit-test: x86: Replace cpuid/cpuid_indexed calls with this_cpu_has()

Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Reviewed-by: Karl Heubaum <karl.heubaum@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

kvm-unit-test: x86: Implement a generic wrapper for cpuid/cpuid_indexed functions

Suggested-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Reviewed

kvm-unit-test: x86: Implement a generic wrapper for cpuid/cpuid_indexed functions

Suggested-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Reviewed-by: Karl Heubaum <karl.heubaum@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

nVMX: Test Host Segment Registers and Descriptor Tables on vmentry of nested guests

According to section "Checks on Host Segment and Descriptor-Table
Registers" in Intel SDM vol 3C, the following ch

nVMX: Test Host Segment Registers and Descriptor Tables on vmentry of nested guests

According to section "Checks on Host Segment and Descriptor-Table
Registers" in Intel SDM vol 3C, the following checks are performed on
vmentry of nested guests:

- In the selector field for each of CS, SS, DS, ES, FS, GS and TR, the
RPL (bits 1:0) and the TI flag (bit 2) must be 0.
- The selector fields for CS and TR cannot be 0000H.
- The selector field for SS cannot be 0000H if the "host address-space
size" VM-exit control is 0.
- On processors that support Intel 64 architecture, the base-address
fields for FS, GS, GDTR, IDTR, and TR must contain canonical
addresses.

Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Reviewed-by: Karl Heubaum <karl.heubaum@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: Add a wrapper to check if the CPU supports NX bit in MSR_EFER

Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Reviewed-by: Karl Heubaum <karl.heubaum@oracle.com>
Signed-off-by: Paol

x86: Add a wrapper to check if the CPU supports NX bit in MSR_EFER

Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Reviewed-by: Karl Heubaum <karl.heubaum@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

Add leak scenario to virt_x2apic_mode_test

While working on virt_x2apic_mode_test, we noticed that KVM allows for a
buggy or malicious L1 to get at L0's x2APIC MSRs via nested. The issue
is in KVM's

Add leak scenario to virt_x2apic_mode_test

While working on virt_x2apic_mode_test, we noticed that KVM allows for a
buggy or malicious L1 to get at L0's x2APIC MSRs via nested. The issue
is in KVM's nested_vmx_prepare_msr_bitmap() function. Specifically, an L1
can execute the following sequence:

1. WRMSR(IA32_SPEC_CTRL, 1), which causes the spec_ctrl variable, in
nested_vmx_prepare_msr_bitmap() to become true.
2. Clear "virtualize x2APIC mode"
3. Set "APIC-register virualization"

Then, KVM will copy L1's MSR bitmap for the x2APIC MSR range into L0,
and run L2 with "Virtualize x2APIC mode" disabled, which gives L2
unfettered access to L0's x2APIC msrs.

Thus, this patch extends virt_x2apic_mode_test with a test case for this
scenario.

Note, this patch was used to discover and fix the issue described in the
KVM patch titled "KVM: x86: nVMX: close leak of L0's x2APIC MSRs".

Signed-off-by: Marc Orr <marcorr@google.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

apic_reg_virt_test: Make APIC-access addr 4k page

This patch introduces split_large_page(), which is used to force the
APIC-access address to be a 4k page. Otherwise, the apic_reg_virt_test
fails on

apic_reg_virt_test: Make APIC-access addr 4k page

This patch introduces split_large_page(), which is used to force the
APIC-access address to be a 4k page. Otherwise, the apic_reg_virt_test
fails on upstream.

Signed-off-by: Marc Orr <marcorr@google.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

Check Host Control Registers on vmentry of L2 guests

According to section "Checks on VMX Controls" in Intel SDM vol 3C, the
following checks are performed on vmentry of L2 guests:

- The CR0 fie

Check Host Control Registers on vmentry of L2 guests

According to section "Checks on VMX Controls" in Intel SDM vol 3C, the
following checks are performed on vmentry of L2 guests:

- The CR0 field must not set any bit to a value not supported in VMX
operation.
- The CR4 field must not set any bit to a value not supported in VMX
operation.
- On processors that support Intel 64 architecture, the CR3 field must
be such that bits 63:52 and bits in the range 51:32 beyond the
processor’s physical-address width must be 0.

Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Reviewed-by: Liam Merwick <liam.merwick@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Conflicts:
x86/vmx_tests.c

show more ...

Check Host Control Registers on vmentry of L2 guests

According to section "Checks on VMX Controls" in Intel SDM vol 3C, the
following checks are performed on vmentry of L2 guests:

- The CR0 fie

Check Host Control Registers on vmentry of L2 guests

According to section "Checks on VMX Controls" in Intel SDM vol 3C, the
following checks are performed on vmentry of L2 guests:

- The CR0 field must not set any bit to a value not supported in VMX
operation.
- The CR4 field must not set any bit to a value not supported in VMX
operation.
- On processors that support Intel 64 architecture, the CR3 field must
be such that bits 63:52 and bits in the range 51:32 beyond the
processor’s physical-address width must be 0.

Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Reviewed-by: Liam Merwick <liam.merwick@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Conflicts:
x86/vmx_tests.c

show more ...

x86: nvmx: Check #NM VM-exit reflection

When L1 intercepts #NM exceptions encountered in L2, the #NM exception
should always be reflected from L0 to L1.

Signed-off-by: Jim Mattson <jmattson@google.

x86: nvmx: Check #NM VM-exit reflection

When L1 intercepts #NM exceptions encountered in L2, the #NM exception
should always be reflected from L0 to L1.

Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Peter Shier <pshier@google.com>
Reviewed-by: Liran Alon <liran.alon@oracle.com>
Reviewed-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: lib: Define const for all ALU flags

Signed-off-by: Liran Alon <liran.alon@oracle.com>
Signed-off-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

x86: lib: Introduce utils for btr/bts

Signed-off-by: Liran Alon <liran.alon@oracle.com>
Signed-off-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

x86: Add test for nested VM entry prereqs

This patch adds a test for the prereq checks done as a part of a nested
VM launch related to event injection.

Signed-off-by: Marc Orr <marcorr@google.com>

x86: Add test for nested VM entry prereqs

This patch adds a test for the prereq checks done as a part of a nested
VM launch related to event injection.

Signed-off-by: Marc Orr <marcorr@google.com>
Message-Id: <20180626014818.26541-1-marcorr@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

Make remaining x86 code compilable with -Wstrict-prototypes

This way the functions can not be called anymore with arbitrary
parameters by accident.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Mes

Make remaining x86 code compilable with -Wstrict-prototypes

This way the functions can not be called anymore with arbitrary
parameters by accident.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1530086528-21665-4-git-send-email-thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: add UMIP test

The UMIP feature can be emulated by KVM, so it's useful to add
a test that it works properly.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

x86: Add Definition for PCE bit in CR4

Signed-off-by: Arbel Moshe <arbel.moshe@oracle.com>
Reviewed-by: Liran Alon <liran.alon@oracle.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.co

x86: Add Definition for PCE bit in CR4

Signed-off-by: Arbel Moshe <arbel.moshe@oracle.com>
Reviewed-by: Liran Alon <liran.alon@oracle.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Message-Id: <20171224100801.145806-4-arbel.moshe@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: vmx: add test for L1 CR4 load

Test whether KVM loads the correct L1 CR4 as guest CR4 when emulating
L2 to L1 exit.

Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com>
Signed-off-by: Paolo

x86: vmx: add test for L1 CR4 load

Test whether KVM loads the correct L1 CR4 as guest CR4 when emulating
L2 to L1 exit.

Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

Test VM-entry in MOVSS shadow

VM-entry is disallowed in the shadow of a MOV-to-SS instruction. When
the current-VMCS is valid, check that the instruction pointer falls
through to the next instructio

Test VM-entry in MOVSS shadow

VM-entry is disallowed in the shadow of a MOV-to-SS instruction. When
the current-VMCS is valid, check that the instruction pointer falls
through to the next instruction, the ALU flags are set to ZF
(VMfailValid), and the VM-instruction error field contains 26 ("VM
entry with events blocked by MOV SS.").

Signed-off-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>

show more ...

Add basic invvpid test

Tests only for success/failure of invvpid. Does not test actual
invvpid functionality.

Signed-off-by: Jim Mattson <jmattson@google.com>
Message-Id: <20170629184647.76674-4-jm

Add basic invvpid test

Tests only for success/failure of invvpid. Does not test actual
invvpid functionality.

Signed-off-by: Jim Mattson <jmattson@google.com>
Message-Id: <20170629184647.76674-4-jmattson@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: add testcase for syscall/sysret TF handling

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

x86/nVMX: Test L1 interception of #BP and #OF in the L2 guest

Int3 (#BP) and INTO (#OF) are unusual, in that they are reported as
"software exception" rather than "hardware exception" in the VM-exit

x86/nVMX: Test L1 interception of #BP and #OF in the L2 guest

Int3 (#BP) and INTO (#OF) are unusual, in that they are reported as
"software exception" rather than "hardware exception" in the VM-exit
interruption information field of the VMCS.

Signed-off-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: vmx: better vm{launch,resume} error handling

This patch splits out entry error handling from other exit handling
since most tests don't expect entry errors and thus don't check the
conditions p

x86: vmx: better vm{launch,resume} error handling

This patch splits out entry error handling from other exit handling
since most tests don't expect entry errors and thus don't check the
conditions properly. Also enables tests for early entry errors (i.e.,
an entry_error_handler can return VMX_TEST_RESUME).

Consolidates and simplifies control flow. Now, vmx_run is the central
validation point for exit handler statuses rather than splitting the
responsibility between exit_handler and vmx_run.

Signed-off-by: Peter Feiner <pfeiner@google.com>
Message-Id: <b167ed218ed91d0da9d8aff93ce8175adec7c838.1458340713.git.pfeiner@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...