nVMX: Add a test to toggle host (L1) CR4.LA57 on VM-Exit

Expand vmx_cr_load_test() to verify that KVM correclty handles toggling
L1's CR4.LA57 on nested VM-Exit. LA57 can only be toggled in isolati

nVMX: Add a test to toggle host (L1) CR4.LA57 on VM-Exit

Expand vmx_cr_load_test() to verify that KVM correclty handles toggling
L1's CR4.LA57 on nested VM-Exit. LA57 can only be toggled in isolation
via VM-Exit, i.e. be the lone bit the causes a MMU role change, because
MOV CR4 #GPs if LA57 is changed while long mode is active.

Test both nested EPT and shadow paging (for L2); the latter will also
toggle KVM's guest_mode bit in the MMU role due to L1 and L2 sharing an
MMU context, but it obviously shouldn't break.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20210622211124.3698119-1-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86/vmx: skip error-code delivery tests for #CP

Old Intel CPUs, which do not support control protection exception, do
not expect an error code for #CP, while new ones expect an error-code.

Intel SD

x86/vmx: skip error-code delivery tests for #CP

Old Intel CPUs, which do not support control protection exception, do
not expect an error code for #CP, while new ones expect an error-code.

Intel SDM does not say that the delivery of an error-code for #CP is
conditional on anything, not even CPU support of CET. So it appears that
the correct testing is just to skip the error-code delivery test for
the #CP exception.

Signed-off-by: Nadav Amit <nadav.amit@gmail.com>
Message-Id: <20210609182945.36849-9-nadav.amit@gmail.com>

show more ...

x86: Convert vmx_tests.c comments to ASCII

Some strange characters snuck into this file. Convert them to ASCII
for better readability.

Signed-off-by: Jim Mattson <jmattson@google.com>
Message-Id: <

x86: Convert vmx_tests.c comments to ASCII

Some strange characters snuck into this file. Convert them to ASCII
for better readability.

Signed-off-by: Jim Mattson <jmattson@google.com>
Message-Id: <20210511220949.1019978-1-jmattson@google.com>
Reviewed-by: David Matlack <dmatlack@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: msr: Test that always-canonical MSRs #GP on non-canonical value

Verify that WRMSR takes a #GP when writing a non-canonical value to a
MSR that always takes a 64-bit address. Specifically, AMD

x86: msr: Test that always-canonical MSRs #GP on non-canonical value

Verify that WRMSR takes a #GP when writing a non-canonical value to a
MSR that always takes a 64-bit address. Specifically, AMD doesn't
enforce a canonical address for the SYSENTER MSRs.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20210422030504.3488253-14-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

vmx: make !EPT error messages consistent

Always add a \t at the beginning and a \n at the end.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

x86: nVMX: Add an equals sign to show value assoc. in test_guest_state()

Insert "=" between the field name and its value when reporting a failure
in test_guest_state() to make it obvious that the nu

x86: nVMX: Add an equals sign to show value assoc. in test_guest_state()

Insert "=" between the field name and its value when reporting a failure
in test_guest_state() to make it obvious that the number is the value of
the field.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20210218002212.2904647-7-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: nVMX: Use more descriptive name for GDT/IDT limit tests

Explicitly state that the invalid limit tests are testing a limit
greater than 0xffff. Simply stating the field name is not helpful sinc

x86: nVMX: Use more descriptive name for GDT/IDT limit tests

Explicitly state that the invalid limit tests are testing a limit
greater than 0xffff. Simply stating the field name is not helpful since
it's already printed on failure.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20210218002212.2904647-6-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: nVMX: Improve report messages for segment base tests

Tweak the segment base tests to state exactly what's being tested, note
whether or not the segment is usable, and stringify the name of the

x86: nVMX: Improve report messages for segment base tests

Tweak the segment base tests to state exactly what's being tested, note
whether or not the segment is usable, and stringify the name of the field
instead of copy-pasting the field name into a string.

Opportunistically wrap the complex macros in do-while.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20210218002212.2904647-5-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: nVMX: Improve report messages for segment selector tests

Tweak the segment selector tests to clarify if they are testing a valid
versus invalid condition, display the actual condition, and stri

x86: nVMX: Improve report messages for segment selector tests

Tweak the segment selector tests to clarify if they are testing a valid
versus invalid condition, display the actual condition, and stringify
the name of the field instead of copy-pasting the field name into a
string.

Opportunistically wrap the complex macro in a do-while.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20210218002212.2904647-4-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: nVMX: Skip unrestricted guest (URG) test if URG isn't supported

Use the enable_unrestricted_guest() helper to enable URG and bail if it
URG isn't supported. EPT is also required for URG, but E

x86: nVMX: Skip unrestricted guest (URG) test if URG isn't supported

Use the enable_unrestricted_guest() helper to enable URG and bail if it
URG isn't supported. EPT is also required for URG, but EPT can be
enabled independent of URG, and some hardware support EPT but not URG,
e.g. NHM.

Fixes: f441716 ("nVMX: Test vmentry of unrestricted (PG=0/PE=1) nested guest")
Cc: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20210218002212.2904647-3-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: nVMX: Verify unrestricted guest is supported in segment tests

Enhance enable_unrestricted_guest() to allow configuring a fully valid
EPT tree, and use the updated helper to verify unrestricted

x86: nVMX: Verify unrestricted guest is supported in segment tests

Enhance enable_unrestricted_guest() to allow configuring a fully valid
EPT tree, and use the updated helper to verify unrestricted guest can be
enabled before testing SS segment properties that are specific to
unrestricted guest.

Fixes: 7820ac5 ("nVMX: Test Selector and Base Address fields of Guest Segment Registers on vmentry of nested guests")
Cc: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20210218002212.2904647-2-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: vmx: Add test for SIPI signal processing

The test verifies the following functionality:
A SIPI signal received when CPU is in VMX non-root mode:
if ACTIVITY_STATE == WAIT_SIPI
VMExi

x86: vmx: Add test for SIPI signal processing

The test verifies the following functionality:
A SIPI signal received when CPU is in VMX non-root mode:
if ACTIVITY_STATE == WAIT_SIPI
VMExit with (reason == 4)
else
SIPI signal is ignored

The test cases depends on IA32_VMX_MISC:bit(8), if this bit is 1
then the test cases would be executed, otherwise the test cases
would be skiped.

Signed-off-by: Yadong Qi <yadong.qi@intel.com>
Message-Id: <20201013052845.249113-1-yadong.qi@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: vmx: Add test for L2 change of CR4.OSXSAVE

If L1 allows L2 to modify CR4.OSXSAVE, then L0 kvm recalculates the
guest's CPUID.01H:ECX.OSXSAVE bit when the L2 guest changes
CR4.OSXSAVE via MOV-to

x86: vmx: Add test for L2 change of CR4.OSXSAVE

If L1 allows L2 to modify CR4.OSXSAVE, then L0 kvm recalculates the
guest's CPUID.01H:ECX.OSXSAVE bit when the L2 guest changes
CR4.OSXSAVE via MOV-to-CR4. Verify that kvm also recalculates this
CPUID bit when loading L1's CR4 from the "host CR4" field of the
VMCS12.

Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Ricardo Koller <ricarkol@google.com>
Reviewed-by: Peter Shier <pshier@google.com>
Message-Id: <20201029171024.486256-1-jmattson@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

nVMX: Test vmentry of unrestricted (PG=0/PE=1) nested guest

According to section "UNRESTRICTED GUESTS" in SDM vol 3c, if the
"unrestricted guest" secondary VM-execution control is set, guests can ru

nVMX: Test vmentry of unrestricted (PG=0/PE=1) nested guest

According to section "UNRESTRICTED GUESTS" in SDM vol 3c, if the
"unrestricted guest" secondary VM-execution control is set, guests can run
in unpaged protected mode or in real mode. This patch tests vmentry of an
unrestricted guest in unpaged protected mode.

Signed-off-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Message-Id: <20200921081027.23047-4-krish.sadhukhan@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

nVMX: Test Selector and Base Address fields of Guest Segment Registers on vmentry of nested guests

According to section "Checks on Guest Segment Registers" in Intel SDM vol 3C,
the following checks

nVMX: Test Selector and Base Address fields of Guest Segment Registers on vmentry of nested guests

According to section "Checks on Guest Segment Registers" in Intel SDM vol 3C,
the following checks are performed on the Guest Segment Registers on vmentry
of nested guests:

Selector fields:
— TR. The TI flag (bit 2) must be 0.
— LDTR. If LDTR is usable, the TI flag (bit 2) must be 0.
— SS. If the guest will not be virtual-8086 and the "unrestricted
guest" VM-execution control is 0, the RPL (bits 1:0) must equal
the RPL of the selector field for CS.1

Base-address fields:
— CS, SS, DS, ES, FS, GS. If the guest will be virtual-8086, the
address must be the selector field shifted left 4 bits (multiplied
by 16).
— The following checks are performed on processors that support Intel
64 architecture:
TR, FS, GS. The address must be canonical.
LDTR. If LDTR is usable, the address must be canonical.
CS. Bits 63:32 of the address must be zero.
SS, DS, ES. If the register is usable, bits 63:32 of the
address must be zero.

Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Message-Id: <20200921081027.23047-3-krish.sadhukhan@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: vmx: Add test for MTF on a guest MOV-to-CR0 that enables PAE

Verify that when L2 guest enables PAE paging and L0 intercept of L2
MOV to CR0 reflects MTF exit to L1, subsequent resume to L2 corr

x86: vmx: Add test for MTF on a guest MOV-to-CR0 that enables PAE

Verify that when L2 guest enables PAE paging and L0 intercept of L2
MOV to CR0 reflects MTF exit to L1, subsequent resume to L2 correctly
preserves PDPTE array specified by L2 CR3.

Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Peter Shier <pshier@google.com>
Signed-off-by: Peter Shier <pshier@google.com>
Message-Id: <20200819205633.1393378-1-pshier@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

nVMX: Use the standard non-canonical value in test_mtf3

Use the standard non-canonical value of repeating 'a' instead of a
custom (1 << 63) value in test_mtf3. When PCID is enabled, bit 63 is
a fla

nVMX: Use the standard non-canonical value in test_mtf3

Use the standard non-canonical value of repeating 'a' instead of a
custom (1 << 63) value in test_mtf3. When PCID is enabled, bit 63 is
a flag that controls TLB swithching on MOV CR3 and is not included in
the canonical check of CR3, i.e. if CR4.PCIDE=1 then the test will load
0 into CR3 and all manner of confusion things happen.

Fixes: 46cc038c6afb8 ("x86: VMX: Add tests for monitor trap flag")
Cc: Oliver Upton <oupton@google.com>
Cc: Jim Mattson <jmattson@google.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Message-Id: <20200714002355.538-3-sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

nVMX: Restore active host RIP/CR4 after test_host_addr_size()

Perform one last VMX transition to actually load the host's RIP and CR4
at the end of test_host_addr_size(). Simply writing the VMCS do

nVMX: Restore active host RIP/CR4 after test_host_addr_size()

Perform one last VMX transition to actually load the host's RIP and CR4
at the end of test_host_addr_size(). Simply writing the VMCS doesn't
restore the values in hardware, e.g. as is, CR4.PCIDE can be left set,
which causes spectacularly confusing explosions when other misguided
tests assume setting bit 63 in CR3 will cause a non-canonical #GP.

Fixes: 0786c0316ac05 ("kvm-unit-test: nVMX: Check Host Address Space Size on vmentry of nested guests")
Cc: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Cc: Karl Heubaum <karl.heubaum@oracle.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Message-Id: <20200714002355.538-2-sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

vmx: remove unnecessary #ifdef __x86_64__

The VMX tests are 64-bit only, so checking the architecture is
unnecessary. Also, if the tests supported 32-bits environments
the #ifdef would probably go

vmx: remove unnecessary #ifdef __x86_64__

The VMX tests are 64-bit only, so checking the architecture is
unnecessary. Also, if the tests supported 32-bits environments
the #ifdef would probably go in test_canonical.

Reported-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

kvm-unit-tests: nVMX: Test GUEST_LIMIT_GDTR and GUEST_LIMIT_IDTR on vmentry of nested guests

According to section "Checks on Guest Descriptor-Table Registers" in Intel
SDM vol 3C, the following chec

kvm-unit-tests: nVMX: Test GUEST_LIMIT_GDTR and GUEST_LIMIT_IDTR on vmentry of nested guests

According to section "Checks on Guest Descriptor-Table Registers" in Intel
SDM vol 3C, the following checks are performed on the Guest Descriptor-Table
Registers on vmentry of nested guests:

- Bits 31:16 of each limit field must be 0.

Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Message-Id: <20200523002603.32450-4-krish.sadhukhan@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

kvm-unit-tests: nVMX: Test GUEST_BASE_GDTR and GUEST_BASE_IDTR on vmentry of nested guests

According to section "Checks on Guest Descriptor-Table Registers" in Intel
SDM vol 3C, the following check

kvm-unit-tests: nVMX: Test GUEST_BASE_GDTR and GUEST_BASE_IDTR on vmentry of nested guests

According to section "Checks on Guest Descriptor-Table Registers" in Intel
SDM vol 3C, the following check is performed on the Guest Descriptor-Table
Registers on vmentry of nested guests:

- On processors that support Intel 64 architecture, the base-address
fields must contain canonical addresses.

Signed-off-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Message-Id: <20200523002603.32450-2-krish.sadhukhan@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: nVMX: Print more (accurate) info if RDTSC diff test fails

Snapshot the delta of the last run and display it in the report if the
test fails. Abort the run loop as soon as the threshold is reac

x86: nVMX: Print more (accurate) info if RDTSC diff test fails

Snapshot the delta of the last run and display it in the report if the
test fails. Abort the run loop as soon as the threshold is reached so
that the displayed delta is guaranteed to a failed delta. Displaying
the delta helps triage failures, e.g. is my system completely broken or
did I get unlucky, and aborting the loop early saves 99900 runs when
the system is indeed broken.

Cc: Nadav Amit <nadav.amit@gmail.com>
Cc: Aaron Lewis <aaronlewis@google.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Message-Id: <20200124234608.10754-1-sean.j.christopherson@intel.com>
Reviewed-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Reviewed-by: Aaron Lewis <aaronlewis@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

Merge tag 'pull-request-2020-06-16' of https://gitlab.com/huth/kvm-unit-tests

* Lots of CI-related fixes and improvements
* Update the gitlab-CI to Fedora 32
* Test compilation with Clang

nVMX: Extend EPTP test to allow 5-level EPT

Modify the EPTP test to expect success when the EPTP is configured for
5-level page walks and 5-level walks are enumerated as supported by the
EPT capabil

nVMX: Extend EPTP test to allow 5-level EPT

Modify the EPTP test to expect success when the EPTP is configured for
5-level page walks and 5-level walks are enumerated as supported by the
EPT capabilities MSR. KVM is in the process of gaining support for
5-level nested EPT[*].

[*] https://lkml.kernel.org/r/20200206220836.22743-1-sean.j.christopherson@intel.com

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Message-Id: <20200207174244.6590-2-sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

vmx_tests: Silence warning from Clang

Clang complains:

x86/vmx_tests.c:8429:40: error: converting the result of '<<' to a boolean
always evaluates to true [-Werror,-Wtautological-constant-compare]

vmx_tests: Silence warning from Clang

Clang complains:

x86/vmx_tests.c:8429:40: error: converting the result of '<<' to a boolean
always evaluates to true [-Werror,-Wtautological-constant-compare]
vmx_preemption_timer_zero_inject_db(1 << DB_VECTOR);
^

Looking at the code, the "1 << DB_VECTOR" is done within the function
vmx_preemption_timer_zero_inject_db() indeed:

vmcs_write(EXC_BITMAP, intercept_db ? 1 << DB_VECTOR : 0);

... so using "true" as parameter for the function should be appropriate
here.

Message-Id: <20200514192626.9950-11-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

show more ...