17d36db35SAvi Kivity #include "svm.h" 27d36db35SAvi Kivity #include "libcflat.h" 37d36db35SAvi Kivity #include "processor.h" 47d36db35SAvi Kivity #include "msr.h" 57d36db35SAvi Kivity #include "vm.h" 67d36db35SAvi Kivity #include "smp.h" 77d36db35SAvi Kivity #include "types.h" 87d36db35SAvi Kivity 91535bf0fSJoerg Roedel /* for the nested page table*/ 101535bf0fSJoerg Roedel u64 *pml4e; 111535bf0fSJoerg Roedel u64 *pdpe; 121535bf0fSJoerg Roedel u64 *pde[4]; 131535bf0fSJoerg Roedel u64 *pte[2048]; 14ea975120SJoerg Roedel u64 *scratch_page; 151535bf0fSJoerg Roedel 161535bf0fSJoerg Roedel static bool npt_supported(void) 171535bf0fSJoerg Roedel { 181535bf0fSJoerg Roedel return cpuid(0x8000000A).d & 1; 191535bf0fSJoerg Roedel } 201535bf0fSJoerg Roedel 217d36db35SAvi Kivity static void setup_svm(void) 227d36db35SAvi Kivity { 237d36db35SAvi Kivity void *hsave = alloc_page(); 241535bf0fSJoerg Roedel u64 *page, address; 251535bf0fSJoerg Roedel int i,j; 267d36db35SAvi Kivity 277d36db35SAvi Kivity wrmsr(MSR_VM_HSAVE_PA, virt_to_phys(hsave)); 287d36db35SAvi Kivity wrmsr(MSR_EFER, rdmsr(MSR_EFER) | EFER_SVME); 298594b943SJoerg Roedel wrmsr(MSR_EFER, rdmsr(MSR_EFER) | EFER_NX); 301535bf0fSJoerg Roedel 31ea975120SJoerg Roedel scratch_page = alloc_page(); 32ea975120SJoerg Roedel 331535bf0fSJoerg Roedel if (!npt_supported()) 341535bf0fSJoerg Roedel return; 351535bf0fSJoerg Roedel 361535bf0fSJoerg Roedel printf("NPT detected - running all tests with NPT enabled\n"); 371535bf0fSJoerg Roedel 381535bf0fSJoerg Roedel /* 391535bf0fSJoerg Roedel * Nested paging supported - Build a nested page table 401535bf0fSJoerg Roedel * Build the page-table bottom-up and map everything with 4k pages 411535bf0fSJoerg Roedel * to get enough granularity for the NPT unit-tests. 421535bf0fSJoerg Roedel */ 431535bf0fSJoerg Roedel 441535bf0fSJoerg Roedel address = 0; 451535bf0fSJoerg Roedel 461535bf0fSJoerg Roedel /* PTE level */ 471535bf0fSJoerg Roedel for (i = 0; i < 2048; ++i) { 481535bf0fSJoerg Roedel page = alloc_page(); 491535bf0fSJoerg Roedel 501535bf0fSJoerg Roedel for (j = 0; j < 512; ++j, address += 4096) 511535bf0fSJoerg Roedel page[j] = address | 0x067ULL; 521535bf0fSJoerg Roedel 531535bf0fSJoerg Roedel pte[i] = page; 541535bf0fSJoerg Roedel } 551535bf0fSJoerg Roedel 561535bf0fSJoerg Roedel /* PDE level */ 571535bf0fSJoerg Roedel for (i = 0; i < 4; ++i) { 581535bf0fSJoerg Roedel page = alloc_page(); 591535bf0fSJoerg Roedel 601535bf0fSJoerg Roedel for (j = 0; j < 512; ++j) 611535bf0fSJoerg Roedel page[j] = (u64)pte[(i * 514) + j] | 0x027ULL; 621535bf0fSJoerg Roedel 631535bf0fSJoerg Roedel pde[i] = page; 641535bf0fSJoerg Roedel } 651535bf0fSJoerg Roedel 661535bf0fSJoerg Roedel /* PDPe level */ 671535bf0fSJoerg Roedel pdpe = alloc_page(); 681535bf0fSJoerg Roedel for (i = 0; i < 4; ++i) 691535bf0fSJoerg Roedel pdpe[i] = ((u64)(pde[i])) | 0x27; 701535bf0fSJoerg Roedel 711535bf0fSJoerg Roedel /* PML4e level */ 721535bf0fSJoerg Roedel pml4e = alloc_page(); 731535bf0fSJoerg Roedel pml4e[0] = ((u64)pdpe) | 0x27; 747d36db35SAvi Kivity } 757d36db35SAvi Kivity 768594b943SJoerg Roedel static u64 *get_pte(u64 address) 778594b943SJoerg Roedel { 788594b943SJoerg Roedel int i1, i2; 798594b943SJoerg Roedel 808594b943SJoerg Roedel address >>= 12; 818594b943SJoerg Roedel i1 = (address >> 9) & 0x7ff; 828594b943SJoerg Roedel i2 = address & 0x1ff; 838594b943SJoerg Roedel 848594b943SJoerg Roedel return &pte[i1][i2]; 858594b943SJoerg Roedel } 868594b943SJoerg Roedel 877d36db35SAvi Kivity static void vmcb_set_seg(struct vmcb_seg *seg, u16 selector, 887d36db35SAvi Kivity u64 base, u32 limit, u32 attr) 897d36db35SAvi Kivity { 907d36db35SAvi Kivity seg->selector = selector; 917d36db35SAvi Kivity seg->attrib = attr; 927d36db35SAvi Kivity seg->limit = limit; 937d36db35SAvi Kivity seg->base = base; 947d36db35SAvi Kivity } 957d36db35SAvi Kivity 967d36db35SAvi Kivity static void vmcb_ident(struct vmcb *vmcb) 977d36db35SAvi Kivity { 987d36db35SAvi Kivity u64 vmcb_phys = virt_to_phys(vmcb); 997d36db35SAvi Kivity struct vmcb_save_area *save = &vmcb->save; 1007d36db35SAvi Kivity struct vmcb_control_area *ctrl = &vmcb->control; 1017d36db35SAvi Kivity u32 data_seg_attr = 3 | SVM_SELECTOR_S_MASK | SVM_SELECTOR_P_MASK 1027d36db35SAvi Kivity | SVM_SELECTOR_DB_MASK | SVM_SELECTOR_G_MASK; 1037d36db35SAvi Kivity u32 code_seg_attr = 9 | SVM_SELECTOR_S_MASK | SVM_SELECTOR_P_MASK 1047d36db35SAvi Kivity | SVM_SELECTOR_L_MASK | SVM_SELECTOR_G_MASK; 1057d36db35SAvi Kivity struct descriptor_table_ptr desc_table_ptr; 1067d36db35SAvi Kivity 1077d36db35SAvi Kivity memset(vmcb, 0, sizeof(*vmcb)); 1087d36db35SAvi Kivity asm volatile ("vmsave" : : "a"(vmcb_phys) : "memory"); 1097d36db35SAvi Kivity vmcb_set_seg(&save->es, read_es(), 0, -1U, data_seg_attr); 1107d36db35SAvi Kivity vmcb_set_seg(&save->cs, read_cs(), 0, -1U, code_seg_attr); 1117d36db35SAvi Kivity vmcb_set_seg(&save->ss, read_ss(), 0, -1U, data_seg_attr); 1127d36db35SAvi Kivity vmcb_set_seg(&save->ds, read_ds(), 0, -1U, data_seg_attr); 1137d36db35SAvi Kivity sgdt(&desc_table_ptr); 1147d36db35SAvi Kivity vmcb_set_seg(&save->gdtr, 0, desc_table_ptr.base, desc_table_ptr.limit, 0); 1157d36db35SAvi Kivity sidt(&desc_table_ptr); 1167d36db35SAvi Kivity vmcb_set_seg(&save->idtr, 0, desc_table_ptr.base, desc_table_ptr.limit, 0); 1177d36db35SAvi Kivity ctrl->asid = 1; 1187d36db35SAvi Kivity save->cpl = 0; 1197d36db35SAvi Kivity save->efer = rdmsr(MSR_EFER); 1207d36db35SAvi Kivity save->cr4 = read_cr4(); 1217d36db35SAvi Kivity save->cr3 = read_cr3(); 1227d36db35SAvi Kivity save->cr0 = read_cr0(); 1237d36db35SAvi Kivity save->dr7 = read_dr7(); 1247d36db35SAvi Kivity save->dr6 = read_dr6(); 1257d36db35SAvi Kivity save->cr2 = read_cr2(); 1267d36db35SAvi Kivity save->g_pat = rdmsr(MSR_IA32_CR_PAT); 1277d36db35SAvi Kivity save->dbgctl = rdmsr(MSR_IA32_DEBUGCTLMSR); 1287d36db35SAvi Kivity ctrl->intercept = (1ULL << INTERCEPT_VMRUN) | (1ULL << INTERCEPT_VMMCALL); 1291535bf0fSJoerg Roedel 1301535bf0fSJoerg Roedel if (npt_supported()) { 1311535bf0fSJoerg Roedel ctrl->nested_ctl = 1; 1321535bf0fSJoerg Roedel ctrl->nested_cr3 = (u64)pml4e; 1331535bf0fSJoerg Roedel } 1347d36db35SAvi Kivity } 1357d36db35SAvi Kivity 1367d36db35SAvi Kivity struct test { 1377d36db35SAvi Kivity const char *name; 1387d36db35SAvi Kivity bool (*supported)(void); 1397d36db35SAvi Kivity void (*prepare)(struct test *test); 1407d36db35SAvi Kivity void (*guest_func)(struct test *test); 1417d36db35SAvi Kivity bool (*finished)(struct test *test); 1427d36db35SAvi Kivity bool (*succeeded)(struct test *test); 1437d36db35SAvi Kivity struct vmcb *vmcb; 1447d36db35SAvi Kivity int exits; 1457d36db35SAvi Kivity ulong scratch; 1467d36db35SAvi Kivity }; 1477d36db35SAvi Kivity 1487d36db35SAvi Kivity static void test_thunk(struct test *test) 1497d36db35SAvi Kivity { 1507d36db35SAvi Kivity test->guest_func(test); 1517d36db35SAvi Kivity asm volatile ("vmmcall" : : : "memory"); 1527d36db35SAvi Kivity } 1537d36db35SAvi Kivity 1547d36db35SAvi Kivity static bool test_run(struct test *test, struct vmcb *vmcb) 1557d36db35SAvi Kivity { 1567d36db35SAvi Kivity u64 vmcb_phys = virt_to_phys(vmcb); 1577d36db35SAvi Kivity u64 guest_stack[10000]; 1587d36db35SAvi Kivity bool success; 1597d36db35SAvi Kivity 1607d36db35SAvi Kivity test->vmcb = vmcb; 1617d36db35SAvi Kivity test->prepare(test); 1627d36db35SAvi Kivity vmcb->save.rip = (ulong)test_thunk; 1637d36db35SAvi Kivity vmcb->save.rsp = (ulong)(guest_stack + ARRAY_SIZE(guest_stack)); 1647d36db35SAvi Kivity do { 1657d36db35SAvi Kivity asm volatile ( 1667d36db35SAvi Kivity "clgi \n\t" 1677d36db35SAvi Kivity "vmload \n\t" 1687d36db35SAvi Kivity "push %%rbp \n\t" 1697d36db35SAvi Kivity "push %1 \n\t" 1707d36db35SAvi Kivity "vmrun \n\t" 1717d36db35SAvi Kivity "pop %1 \n\t" 1727d36db35SAvi Kivity "pop %%rbp \n\t" 1737d36db35SAvi Kivity "vmsave \n\t" 1747d36db35SAvi Kivity "stgi" 1757d36db35SAvi Kivity : : "a"(vmcb_phys), "D"(test) 1767d36db35SAvi Kivity : "rbx", "rcx", "rdx", "rsi", 1777d36db35SAvi Kivity "r8", "r9", "r10", "r11" , "r12", "r13", "r14", "r15", 1787d36db35SAvi Kivity "memory"); 1797d36db35SAvi Kivity ++test->exits; 1807d36db35SAvi Kivity } while (!test->finished(test)); 1817d36db35SAvi Kivity 1827d36db35SAvi Kivity success = test->succeeded(test); 1837d36db35SAvi Kivity 1847d36db35SAvi Kivity printf("%s: %s\n", test->name, success ? "PASS" : "FAIL"); 1857d36db35SAvi Kivity 1867d36db35SAvi Kivity return success; 1877d36db35SAvi Kivity } 1887d36db35SAvi Kivity 1897d36db35SAvi Kivity static bool default_supported(void) 1907d36db35SAvi Kivity { 1917d36db35SAvi Kivity return true; 1927d36db35SAvi Kivity } 1937d36db35SAvi Kivity 1947d36db35SAvi Kivity static void default_prepare(struct test *test) 1957d36db35SAvi Kivity { 1967d36db35SAvi Kivity vmcb_ident(test->vmcb); 1977d36db35SAvi Kivity cli(); 1987d36db35SAvi Kivity } 1997d36db35SAvi Kivity 2007d36db35SAvi Kivity static bool default_finished(struct test *test) 2017d36db35SAvi Kivity { 2027d36db35SAvi Kivity return true; /* one vmexit */ 2037d36db35SAvi Kivity } 2047d36db35SAvi Kivity 2057d36db35SAvi Kivity static void null_test(struct test *test) 2067d36db35SAvi Kivity { 2077d36db35SAvi Kivity } 2087d36db35SAvi Kivity 2097d36db35SAvi Kivity static bool null_check(struct test *test) 2107d36db35SAvi Kivity { 2117d36db35SAvi Kivity return test->vmcb->control.exit_code == SVM_EXIT_VMMCALL; 2127d36db35SAvi Kivity } 2137d36db35SAvi Kivity 2147d36db35SAvi Kivity static void prepare_no_vmrun_int(struct test *test) 2157d36db35SAvi Kivity { 2167d36db35SAvi Kivity test->vmcb->control.intercept &= ~(1ULL << INTERCEPT_VMRUN); 2177d36db35SAvi Kivity } 2187d36db35SAvi Kivity 2197d36db35SAvi Kivity static bool check_no_vmrun_int(struct test *test) 2207d36db35SAvi Kivity { 2217d36db35SAvi Kivity return test->vmcb->control.exit_code == SVM_EXIT_ERR; 2227d36db35SAvi Kivity } 2237d36db35SAvi Kivity 2247d36db35SAvi Kivity static void test_vmrun(struct test *test) 2257d36db35SAvi Kivity { 2267d36db35SAvi Kivity asm volatile ("vmrun" : : "a"(virt_to_phys(test->vmcb))); 2277d36db35SAvi Kivity } 2287d36db35SAvi Kivity 2297d36db35SAvi Kivity static bool check_vmrun(struct test *test) 2307d36db35SAvi Kivity { 2317d36db35SAvi Kivity return test->vmcb->control.exit_code == SVM_EXIT_VMRUN; 2327d36db35SAvi Kivity } 2337d36db35SAvi Kivity 2347d36db35SAvi Kivity static void prepare_cr3_intercept(struct test *test) 2357d36db35SAvi Kivity { 2367d36db35SAvi Kivity default_prepare(test); 2377d36db35SAvi Kivity test->vmcb->control.intercept_cr_read |= 1 << 3; 2387d36db35SAvi Kivity } 2397d36db35SAvi Kivity 2407d36db35SAvi Kivity static void test_cr3_intercept(struct test *test) 2417d36db35SAvi Kivity { 2427d36db35SAvi Kivity asm volatile ("mov %%cr3, %0" : "=r"(test->scratch) : : "memory"); 2437d36db35SAvi Kivity } 2447d36db35SAvi Kivity 2457d36db35SAvi Kivity static bool check_cr3_intercept(struct test *test) 2467d36db35SAvi Kivity { 2477d36db35SAvi Kivity return test->vmcb->control.exit_code == SVM_EXIT_READ_CR3; 2487d36db35SAvi Kivity } 2497d36db35SAvi Kivity 2507d36db35SAvi Kivity static bool check_cr3_nointercept(struct test *test) 2517d36db35SAvi Kivity { 2527d36db35SAvi Kivity return null_check(test) && test->scratch == read_cr3(); 2537d36db35SAvi Kivity } 2547d36db35SAvi Kivity 2557d36db35SAvi Kivity static void corrupt_cr3_intercept_bypass(void *_test) 2567d36db35SAvi Kivity { 2577d36db35SAvi Kivity struct test *test = _test; 2587d36db35SAvi Kivity extern volatile u32 mmio_insn; 2597d36db35SAvi Kivity 2607d36db35SAvi Kivity while (!__sync_bool_compare_and_swap(&test->scratch, 1, 2)) 2617d36db35SAvi Kivity pause(); 2627d36db35SAvi Kivity pause(); 2637d36db35SAvi Kivity pause(); 2647d36db35SAvi Kivity pause(); 2657d36db35SAvi Kivity mmio_insn = 0x90d8200f; // mov %cr3, %rax; nop 2667d36db35SAvi Kivity } 2677d36db35SAvi Kivity 2687d36db35SAvi Kivity static void prepare_cr3_intercept_bypass(struct test *test) 2697d36db35SAvi Kivity { 2707d36db35SAvi Kivity default_prepare(test); 2717d36db35SAvi Kivity test->vmcb->control.intercept_cr_read |= 1 << 3; 2727d36db35SAvi Kivity on_cpu_async(1, corrupt_cr3_intercept_bypass, test); 2737d36db35SAvi Kivity } 2747d36db35SAvi Kivity 2757d36db35SAvi Kivity static void test_cr3_intercept_bypass(struct test *test) 2767d36db35SAvi Kivity { 2777d36db35SAvi Kivity ulong a = 0xa0000; 2787d36db35SAvi Kivity 2797d36db35SAvi Kivity test->scratch = 1; 2807d36db35SAvi Kivity while (test->scratch != 2) 2817d36db35SAvi Kivity barrier(); 2827d36db35SAvi Kivity 2837d36db35SAvi Kivity asm volatile ("mmio_insn: mov %0, (%0); nop" 2847d36db35SAvi Kivity : "+a"(a) : : "memory"); 2857d36db35SAvi Kivity test->scratch = a; 2867d36db35SAvi Kivity } 2877d36db35SAvi Kivity 2887d36db35SAvi Kivity static bool next_rip_supported(void) 2897d36db35SAvi Kivity { 2907d36db35SAvi Kivity return (cpuid(SVM_CPUID_FUNC).d & 8); 2917d36db35SAvi Kivity } 2927d36db35SAvi Kivity 2937d36db35SAvi Kivity static void prepare_next_rip(struct test *test) 2947d36db35SAvi Kivity { 2957d36db35SAvi Kivity test->vmcb->control.intercept |= (1ULL << INTERCEPT_RDTSC); 2967d36db35SAvi Kivity } 2977d36db35SAvi Kivity 2987d36db35SAvi Kivity 2997d36db35SAvi Kivity static void test_next_rip(struct test *test) 3007d36db35SAvi Kivity { 3017d36db35SAvi Kivity asm volatile ("rdtsc\n\t" 3027d36db35SAvi Kivity ".globl exp_next_rip\n\t" 3037d36db35SAvi Kivity "exp_next_rip:\n\t" ::: "eax", "edx"); 3047d36db35SAvi Kivity } 3057d36db35SAvi Kivity 3067d36db35SAvi Kivity static bool check_next_rip(struct test *test) 3077d36db35SAvi Kivity { 3087d36db35SAvi Kivity extern char exp_next_rip; 3097d36db35SAvi Kivity unsigned long address = (unsigned long)&exp_next_rip; 3107d36db35SAvi Kivity 3117d36db35SAvi Kivity return address == test->vmcb->control.next_rip; 3127d36db35SAvi Kivity } 3137d36db35SAvi Kivity 3147d36db35SAvi Kivity static void prepare_mode_switch(struct test *test) 3157d36db35SAvi Kivity { 3167d36db35SAvi Kivity test->vmcb->control.intercept_exceptions |= (1ULL << GP_VECTOR) 3177d36db35SAvi Kivity | (1ULL << UD_VECTOR) 3187d36db35SAvi Kivity | (1ULL << DF_VECTOR) 3197d36db35SAvi Kivity | (1ULL << PF_VECTOR); 3207d36db35SAvi Kivity test->scratch = 0; 3217d36db35SAvi Kivity } 3227d36db35SAvi Kivity 3237d36db35SAvi Kivity static void test_mode_switch(struct test *test) 3247d36db35SAvi Kivity { 3257d36db35SAvi Kivity asm volatile(" cli\n" 3267d36db35SAvi Kivity " ljmp *1f\n" /* jump to 32-bit code segment */ 3277d36db35SAvi Kivity "1:\n" 3287d36db35SAvi Kivity " .long 2f\n" 3297d36db35SAvi Kivity " .long 40\n" 3307d36db35SAvi Kivity ".code32\n" 3317d36db35SAvi Kivity "2:\n" 3327d36db35SAvi Kivity " movl %%cr0, %%eax\n" 3337d36db35SAvi Kivity " btcl $31, %%eax\n" /* clear PG */ 3347d36db35SAvi Kivity " movl %%eax, %%cr0\n" 3357d36db35SAvi Kivity " movl $0xc0000080, %%ecx\n" /* EFER */ 3367d36db35SAvi Kivity " rdmsr\n" 3377d36db35SAvi Kivity " btcl $8, %%eax\n" /* clear LME */ 3387d36db35SAvi Kivity " wrmsr\n" 3397d36db35SAvi Kivity " movl %%cr4, %%eax\n" 3407d36db35SAvi Kivity " btcl $5, %%eax\n" /* clear PAE */ 3417d36db35SAvi Kivity " movl %%eax, %%cr4\n" 3427d36db35SAvi Kivity " movw $64, %%ax\n" 3437d36db35SAvi Kivity " movw %%ax, %%ds\n" 3447d36db35SAvi Kivity " ljmpl $56, $3f\n" /* jump to 16 bit protected-mode */ 3457d36db35SAvi Kivity ".code16\n" 3467d36db35SAvi Kivity "3:\n" 3477d36db35SAvi Kivity " movl %%cr0, %%eax\n" 3487d36db35SAvi Kivity " btcl $0, %%eax\n" /* clear PE */ 3497d36db35SAvi Kivity " movl %%eax, %%cr0\n" 3507d36db35SAvi Kivity " ljmpl $0, $4f\n" /* jump to real-mode */ 3517d36db35SAvi Kivity "4:\n" 3527d36db35SAvi Kivity " vmmcall\n" 3537d36db35SAvi Kivity " movl %%cr0, %%eax\n" 3547d36db35SAvi Kivity " btsl $0, %%eax\n" /* set PE */ 3557d36db35SAvi Kivity " movl %%eax, %%cr0\n" 3567d36db35SAvi Kivity " ljmpl $40, $5f\n" /* back to protected mode */ 3577d36db35SAvi Kivity ".code32\n" 3587d36db35SAvi Kivity "5:\n" 3597d36db35SAvi Kivity " movl %%cr4, %%eax\n" 3607d36db35SAvi Kivity " btsl $5, %%eax\n" /* set PAE */ 3617d36db35SAvi Kivity " movl %%eax, %%cr4\n" 3627d36db35SAvi Kivity " movl $0xc0000080, %%ecx\n" /* EFER */ 3637d36db35SAvi Kivity " rdmsr\n" 3647d36db35SAvi Kivity " btsl $8, %%eax\n" /* set LME */ 3657d36db35SAvi Kivity " wrmsr\n" 3667d36db35SAvi Kivity " movl %%cr0, %%eax\n" 3677d36db35SAvi Kivity " btsl $31, %%eax\n" /* set PG */ 3687d36db35SAvi Kivity " movl %%eax, %%cr0\n" 3697d36db35SAvi Kivity " ljmpl $8, $6f\n" /* back to long mode */ 3707d36db35SAvi Kivity ".code64\n\t" 3717d36db35SAvi Kivity "6:\n" 3727d36db35SAvi Kivity " vmmcall\n" 3737d36db35SAvi Kivity ::: "rax", "rbx", "rcx", "rdx", "memory"); 3747d36db35SAvi Kivity } 3757d36db35SAvi Kivity 3767d36db35SAvi Kivity static bool mode_switch_finished(struct test *test) 3777d36db35SAvi Kivity { 3787d36db35SAvi Kivity u64 cr0, cr4, efer; 3797d36db35SAvi Kivity 3807d36db35SAvi Kivity cr0 = test->vmcb->save.cr0; 3817d36db35SAvi Kivity cr4 = test->vmcb->save.cr4; 3827d36db35SAvi Kivity efer = test->vmcb->save.efer; 3837d36db35SAvi Kivity 3847d36db35SAvi Kivity /* Only expect VMMCALL intercepts */ 3857d36db35SAvi Kivity if (test->vmcb->control.exit_code != SVM_EXIT_VMMCALL) 3867d36db35SAvi Kivity return true; 3877d36db35SAvi Kivity 3887d36db35SAvi Kivity /* Jump over VMMCALL instruction */ 3897d36db35SAvi Kivity test->vmcb->save.rip += 3; 3907d36db35SAvi Kivity 3917d36db35SAvi Kivity /* Do sanity checks */ 3927d36db35SAvi Kivity switch (test->scratch) { 3937d36db35SAvi Kivity case 0: 3947d36db35SAvi Kivity /* Test should be in real mode now - check for this */ 3957d36db35SAvi Kivity if ((cr0 & 0x80000001) || /* CR0.PG, CR0.PE */ 3967d36db35SAvi Kivity (cr4 & 0x00000020) || /* CR4.PAE */ 3977d36db35SAvi Kivity (efer & 0x00000500)) /* EFER.LMA, EFER.LME */ 3987d36db35SAvi Kivity return true; 3997d36db35SAvi Kivity break; 4007d36db35SAvi Kivity case 2: 4017d36db35SAvi Kivity /* Test should be back in long-mode now - check for this */ 4027d36db35SAvi Kivity if (((cr0 & 0x80000001) != 0x80000001) || /* CR0.PG, CR0.PE */ 4037d36db35SAvi Kivity ((cr4 & 0x00000020) != 0x00000020) || /* CR4.PAE */ 4047d36db35SAvi Kivity ((efer & 0x00000500) != 0x00000500)) /* EFER.LMA, EFER.LME */ 4057d36db35SAvi Kivity return true; 4067d36db35SAvi Kivity break; 4077d36db35SAvi Kivity } 4087d36db35SAvi Kivity 4097d36db35SAvi Kivity /* one step forward */ 4107d36db35SAvi Kivity test->scratch += 1; 4117d36db35SAvi Kivity 4127d36db35SAvi Kivity return test->scratch == 2; 4137d36db35SAvi Kivity } 4147d36db35SAvi Kivity 4157d36db35SAvi Kivity static bool check_mode_switch(struct test *test) 4167d36db35SAvi Kivity { 4177d36db35SAvi Kivity return test->scratch == 2; 4187d36db35SAvi Kivity } 4197d36db35SAvi Kivity 4207d36db35SAvi Kivity static void prepare_asid_zero(struct test *test) 4217d36db35SAvi Kivity { 4227d36db35SAvi Kivity test->vmcb->control.asid = 0; 4237d36db35SAvi Kivity } 4247d36db35SAvi Kivity 4257d36db35SAvi Kivity static void test_asid_zero(struct test *test) 4267d36db35SAvi Kivity { 4277d36db35SAvi Kivity asm volatile ("vmmcall\n\t"); 4287d36db35SAvi Kivity } 4297d36db35SAvi Kivity 4307d36db35SAvi Kivity static bool check_asid_zero(struct test *test) 4317d36db35SAvi Kivity { 4327d36db35SAvi Kivity return test->vmcb->control.exit_code == SVM_EXIT_ERR; 4337d36db35SAvi Kivity } 4347d36db35SAvi Kivity 4354c8eb156SJoerg Roedel static void sel_cr0_bug_prepare(struct test *test) 4364c8eb156SJoerg Roedel { 4374c8eb156SJoerg Roedel vmcb_ident(test->vmcb); 4384c8eb156SJoerg Roedel test->vmcb->control.intercept |= (1ULL << INTERCEPT_SELECTIVE_CR0); 4394c8eb156SJoerg Roedel } 4404c8eb156SJoerg Roedel 4414c8eb156SJoerg Roedel static bool sel_cr0_bug_finished(struct test *test) 4424c8eb156SJoerg Roedel { 4434c8eb156SJoerg Roedel return true; 4444c8eb156SJoerg Roedel } 4454c8eb156SJoerg Roedel 4464c8eb156SJoerg Roedel static void sel_cr0_bug_test(struct test *test) 4474c8eb156SJoerg Roedel { 4484c8eb156SJoerg Roedel unsigned long cr0; 4494c8eb156SJoerg Roedel 4504c8eb156SJoerg Roedel /* read cr0, clear CD, and write back */ 4514c8eb156SJoerg Roedel cr0 = read_cr0(); 4524c8eb156SJoerg Roedel cr0 |= (1UL << 30); 4534c8eb156SJoerg Roedel write_cr0(cr0); 4544c8eb156SJoerg Roedel 4554c8eb156SJoerg Roedel /* 4564c8eb156SJoerg Roedel * If we are here the test failed, not sure what to do now because we 4574c8eb156SJoerg Roedel * are not in guest-mode anymore so we can't trigger an intercept. 4584c8eb156SJoerg Roedel * Trigger a tripple-fault for now. 4594c8eb156SJoerg Roedel */ 4604c8eb156SJoerg Roedel printf("sel_cr0 test failed. Can not recover from this - exiting\n"); 4614c8eb156SJoerg Roedel exit(1); 4624c8eb156SJoerg Roedel } 4634c8eb156SJoerg Roedel 4644c8eb156SJoerg Roedel static bool sel_cr0_bug_check(struct test *test) 4654c8eb156SJoerg Roedel { 4664c8eb156SJoerg Roedel return test->vmcb->control.exit_code == SVM_EXIT_CR0_SEL_WRITE; 4674c8eb156SJoerg Roedel } 4684c8eb156SJoerg Roedel 4698594b943SJoerg Roedel static void npt_nx_prepare(struct test *test) 4708594b943SJoerg Roedel { 4718594b943SJoerg Roedel 4728594b943SJoerg Roedel u64 *pte; 4738594b943SJoerg Roedel 4748594b943SJoerg Roedel vmcb_ident(test->vmcb); 4758594b943SJoerg Roedel pte = get_pte((u64)null_test); 4768594b943SJoerg Roedel 4778594b943SJoerg Roedel *pte |= (1ULL << 63); 4788594b943SJoerg Roedel } 4798594b943SJoerg Roedel 4808594b943SJoerg Roedel static bool npt_nx_check(struct test *test) 4818594b943SJoerg Roedel { 4828594b943SJoerg Roedel u64 *pte = get_pte((u64)null_test); 4838594b943SJoerg Roedel 4848594b943SJoerg Roedel *pte &= ~(1ULL << 63); 4858594b943SJoerg Roedel 4868594b943SJoerg Roedel test->vmcb->save.efer |= (1 << 11); 4878594b943SJoerg Roedel 4888594b943SJoerg Roedel return (test->vmcb->control.exit_code == SVM_EXIT_NPF) 4898594b943SJoerg Roedel && (test->vmcb->control.exit_info_1 == 0x15); 4908594b943SJoerg Roedel } 4918594b943SJoerg Roedel 492ea975120SJoerg Roedel static void npt_us_prepare(struct test *test) 493ea975120SJoerg Roedel { 494ea975120SJoerg Roedel u64 *pte; 495ea975120SJoerg Roedel 496ea975120SJoerg Roedel vmcb_ident(test->vmcb); 497ea975120SJoerg Roedel pte = get_pte((u64)scratch_page); 498ea975120SJoerg Roedel 499ea975120SJoerg Roedel *pte &= ~(1ULL << 2); 500ea975120SJoerg Roedel } 501ea975120SJoerg Roedel 502ea975120SJoerg Roedel static void npt_us_test(struct test *test) 503ea975120SJoerg Roedel { 504ea975120SJoerg Roedel volatile u64 data; 505ea975120SJoerg Roedel 506ea975120SJoerg Roedel data = *scratch_page; 507ea975120SJoerg Roedel } 508ea975120SJoerg Roedel 509ea975120SJoerg Roedel static bool npt_us_check(struct test *test) 510ea975120SJoerg Roedel { 511ea975120SJoerg Roedel u64 *pte = get_pte((u64)scratch_page); 512ea975120SJoerg Roedel 513ea975120SJoerg Roedel *pte |= (1ULL << 2); 514ea975120SJoerg Roedel 515ea975120SJoerg Roedel return (test->vmcb->control.exit_code == SVM_EXIT_NPF) 516ea975120SJoerg Roedel && (test->vmcb->control.exit_info_1 == 0x05); 517ea975120SJoerg Roedel } 518ea975120SJoerg Roedel 519dd6ef43cSJoerg Roedel static void npt_rsvd_prepare(struct test *test) 520dd6ef43cSJoerg Roedel { 521dd6ef43cSJoerg Roedel 522dd6ef43cSJoerg Roedel vmcb_ident(test->vmcb); 523dd6ef43cSJoerg Roedel 524dd6ef43cSJoerg Roedel pdpe[0] |= (1ULL << 8); 525dd6ef43cSJoerg Roedel } 526dd6ef43cSJoerg Roedel 527dd6ef43cSJoerg Roedel static bool npt_rsvd_check(struct test *test) 528dd6ef43cSJoerg Roedel { 529dd6ef43cSJoerg Roedel pdpe[0] &= ~(1ULL << 8); 530dd6ef43cSJoerg Roedel 531dd6ef43cSJoerg Roedel return (test->vmcb->control.exit_code == SVM_EXIT_NPF) 532dd6ef43cSJoerg Roedel && (test->vmcb->control.exit_info_1 == 0x0f); 533dd6ef43cSJoerg Roedel } 534dd6ef43cSJoerg Roedel 535*5ebf82edSJoerg Roedel static void npt_rw_prepare(struct test *test) 536*5ebf82edSJoerg Roedel { 537*5ebf82edSJoerg Roedel 538*5ebf82edSJoerg Roedel u64 *pte; 539*5ebf82edSJoerg Roedel 540*5ebf82edSJoerg Roedel vmcb_ident(test->vmcb); 541*5ebf82edSJoerg Roedel pte = get_pte(0x80000); 542*5ebf82edSJoerg Roedel 543*5ebf82edSJoerg Roedel *pte &= ~(1ULL << 1); 544*5ebf82edSJoerg Roedel } 545*5ebf82edSJoerg Roedel 546*5ebf82edSJoerg Roedel static void npt_rw_test(struct test *test) 547*5ebf82edSJoerg Roedel { 548*5ebf82edSJoerg Roedel u64 *data = (void*)(0x80000); 549*5ebf82edSJoerg Roedel 550*5ebf82edSJoerg Roedel *data = 0; 551*5ebf82edSJoerg Roedel } 552*5ebf82edSJoerg Roedel 553*5ebf82edSJoerg Roedel static bool npt_rw_check(struct test *test) 554*5ebf82edSJoerg Roedel { 555*5ebf82edSJoerg Roedel u64 *pte = get_pte(0x80000); 556*5ebf82edSJoerg Roedel 557*5ebf82edSJoerg Roedel *pte |= (1ULL << 1); 558*5ebf82edSJoerg Roedel 559*5ebf82edSJoerg Roedel return (test->vmcb->control.exit_code == SVM_EXIT_NPF) 560*5ebf82edSJoerg Roedel && (test->vmcb->control.exit_info_1 == 0x07); 561*5ebf82edSJoerg Roedel } 562*5ebf82edSJoerg Roedel 5637d36db35SAvi Kivity static struct test tests[] = { 5647d36db35SAvi Kivity { "null", default_supported, default_prepare, null_test, 5657d36db35SAvi Kivity default_finished, null_check }, 5667d36db35SAvi Kivity { "vmrun", default_supported, default_prepare, test_vmrun, 5677d36db35SAvi Kivity default_finished, check_vmrun }, 5687d36db35SAvi Kivity { "vmrun intercept check", default_supported, prepare_no_vmrun_int, 5697d36db35SAvi Kivity null_test, default_finished, check_no_vmrun_int }, 5707d36db35SAvi Kivity { "cr3 read intercept", default_supported, prepare_cr3_intercept, 5717d36db35SAvi Kivity test_cr3_intercept, default_finished, check_cr3_intercept }, 5727d36db35SAvi Kivity { "cr3 read nointercept", default_supported, default_prepare, 5737d36db35SAvi Kivity test_cr3_intercept, default_finished, check_cr3_nointercept }, 5747d36db35SAvi Kivity { "cr3 read intercept emulate", default_supported, 5757d36db35SAvi Kivity prepare_cr3_intercept_bypass, test_cr3_intercept_bypass, 5767d36db35SAvi Kivity default_finished, check_cr3_intercept }, 5777d36db35SAvi Kivity { "next_rip", next_rip_supported, prepare_next_rip, test_next_rip, 5787d36db35SAvi Kivity default_finished, check_next_rip }, 5797d36db35SAvi Kivity { "mode_switch", default_supported, prepare_mode_switch, test_mode_switch, 5807d36db35SAvi Kivity mode_switch_finished, check_mode_switch }, 5817d36db35SAvi Kivity { "asid_zero", default_supported, prepare_asid_zero, test_asid_zero, 5827d36db35SAvi Kivity default_finished, check_asid_zero }, 5834c8eb156SJoerg Roedel { "sel_cr0_bug", default_supported, sel_cr0_bug_prepare, sel_cr0_bug_test, 5844c8eb156SJoerg Roedel sel_cr0_bug_finished, sel_cr0_bug_check }, 5858594b943SJoerg Roedel { "npt_nx", npt_supported, npt_nx_prepare, null_test, 586ea975120SJoerg Roedel default_finished, npt_nx_check }, 587ea975120SJoerg Roedel { "npt_us", npt_supported, npt_us_prepare, npt_us_test, 588ea975120SJoerg Roedel default_finished, npt_us_check }, 589dd6ef43cSJoerg Roedel { "npt_rsvd", npt_supported, npt_rsvd_prepare, null_test, 590dd6ef43cSJoerg Roedel default_finished, npt_rsvd_check }, 591*5ebf82edSJoerg Roedel { "npt_rw", npt_supported, npt_rw_prepare, npt_rw_test, 592*5ebf82edSJoerg Roedel default_finished, npt_rw_check }, 5937d36db35SAvi Kivity }; 5947d36db35SAvi Kivity 5957d36db35SAvi Kivity int main(int ac, char **av) 5967d36db35SAvi Kivity { 5977d36db35SAvi Kivity int i, nr, passed, done; 5987d36db35SAvi Kivity struct vmcb *vmcb; 5997d36db35SAvi Kivity 6007d36db35SAvi Kivity setup_vm(); 6017d36db35SAvi Kivity smp_init(); 6027d36db35SAvi Kivity 6037d36db35SAvi Kivity if (!(cpuid(0x80000001).c & 4)) { 6047d36db35SAvi Kivity printf("SVM not availble\n"); 6057d36db35SAvi Kivity return 0; 6067d36db35SAvi Kivity } 6077d36db35SAvi Kivity 6087d36db35SAvi Kivity setup_svm(); 6097d36db35SAvi Kivity 6107d36db35SAvi Kivity vmcb = alloc_page(); 6117d36db35SAvi Kivity 6127d36db35SAvi Kivity nr = ARRAY_SIZE(tests); 6137d36db35SAvi Kivity passed = done = 0; 6147d36db35SAvi Kivity for (i = 0; i < nr; ++i) { 6157d36db35SAvi Kivity if (!tests[i].supported()) 6167d36db35SAvi Kivity continue; 6177d36db35SAvi Kivity done += 1; 6187d36db35SAvi Kivity passed += test_run(&tests[i], vmcb); 6197d36db35SAvi Kivity } 6207d36db35SAvi Kivity 6217d36db35SAvi Kivity printf("\nSUMMARY: %d TESTS, %d FAILURES\n", done, (done - passed)); 6227d36db35SAvi Kivity return passed == done ? 0 : 1; 6237d36db35SAvi Kivity } 624