1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (C) 2019, Google LLC.
4 *
5 * This test verifies the integrity of calling the ioctl KVM_SET_NESTED_STATE.
6 */
7
8 #include "test_util.h"
9 #include "kvm_util.h"
10 #include "processor.h"
11 #include "vmx.h"
12 #include "svm_util.h"
13
14 #include <errno.h>
15 #include <linux/kvm.h>
16 #include <string.h>
17 #include <sys/ioctl.h>
18 #include <unistd.h>
19
20 /*
21 * Mirror of VMCS12_REVISION in arch/x86/kvm/vmx/vmcs12.h. If that value
22 * changes this should be updated.
23 */
24 #define VMCS12_REVISION 0x11e57ed0
25
26 bool have_evmcs;
27
test_nested_state(struct kvm_vcpu * vcpu,struct kvm_nested_state * state)28 void test_nested_state(struct kvm_vcpu *vcpu, struct kvm_nested_state *state)
29 {
30 vcpu_nested_state_set(vcpu, state);
31 }
32
test_nested_state_expect_errno(struct kvm_vcpu * vcpu,struct kvm_nested_state * state,int expected_errno)33 void test_nested_state_expect_errno(struct kvm_vcpu *vcpu,
34 struct kvm_nested_state *state,
35 int expected_errno)
36 {
37 int rv;
38
39 rv = __vcpu_nested_state_set(vcpu, state);
40 TEST_ASSERT(rv == -1 && errno == expected_errno,
41 "Expected %s (%d) from vcpu_nested_state_set but got rv: %i errno: %s (%d)",
42 strerror(expected_errno), expected_errno, rv, strerror(errno),
43 errno);
44 }
45
test_nested_state_expect_einval(struct kvm_vcpu * vcpu,struct kvm_nested_state * state)46 void test_nested_state_expect_einval(struct kvm_vcpu *vcpu,
47 struct kvm_nested_state *state)
48 {
49 test_nested_state_expect_errno(vcpu, state, EINVAL);
50 }
51
test_nested_state_expect_efault(struct kvm_vcpu * vcpu,struct kvm_nested_state * state)52 void test_nested_state_expect_efault(struct kvm_vcpu *vcpu,
53 struct kvm_nested_state *state)
54 {
55 test_nested_state_expect_errno(vcpu, state, EFAULT);
56 }
57
set_revision_id_for_vmcs12(struct kvm_nested_state * state,u32 vmcs12_revision)58 void set_revision_id_for_vmcs12(struct kvm_nested_state *state,
59 u32 vmcs12_revision)
60 {
61 /* Set revision_id in vmcs12 to vmcs12_revision. */
62 memcpy(&state->data, &vmcs12_revision, sizeof(u32));
63 }
64
set_default_state(struct kvm_nested_state * state)65 void set_default_state(struct kvm_nested_state *state)
66 {
67 memset(state, 0, sizeof(*state));
68 state->flags = KVM_STATE_NESTED_RUN_PENDING |
69 KVM_STATE_NESTED_GUEST_MODE;
70 state->format = 0;
71 state->size = sizeof(*state);
72 }
73
set_default_vmx_state(struct kvm_nested_state * state,int size)74 void set_default_vmx_state(struct kvm_nested_state *state, int size)
75 {
76 memset(state, 0, size);
77 if (have_evmcs)
78 state->flags = KVM_STATE_NESTED_EVMCS;
79 state->format = 0;
80 state->size = size;
81 state->hdr.vmx.vmxon_pa = 0x1000;
82 state->hdr.vmx.vmcs12_pa = 0x2000;
83 state->hdr.vmx.smm.flags = 0;
84 set_revision_id_for_vmcs12(state, VMCS12_REVISION);
85 }
86
test_vmx_nested_state(struct kvm_vcpu * vcpu)87 void test_vmx_nested_state(struct kvm_vcpu *vcpu)
88 {
89 /* Add a page for VMCS12. */
90 const int state_sz = sizeof(struct kvm_nested_state) + getpagesize();
91 struct kvm_nested_state *state =
92 (struct kvm_nested_state *)malloc(state_sz);
93
94 /* The format must be set to 0. 0 for VMX, 1 for SVM. */
95 set_default_vmx_state(state, state_sz);
96 state->format = 1;
97 test_nested_state_expect_einval(vcpu, state);
98
99 /*
100 * We cannot virtualize anything if the guest does not have VMX
101 * enabled.
102 */
103 set_default_vmx_state(state, state_sz);
104 test_nested_state_expect_einval(vcpu, state);
105
106 /*
107 * We cannot virtualize anything if the guest does not have VMX
108 * enabled. We expect KVM_SET_NESTED_STATE to return 0 if vmxon_pa
109 * is set to -1ull, but the flags must be zero.
110 */
111 set_default_vmx_state(state, state_sz);
112 state->hdr.vmx.vmxon_pa = -1ull;
113 test_nested_state_expect_einval(vcpu, state);
114
115 state->hdr.vmx.vmcs12_pa = -1ull;
116 state->flags = KVM_STATE_NESTED_EVMCS;
117 test_nested_state_expect_einval(vcpu, state);
118
119 state->flags = 0;
120 test_nested_state(vcpu, state);
121
122 /* Enable VMX in the guest CPUID. */
123 vcpu_set_cpuid_feature(vcpu, X86_FEATURE_VMX);
124
125 /*
126 * Setting vmxon_pa == -1ull and vmcs_pa == -1ull exits early without
127 * setting the nested state. When the eVMCS flag is not set, the
128 * expected return value is '0'.
129 */
130 set_default_vmx_state(state, state_sz);
131 state->flags = 0;
132 state->hdr.vmx.vmxon_pa = -1ull;
133 state->hdr.vmx.vmcs12_pa = -1ull;
134 test_nested_state(vcpu, state);
135
136 /*
137 * When eVMCS is supported, the eVMCS flag can only be set if the
138 * enlightened VMCS capability has been enabled.
139 */
140 if (have_evmcs) {
141 state->flags = KVM_STATE_NESTED_EVMCS;
142 test_nested_state_expect_einval(vcpu, state);
143 vcpu_enable_evmcs(vcpu);
144 test_nested_state(vcpu, state);
145 }
146
147 /* It is invalid to have vmxon_pa == -1ull and SMM flags non-zero. */
148 state->hdr.vmx.smm.flags = 1;
149 test_nested_state_expect_einval(vcpu, state);
150
151 /* Invalid flags are rejected. */
152 set_default_vmx_state(state, state_sz);
153 state->hdr.vmx.flags = ~0;
154 test_nested_state_expect_einval(vcpu, state);
155
156 /* It is invalid to have vmxon_pa == -1ull and vmcs_pa != -1ull. */
157 set_default_vmx_state(state, state_sz);
158 state->hdr.vmx.vmxon_pa = -1ull;
159 state->flags = 0;
160 test_nested_state_expect_einval(vcpu, state);
161
162 /* It is invalid to have vmxon_pa set to a non-page aligned address. */
163 set_default_vmx_state(state, state_sz);
164 state->hdr.vmx.vmxon_pa = 1;
165 test_nested_state_expect_einval(vcpu, state);
166
167 /*
168 * It is invalid to have KVM_STATE_NESTED_SMM_GUEST_MODE and
169 * KVM_STATE_NESTED_GUEST_MODE set together.
170 */
171 set_default_vmx_state(state, state_sz);
172 state->flags = KVM_STATE_NESTED_GUEST_MODE |
173 KVM_STATE_NESTED_RUN_PENDING;
174 state->hdr.vmx.smm.flags = KVM_STATE_NESTED_SMM_GUEST_MODE;
175 test_nested_state_expect_einval(vcpu, state);
176
177 /*
178 * It is invalid to have any of the SMM flags set besides:
179 * KVM_STATE_NESTED_SMM_GUEST_MODE
180 * KVM_STATE_NESTED_SMM_VMXON
181 */
182 set_default_vmx_state(state, state_sz);
183 state->hdr.vmx.smm.flags = ~(KVM_STATE_NESTED_SMM_GUEST_MODE |
184 KVM_STATE_NESTED_SMM_VMXON);
185 test_nested_state_expect_einval(vcpu, state);
186
187 /* Outside SMM, SMM flags must be zero. */
188 set_default_vmx_state(state, state_sz);
189 state->flags = 0;
190 state->hdr.vmx.smm.flags = KVM_STATE_NESTED_SMM_GUEST_MODE;
191 test_nested_state_expect_einval(vcpu, state);
192
193 /*
194 * Size must be large enough to fit kvm_nested_state and vmcs12
195 * if VMCS12 physical address is set
196 */
197 set_default_vmx_state(state, state_sz);
198 state->size = sizeof(*state);
199 state->flags = 0;
200 test_nested_state_expect_einval(vcpu, state);
201
202 set_default_vmx_state(state, state_sz);
203 state->size = sizeof(*state);
204 state->flags = 0;
205 state->hdr.vmx.vmcs12_pa = -1;
206 test_nested_state(vcpu, state);
207
208 /*
209 * KVM_SET_NESTED_STATE succeeds with invalid VMCS
210 * contents but L2 not running.
211 */
212 set_default_vmx_state(state, state_sz);
213 state->flags = 0;
214 test_nested_state(vcpu, state);
215
216 /* Invalid flags are rejected, even if no VMCS loaded. */
217 set_default_vmx_state(state, state_sz);
218 state->size = sizeof(*state);
219 state->flags = 0;
220 state->hdr.vmx.vmcs12_pa = -1;
221 state->hdr.vmx.flags = ~0;
222 test_nested_state_expect_einval(vcpu, state);
223
224 /* vmxon_pa cannot be the same address as vmcs_pa. */
225 set_default_vmx_state(state, state_sz);
226 state->hdr.vmx.vmxon_pa = 0;
227 state->hdr.vmx.vmcs12_pa = 0;
228 test_nested_state_expect_einval(vcpu, state);
229
230 /*
231 * Test that if we leave nesting the state reflects that when we get
232 * it again.
233 */
234 set_default_vmx_state(state, state_sz);
235 state->hdr.vmx.vmxon_pa = -1ull;
236 state->hdr.vmx.vmcs12_pa = -1ull;
237 state->flags = 0;
238 test_nested_state(vcpu, state);
239 vcpu_nested_state_get(vcpu, state);
240 TEST_ASSERT(state->size >= sizeof(*state) && state->size <= state_sz,
241 "Size must be between %ld and %d. The size returned was %d.",
242 sizeof(*state), state_sz, state->size);
243
244 TEST_ASSERT_EQ(state->hdr.vmx.vmxon_pa, -1ull);
245 TEST_ASSERT_EQ(state->hdr.vmx.vmcs12_pa, -1ull);
246 TEST_ASSERT_EQ(state->flags, 0);
247
248 free(state);
249 }
250
vcpu_efer_enable_svm(struct kvm_vcpu * vcpu)251 static void vcpu_efer_enable_svm(struct kvm_vcpu *vcpu)
252 {
253 uint64_t old_efer = vcpu_get_msr(vcpu, MSR_EFER);
254
255 vcpu_set_msr(vcpu, MSR_EFER, old_efer | EFER_SVME);
256 }
257
vcpu_efer_disable_svm(struct kvm_vcpu * vcpu)258 static void vcpu_efer_disable_svm(struct kvm_vcpu *vcpu)
259 {
260 uint64_t old_efer = vcpu_get_msr(vcpu, MSR_EFER);
261
262 vcpu_set_msr(vcpu, MSR_EFER, old_efer & ~EFER_SVME);
263 }
264
set_default_svm_state(struct kvm_nested_state * state,int size)265 void set_default_svm_state(struct kvm_nested_state *state, int size)
266 {
267 memset(state, 0, size);
268 state->format = 1;
269 state->size = size;
270 state->hdr.svm.vmcb_pa = 0x3000;
271 }
272
test_svm_nested_state(struct kvm_vcpu * vcpu)273 void test_svm_nested_state(struct kvm_vcpu *vcpu)
274 {
275 /* Add a page for VMCB. */
276 const int state_sz = sizeof(struct kvm_nested_state) + getpagesize();
277 struct kvm_nested_state *state =
278 (struct kvm_nested_state *)malloc(state_sz);
279
280 vcpu_set_cpuid_feature(vcpu, X86_FEATURE_SVM);
281
282 /* The format must be set to 1. 0 for VMX, 1 for SVM. */
283 set_default_svm_state(state, state_sz);
284 state->format = 0;
285 test_nested_state_expect_einval(vcpu, state);
286
287 /* Invalid flags are rejected, KVM_STATE_NESTED_EVMCS is VMX-only */
288 set_default_svm_state(state, state_sz);
289 state->flags = KVM_STATE_NESTED_EVMCS;
290 test_nested_state_expect_einval(vcpu, state);
291
292 /*
293 * If EFER.SVME is clear, guest mode is disallowed and GIF can be set or
294 * cleared.
295 */
296 vcpu_efer_disable_svm(vcpu);
297
298 set_default_svm_state(state, state_sz);
299 state->flags = KVM_STATE_NESTED_GUEST_MODE;
300 test_nested_state_expect_einval(vcpu, state);
301
302 state->flags = 0;
303 test_nested_state(vcpu, state);
304
305 state->flags = KVM_STATE_NESTED_GIF_SET;
306 test_nested_state(vcpu, state);
307
308 /* Enable SVM in the guest EFER. */
309 vcpu_efer_enable_svm(vcpu);
310
311 /* Setting vmcb_pa to a non-aligned address is only fine when not entering guest mode */
312 set_default_svm_state(state, state_sz);
313 state->hdr.svm.vmcb_pa = -1ull;
314 state->flags = 0;
315 test_nested_state(vcpu, state);
316 state->flags = KVM_STATE_NESTED_GUEST_MODE;
317 test_nested_state_expect_einval(vcpu, state);
318
319 /*
320 * Size must be large enough to fit kvm_nested_state and VMCB
321 * only when entering guest mode.
322 */
323 set_default_svm_state(state, state_sz/2);
324 state->flags = 0;
325 test_nested_state(vcpu, state);
326 state->flags = KVM_STATE_NESTED_GUEST_MODE;
327 test_nested_state_expect_einval(vcpu, state);
328
329 /*
330 * Test that if we leave nesting the state reflects that when we get it
331 * again, except for vmcb_pa, which is always returned as 0 when not in
332 * guest mode.
333 */
334 set_default_svm_state(state, state_sz);
335 state->hdr.svm.vmcb_pa = -1ull;
336 state->flags = KVM_STATE_NESTED_GIF_SET;
337 test_nested_state(vcpu, state);
338 vcpu_nested_state_get(vcpu, state);
339 TEST_ASSERT(state->size >= sizeof(*state) && state->size <= state_sz,
340 "Size must be between %ld and %d. The size returned was %d.",
341 sizeof(*state), state_sz, state->size);
342
343 TEST_ASSERT_EQ(state->hdr.svm.vmcb_pa, 0);
344 TEST_ASSERT_EQ(state->flags, KVM_STATE_NESTED_GIF_SET);
345
346 free(state);
347 }
348
main(int argc,char * argv[])349 int main(int argc, char *argv[])
350 {
351 struct kvm_vm *vm;
352 struct kvm_nested_state state;
353 struct kvm_vcpu *vcpu;
354
355 have_evmcs = kvm_check_cap(KVM_CAP_HYPERV_ENLIGHTENED_VMCS);
356
357 TEST_REQUIRE(kvm_cpu_has(X86_FEATURE_VMX) ||
358 kvm_cpu_has(X86_FEATURE_SVM));
359 TEST_REQUIRE(kvm_has_cap(KVM_CAP_NESTED_STATE));
360
361 vm = vm_create_with_one_vcpu(&vcpu, NULL);
362
363 /*
364 * First run tests with VMX/SVM disabled to check error handling.
365 * test_{vmx/svm}_nested_state() will re-enable as needed.
366 */
367 if (kvm_cpu_has(X86_FEATURE_VMX))
368 vcpu_clear_cpuid_feature(vcpu, X86_FEATURE_VMX);
369 else
370 vcpu_clear_cpuid_feature(vcpu, X86_FEATURE_SVM);
371
372 /* Passing a NULL kvm_nested_state causes a EFAULT. */
373 test_nested_state_expect_efault(vcpu, NULL);
374
375 /* 'size' cannot be smaller than sizeof(kvm_nested_state). */
376 set_default_state(&state);
377 state.size = 0;
378 test_nested_state_expect_einval(vcpu, &state);
379
380 /*
381 * Setting the flags 0xf fails the flags check. The only flags that
382 * can be used are:
383 * KVM_STATE_NESTED_GUEST_MODE
384 * KVM_STATE_NESTED_RUN_PENDING
385 * KVM_STATE_NESTED_EVMCS
386 */
387 set_default_state(&state);
388 state.flags = 0xf;
389 test_nested_state_expect_einval(vcpu, &state);
390
391 /*
392 * If KVM_STATE_NESTED_RUN_PENDING is set then
393 * KVM_STATE_NESTED_GUEST_MODE has to be set as well.
394 */
395 set_default_state(&state);
396 state.flags = KVM_STATE_NESTED_RUN_PENDING;
397 test_nested_state_expect_einval(vcpu, &state);
398
399 if (kvm_cpu_has(X86_FEATURE_VMX))
400 test_vmx_nested_state(vcpu);
401 else
402 test_svm_nested_state(vcpu);
403
404 kvm_vm_free(vm);
405 return 0;
406 }
407