1// SPDX-License-Identifier: GPL-2.0 2/* 3 * Copyright (C) 2020, Google LLC. 4 * 5 * Tests for exiting into userspace on registered MSRs 6 */ 7 8#define _GNU_SOURCE /* for program_invocation_short_name */ 9#include <sys/ioctl.h> 10 11#include "kvm_test_harness.h" 12#include "test_util.h" 13#include "kvm_util.h" 14#include "vmx.h" 15 16static bool fep_available; 17 18#define MSR_NON_EXISTENT 0x474f4f00 19 20static u64 deny_bits = 0; 21struct kvm_msr_filter filter_allow = { 22 .flags = KVM_MSR_FILTER_DEFAULT_ALLOW, 23 .ranges = { 24 { 25 .flags = KVM_MSR_FILTER_READ | 26 KVM_MSR_FILTER_WRITE, 27 .nmsrs = 1, 28 /* Test an MSR the kernel knows about. */ 29 .base = MSR_IA32_XSS, 30 .bitmap = (uint8_t*)&deny_bits, 31 }, { 32 .flags = KVM_MSR_FILTER_READ | 33 KVM_MSR_FILTER_WRITE, 34 .nmsrs = 1, 35 /* Test an MSR the kernel doesn't know about. */ 36 .base = MSR_IA32_FLUSH_CMD, 37 .bitmap = (uint8_t*)&deny_bits, 38 }, { 39 .flags = KVM_MSR_FILTER_READ | 40 KVM_MSR_FILTER_WRITE, 41 .nmsrs = 1, 42 /* Test a fabricated MSR that no one knows about. */ 43 .base = MSR_NON_EXISTENT, 44 .bitmap = (uint8_t*)&deny_bits, 45 }, 46 }, 47}; 48 49struct kvm_msr_filter filter_fs = { 50 .flags = KVM_MSR_FILTER_DEFAULT_ALLOW, 51 .ranges = { 52 { 53 .flags = KVM_MSR_FILTER_READ, 54 .nmsrs = 1, 55 .base = MSR_FS_BASE, 56 .bitmap = (uint8_t*)&deny_bits, 57 }, 58 }, 59}; 60 61struct kvm_msr_filter filter_gs = { 62 .flags = KVM_MSR_FILTER_DEFAULT_ALLOW, 63 .ranges = { 64 { 65 .flags = KVM_MSR_FILTER_READ, 66 .nmsrs = 1, 67 .base = MSR_GS_BASE, 68 .bitmap = (uint8_t*)&deny_bits, 69 }, 70 }, 71}; 72 73static uint64_t msr_non_existent_data; 74static int guest_exception_count; 75static u32 msr_reads, msr_writes; 76 77static u8 bitmap_00000000[KVM_MSR_FILTER_MAX_BITMAP_SIZE]; 78static u8 bitmap_00000000_write[KVM_MSR_FILTER_MAX_BITMAP_SIZE]; 79static u8 bitmap_40000000[KVM_MSR_FILTER_MAX_BITMAP_SIZE]; 80static u8 bitmap_c0000000[KVM_MSR_FILTER_MAX_BITMAP_SIZE]; 81static u8 bitmap_c0000000_read[KVM_MSR_FILTER_MAX_BITMAP_SIZE]; 82static u8 bitmap_deadbeef[1] = { 0x1 }; 83 84static void deny_msr(uint8_t *bitmap, u32 msr) 85{ 86 u32 idx = msr & (KVM_MSR_FILTER_MAX_BITMAP_SIZE - 1); 87 88 bitmap[idx / 8] &= ~(1 << (idx % 8)); 89} 90 91static void prepare_bitmaps(void) 92{ 93 memset(bitmap_00000000, 0xff, sizeof(bitmap_00000000)); 94 memset(bitmap_00000000_write, 0xff, sizeof(bitmap_00000000_write)); 95 memset(bitmap_40000000, 0xff, sizeof(bitmap_40000000)); 96 memset(bitmap_c0000000, 0xff, sizeof(bitmap_c0000000)); 97 memset(bitmap_c0000000_read, 0xff, sizeof(bitmap_c0000000_read)); 98 99 deny_msr(bitmap_00000000_write, MSR_IA32_POWER_CTL); 100 deny_msr(bitmap_c0000000_read, MSR_SYSCALL_MASK); 101 deny_msr(bitmap_c0000000_read, MSR_GS_BASE); 102} 103 104struct kvm_msr_filter filter_deny = { 105 .flags = KVM_MSR_FILTER_DEFAULT_DENY, 106 .ranges = { 107 { 108 .flags = KVM_MSR_FILTER_READ, 109 .base = 0x00000000, 110 .nmsrs = KVM_MSR_FILTER_MAX_BITMAP_SIZE * BITS_PER_BYTE, 111 .bitmap = bitmap_00000000, 112 }, { 113 .flags = KVM_MSR_FILTER_WRITE, 114 .base = 0x00000000, 115 .nmsrs = KVM_MSR_FILTER_MAX_BITMAP_SIZE * BITS_PER_BYTE, 116 .bitmap = bitmap_00000000_write, 117 }, { 118 .flags = KVM_MSR_FILTER_READ | KVM_MSR_FILTER_WRITE, 119 .base = 0x40000000, 120 .nmsrs = KVM_MSR_FILTER_MAX_BITMAP_SIZE * BITS_PER_BYTE, 121 .bitmap = bitmap_40000000, 122 }, { 123 .flags = KVM_MSR_FILTER_READ, 124 .base = 0xc0000000, 125 .nmsrs = KVM_MSR_FILTER_MAX_BITMAP_SIZE * BITS_PER_BYTE, 126 .bitmap = bitmap_c0000000_read, 127 }, { 128 .flags = KVM_MSR_FILTER_WRITE, 129 .base = 0xc0000000, 130 .nmsrs = KVM_MSR_FILTER_MAX_BITMAP_SIZE * BITS_PER_BYTE, 131 .bitmap = bitmap_c0000000, 132 }, { 133 .flags = KVM_MSR_FILTER_WRITE | KVM_MSR_FILTER_READ, 134 .base = 0xdeadbeef, 135 .nmsrs = 1, 136 .bitmap = bitmap_deadbeef, 137 }, 138 }, 139}; 140 141struct kvm_msr_filter no_filter_deny = { 142 .flags = KVM_MSR_FILTER_DEFAULT_ALLOW, 143}; 144 145/* 146 * Note: Force test_rdmsr() to not be inlined to prevent the labels, 147 * rdmsr_start and rdmsr_end, from being defined multiple times. 148 */ 149static noinline uint64_t test_rdmsr(uint32_t msr) 150{ 151 uint32_t a, d; 152 153 guest_exception_count = 0; 154 155 __asm__ __volatile__("rdmsr_start: rdmsr; rdmsr_end:" : 156 "=a"(a), "=d"(d) : "c"(msr) : "memory"); 157 158 return a | ((uint64_t) d << 32); 159} 160 161/* 162 * Note: Force test_wrmsr() to not be inlined to prevent the labels, 163 * wrmsr_start and wrmsr_end, from being defined multiple times. 164 */ 165static noinline void test_wrmsr(uint32_t msr, uint64_t value) 166{ 167 uint32_t a = value; 168 uint32_t d = value >> 32; 169 170 guest_exception_count = 0; 171 172 __asm__ __volatile__("wrmsr_start: wrmsr; wrmsr_end:" :: 173 "a"(a), "d"(d), "c"(msr) : "memory"); 174} 175 176extern char rdmsr_start, rdmsr_end; 177extern char wrmsr_start, wrmsr_end; 178 179/* 180 * Note: Force test_em_rdmsr() to not be inlined to prevent the labels, 181 * rdmsr_start and rdmsr_end, from being defined multiple times. 182 */ 183static noinline uint64_t test_em_rdmsr(uint32_t msr) 184{ 185 uint32_t a, d; 186 187 guest_exception_count = 0; 188 189 __asm__ __volatile__(KVM_FEP "em_rdmsr_start: rdmsr; em_rdmsr_end:" : 190 "=a"(a), "=d"(d) : "c"(msr) : "memory"); 191 192 return a | ((uint64_t) d << 32); 193} 194 195/* 196 * Note: Force test_em_wrmsr() to not be inlined to prevent the labels, 197 * wrmsr_start and wrmsr_end, from being defined multiple times. 198 */ 199static noinline void test_em_wrmsr(uint32_t msr, uint64_t value) 200{ 201 uint32_t a = value; 202 uint32_t d = value >> 32; 203 204 guest_exception_count = 0; 205 206 __asm__ __volatile__(KVM_FEP "em_wrmsr_start: wrmsr; em_wrmsr_end:" :: 207 "a"(a), "d"(d), "c"(msr) : "memory"); 208} 209 210extern char em_rdmsr_start, em_rdmsr_end; 211extern char em_wrmsr_start, em_wrmsr_end; 212 213static void guest_code_filter_allow(void) 214{ 215 uint64_t data; 216 217 /* 218 * Test userspace intercepting rdmsr / wrmsr for MSR_IA32_XSS. 219 * 220 * A GP is thrown if anything other than 0 is written to 221 * MSR_IA32_XSS. 222 */ 223 data = test_rdmsr(MSR_IA32_XSS); 224 GUEST_ASSERT(data == 0); 225 GUEST_ASSERT(guest_exception_count == 0); 226 227 test_wrmsr(MSR_IA32_XSS, 0); 228 GUEST_ASSERT(guest_exception_count == 0); 229 230 test_wrmsr(MSR_IA32_XSS, 1); 231 GUEST_ASSERT(guest_exception_count == 1); 232 233 /* 234 * Test userspace intercepting rdmsr / wrmsr for MSR_IA32_FLUSH_CMD. 235 * 236 * A GP is thrown if MSR_IA32_FLUSH_CMD is read 237 * from or if a value other than 1 is written to it. 238 */ 239 test_rdmsr(MSR_IA32_FLUSH_CMD); 240 GUEST_ASSERT(guest_exception_count == 1); 241 242 test_wrmsr(MSR_IA32_FLUSH_CMD, 0); 243 GUEST_ASSERT(guest_exception_count == 1); 244 245 test_wrmsr(MSR_IA32_FLUSH_CMD, 1); 246 GUEST_ASSERT(guest_exception_count == 0); 247 248 /* 249 * Test userspace intercepting rdmsr / wrmsr for MSR_NON_EXISTENT. 250 * 251 * Test that a fabricated MSR can pass through the kernel 252 * and be handled in userspace. 253 */ 254 test_wrmsr(MSR_NON_EXISTENT, 2); 255 GUEST_ASSERT(guest_exception_count == 0); 256 257 data = test_rdmsr(MSR_NON_EXISTENT); 258 GUEST_ASSERT(data == 2); 259 GUEST_ASSERT(guest_exception_count == 0); 260 261 if (fep_available) { 262 /* Let userspace know we aren't done. */ 263 GUEST_SYNC(0); 264 265 /* 266 * Now run the same tests with the instruction emulator. 267 */ 268 data = test_em_rdmsr(MSR_IA32_XSS); 269 GUEST_ASSERT(data == 0); 270 GUEST_ASSERT(guest_exception_count == 0); 271 test_em_wrmsr(MSR_IA32_XSS, 0); 272 GUEST_ASSERT(guest_exception_count == 0); 273 test_em_wrmsr(MSR_IA32_XSS, 1); 274 GUEST_ASSERT(guest_exception_count == 1); 275 276 test_em_rdmsr(MSR_IA32_FLUSH_CMD); 277 GUEST_ASSERT(guest_exception_count == 1); 278 test_em_wrmsr(MSR_IA32_FLUSH_CMD, 0); 279 GUEST_ASSERT(guest_exception_count == 1); 280 test_em_wrmsr(MSR_IA32_FLUSH_CMD, 1); 281 GUEST_ASSERT(guest_exception_count == 0); 282 283 test_em_wrmsr(MSR_NON_EXISTENT, 2); 284 GUEST_ASSERT(guest_exception_count == 0); 285 data = test_em_rdmsr(MSR_NON_EXISTENT); 286 GUEST_ASSERT(data == 2); 287 GUEST_ASSERT(guest_exception_count == 0); 288 } 289 290 GUEST_DONE(); 291} 292 293static void guest_msr_calls(bool trapped) 294{ 295 /* This goes into the in-kernel emulation */ 296 wrmsr(MSR_SYSCALL_MASK, 0); 297 298 if (trapped) { 299 /* This goes into user space emulation */ 300 GUEST_ASSERT(rdmsr(MSR_SYSCALL_MASK) == MSR_SYSCALL_MASK); 301 GUEST_ASSERT(rdmsr(MSR_GS_BASE) == MSR_GS_BASE); 302 } else { 303 GUEST_ASSERT(rdmsr(MSR_SYSCALL_MASK) != MSR_SYSCALL_MASK); 304 GUEST_ASSERT(rdmsr(MSR_GS_BASE) != MSR_GS_BASE); 305 } 306 307 /* If trapped == true, this goes into user space emulation */ 308 wrmsr(MSR_IA32_POWER_CTL, 0x1234); 309 310 /* This goes into the in-kernel emulation */ 311 rdmsr(MSR_IA32_POWER_CTL); 312 313 /* Invalid MSR, should always be handled by user space exit */ 314 GUEST_ASSERT(rdmsr(0xdeadbeef) == 0xdeadbeef); 315 wrmsr(0xdeadbeef, 0x1234); 316} 317 318static void guest_code_filter_deny(void) 319{ 320 guest_msr_calls(true); 321 322 /* 323 * Disable msr filtering, so that the kernel 324 * handles everything in the next round 325 */ 326 GUEST_SYNC(0); 327 328 guest_msr_calls(false); 329 330 GUEST_DONE(); 331} 332 333static void guest_code_permission_bitmap(void) 334{ 335 uint64_t data; 336 337 data = test_rdmsr(MSR_FS_BASE); 338 GUEST_ASSERT(data == MSR_FS_BASE); 339 data = test_rdmsr(MSR_GS_BASE); 340 GUEST_ASSERT(data != MSR_GS_BASE); 341 342 /* Let userspace know to switch the filter */ 343 GUEST_SYNC(0); 344 345 data = test_rdmsr(MSR_FS_BASE); 346 GUEST_ASSERT(data != MSR_FS_BASE); 347 data = test_rdmsr(MSR_GS_BASE); 348 GUEST_ASSERT(data == MSR_GS_BASE); 349 350 GUEST_DONE(); 351} 352 353static void __guest_gp_handler(struct ex_regs *regs, 354 char *r_start, char *r_end, 355 char *w_start, char *w_end) 356{ 357 if (regs->rip == (uintptr_t)r_start) { 358 regs->rip = (uintptr_t)r_end; 359 regs->rax = 0; 360 regs->rdx = 0; 361 } else if (regs->rip == (uintptr_t)w_start) { 362 regs->rip = (uintptr_t)w_end; 363 } else { 364 GUEST_ASSERT(!"RIP is at an unknown location!"); 365 } 366 367 ++guest_exception_count; 368} 369 370static void guest_gp_handler(struct ex_regs *regs) 371{ 372 __guest_gp_handler(regs, &rdmsr_start, &rdmsr_end, 373 &wrmsr_start, &wrmsr_end); 374} 375 376static void guest_fep_gp_handler(struct ex_regs *regs) 377{ 378 __guest_gp_handler(regs, &em_rdmsr_start, &em_rdmsr_end, 379 &em_wrmsr_start, &em_wrmsr_end); 380} 381 382static void check_for_guest_assert(struct kvm_vcpu *vcpu) 383{ 384 struct ucall uc; 385 386 if (vcpu->run->exit_reason == KVM_EXIT_IO && 387 get_ucall(vcpu, &uc) == UCALL_ABORT) { 388 REPORT_GUEST_ASSERT(uc); 389 } 390} 391 392static void process_rdmsr(struct kvm_vcpu *vcpu, uint32_t msr_index) 393{ 394 struct kvm_run *run = vcpu->run; 395 396 check_for_guest_assert(vcpu); 397 398 TEST_ASSERT_KVM_EXIT_REASON(vcpu, KVM_EXIT_X86_RDMSR); 399 TEST_ASSERT(run->msr.index == msr_index, 400 "Unexpected msr (0x%04x), expected 0x%04x", 401 run->msr.index, msr_index); 402 403 switch (run->msr.index) { 404 case MSR_IA32_XSS: 405 run->msr.data = 0; 406 break; 407 case MSR_IA32_FLUSH_CMD: 408 run->msr.error = 1; 409 break; 410 case MSR_NON_EXISTENT: 411 run->msr.data = msr_non_existent_data; 412 break; 413 case MSR_FS_BASE: 414 run->msr.data = MSR_FS_BASE; 415 break; 416 case MSR_GS_BASE: 417 run->msr.data = MSR_GS_BASE; 418 break; 419 default: 420 TEST_ASSERT(false, "Unexpected MSR: 0x%04x", run->msr.index); 421 } 422} 423 424static void process_wrmsr(struct kvm_vcpu *vcpu, uint32_t msr_index) 425{ 426 struct kvm_run *run = vcpu->run; 427 428 check_for_guest_assert(vcpu); 429 430 TEST_ASSERT_KVM_EXIT_REASON(vcpu, KVM_EXIT_X86_WRMSR); 431 TEST_ASSERT(run->msr.index == msr_index, 432 "Unexpected msr (0x%04x), expected 0x%04x", 433 run->msr.index, msr_index); 434 435 switch (run->msr.index) { 436 case MSR_IA32_XSS: 437 if (run->msr.data != 0) 438 run->msr.error = 1; 439 break; 440 case MSR_IA32_FLUSH_CMD: 441 if (run->msr.data != 1) 442 run->msr.error = 1; 443 break; 444 case MSR_NON_EXISTENT: 445 msr_non_existent_data = run->msr.data; 446 break; 447 default: 448 TEST_ASSERT(false, "Unexpected MSR: 0x%04x", run->msr.index); 449 } 450} 451 452static void process_ucall_done(struct kvm_vcpu *vcpu) 453{ 454 struct ucall uc; 455 456 check_for_guest_assert(vcpu); 457 458 TEST_ASSERT_KVM_EXIT_REASON(vcpu, KVM_EXIT_IO); 459 460 TEST_ASSERT(get_ucall(vcpu, &uc) == UCALL_DONE, 461 "Unexpected ucall command: %lu, expected UCALL_DONE (%d)", 462 uc.cmd, UCALL_DONE); 463} 464 465static uint64_t process_ucall(struct kvm_vcpu *vcpu) 466{ 467 struct ucall uc = {}; 468 469 check_for_guest_assert(vcpu); 470 471 TEST_ASSERT_KVM_EXIT_REASON(vcpu, KVM_EXIT_IO); 472 473 switch (get_ucall(vcpu, &uc)) { 474 case UCALL_SYNC: 475 break; 476 case UCALL_ABORT: 477 check_for_guest_assert(vcpu); 478 break; 479 case UCALL_DONE: 480 process_ucall_done(vcpu); 481 break; 482 default: 483 TEST_ASSERT(false, "Unexpected ucall"); 484 } 485 486 return uc.cmd; 487} 488 489static void run_guest_then_process_rdmsr(struct kvm_vcpu *vcpu, 490 uint32_t msr_index) 491{ 492 vcpu_run(vcpu); 493 process_rdmsr(vcpu, msr_index); 494} 495 496static void run_guest_then_process_wrmsr(struct kvm_vcpu *vcpu, 497 uint32_t msr_index) 498{ 499 vcpu_run(vcpu); 500 process_wrmsr(vcpu, msr_index); 501} 502 503static uint64_t run_guest_then_process_ucall(struct kvm_vcpu *vcpu) 504{ 505 vcpu_run(vcpu); 506 return process_ucall(vcpu); 507} 508 509static void run_guest_then_process_ucall_done(struct kvm_vcpu *vcpu) 510{ 511 vcpu_run(vcpu); 512 process_ucall_done(vcpu); 513} 514 515KVM_ONE_VCPU_TEST_SUITE(user_msr); 516 517KVM_ONE_VCPU_TEST(user_msr, msr_filter_allow, guest_code_filter_allow) 518{ 519 struct kvm_vm *vm = vcpu->vm; 520 uint64_t cmd; 521 int rc; 522 523 sync_global_to_guest(vm, fep_available); 524 525 rc = kvm_check_cap(KVM_CAP_X86_USER_SPACE_MSR); 526 TEST_ASSERT(rc, "KVM_CAP_X86_USER_SPACE_MSR is available"); 527 vm_enable_cap(vm, KVM_CAP_X86_USER_SPACE_MSR, KVM_MSR_EXIT_REASON_FILTER); 528 529 rc = kvm_check_cap(KVM_CAP_X86_MSR_FILTER); 530 TEST_ASSERT(rc, "KVM_CAP_X86_MSR_FILTER is available"); 531 532 vm_ioctl(vm, KVM_X86_SET_MSR_FILTER, &filter_allow); 533 534 vm_init_descriptor_tables(vm); 535 vcpu_init_descriptor_tables(vcpu); 536 537 vm_install_exception_handler(vm, GP_VECTOR, guest_gp_handler); 538 539 /* Process guest code userspace exits. */ 540 run_guest_then_process_rdmsr(vcpu, MSR_IA32_XSS); 541 run_guest_then_process_wrmsr(vcpu, MSR_IA32_XSS); 542 run_guest_then_process_wrmsr(vcpu, MSR_IA32_XSS); 543 544 run_guest_then_process_rdmsr(vcpu, MSR_IA32_FLUSH_CMD); 545 run_guest_then_process_wrmsr(vcpu, MSR_IA32_FLUSH_CMD); 546 run_guest_then_process_wrmsr(vcpu, MSR_IA32_FLUSH_CMD); 547 548 run_guest_then_process_wrmsr(vcpu, MSR_NON_EXISTENT); 549 run_guest_then_process_rdmsr(vcpu, MSR_NON_EXISTENT); 550 551 vcpu_run(vcpu); 552 cmd = process_ucall(vcpu); 553 554 if (fep_available) { 555 TEST_ASSERT_EQ(cmd, UCALL_SYNC); 556 vm_install_exception_handler(vm, GP_VECTOR, guest_fep_gp_handler); 557 558 /* Process emulated rdmsr and wrmsr instructions. */ 559 run_guest_then_process_rdmsr(vcpu, MSR_IA32_XSS); 560 run_guest_then_process_wrmsr(vcpu, MSR_IA32_XSS); 561 run_guest_then_process_wrmsr(vcpu, MSR_IA32_XSS); 562 563 run_guest_then_process_rdmsr(vcpu, MSR_IA32_FLUSH_CMD); 564 run_guest_then_process_wrmsr(vcpu, MSR_IA32_FLUSH_CMD); 565 run_guest_then_process_wrmsr(vcpu, MSR_IA32_FLUSH_CMD); 566 567 run_guest_then_process_wrmsr(vcpu, MSR_NON_EXISTENT); 568 run_guest_then_process_rdmsr(vcpu, MSR_NON_EXISTENT); 569 570 /* Confirm the guest completed without issues. */ 571 run_guest_then_process_ucall_done(vcpu); 572 } else { 573 TEST_ASSERT_EQ(cmd, UCALL_DONE); 574 printf("To run the instruction emulated tests set the module parameter 'kvm.force_emulation_prefix=1'\n"); 575 } 576} 577 578static int handle_ucall(struct kvm_vcpu *vcpu) 579{ 580 struct ucall uc; 581 582 switch (get_ucall(vcpu, &uc)) { 583 case UCALL_ABORT: 584 REPORT_GUEST_ASSERT(uc); 585 break; 586 case UCALL_SYNC: 587 vm_ioctl(vcpu->vm, KVM_X86_SET_MSR_FILTER, &no_filter_deny); 588 break; 589 case UCALL_DONE: 590 return 1; 591 default: 592 TEST_FAIL("Unknown ucall %lu", uc.cmd); 593 } 594 595 return 0; 596} 597 598static void handle_rdmsr(struct kvm_run *run) 599{ 600 run->msr.data = run->msr.index; 601 msr_reads++; 602 603 if (run->msr.index == MSR_SYSCALL_MASK || 604 run->msr.index == MSR_GS_BASE) { 605 TEST_ASSERT(run->msr.reason == KVM_MSR_EXIT_REASON_FILTER, 606 "MSR read trap w/o access fault"); 607 } 608 609 if (run->msr.index == 0xdeadbeef) { 610 TEST_ASSERT(run->msr.reason == KVM_MSR_EXIT_REASON_UNKNOWN, 611 "MSR deadbeef read trap w/o inval fault"); 612 } 613} 614 615static void handle_wrmsr(struct kvm_run *run) 616{ 617 /* ignore */ 618 msr_writes++; 619 620 if (run->msr.index == MSR_IA32_POWER_CTL) { 621 TEST_ASSERT(run->msr.data == 0x1234, 622 "MSR data for MSR_IA32_POWER_CTL incorrect"); 623 TEST_ASSERT(run->msr.reason == KVM_MSR_EXIT_REASON_FILTER, 624 "MSR_IA32_POWER_CTL trap w/o access fault"); 625 } 626 627 if (run->msr.index == 0xdeadbeef) { 628 TEST_ASSERT(run->msr.data == 0x1234, 629 "MSR data for deadbeef incorrect"); 630 TEST_ASSERT(run->msr.reason == KVM_MSR_EXIT_REASON_UNKNOWN, 631 "deadbeef trap w/o inval fault"); 632 } 633} 634 635KVM_ONE_VCPU_TEST(user_msr, msr_filter_deny, guest_code_filter_deny) 636{ 637 struct kvm_vm *vm = vcpu->vm; 638 struct kvm_run *run = vcpu->run; 639 int rc; 640 641 rc = kvm_check_cap(KVM_CAP_X86_USER_SPACE_MSR); 642 TEST_ASSERT(rc, "KVM_CAP_X86_USER_SPACE_MSR is available"); 643 vm_enable_cap(vm, KVM_CAP_X86_USER_SPACE_MSR, KVM_MSR_EXIT_REASON_INVAL | 644 KVM_MSR_EXIT_REASON_UNKNOWN | 645 KVM_MSR_EXIT_REASON_FILTER); 646 647 rc = kvm_check_cap(KVM_CAP_X86_MSR_FILTER); 648 TEST_ASSERT(rc, "KVM_CAP_X86_MSR_FILTER is available"); 649 650 prepare_bitmaps(); 651 vm_ioctl(vm, KVM_X86_SET_MSR_FILTER, &filter_deny); 652 653 while (1) { 654 vcpu_run(vcpu); 655 656 switch (run->exit_reason) { 657 case KVM_EXIT_X86_RDMSR: 658 handle_rdmsr(run); 659 break; 660 case KVM_EXIT_X86_WRMSR: 661 handle_wrmsr(run); 662 break; 663 case KVM_EXIT_IO: 664 if (handle_ucall(vcpu)) 665 goto done; 666 break; 667 } 668 669 } 670 671done: 672 TEST_ASSERT(msr_reads == 4, "Handled 4 rdmsr in user space"); 673 TEST_ASSERT(msr_writes == 3, "Handled 3 wrmsr in user space"); 674} 675 676KVM_ONE_VCPU_TEST(user_msr, msr_permission_bitmap, guest_code_permission_bitmap) 677{ 678 struct kvm_vm *vm = vcpu->vm; 679 int rc; 680 681 rc = kvm_check_cap(KVM_CAP_X86_USER_SPACE_MSR); 682 TEST_ASSERT(rc, "KVM_CAP_X86_USER_SPACE_MSR is available"); 683 vm_enable_cap(vm, KVM_CAP_X86_USER_SPACE_MSR, KVM_MSR_EXIT_REASON_FILTER); 684 685 rc = kvm_check_cap(KVM_CAP_X86_MSR_FILTER); 686 TEST_ASSERT(rc, "KVM_CAP_X86_MSR_FILTER is available"); 687 688 vm_ioctl(vm, KVM_X86_SET_MSR_FILTER, &filter_fs); 689 run_guest_then_process_rdmsr(vcpu, MSR_FS_BASE); 690 TEST_ASSERT(run_guest_then_process_ucall(vcpu) == UCALL_SYNC, 691 "Expected ucall state to be UCALL_SYNC."); 692 vm_ioctl(vm, KVM_X86_SET_MSR_FILTER, &filter_gs); 693 run_guest_then_process_rdmsr(vcpu, MSR_GS_BASE); 694 run_guest_then_process_ucall_done(vcpu); 695} 696 697#define test_user_exit_msr_ioctl(vm, cmd, arg, flag, valid_mask) \ 698({ \ 699 int r = __vm_ioctl(vm, cmd, arg); \ 700 \ 701 if (flag & valid_mask) \ 702 TEST_ASSERT(!r, __KVM_IOCTL_ERROR(#cmd, r)); \ 703 else \ 704 TEST_ASSERT(r == -1 && errno == EINVAL, \ 705 "Wanted EINVAL for %s with flag = 0x%llx, got rc: %i errno: %i (%s)", \ 706 #cmd, flag, r, errno, strerror(errno)); \ 707}) 708 709static void run_user_space_msr_flag_test(struct kvm_vm *vm) 710{ 711 struct kvm_enable_cap cap = { .cap = KVM_CAP_X86_USER_SPACE_MSR }; 712 int nflags = sizeof(cap.args[0]) * BITS_PER_BYTE; 713 int rc; 714 int i; 715 716 rc = kvm_check_cap(KVM_CAP_X86_USER_SPACE_MSR); 717 TEST_ASSERT(rc, "KVM_CAP_X86_USER_SPACE_MSR is available"); 718 719 for (i = 0; i < nflags; i++) { 720 cap.args[0] = BIT_ULL(i); 721 test_user_exit_msr_ioctl(vm, KVM_ENABLE_CAP, &cap, 722 BIT_ULL(i), KVM_MSR_EXIT_REASON_VALID_MASK); 723 } 724} 725 726static void run_msr_filter_flag_test(struct kvm_vm *vm) 727{ 728 u64 deny_bits = 0; 729 struct kvm_msr_filter filter = { 730 .flags = KVM_MSR_FILTER_DEFAULT_ALLOW, 731 .ranges = { 732 { 733 .flags = KVM_MSR_FILTER_READ, 734 .nmsrs = 1, 735 .base = 0, 736 .bitmap = (uint8_t *)&deny_bits, 737 }, 738 }, 739 }; 740 int nflags; 741 int rc; 742 int i; 743 744 rc = kvm_check_cap(KVM_CAP_X86_MSR_FILTER); 745 TEST_ASSERT(rc, "KVM_CAP_X86_MSR_FILTER is available"); 746 747 nflags = sizeof(filter.flags) * BITS_PER_BYTE; 748 for (i = 0; i < nflags; i++) { 749 filter.flags = BIT_ULL(i); 750 test_user_exit_msr_ioctl(vm, KVM_X86_SET_MSR_FILTER, &filter, 751 BIT_ULL(i), KVM_MSR_FILTER_VALID_MASK); 752 } 753 754 filter.flags = KVM_MSR_FILTER_DEFAULT_ALLOW; 755 nflags = sizeof(filter.ranges[0].flags) * BITS_PER_BYTE; 756 for (i = 0; i < nflags; i++) { 757 filter.ranges[0].flags = BIT_ULL(i); 758 test_user_exit_msr_ioctl(vm, KVM_X86_SET_MSR_FILTER, &filter, 759 BIT_ULL(i), KVM_MSR_FILTER_RANGE_VALID_MASK); 760 } 761} 762 763/* Test that attempts to write to the unused bits in a flag fails. */ 764KVM_ONE_VCPU_TEST(user_msr, user_exit_msr_flags, NULL) 765{ 766 struct kvm_vm *vm = vcpu->vm; 767 768 /* Test flags for KVM_CAP_X86_USER_SPACE_MSR. */ 769 run_user_space_msr_flag_test(vm); 770 771 /* Test flags and range flags for KVM_X86_SET_MSR_FILTER. */ 772 run_msr_filter_flag_test(vm); 773} 774 775int main(int argc, char *argv[]) 776{ 777 fep_available = kvm_is_forced_emulation_enabled(); 778 779 return test_harness_run(argc, argv); 780} 781