1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * vmx_set_nested_state_test 4 * 5 * Copyright (C) 2019, Google LLC. 6 * 7 * This test verifies the integrity of calling the ioctl KVM_SET_NESTED_STATE. 8 */ 9 10#include "test_util.h" 11#include "kvm_util.h" 12#include "processor.h" 13#include "vmx.h" 14 15#include <errno.h> 16#include <linux/kvm.h> 17#include <string.h> 18#include <sys/ioctl.h> 19#include <unistd.h> 20 21/* 22 * Mirror of VMCS12_REVISION in arch/x86/kvm/vmx/vmcs12.h. If that value 23 * changes this should be updated. 24 */ 25#define VMCS12_REVISION 0x11e57ed0 26 27bool have_evmcs; 28 29void test_nested_state(struct kvm_vcpu *vcpu, struct kvm_nested_state *state) 30{ 31 vcpu_nested_state_set(vcpu, state); 32} 33 34void test_nested_state_expect_errno(struct kvm_vcpu *vcpu, 35 struct kvm_nested_state *state, 36 int expected_errno) 37{ 38 int rv; 39 40 rv = __vcpu_nested_state_set(vcpu, state); 41 TEST_ASSERT(rv == -1 && errno == expected_errno, 42 "Expected %s (%d) from vcpu_nested_state_set but got rv: %i errno: %s (%d)", 43 strerror(expected_errno), expected_errno, rv, strerror(errno), 44 errno); 45} 46 47void test_nested_state_expect_einval(struct kvm_vcpu *vcpu, 48 struct kvm_nested_state *state) 49{ 50 test_nested_state_expect_errno(vcpu, state, EINVAL); 51} 52 53void test_nested_state_expect_efault(struct kvm_vcpu *vcpu, 54 struct kvm_nested_state *state) 55{ 56 test_nested_state_expect_errno(vcpu, state, EFAULT); 57} 58 59void set_revision_id_for_vmcs12(struct kvm_nested_state *state, 60 u32 vmcs12_revision) 61{ 62 /* Set revision_id in vmcs12 to vmcs12_revision. */ 63 memcpy(&state->data, &vmcs12_revision, sizeof(u32)); 64} 65 66void set_default_state(struct kvm_nested_state *state) 67{ 68 memset(state, 0, sizeof(*state)); 69 state->flags = KVM_STATE_NESTED_RUN_PENDING | 70 KVM_STATE_NESTED_GUEST_MODE; 71 state->format = 0; 72 state->size = sizeof(*state); 73} 74 75void set_default_vmx_state(struct kvm_nested_state *state, int size) 76{ 77 memset(state, 0, size); 78 if (have_evmcs) 79 state->flags = KVM_STATE_NESTED_EVMCS; 80 state->format = 0; 81 state->size = size; 82 state->hdr.vmx.vmxon_pa = 0x1000; 83 state->hdr.vmx.vmcs12_pa = 0x2000; 84 state->hdr.vmx.smm.flags = 0; 85 set_revision_id_for_vmcs12(state, VMCS12_REVISION); 86} 87 88void test_vmx_nested_state(struct kvm_vcpu *vcpu) 89{ 90 /* Add a page for VMCS12. */ 91 const int state_sz = sizeof(struct kvm_nested_state) + getpagesize(); 92 struct kvm_nested_state *state = 93 (struct kvm_nested_state *)malloc(state_sz); 94 95 /* The format must be set to 0. 0 for VMX, 1 for SVM. */ 96 set_default_vmx_state(state, state_sz); 97 state->format = 1; 98 test_nested_state_expect_einval(vcpu, state); 99 100 /* 101 * We cannot virtualize anything if the guest does not have VMX 102 * enabled. 103 */ 104 set_default_vmx_state(state, state_sz); 105 test_nested_state_expect_einval(vcpu, state); 106 107 /* 108 * We cannot virtualize anything if the guest does not have VMX 109 * enabled. We expect KVM_SET_NESTED_STATE to return 0 if vmxon_pa 110 * is set to -1ull, but the flags must be zero. 111 */ 112 set_default_vmx_state(state, state_sz); 113 state->hdr.vmx.vmxon_pa = -1ull; 114 test_nested_state_expect_einval(vcpu, state); 115 116 state->hdr.vmx.vmcs12_pa = -1ull; 117 state->flags = KVM_STATE_NESTED_EVMCS; 118 test_nested_state_expect_einval(vcpu, state); 119 120 state->flags = 0; 121 test_nested_state(vcpu, state); 122 123 /* Enable VMX in the guest CPUID. */ 124 vcpu_set_cpuid_feature(vcpu, X86_FEATURE_VMX); 125 126 /* 127 * Setting vmxon_pa == -1ull and vmcs_pa == -1ull exits early without 128 * setting the nested state. When the eVMCS flag is not set, the 129 * expected return value is '0'. 130 */ 131 set_default_vmx_state(state, state_sz); 132 state->flags = 0; 133 state->hdr.vmx.vmxon_pa = -1ull; 134 state->hdr.vmx.vmcs12_pa = -1ull; 135 test_nested_state(vcpu, state); 136 137 /* 138 * When eVMCS is supported, the eVMCS flag can only be set if the 139 * enlightened VMCS capability has been enabled. 140 */ 141 if (have_evmcs) { 142 state->flags = KVM_STATE_NESTED_EVMCS; 143 test_nested_state_expect_einval(vcpu, state); 144 vcpu_enable_evmcs(vcpu); 145 test_nested_state(vcpu, state); 146 } 147 148 /* It is invalid to have vmxon_pa == -1ull and SMM flags non-zero. */ 149 state->hdr.vmx.smm.flags = 1; 150 test_nested_state_expect_einval(vcpu, state); 151 152 /* Invalid flags are rejected. */ 153 set_default_vmx_state(state, state_sz); 154 state->hdr.vmx.flags = ~0; 155 test_nested_state_expect_einval(vcpu, state); 156 157 /* It is invalid to have vmxon_pa == -1ull and vmcs_pa != -1ull. */ 158 set_default_vmx_state(state, state_sz); 159 state->hdr.vmx.vmxon_pa = -1ull; 160 state->flags = 0; 161 test_nested_state_expect_einval(vcpu, state); 162 163 /* It is invalid to have vmxon_pa set to a non-page aligned address. */ 164 set_default_vmx_state(state, state_sz); 165 state->hdr.vmx.vmxon_pa = 1; 166 test_nested_state_expect_einval(vcpu, state); 167 168 /* 169 * It is invalid to have KVM_STATE_NESTED_SMM_GUEST_MODE and 170 * KVM_STATE_NESTED_GUEST_MODE set together. 171 */ 172 set_default_vmx_state(state, state_sz); 173 state->flags = KVM_STATE_NESTED_GUEST_MODE | 174 KVM_STATE_NESTED_RUN_PENDING; 175 state->hdr.vmx.smm.flags = KVM_STATE_NESTED_SMM_GUEST_MODE; 176 test_nested_state_expect_einval(vcpu, state); 177 178 /* 179 * It is invalid to have any of the SMM flags set besides: 180 * KVM_STATE_NESTED_SMM_GUEST_MODE 181 * KVM_STATE_NESTED_SMM_VMXON 182 */ 183 set_default_vmx_state(state, state_sz); 184 state->hdr.vmx.smm.flags = ~(KVM_STATE_NESTED_SMM_GUEST_MODE | 185 KVM_STATE_NESTED_SMM_VMXON); 186 test_nested_state_expect_einval(vcpu, state); 187 188 /* Outside SMM, SMM flags must be zero. */ 189 set_default_vmx_state(state, state_sz); 190 state->flags = 0; 191 state->hdr.vmx.smm.flags = KVM_STATE_NESTED_SMM_GUEST_MODE; 192 test_nested_state_expect_einval(vcpu, state); 193 194 /* 195 * Size must be large enough to fit kvm_nested_state and vmcs12 196 * if VMCS12 physical address is set 197 */ 198 set_default_vmx_state(state, state_sz); 199 state->size = sizeof(*state); 200 state->flags = 0; 201 test_nested_state_expect_einval(vcpu, state); 202 203 set_default_vmx_state(state, state_sz); 204 state->size = sizeof(*state); 205 state->flags = 0; 206 state->hdr.vmx.vmcs12_pa = -1; 207 test_nested_state(vcpu, state); 208 209 /* 210 * KVM_SET_NESTED_STATE succeeds with invalid VMCS 211 * contents but L2 not running. 212 */ 213 set_default_vmx_state(state, state_sz); 214 state->flags = 0; 215 test_nested_state(vcpu, state); 216 217 /* Invalid flags are rejected, even if no VMCS loaded. */ 218 set_default_vmx_state(state, state_sz); 219 state->size = sizeof(*state); 220 state->flags = 0; 221 state->hdr.vmx.vmcs12_pa = -1; 222 state->hdr.vmx.flags = ~0; 223 test_nested_state_expect_einval(vcpu, state); 224 225 /* vmxon_pa cannot be the same address as vmcs_pa. */ 226 set_default_vmx_state(state, state_sz); 227 state->hdr.vmx.vmxon_pa = 0; 228 state->hdr.vmx.vmcs12_pa = 0; 229 test_nested_state_expect_einval(vcpu, state); 230 231 /* 232 * Test that if we leave nesting the state reflects that when we get 233 * it again. 234 */ 235 set_default_vmx_state(state, state_sz); 236 state->hdr.vmx.vmxon_pa = -1ull; 237 state->hdr.vmx.vmcs12_pa = -1ull; 238 state->flags = 0; 239 test_nested_state(vcpu, state); 240 vcpu_nested_state_get(vcpu, state); 241 TEST_ASSERT(state->size >= sizeof(*state) && state->size <= state_sz, 242 "Size must be between %ld and %d. The size returned was %d.", 243 sizeof(*state), state_sz, state->size); 244 TEST_ASSERT(state->hdr.vmx.vmxon_pa == -1ull, "vmxon_pa must be -1ull."); 245 TEST_ASSERT(state->hdr.vmx.vmcs12_pa == -1ull, "vmcs_pa must be -1ull."); 246 247 free(state); 248} 249 250int main(int argc, char *argv[]) 251{ 252 struct kvm_vm *vm; 253 struct kvm_nested_state state; 254 struct kvm_vcpu *vcpu; 255 256 have_evmcs = kvm_check_cap(KVM_CAP_HYPERV_ENLIGHTENED_VMCS); 257 258 TEST_REQUIRE(kvm_has_cap(KVM_CAP_NESTED_STATE)); 259 260 /* 261 * AMD currently does not implement set_nested_state, so for now we 262 * just early out. 263 */ 264 TEST_REQUIRE(kvm_cpu_has(X86_FEATURE_VMX)); 265 266 vm = vm_create_with_one_vcpu(&vcpu, NULL); 267 268 /* 269 * First run tests with VMX disabled to check error handling. 270 */ 271 vcpu_clear_cpuid_feature(vcpu, X86_FEATURE_VMX); 272 273 /* Passing a NULL kvm_nested_state causes a EFAULT. */ 274 test_nested_state_expect_efault(vcpu, NULL); 275 276 /* 'size' cannot be smaller than sizeof(kvm_nested_state). */ 277 set_default_state(&state); 278 state.size = 0; 279 test_nested_state_expect_einval(vcpu, &state); 280 281 /* 282 * Setting the flags 0xf fails the flags check. The only flags that 283 * can be used are: 284 * KVM_STATE_NESTED_GUEST_MODE 285 * KVM_STATE_NESTED_RUN_PENDING 286 * KVM_STATE_NESTED_EVMCS 287 */ 288 set_default_state(&state); 289 state.flags = 0xf; 290 test_nested_state_expect_einval(vcpu, &state); 291 292 /* 293 * If KVM_STATE_NESTED_RUN_PENDING is set then 294 * KVM_STATE_NESTED_GUEST_MODE has to be set as well. 295 */ 296 set_default_state(&state); 297 state.flags = KVM_STATE_NESTED_RUN_PENDING; 298 test_nested_state_expect_einval(vcpu, &state); 299 300 test_vmx_nested_state(vcpu); 301 302 kvm_vm_free(vm); 303 return 0; 304} 305