From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jan Kiszka <jan.kiszka@web.de>
Subject: Re: [PATCH 4/4] kvm-unit-tests: VMX: Add test cases for instruction
 interception
Date: Thu, 15 Aug 2013 10:06:45 +0200
Message-ID: <520C8C15.2070905@web.de>
References: <1376409368-7016-1-git-send-email-yzt356@gmail.com> <1376409368-7016-5-git-send-email-yzt356@gmail.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="mBhgtJfkhW0juc2ESugJ9e58aJexC29gm"
Cc: kvm@vger.kernel.org, gleb@redhat.com, pbonzini@redhat.com
To: Arthur Chunqi Li <yzt356@gmail.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mout.web.de ([212.227.15.4]:54542 "EHLO mout.web.de"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751951Ab3HOIGt (ORCPT <rfc822;kvm@vger.kernel.org>);
	Thu, 15 Aug 2013 04:06:49 -0400
Received: from mchn199C.mchp.siemens.de ([95.157.58.223]) by smtp.web.de
 (mrweb101) with ESMTPSA (Nemesis) id 0M3jwL-1W0ssB0CVF-00rFA8 for
 <kvm@vger.kernel.org>; Thu, 15 Aug 2013 10:06:47 +0200
In-Reply-To: <1376409368-7016-5-git-send-email-yzt356@gmail.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--mBhgtJfkhW0juc2ESugJ9e58aJexC29gm
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable

On 2013-08-13 17:56, Arthur Chunqi Li wrote:
> Add test cases for instruction interception, including three types:
> 1. Primary Processor-Based VM-Execution Controls (HLT/INVLPG/MWAIT/
> RDPMC/RDTSC/MONITOR/PAUSE)
> 2. Secondary Processor-Based VM-Execution Controls (WBINVD)
> 3. No control flag (CPUID/INVD)
>=20
> Signed-off-by: Arthur Chunqi Li <yzt356@gmail.com>
> ---
>  x86/vmx.c       |    3 +-
>  x86/vmx.h       |    7 ++++
>  x86/vmx_tests.c |  117 +++++++++++++++++++++++++++++++++++++++++++++++=
++++++++
>  3 files changed, 125 insertions(+), 2 deletions(-)
>=20
> diff --git a/x86/vmx.c b/x86/vmx.c
> index ca36d35..c346070 100644
> --- a/x86/vmx.c
> +++ b/x86/vmx.c
> @@ -336,8 +336,7 @@ static void init_vmx(void)
>  			: MSR_IA32_VMX_ENTRY_CTLS);
>  	ctrl_cpu_rev[0].val =3D rdmsr(basic.ctrl ? MSR_IA32_VMX_TRUE_PROC
>  			: MSR_IA32_VMX_PROCBASED_CTLS);
> -	if (ctrl_cpu_rev[0].set & CPU_SECONDARY)
> -		ctrl_cpu_rev[1].val =3D rdmsr(MSR_IA32_VMX_PROCBASED_CTLS2);
> +	ctrl_cpu_rev[1].val =3D rdmsr(MSR_IA32_VMX_PROCBASED_CTLS2);
>  	if (ctrl_cpu_rev[1].set & CPU_EPT || ctrl_cpu_rev[1].set & CPU_VPID)
>  		ept_vpid.val =3D rdmsr(MSR_IA32_VMX_EPT_VPID_CAP);
> =20
> diff --git a/x86/vmx.h b/x86/vmx.h
> index dba8b20..d81d25d 100644
> --- a/x86/vmx.h
> +++ b/x86/vmx.h
> @@ -354,6 +354,9 @@ enum Ctrl0 {
>  	CPU_INTR_WINDOW		=3D 1ul << 2,
>  	CPU_HLT			=3D 1ul << 7,
>  	CPU_INVLPG		=3D 1ul << 9,
> +	CPU_MWAIT		=3D 1ul << 10,
> +	CPU_RDPMC		=3D 1ul << 11,
> +	CPU_RDTSC		=3D 1ul << 12,
>  	CPU_CR3_LOAD		=3D 1ul << 15,
>  	CPU_CR3_STORE		=3D 1ul << 16,
>  	CPU_TPR_SHADOW		=3D 1ul << 21,
> @@ -361,6 +364,8 @@ enum Ctrl0 {
>  	CPU_IO			=3D 1ul << 24,
>  	CPU_IO_BITMAP		=3D 1ul << 25,
>  	CPU_MSR_BITMAP		=3D 1ul << 28,
> +	CPU_MONITOR		=3D 1ul << 29,
> +	CPU_PAUSE		=3D 1ul << 30,
>  	CPU_SECONDARY		=3D 1ul << 31,
>  };
> =20
> @@ -368,6 +373,8 @@ enum Ctrl1 {
>  	CPU_EPT			=3D 1ul << 1,
>  	CPU_VPID		=3D 1ul << 5,
>  	CPU_URG			=3D 1ul << 7,
> +	CPU_WBINVD		=3D 1ul << 6,
> +	CPU_RDRAND		=3D 1ul << 11,
>  };
> =20
>  #define SAVE_GPR				\
> diff --git a/x86/vmx_tests.c b/x86/vmx_tests.c
> index ad28c4c..66187f4 100644
> --- a/x86/vmx_tests.c
> +++ b/x86/vmx_tests.c
> @@ -20,6 +20,13 @@ static inline void set_stage(u32 s)
>  	asm volatile("mov %0, stage\n\t"::"r"(s):"memory", "cc");
>  }
> =20
> +static inline u32 get_stage()
> +{
> +	u32 s;
> +	asm volatile("mov stage, %0\n\t":"=3Dr"(s)::"memory", "cc");
> +	return s;
> +}

Tagging "stage" volatile will obsolete this special assembly.

> +
>  void basic_init()
>  {
>  }
> @@ -638,6 +645,114 @@ static int iobmp_exit_handler()
>  	return VMX_TEST_VMEXIT;
>  }
> =20
> +asm(
> +	"insn_hlt: hlt;ret\n\t"
> +	"insn_invlpg: invlpg 0x12345678;ret\n\t"
> +	"insn_mwait: mwait;ret\n\t"
> +	"insn_rdpmc: rdpmc;ret\n\t"
> +	"insn_rdtsc: rdtsc;ret\n\t"
> +	"insn_monitor: monitor;ret\n\t"
> +	"insn_pause: pause;ret\n\t"
> +	"insn_wbinvd: wbinvd;ret\n\t"
> +	"insn_cpuid: cpuid;ret\n\t"
> +	"insn_invd: invd;ret\n\t"
> +);
> +extern void insn_hlt();
> +extern void insn_invlpg();
> +extern void insn_mwait();
> +extern void insn_rdpmc();
> +extern void insn_rdtsc();
> +extern void insn_monitor();
> +extern void insn_pause();
> +extern void insn_wbinvd();
> +extern void insn_cpuid();
> +extern void insn_invd();
> +
> +u32 cur_insn;
> +
> +struct insn_table {
> +	const char *name;
> +	u32 flag;
> +	void (*insn_func)();
> +	u32 type;

What do the "type" values mean?

> +	u32 reason;
> +	ulong exit_qual;
> +	u32 insn_info;

For none of the instructions you test, EXI_INST_INFO will have valid
content on exit. So you must not check it anyway.

> +};
> +
> +static struct insn_table insn_table[] =3D {
> +	// Flags for Primary Processor-Based VM-Execution Controls
> +	{"HLT",  CPU_HLT, insn_hlt, 0, 12, 0, 0},
> +	{"INVLPG", CPU_INVLPG, insn_invlpg, 0, 14, 0x12345678, 0},
> +	{"MWAIT", CPU_MWAIT, insn_mwait, 0, 36, 0, 0},
> +	{"RDPMC", CPU_RDPMC, insn_rdpmc, 0, 15, 0, 0},
> +	{"RDTSC", CPU_RDTSC, insn_rdtsc, 0, 16, 0, 0},
> +	{"MONITOR", CPU_MONITOR, insn_monitor, 0, 39, 0, 0},
> +	{"PAUSE", CPU_PAUSE, insn_pause, 0, 40, 0, 0},
> +	// Flags for Secondary Processor-Based VM-Execution Controls
> +	{"WBINVD", CPU_WBINVD, insn_wbinvd, 1, 54, 0, 0},
> +	// Flags for Non-Processor-Based
> +	{"CPUID", 0, insn_cpuid, 2, 10, 0, 0},
> +	{"INVD", 0, insn_invd, 2, 13, 0, 0},
> +	{NULL},
> +};
> +
> +static void insn_intercept_init()
> +{
> +	u32 ctrl_cpu[2];
> +
> +	ctrl_cpu[0] =3D vmcs_read(CPU_EXEC_CTRL0);
> +	ctrl_cpu[0] |=3D CPU_HLT | CPU_INVLPG | CPU_MWAIT | CPU_RDPMC | CPU_R=
DTSC |
> +		CPU_MONITOR | CPU_PAUSE | CPU_SECONDARY;
> +	ctrl_cpu[0] &=3D ctrl_cpu_rev[0].clr;
> +	vmcs_write(CPU_EXEC_CTRL0, ctrl_cpu[0]);
> +	ctrl_cpu[1] =3D vmcs_read(CPU_EXEC_CTRL1);
> +	ctrl_cpu[1] |=3D CPU_WBINVD | CPU_RDRAND;
> +	ctrl_cpu[1] &=3D ctrl_cpu_rev[1].clr;
> +	vmcs_write(CPU_EXEC_CTRL1, ctrl_cpu[1]);
> +}
> +
> +static void insn_intercept_main()
> +{
> +	cur_insn =3D 0;
> +	while(insn_table[cur_insn].name !=3D NULL) {
> +		set_stage(cur_insn);
> +		if ((insn_table[cur_insn].type =3D=3D 0 && !(ctrl_cpu_rev[0].clr & i=
nsn_table[cur_insn].flag)) ||
> +			(insn_table[cur_insn].type =3D=3D 1 && !(ctrl_cpu_rev[1].clr & insn=
_table[cur_insn].flag))) {
> +			printf("\tCPU_CTRL.CPU_%s is not supported.\n", insn_table[cur_insn=
].name);


Coding style, specifically overlong lines.

> +		} else {
> +			insn_table[cur_insn].insn_func();
> +			if (stage !=3D cur_insn + 1)
> +				report(insn_table[cur_insn].name, 0);

Would be good to test the inverse as well, i.e. the intercept-free
execution.

> +		}
> +		cur_insn ++;
> +	}
> +}
> +
> +static int insn_intercept_exit_handler()
> +{
> +	u64 guest_rip;
> +	u32 reason;
> +	ulong exit_qual;
> +	u32 insn_len;
> +	u32 insn_info;
> +
> +	guest_rip =3D vmcs_read(GUEST_RIP);
> +	reason =3D vmcs_read(EXI_REASON) & 0xff;
> +	exit_qual =3D vmcs_read(EXI_QUALIFICATION);
> +	insn_len =3D vmcs_read(EXI_INST_LEN);
> +	insn_info =3D vmcs_read(EXI_INST_INFO);
> +	if (cur_insn =3D=3D get_stage() &&
> +			insn_table[cur_insn].reason =3D=3D reason &&
> +			insn_table[cur_insn].exit_qual =3D=3D exit_qual &&
> +			insn_table[cur_insn].insn_info =3D=3D insn_info) {
> +		report(insn_table[cur_insn].name, 1);
> +		set_stage(stage + 1);
> +	}
> +	vmcs_write(GUEST_RIP, guest_rip + insn_len);
> +	return VMX_TEST_RESUME;
> +}
> +
>  /* name/init/guest_main/exit_handler/syscall_handler/guest_regs
>     basic_* just implement some basic functions */
>  struct vmx_test vmx_tests[] =3D {
> @@ -653,5 +768,7 @@ struct vmx_test vmx_tests[] =3D {
>  		cr_shadowing_exit_handler, basic_syscall_handler, {0} },
>  	{ "I/O bitmap", iobmp_init, iobmp_main, iobmp_exit_handler,
>  		basic_syscall_handler, {0} },
> +	{ "instruction intercept", insn_intercept_init, insn_intercept_main,
> +		insn_intercept_exit_handler, basic_syscall_handler, {0} },
>  	{ NULL, NULL, NULL, NULL, NULL, {0} },
>  };
>=20

Jan


--mBhgtJfkhW0juc2ESugJ9e58aJexC29gm
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlIMjBUACgkQitSsb3rl5xRWhQCfdiEKhRg5+0YTPfqPLlXY4WTr
68UAoJd904Py5sFq+ZPnjNUqQPfBc+KA
=oSkW
-----END PGP SIGNATURE-----

--mBhgtJfkhW0juc2ESugJ9e58aJexC29gm--