xref: /linux/tools/testing/selftests/kvm/s390x/tprot.c (revision c532de5a67a70f8533d495f8f2aaa9a0491c3ad0)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * Test TEST PROTECTION emulation.
4  *
5  * Copyright IBM Corp. 2021
6  */
7 #include <sys/mman.h>
8 #include "test_util.h"
9 #include "kvm_util.h"
10 #include "kselftest.h"
11 #include "ucall_common.h"
12 #include "processor.h"
13 
14 #define CR0_FETCH_PROTECTION_OVERRIDE	(1UL << (63 - 38))
15 #define CR0_STORAGE_PROTECTION_OVERRIDE	(1UL << (63 - 39))
16 
17 static __aligned(PAGE_SIZE) uint8_t pages[2][PAGE_SIZE];
18 static uint8_t *const page_store_prot = pages[0];
19 static uint8_t *const page_fetch_prot = pages[1];
20 
21 /* Nonzero return value indicates that address not mapped */
22 static int set_storage_key(void *addr, uint8_t key)
23 {
24 	int not_mapped = 0;
25 
26 	asm volatile (
27 		       "lra	%[addr], 0(0,%[addr])\n"
28 		"	jz	0f\n"
29 		"	llill	%[not_mapped],1\n"
30 		"	j	1f\n"
31 		"0:	sske	%[key], %[addr]\n"
32 		"1:"
33 		: [addr] "+&a" (addr), [not_mapped] "+r" (not_mapped)
34 		: [key] "r" (key)
35 		: "cc"
36 	);
37 	return -not_mapped;
38 }
39 
40 enum permission {
41 	READ_WRITE = 0,
42 	READ = 1,
43 	RW_PROTECTED = 2,
44 	TRANSL_UNAVAIL = 3,
45 };
46 
47 static enum permission test_protection(void *addr, uint8_t key)
48 {
49 	uint64_t mask;
50 
51 	asm volatile (
52 		       "tprot	%[addr], 0(%[key])\n"
53 		"	ipm	%[mask]\n"
54 		: [mask] "=r" (mask)
55 		: [addr] "Q" (*(char *)addr),
56 		  [key] "a" (key)
57 		: "cc"
58 	);
59 
60 	return (enum permission)(mask >> 28);
61 }
62 
63 enum stage {
64 	STAGE_INIT_SIMPLE,
65 	TEST_SIMPLE,
66 	STAGE_INIT_FETCH_PROT_OVERRIDE,
67 	TEST_FETCH_PROT_OVERRIDE,
68 	TEST_STORAGE_PROT_OVERRIDE,
69 	STAGE_END	/* must be the last entry (it's the amount of tests) */
70 };
71 
72 struct test {
73 	enum stage stage;
74 	void *addr;
75 	uint8_t key;
76 	enum permission expected;
77 } tests[] = {
78 	/*
79 	 * We perform each test in the array by executing TEST PROTECTION on
80 	 * the specified addr with the specified key and checking if the returned
81 	 * permissions match the expected value.
82 	 * Both guest and host cooperate to set up the required test conditions.
83 	 * A central condition is that the page targeted by addr has to be DAT
84 	 * protected in the host mappings, in order for KVM to emulate the
85 	 * TEST PROTECTION instruction.
86 	 * Since the page tables are shared, the host uses mprotect to achieve
87 	 * this.
88 	 *
89 	 * Test resulting in RW_PROTECTED/TRANSL_UNAVAIL will be interpreted
90 	 * by SIE, not KVM, but there is no harm in testing them also.
91 	 * See Enhanced Suppression-on-Protection Facilities in the
92 	 * Interpretive-Execution Mode
93 	 */
94 	/*
95 	 * guest: set storage key of page_store_prot to 1
96 	 *        storage key of page_fetch_prot to 9 and enable
97 	 *        protection for it
98 	 * STAGE_INIT_SIMPLE
99 	 * host: write protect both via mprotect
100 	 */
101 	/* access key 0 matches any storage key -> RW */
102 	{ TEST_SIMPLE, page_store_prot, 0x00, READ_WRITE },
103 	/* access key matches storage key -> RW */
104 	{ TEST_SIMPLE, page_store_prot, 0x10, READ_WRITE },
105 	/* mismatched keys, but no fetch protection -> RO */
106 	{ TEST_SIMPLE, page_store_prot, 0x20, READ },
107 	/* access key 0 matches any storage key -> RW */
108 	{ TEST_SIMPLE, page_fetch_prot, 0x00, READ_WRITE },
109 	/* access key matches storage key -> RW */
110 	{ TEST_SIMPLE, page_fetch_prot, 0x90, READ_WRITE },
111 	/* mismatched keys, fetch protection -> inaccessible */
112 	{ TEST_SIMPLE, page_fetch_prot, 0x10, RW_PROTECTED },
113 	/* page 0 not mapped yet -> translation not available */
114 	{ TEST_SIMPLE, (void *)0x00, 0x10, TRANSL_UNAVAIL },
115 	/*
116 	 * host: try to map page 0
117 	 * guest: set storage key of page 0 to 9 and enable fetch protection
118 	 * STAGE_INIT_FETCH_PROT_OVERRIDE
119 	 * host: write protect page 0
120 	 *       enable fetch protection override
121 	 */
122 	/* mismatched keys, fetch protection, but override applies -> RO */
123 	{ TEST_FETCH_PROT_OVERRIDE, (void *)0x00, 0x10, READ },
124 	/* mismatched keys, fetch protection, override applies to 0-2048 only -> inaccessible */
125 	{ TEST_FETCH_PROT_OVERRIDE, (void *)2049, 0x10, RW_PROTECTED },
126 	/*
127 	 * host: enable storage protection override
128 	 */
129 	/* mismatched keys, but override applies (storage key 9) -> RW */
130 	{ TEST_STORAGE_PROT_OVERRIDE, page_fetch_prot, 0x10, READ_WRITE },
131 	/* mismatched keys, no fetch protection, override doesn't apply -> RO */
132 	{ TEST_STORAGE_PROT_OVERRIDE, page_store_prot, 0x20, READ },
133 	/* mismatched keys, but override applies (storage key 9) -> RW */
134 	{ TEST_STORAGE_PROT_OVERRIDE, (void *)2049, 0x10, READ_WRITE },
135 	/* end marker */
136 	{ STAGE_END, 0, 0, 0 },
137 };
138 
139 static enum stage perform_next_stage(int *i, bool mapped_0)
140 {
141 	enum stage stage = tests[*i].stage;
142 	enum permission result;
143 	bool skip;
144 
145 	for (; tests[*i].stage == stage; (*i)++) {
146 		/*
147 		 * Some fetch protection override tests require that page 0
148 		 * be mapped, however, when the hosts tries to map that page via
149 		 * vm_vaddr_alloc, it may happen that some other page gets mapped
150 		 * instead.
151 		 * In order to skip these tests we detect this inside the guest
152 		 */
153 		skip = tests[*i].addr < (void *)PAGE_SIZE &&
154 		       tests[*i].expected != TRANSL_UNAVAIL &&
155 		       !mapped_0;
156 		if (!skip) {
157 			result = test_protection(tests[*i].addr, tests[*i].key);
158 			__GUEST_ASSERT(result == tests[*i].expected,
159 				       "Wanted %u, got %u, for i = %u",
160 				       tests[*i].expected, result, *i);
161 		}
162 	}
163 	return stage;
164 }
165 
166 static void guest_code(void)
167 {
168 	bool mapped_0;
169 	int i = 0;
170 
171 	GUEST_ASSERT_EQ(set_storage_key(page_store_prot, 0x10), 0);
172 	GUEST_ASSERT_EQ(set_storage_key(page_fetch_prot, 0x98), 0);
173 	GUEST_SYNC(STAGE_INIT_SIMPLE);
174 	GUEST_SYNC(perform_next_stage(&i, false));
175 
176 	/* Fetch-protection override */
177 	mapped_0 = !set_storage_key((void *)0, 0x98);
178 	GUEST_SYNC(STAGE_INIT_FETCH_PROT_OVERRIDE);
179 	GUEST_SYNC(perform_next_stage(&i, mapped_0));
180 
181 	/* Storage-protection override */
182 	GUEST_SYNC(perform_next_stage(&i, mapped_0));
183 }
184 
185 #define HOST_SYNC_NO_TAP(vcpup, stage)				\
186 ({								\
187 	struct kvm_vcpu *__vcpu = (vcpup);			\
188 	struct ucall uc;					\
189 	int __stage = (stage);					\
190 								\
191 	vcpu_run(__vcpu);					\
192 	get_ucall(__vcpu, &uc);					\
193 	if (uc.cmd == UCALL_ABORT)				\
194 		REPORT_GUEST_ASSERT(uc);			\
195 	TEST_ASSERT_EQ(uc.cmd, UCALL_SYNC);			\
196 	TEST_ASSERT_EQ(uc.args[1], __stage);			\
197 })
198 
199 #define HOST_SYNC(vcpu, stage)			\
200 ({						\
201 	HOST_SYNC_NO_TAP(vcpu, stage);		\
202 	ksft_test_result_pass("" #stage "\n");	\
203 })
204 
205 int main(int argc, char *argv[])
206 {
207 	struct kvm_vcpu *vcpu;
208 	struct kvm_vm *vm;
209 	struct kvm_run *run;
210 	vm_vaddr_t guest_0_page;
211 
212 	ksft_print_header();
213 	ksft_set_plan(STAGE_END);
214 
215 	vm = vm_create_with_one_vcpu(&vcpu, guest_code);
216 	run = vcpu->run;
217 
218 	HOST_SYNC(vcpu, STAGE_INIT_SIMPLE);
219 	mprotect(addr_gva2hva(vm, (vm_vaddr_t)pages), PAGE_SIZE * 2, PROT_READ);
220 	HOST_SYNC(vcpu, TEST_SIMPLE);
221 
222 	guest_0_page = vm_vaddr_alloc(vm, PAGE_SIZE, 0);
223 	if (guest_0_page != 0) {
224 		/* Use NO_TAP so we don't get a PASS print */
225 		HOST_SYNC_NO_TAP(vcpu, STAGE_INIT_FETCH_PROT_OVERRIDE);
226 		ksft_test_result_skip("STAGE_INIT_FETCH_PROT_OVERRIDE - "
227 				      "Did not allocate page at 0\n");
228 	} else {
229 		HOST_SYNC(vcpu, STAGE_INIT_FETCH_PROT_OVERRIDE);
230 	}
231 	if (guest_0_page == 0)
232 		mprotect(addr_gva2hva(vm, (vm_vaddr_t)0), PAGE_SIZE, PROT_READ);
233 	run->s.regs.crs[0] |= CR0_FETCH_PROTECTION_OVERRIDE;
234 	run->kvm_dirty_regs = KVM_SYNC_CRS;
235 	HOST_SYNC(vcpu, TEST_FETCH_PROT_OVERRIDE);
236 
237 	run->s.regs.crs[0] |= CR0_STORAGE_PROTECTION_OVERRIDE;
238 	run->kvm_dirty_regs = KVM_SYNC_CRS;
239 	HOST_SYNC(vcpu, TEST_STORAGE_PROT_OVERRIDE);
240 
241 	kvm_vm_free(vm);
242 
243 	ksft_finished();	/* Print results and exit() accordingly */
244 }
245