1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2019, Google LLC. 4 * 5 * This test verifies the integrity of calling the ioctl KVM_SET_NESTED_STATE. 6 */ 7 8 #include "test_util.h" 9 #include "kvm_util.h" 10 #include "processor.h" 11 #include "vmx.h" 12 #include "svm_util.h" 13 14 #include <errno.h> 15 #include <linux/kvm.h> 16 #include <string.h> 17 #include <sys/ioctl.h> 18 #include <unistd.h> 19 20 /* 21 * Mirror of VMCS12_REVISION in arch/x86/kvm/vmx/vmcs12.h. If that value 22 * changes this should be updated. 23 */ 24 #define VMCS12_REVISION 0x11e57ed0 25 26 bool have_evmcs; 27 28 void test_nested_state(struct kvm_vcpu *vcpu, struct kvm_nested_state *state) 29 { 30 vcpu_nested_state_set(vcpu, state); 31 } 32 33 void test_nested_state_expect_errno(struct kvm_vcpu *vcpu, 34 struct kvm_nested_state *state, 35 int expected_errno) 36 { 37 int rv; 38 39 rv = __vcpu_nested_state_set(vcpu, state); 40 TEST_ASSERT(rv == -1 && errno == expected_errno, 41 "Expected %s (%d) from vcpu_nested_state_set but got rv: %i errno: %s (%d)", 42 strerror(expected_errno), expected_errno, rv, strerror(errno), 43 errno); 44 } 45 46 void test_nested_state_expect_einval(struct kvm_vcpu *vcpu, 47 struct kvm_nested_state *state) 48 { 49 test_nested_state_expect_errno(vcpu, state, EINVAL); 50 } 51 52 void test_nested_state_expect_efault(struct kvm_vcpu *vcpu, 53 struct kvm_nested_state *state) 54 { 55 test_nested_state_expect_errno(vcpu, state, EFAULT); 56 } 57 58 void set_revision_id_for_vmcs12(struct kvm_nested_state *state, 59 u32 vmcs12_revision) 60 { 61 /* Set revision_id in vmcs12 to vmcs12_revision. */ 62 memcpy(&state->data, &vmcs12_revision, sizeof(u32)); 63 } 64 65 void set_default_state(struct kvm_nested_state *state) 66 { 67 memset(state, 0, sizeof(*state)); 68 state->flags = KVM_STATE_NESTED_RUN_PENDING | 69 KVM_STATE_NESTED_GUEST_MODE; 70 state->format = 0; 71 state->size = sizeof(*state); 72 } 73 74 void set_default_vmx_state(struct kvm_nested_state *state, int size) 75 { 76 memset(state, 0, size); 77 if (have_evmcs) 78 state->flags = KVM_STATE_NESTED_EVMCS; 79 state->format = 0; 80 state->size = size; 81 state->hdr.vmx.vmxon_pa = 0x1000; 82 state->hdr.vmx.vmcs12_pa = 0x2000; 83 state->hdr.vmx.smm.flags = 0; 84 set_revision_id_for_vmcs12(state, VMCS12_REVISION); 85 } 86 87 void test_vmx_nested_state(struct kvm_vcpu *vcpu) 88 { 89 /* Add a page for VMCS12. */ 90 const int state_sz = sizeof(struct kvm_nested_state) + getpagesize(); 91 struct kvm_nested_state *state = 92 (struct kvm_nested_state *)malloc(state_sz); 93 94 /* The format must be set to 0. 0 for VMX, 1 for SVM. */ 95 set_default_vmx_state(state, state_sz); 96 state->format = 1; 97 test_nested_state_expect_einval(vcpu, state); 98 99 /* 100 * We cannot virtualize anything if the guest does not have VMX 101 * enabled. 102 */ 103 set_default_vmx_state(state, state_sz); 104 test_nested_state_expect_einval(vcpu, state); 105 106 /* 107 * We cannot virtualize anything if the guest does not have VMX 108 * enabled. We expect KVM_SET_NESTED_STATE to return 0 if vmxon_pa 109 * is set to -1ull, but the flags must be zero. 110 */ 111 set_default_vmx_state(state, state_sz); 112 state->hdr.vmx.vmxon_pa = -1ull; 113 test_nested_state_expect_einval(vcpu, state); 114 115 state->hdr.vmx.vmcs12_pa = -1ull; 116 state->flags = KVM_STATE_NESTED_EVMCS; 117 test_nested_state_expect_einval(vcpu, state); 118 119 state->flags = 0; 120 test_nested_state(vcpu, state); 121 122 /* Enable VMX in the guest CPUID. */ 123 vcpu_set_cpuid_feature(vcpu, X86_FEATURE_VMX); 124 125 /* 126 * Setting vmxon_pa == -1ull and vmcs_pa == -1ull exits early without 127 * setting the nested state. When the eVMCS flag is not set, the 128 * expected return value is '0'. 129 */ 130 set_default_vmx_state(state, state_sz); 131 state->flags = 0; 132 state->hdr.vmx.vmxon_pa = -1ull; 133 state->hdr.vmx.vmcs12_pa = -1ull; 134 test_nested_state(vcpu, state); 135 136 /* 137 * When eVMCS is supported, the eVMCS flag can only be set if the 138 * enlightened VMCS capability has been enabled. 139 */ 140 if (have_evmcs) { 141 state->flags = KVM_STATE_NESTED_EVMCS; 142 test_nested_state_expect_einval(vcpu, state); 143 vcpu_enable_evmcs(vcpu); 144 test_nested_state(vcpu, state); 145 } 146 147 /* It is invalid to have vmxon_pa == -1ull and SMM flags non-zero. */ 148 state->hdr.vmx.smm.flags = 1; 149 test_nested_state_expect_einval(vcpu, state); 150 151 /* Invalid flags are rejected. */ 152 set_default_vmx_state(state, state_sz); 153 state->hdr.vmx.flags = ~0; 154 test_nested_state_expect_einval(vcpu, state); 155 156 /* It is invalid to have vmxon_pa == -1ull and vmcs_pa != -1ull. */ 157 set_default_vmx_state(state, state_sz); 158 state->hdr.vmx.vmxon_pa = -1ull; 159 state->flags = 0; 160 test_nested_state_expect_einval(vcpu, state); 161 162 /* It is invalid to have vmxon_pa set to a non-page aligned address. */ 163 set_default_vmx_state(state, state_sz); 164 state->hdr.vmx.vmxon_pa = 1; 165 test_nested_state_expect_einval(vcpu, state); 166 167 /* 168 * It is invalid to have KVM_STATE_NESTED_SMM_GUEST_MODE and 169 * KVM_STATE_NESTED_GUEST_MODE set together. 170 */ 171 set_default_vmx_state(state, state_sz); 172 state->flags = KVM_STATE_NESTED_GUEST_MODE | 173 KVM_STATE_NESTED_RUN_PENDING; 174 state->hdr.vmx.smm.flags = KVM_STATE_NESTED_SMM_GUEST_MODE; 175 test_nested_state_expect_einval(vcpu, state); 176 177 /* 178 * It is invalid to have any of the SMM flags set besides: 179 * KVM_STATE_NESTED_SMM_GUEST_MODE 180 * KVM_STATE_NESTED_SMM_VMXON 181 */ 182 set_default_vmx_state(state, state_sz); 183 state->hdr.vmx.smm.flags = ~(KVM_STATE_NESTED_SMM_GUEST_MODE | 184 KVM_STATE_NESTED_SMM_VMXON); 185 test_nested_state_expect_einval(vcpu, state); 186 187 /* Outside SMM, SMM flags must be zero. */ 188 set_default_vmx_state(state, state_sz); 189 state->flags = 0; 190 state->hdr.vmx.smm.flags = KVM_STATE_NESTED_SMM_GUEST_MODE; 191 test_nested_state_expect_einval(vcpu, state); 192 193 /* 194 * Size must be large enough to fit kvm_nested_state and vmcs12 195 * if VMCS12 physical address is set 196 */ 197 set_default_vmx_state(state, state_sz); 198 state->size = sizeof(*state); 199 state->flags = 0; 200 test_nested_state_expect_einval(vcpu, state); 201 202 set_default_vmx_state(state, state_sz); 203 state->size = sizeof(*state); 204 state->flags = 0; 205 state->hdr.vmx.vmcs12_pa = -1; 206 test_nested_state(vcpu, state); 207 208 /* 209 * KVM_SET_NESTED_STATE succeeds with invalid VMCS 210 * contents but L2 not running. 211 */ 212 set_default_vmx_state(state, state_sz); 213 state->flags = 0; 214 test_nested_state(vcpu, state); 215 216 /* Invalid flags are rejected, even if no VMCS loaded. */ 217 set_default_vmx_state(state, state_sz); 218 state->size = sizeof(*state); 219 state->flags = 0; 220 state->hdr.vmx.vmcs12_pa = -1; 221 state->hdr.vmx.flags = ~0; 222 test_nested_state_expect_einval(vcpu, state); 223 224 /* vmxon_pa cannot be the same address as vmcs_pa. */ 225 set_default_vmx_state(state, state_sz); 226 state->hdr.vmx.vmxon_pa = 0; 227 state->hdr.vmx.vmcs12_pa = 0; 228 test_nested_state_expect_einval(vcpu, state); 229 230 /* 231 * Test that if we leave nesting the state reflects that when we get 232 * it again. 233 */ 234 set_default_vmx_state(state, state_sz); 235 state->hdr.vmx.vmxon_pa = -1ull; 236 state->hdr.vmx.vmcs12_pa = -1ull; 237 state->flags = 0; 238 test_nested_state(vcpu, state); 239 vcpu_nested_state_get(vcpu, state); 240 TEST_ASSERT(state->size >= sizeof(*state) && state->size <= state_sz, 241 "Size must be between %ld and %d. The size returned was %d.", 242 sizeof(*state), state_sz, state->size); 243 244 TEST_ASSERT_EQ(state->hdr.vmx.vmxon_pa, -1ull); 245 TEST_ASSERT_EQ(state->hdr.vmx.vmcs12_pa, -1ull); 246 TEST_ASSERT_EQ(state->flags, 0); 247 248 free(state); 249 } 250 251 static void vcpu_efer_enable_svm(struct kvm_vcpu *vcpu) 252 { 253 uint64_t old_efer = vcpu_get_msr(vcpu, MSR_EFER); 254 255 vcpu_set_msr(vcpu, MSR_EFER, old_efer | EFER_SVME); 256 } 257 258 static void vcpu_efer_disable_svm(struct kvm_vcpu *vcpu) 259 { 260 uint64_t old_efer = vcpu_get_msr(vcpu, MSR_EFER); 261 262 vcpu_set_msr(vcpu, MSR_EFER, old_efer & ~EFER_SVME); 263 } 264 265 void set_default_svm_state(struct kvm_nested_state *state, int size) 266 { 267 memset(state, 0, size); 268 state->format = 1; 269 state->size = size; 270 state->hdr.svm.vmcb_pa = 0x3000; 271 } 272 273 void test_svm_nested_state(struct kvm_vcpu *vcpu) 274 { 275 /* Add a page for VMCB. */ 276 const int state_sz = sizeof(struct kvm_nested_state) + getpagesize(); 277 struct kvm_nested_state *state = 278 (struct kvm_nested_state *)malloc(state_sz); 279 280 vcpu_set_cpuid_feature(vcpu, X86_FEATURE_SVM); 281 282 /* The format must be set to 1. 0 for VMX, 1 for SVM. */ 283 set_default_svm_state(state, state_sz); 284 state->format = 0; 285 test_nested_state_expect_einval(vcpu, state); 286 287 /* Invalid flags are rejected, KVM_STATE_NESTED_EVMCS is VMX-only */ 288 set_default_svm_state(state, state_sz); 289 state->flags = KVM_STATE_NESTED_EVMCS; 290 test_nested_state_expect_einval(vcpu, state); 291 292 /* 293 * If EFER.SVME is clear, guest mode is disallowed and GIF can be set or 294 * cleared. 295 */ 296 vcpu_efer_disable_svm(vcpu); 297 298 set_default_svm_state(state, state_sz); 299 state->flags = KVM_STATE_NESTED_GUEST_MODE; 300 test_nested_state_expect_einval(vcpu, state); 301 302 state->flags = 0; 303 test_nested_state(vcpu, state); 304 305 state->flags = KVM_STATE_NESTED_GIF_SET; 306 test_nested_state(vcpu, state); 307 308 /* Enable SVM in the guest EFER. */ 309 vcpu_efer_enable_svm(vcpu); 310 311 /* Setting vmcb_pa to a non-aligned address is only fine when not entering guest mode */ 312 set_default_svm_state(state, state_sz); 313 state->hdr.svm.vmcb_pa = -1ull; 314 state->flags = 0; 315 test_nested_state(vcpu, state); 316 state->flags = KVM_STATE_NESTED_GUEST_MODE; 317 test_nested_state_expect_einval(vcpu, state); 318 319 /* 320 * Size must be large enough to fit kvm_nested_state and VMCB 321 * only when entering guest mode. 322 */ 323 set_default_svm_state(state, state_sz/2); 324 state->flags = 0; 325 test_nested_state(vcpu, state); 326 state->flags = KVM_STATE_NESTED_GUEST_MODE; 327 test_nested_state_expect_einval(vcpu, state); 328 329 /* 330 * Test that if we leave nesting the state reflects that when we get it 331 * again, except for vmcb_pa, which is always returned as 0 when not in 332 * guest mode. 333 */ 334 set_default_svm_state(state, state_sz); 335 state->hdr.svm.vmcb_pa = -1ull; 336 state->flags = KVM_STATE_NESTED_GIF_SET; 337 test_nested_state(vcpu, state); 338 vcpu_nested_state_get(vcpu, state); 339 TEST_ASSERT(state->size >= sizeof(*state) && state->size <= state_sz, 340 "Size must be between %ld and %d. The size returned was %d.", 341 sizeof(*state), state_sz, state->size); 342 343 TEST_ASSERT_EQ(state->hdr.svm.vmcb_pa, 0); 344 TEST_ASSERT_EQ(state->flags, KVM_STATE_NESTED_GIF_SET); 345 346 free(state); 347 } 348 349 int main(int argc, char *argv[]) 350 { 351 struct kvm_vm *vm; 352 struct kvm_nested_state state; 353 struct kvm_vcpu *vcpu; 354 355 have_evmcs = kvm_check_cap(KVM_CAP_HYPERV_ENLIGHTENED_VMCS); 356 357 TEST_REQUIRE(kvm_cpu_has(X86_FEATURE_VMX) || 358 kvm_cpu_has(X86_FEATURE_SVM)); 359 TEST_REQUIRE(kvm_has_cap(KVM_CAP_NESTED_STATE)); 360 361 vm = vm_create_with_one_vcpu(&vcpu, NULL); 362 363 /* 364 * First run tests with VMX/SVM disabled to check error handling. 365 * test_{vmx/svm}_nested_state() will re-enable as needed. 366 */ 367 if (kvm_cpu_has(X86_FEATURE_VMX)) 368 vcpu_clear_cpuid_feature(vcpu, X86_FEATURE_VMX); 369 else 370 vcpu_clear_cpuid_feature(vcpu, X86_FEATURE_SVM); 371 372 /* Passing a NULL kvm_nested_state causes a EFAULT. */ 373 test_nested_state_expect_efault(vcpu, NULL); 374 375 /* 'size' cannot be smaller than sizeof(kvm_nested_state). */ 376 set_default_state(&state); 377 state.size = 0; 378 test_nested_state_expect_einval(vcpu, &state); 379 380 /* 381 * Setting the flags 0xf fails the flags check. The only flags that 382 * can be used are: 383 * KVM_STATE_NESTED_GUEST_MODE 384 * KVM_STATE_NESTED_RUN_PENDING 385 * KVM_STATE_NESTED_EVMCS 386 */ 387 set_default_state(&state); 388 state.flags = 0xf; 389 test_nested_state_expect_einval(vcpu, &state); 390 391 /* 392 * If KVM_STATE_NESTED_RUN_PENDING is set then 393 * KVM_STATE_NESTED_GUEST_MODE has to be set as well. 394 */ 395 set_default_state(&state); 396 state.flags = KVM_STATE_NESTED_RUN_PENDING; 397 test_nested_state_expect_einval(vcpu, &state); 398 399 if (kvm_cpu_has(X86_FEATURE_VMX)) 400 test_vmx_nested_state(vcpu); 401 else 402 test_svm_nested_state(vcpu); 403 404 kvm_vm_free(vm); 405 return 0; 406 } 407