Commit ac4a4d6d authored by Oliver Upton's avatar Oliver Upton Committed by Paolo Bonzini
Browse files

selftests: kvm: test enforcement of paravirtual cpuid features 



Add a set of tests that ensure the guest cannot access paravirtual msrs
and hypercalls that have been disabled in the KVM_CPUID_FEATURES leaf.
Expect a #GP in the case of msr accesses and -KVM_ENOSYS from
hypercalls.

Cc: Jim Mattson <jmattson@google.com>
Signed-off-by: default avatarOliver Upton <oupton@google.com>
Reviewed-by: default avatarPeter Shier <pshier@google.com>
Reviewed-by: default avatarAaron Lewis <aaronlewis@google.com>
Message-Id: <20201027231044.655110-7-oupton@google.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent 29faeb96

tools/testing/selftests/kvm/.gitignore

+1 −0
Original line number Diff line number Diff line
@@ -5,6 +5,7 @@ 
/x86_64/cr4_cpuid_sync_test

/x86_64/debug_regs

/x86_64/evmcs_test

/x86_64/kvm_pv_test

/x86_64/hyperv_cpuid

/x86_64/mmio_warning_test

/x86_64/platform_info_test

tools/testing/selftests/kvm/Makefile

+1 −0
Original line number Diff line number Diff line
@@ -41,6 +41,7 @@ LIBKVM_s390x = lib/s390x/processor.c lib/s390x/ucall.c 
TEST_GEN_PROGS_x86_64 = x86_64/cr4_cpuid_sync_test

TEST_GEN_PROGS_x86_64 += x86_64/evmcs_test

TEST_GEN_PROGS_x86_64 += x86_64/hyperv_cpuid

TEST_GEN_PROGS_x86_64 += x86_64/kvm_pv_test

TEST_GEN_PROGS_x86_64 += x86_64/mmio_warning_test

TEST_GEN_PROGS_x86_64 += x86_64/platform_info_test

TEST_GEN_PROGS_x86_64 += x86_64/set_sregs_test

tools/testing/selftests/kvm/include/kvm_util.h

+3 −0
Original line number Diff line number Diff line
@@ -63,6 +63,9 @@ enum vm_mem_backing_src_type { 


int kvm_check_cap(long cap);

int vm_enable_cap(struct kvm_vm *vm, struct kvm_enable_cap *cap);

int vcpu_enable_cap(struct kvm_vm *vm, uint32_t vcpu_id,

		    struct kvm_enable_cap *cap);

void vm_enable_dirty_ring(struct kvm_vm *vm, uint32_t ring_size);



struct kvm_vm *vm_create(enum vm_guest_mode mode, uint64_t phy_pages, int perm);

struct kvm_vm *_vm_create(enum vm_guest_mode mode, uint64_t phy_pages, int perm);

tools/testing/selftests/kvm/include/x86_64/processor.h

+12 −0
Original line number Diff line number Diff line
@@ -362,6 +362,18 @@ void vcpu_init_descriptor_tables(struct kvm_vm *vm, uint32_t vcpuid); 
void vm_handle_exception(struct kvm_vm *vm, int vector,

			void (*handler)(struct ex_regs *));



/*

 * set_cpuid() - overwrites a matching cpuid entry with the provided value.

 *		 matches based on ent->function && ent->index. returns true

 *		 if a match was found and successfully overwritten.

 * @cpuid: the kvm cpuid list to modify.

 * @ent: cpuid entry to insert

 */

bool set_cpuid(struct kvm_cpuid2 *cpuid, struct kvm_cpuid_entry2 *ent);



uint64_t kvm_hypercall(uint64_t nr, uint64_t a0, uint64_t a1, uint64_t a2,

		       uint64_t a3);



/*

 * Basic CPU control in CR0

 */

tools/testing/selftests/kvm/lib/kvm_util.c

+28 −0
Original line number Diff line number Diff line
@@ -86,6 +86,34 @@ int vm_enable_cap(struct kvm_vm *vm, struct kvm_enable_cap *cap) 
	return ret;

}



/* VCPU Enable Capability

 *

 * Input Args:

 *   vm - Virtual Machine

 *   vcpu_id - VCPU

 *   cap - Capability

 *

 * Output Args: None

 *

 * Return: On success, 0. On failure a TEST_ASSERT failure is produced.

 *

 * Enables a capability (KVM_CAP_*) on the VCPU.

 */

int vcpu_enable_cap(struct kvm_vm *vm, uint32_t vcpu_id,

		    struct kvm_enable_cap *cap)

{

	struct vcpu *vcpu = vcpu_find(vm, vcpu_id);

	int r;



	TEST_ASSERT(vcpu, "cannot find vcpu %d", vcpu_id);



	r = ioctl(vcpu->fd, KVM_ENABLE_CAP, cap);

	TEST_ASSERT(!r, "KVM_ENABLE_CAP vCPU ioctl failed,\n"

			"  rc: %i, errno: %i", r, errno);



	return r;

}



static void vm_open(struct kvm_vm *vm, int perm)

{

	vm->kvm_fd = open(KVM_DEV_PATH, perm);