Received: by 2002:ab2:3141:0:b0:1ed:23cc:44d1 with SMTP id i1csp489462lqg; Fri, 1 Mar 2024 11:06:42 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCU3l1auLaAndTctbFLnB95/lrlS8IuPMRYi3tsq8sxPG+mMkcYvpgxpzo9GIZ8F1bPfKIsu21nKtO/zCnkz0HRZLOKqQN410e5A6btRMQ== X-Google-Smtp-Source: AGHT+IEwBI+ylYO71f//FMtnYu71/Vueg1DKfoneBk/w48599GfOiilA//iV9dCVNvA2AMzBf5Ej X-Received: by 2002:a50:9ecd:0:b0:565:edf9:8038 with SMTP id a71-20020a509ecd000000b00565edf98038mr1654244edf.40.1709320001664; Fri, 01 Mar 2024 11:06:41 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709320001; cv=pass; d=google.com; s=arc-20160816; b=ITiQGEavwIJvYSA5JoKcRZ8YUfZ+bkrUnMfuZxNN3sywtIndCeg5lUlZ5EQEcnlakm C9mFIjCcKenIKOC0Qk4LIOXZK5Ktb1pPqKqfP5p5oqHQvv4hwTSmF7LyXZZAba74zGFr hoBeqCZwaQgoXe24gJhW3FdPzW9U0dT/XD9p1I7C018ZvlCm4ndekTl3WKNSqqLsA+Dq ecWvuD1hoxZq/4i4bi6VM/bo0Hq/EdLzf4lv888JZ+CHPiQAKMZDVrmEN3zpzr4qJYrM Hst9ujTgO2LitVKRfnzia5u9xnAaG/UGD5mGLiXTmDjSTXvS4x8e14HDDCXYfoutY2rJ j8sg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to:subject :user-agent:mime-version:list-unsubscribe:list-subscribe:list-id :precedence:date:message-id:dkim-signature; bh=GzQRi+eA5+l6HakiTKeDIHtHAwi+J/TSaLzOC2cg6Ok=; fh=WuQvpk6wLzB4Rn153D+AqNBnRt6WYYeEM3NCy46Pb90=; b=dycKmEX0oYoY+Od9GCAgDWWmjS3mh6vL74y34VbQOPsTWPlrFqgLqPbjiAppRM0jgf +7V0h4GZ078ab8PrUwNWTqsk/FBNbam53plgMVfMU91V9r4VWpPlVEeALXtb+YL1fhCy ZXgFIOtwGzOc4v7OWonhcIk/9y9gFWExgnI2Wj5Du/h2obyXCMED1HTJuhhAU+54arrJ zu9tlTUr48YxQALEJhaRLM8BA3Mi4+COeZbPLqAEwZPxgA/bDv1tkRAJqzAg+eRZ7U5h PasQ5vl/McK7wHTPCPBvzAp3xuzLxnmhUZ4N4yUNF6AgksK6p7Npc17vX62b4g2FY7Wx TFjg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=hhIW4khV; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-88380-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-88380-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id z5-20020a50eb45000000b00564d2bf234dsi1590445edp.253.2024.03.01.11.06.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 Mar 2024 11:06:41 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-88380-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=hhIW4khV; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-88380-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-88380-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 943C91F22A87 for ; Fri, 1 Mar 2024 12:00:48 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3F8C76D536; Fri, 1 Mar 2024 12:00:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="hhIW4khV" Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AC7426D1A7; Fri, 1 Mar 2024 12:00:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709294437; cv=none; b=S5/pYk6edYO6HmH5GH6/sjgHs8N/oKWiUGl9SEdZIGmaYL02CMHlmYtT6dQiEdPKCCpbiqYfqioovnY0dAbLvJhDLnIEi17VeLBT1OJymRbVz0NOYL2idum8NvFVJpFMBal5kAaSkl11oOSrMSlxdafw4Rftf12+xpWCVxutpCI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709294437; c=relaxed/simple; bh=Bpm6hOspaqm5Ql7XCmGjGb3G6kC5f6KchwepD3KMdv4=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=OezbkTYQce03b0eCu461Mzrnu4XfhTZWncPhaM3UiVip19acVnKiahjj0teAJH1prrzTvUQEsVPyptenDf2z3iUe7G6SrbfKcL3cXtIapbtU4wKZFq/6BOwNdEozNG0Xq3GOpPdPGhQWds5V4Yd0ytumVkzJvs0XFiEhuTAu65Y= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=hhIW4khV; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1709294435; x=1740830435; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=Bpm6hOspaqm5Ql7XCmGjGb3G6kC5f6KchwepD3KMdv4=; b=hhIW4khVoxPhNhkTybHLGQgwMV9SScSZEVhU+Xj4/J87KUrl6vg5JdMK /pzeSHsX5XmPVYXjWDPq7UG1uv9aZCuU6eQX/1a+v1mL/q+ex+myJfyju j8E6DXGu8mOTui3U/rzcxQluxbpuVtIOYyFs7Mx620+raBvuuQ38V1SjI +L1oo6wbPfsKPnemVZcaTsvwPX4ck3ImS203RSxoNt1icXKvzl3SoHQGD W9HJthAqVUcohXqbR+UjQPuHMhCLpKBWlTRzsnhXsDKQdD4Y4FfLOTj63 mjDcbqEvilPtU5x/e9JErsu8zXGrnH4Y/0hsrH7P5UYBuDYUOM7Yzj+7T A==; X-IronPort-AV: E=McAfee;i="6600,9927,10999"; a="6780642" X-IronPort-AV: E=Sophos;i="6.06,196,1705392000"; d="scan'208";a="6780642" Received: from orviesa003.jf.intel.com ([10.64.159.143]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Mar 2024 04:00:28 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.06,196,1705392000"; d="scan'208";a="12863458" Received: from binbinwu-mobl.ccr.corp.intel.com (HELO [10.125.242.247]) ([10.125.242.247]) by ORVIESA003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Mar 2024 04:00:22 -0800 Message-ID: Date: Fri, 1 Mar 2024 20:00:19 +0800 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [RFC PATCH v5 15/29] KVM: selftests: TDX: Add TDX MSR read/write tests To: Sagi Shahar Cc: linux-kselftest@vger.kernel.org, Ackerley Tng , Ryan Afranji , Erdem Aktas , Isaku Yamahata , Sean Christopherson , Paolo Bonzini , Shuah Khan , Peter Gonda , Haibo Xu , Chao Peng , Vishal Annapurve , Roger Wang , Vipin Sharma , jmattson@google.com, dmatlack@google.com, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-mm@kvack.org References: <20231212204647.2170650-1-sagis@google.com> <20231212204647.2170650-16-sagis@google.com> From: Binbin Wu In-Reply-To: <20231212204647.2170650-16-sagis@google.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 12/13/2023 4:46 AM, Sagi Shahar wrote: > The test verifies reads and writes for MSR registers with different access > level. > > Signed-off-by: Sagi Shahar > Signed-off-by: Ackerley Tng > Signed-off-by: Ryan Afranji > --- > .../selftests/kvm/include/x86_64/tdx/tdx.h | 5 + > .../selftests/kvm/lib/x86_64/tdx/tdx.c | 27 +++ > .../selftests/kvm/x86_64/tdx_vm_tests.c | 209 ++++++++++++++++++ > 3 files changed, 241 insertions(+) > > diff --git a/tools/testing/selftests/kvm/include/x86_64/tdx/tdx.h b/tools/testing/selftests/kvm/include/x86_64/tdx/tdx.h > index 63788012bf94..85ba6aab79a7 100644 > --- a/tools/testing/selftests/kvm/include/x86_64/tdx/tdx.h > +++ b/tools/testing/selftests/kvm/include/x86_64/tdx/tdx.h > @@ -9,11 +9,16 @@ > #define TDG_VP_VMCALL_REPORT_FATAL_ERROR 0x10003 > > #define TDG_VP_VMCALL_INSTRUCTION_IO 30 > +#define TDG_VP_VMCALL_INSTRUCTION_RDMSR 31 > +#define TDG_VP_VMCALL_INSTRUCTION_WRMSR 32 > + > void handle_userspace_tdg_vp_vmcall_exit(struct kvm_vcpu *vcpu); > uint64_t tdg_vp_vmcall_instruction_io(uint64_t port, uint64_t size, > uint64_t write, uint64_t *data); > void tdg_vp_vmcall_report_fatal_error(uint64_t error_code, uint64_t data_gpa); > uint64_t tdg_vp_vmcall_get_td_vmcall_info(uint64_t *r11, uint64_t *r12, > uint64_t *r13, uint64_t *r14); > +uint64_t tdg_vp_vmcall_instruction_rdmsr(uint64_t index, uint64_t *ret_value); > +uint64_t tdg_vp_vmcall_instruction_wrmsr(uint64_t index, uint64_t value); > > #endif // SELFTEST_TDX_TDX_H > diff --git a/tools/testing/selftests/kvm/lib/x86_64/tdx/tdx.c b/tools/testing/selftests/kvm/lib/x86_64/tdx/tdx.c > index e5a9e13c62e2..88ea6f2a6469 100644 > --- a/tools/testing/selftests/kvm/lib/x86_64/tdx/tdx.c > +++ b/tools/testing/selftests/kvm/lib/x86_64/tdx/tdx.c > @@ -87,3 +87,30 @@ uint64_t tdg_vp_vmcall_get_td_vmcall_info(uint64_t *r11, uint64_t *r12, > > return ret; > } > + > +uint64_t tdg_vp_vmcall_instruction_rdmsr(uint64_t index, uint64_t *ret_value) > +{ > + uint64_t ret; > + struct tdx_hypercall_args args = { > + .r11 = TDG_VP_VMCALL_INSTRUCTION_RDMSR, > + .r12 = index, > + }; > + > + ret = __tdx_hypercall(&args, TDX_HCALL_HAS_OUTPUT); > + > + if (ret_value) > + *ret_value = args.r11; > + > + return ret; > +} > + > +uint64_t tdg_vp_vmcall_instruction_wrmsr(uint64_t index, uint64_t value) > +{ > + struct tdx_hypercall_args args = { > + .r11 = TDG_VP_VMCALL_INSTRUCTION_WRMSR, > + .r12 = index, > + .r13 = value, > + }; > + > + return __tdx_hypercall(&args, 0); > +} > diff --git a/tools/testing/selftests/kvm/x86_64/tdx_vm_tests.c b/tools/testing/selftests/kvm/x86_64/tdx_vm_tests.c > index 699cba36e9ce..5db3701cc6d9 100644 > --- a/tools/testing/selftests/kvm/x86_64/tdx_vm_tests.c > +++ b/tools/testing/selftests/kvm/x86_64/tdx_vm_tests.c > @@ -515,6 +515,213 @@ void verify_guest_reads(void) > printf("\t ... PASSED\n"); > } > > +/* > + * Define a filter which denies all MSR access except the following: > + * MSR_X2APIC_APIC_ICR: Allow read/write access (allowed by default) The default filtering behavior of tdx_msr_test_filter is KVM_MSR_FILTER_DEFAULT_DENY, and MSR_X2APIC_APIC_ICR is not covered by any specific range, shouldn't MSR_X2APIC_APIC_ICR be denied by default? > + * MSR_IA32_MISC_ENABLE: Allow read access > + * MSR_IA32_POWER_CTL: Allow write access > + */ > +#define MSR_X2APIC_APIC_ICR 0x830 > +static u64 tdx_msr_test_allow_bits = 0xFFFFFFFFFFFFFFFF; > +struct kvm_msr_filter tdx_msr_test_filter = { > + .flags = KVM_MSR_FILTER_DEFAULT_DENY, > + .ranges = { > + { > + .flags = KVM_MSR_FILTER_READ, > + .nmsrs = 1, > + .base = MSR_IA32_MISC_ENABLE, > + .bitmap = (uint8_t *)&tdx_msr_test_allow_bits, > + }, { > + .flags = KVM_MSR_FILTER_WRITE, > + .nmsrs = 1, > + .base = MSR_IA32_POWER_CTL, > + .bitmap = (uint8_t *)&tdx_msr_test_allow_bits, > + }, > + }, > +}; > + > +/* > + * Verifies MSR read functionality. > + */ > +void guest_msr_read(void) > +{ > + uint64_t data; > + uint64_t ret; > + > + ret = tdg_vp_vmcall_instruction_rdmsr(MSR_X2APIC_APIC_ICR, &data); > + if (ret) > + tdx_test_fatal(ret); > + > + ret = tdx_test_report_64bit_to_user_space(data); > + if (ret) > + tdx_test_fatal(ret); > + > + ret = tdg_vp_vmcall_instruction_rdmsr(MSR_IA32_MISC_ENABLE, &data); > + if (ret) > + tdx_test_fatal(ret); > + > + ret = tdx_test_report_64bit_to_user_space(data); > + if (ret) > + tdx_test_fatal(ret); > + > + /* We expect this call to fail since MSR_IA32_POWER_CTL is write only */ > + ret = tdg_vp_vmcall_instruction_rdmsr(MSR_IA32_POWER_CTL, &data); > + if (ret) { > + ret = tdx_test_report_64bit_to_user_space(ret); > + if (ret) > + tdx_test_fatal(ret); > + } else { > + tdx_test_fatal(-99); > + } > + > + tdx_test_success(); > +} > + > +void verify_guest_msr_reads(void) > +{ > + struct kvm_vm *vm; > + struct kvm_vcpu *vcpu; > + > + uint64_t data; > + int ret; > + > + vm = td_create(); > + td_initialize(vm, VM_MEM_SRC_ANONYMOUS, 0); > + > + /* > + * Set explicit MSR filter map to control access to the MSR registers > + * used in the test. > + */ > + printf("\t ... Setting test MSR filter\n"); > + ret = kvm_check_cap(KVM_CAP_X86_USER_SPACE_MSR); > + TEST_ASSERT(ret, "KVM_CAP_X86_USER_SPACE_MSR is unavailable"); > + vm_enable_cap(vm, KVM_CAP_X86_USER_SPACE_MSR, KVM_MSR_EXIT_REASON_FILTER); > + > + ret = kvm_check_cap(KVM_CAP_X86_MSR_FILTER); > + TEST_ASSERT(ret, "KVM_CAP_X86_MSR_FILTER is unavailable"); > + > + ret = ioctl(vm->fd, KVM_X86_SET_MSR_FILTER, &tdx_msr_test_filter); > + TEST_ASSERT(ret == 0, > + "KVM_X86_SET_MSR_FILTER failed, ret: %i errno: %i (%s)", > + ret, errno, strerror(errno)); > + > + vcpu = td_vcpu_add(vm, 0, guest_msr_read); > + td_finalize(vm); > + > + printf("Verifying guest msr reads:\n"); > + > + printf("\t ... Setting test MSR values\n"); > + /* Write arbitrary to the MSRs. */ > + vcpu_set_msr(vcpu, MSR_X2APIC_APIC_ICR, 4); > + vcpu_set_msr(vcpu, MSR_IA32_MISC_ENABLE, 5); > + vcpu_set_msr(vcpu, MSR_IA32_POWER_CTL, 6); > + > + printf("\t ... Running guest\n"); > + td_vcpu_run(vcpu); > + TDX_TEST_CHECK_GUEST_FAILURE(vcpu); > + data = tdx_test_read_64bit_report_from_guest(vcpu); > + TEST_ASSERT_EQ(data, 4); > + > + td_vcpu_run(vcpu); > + TDX_TEST_CHECK_GUEST_FAILURE(vcpu); > + data = tdx_test_read_64bit_report_from_guest(vcpu); > + TEST_ASSERT_EQ(data, 5); > + > + td_vcpu_run(vcpu); > + TDX_TEST_CHECK_GUEST_FAILURE(vcpu); > + data = tdx_test_read_64bit_report_from_guest(vcpu); > + TEST_ASSERT_EQ(data, TDG_VP_VMCALL_INVALID_OPERAND); > + > + td_vcpu_run(vcpu); > + TDX_TEST_ASSERT_SUCCESS(vcpu); > + > + kvm_vm_free(vm); > + printf("\t ... PASSED\n"); > +} > + > +/* > + * Verifies MSR write functionality. > + */ > +void guest_msr_write(void) > +{ > + uint64_t ret; > + > + ret = tdg_vp_vmcall_instruction_wrmsr(MSR_X2APIC_APIC_ICR, 4); > + if (ret) > + tdx_test_fatal(ret); > + > + /* We expect this call to fail since MSR_IA32_MISC_ENABLE is read only */ > + ret = tdg_vp_vmcall_instruction_wrmsr(MSR_IA32_MISC_ENABLE, 5); > + if (ret) { > + ret = tdx_test_report_64bit_to_user_space(ret); > + if (ret) > + tdx_test_fatal(ret); > + } else { > + tdx_test_fatal(-99); > + } > + > + > + ret = tdg_vp_vmcall_instruction_wrmsr(MSR_IA32_POWER_CTL, 6); > + if (ret) > + tdx_test_fatal(ret); > + > + tdx_test_success(); > +} > + > +void verify_guest_msr_writes(void) > +{ > + struct kvm_vcpu *vcpu; > + struct kvm_vm *vm; > + > + uint64_t data; > + int ret; > + > + vm = td_create(); > + td_initialize(vm, VM_MEM_SRC_ANONYMOUS, 0); > + > + /* > + * Set explicit MSR filter map to control access to the MSR registers > + * used in the test. > + */ > + printf("\t ... Setting test MSR filter\n"); > + ret = kvm_check_cap(KVM_CAP_X86_USER_SPACE_MSR); > + TEST_ASSERT(ret, "KVM_CAP_X86_USER_SPACE_MSR is unavailable"); > + vm_enable_cap(vm, KVM_CAP_X86_USER_SPACE_MSR, KVM_MSR_EXIT_REASON_FILTER); > + > + ret = kvm_check_cap(KVM_CAP_X86_MSR_FILTER); > + TEST_ASSERT(ret, "KVM_CAP_X86_MSR_FILTER is unavailable"); > + > + ret = ioctl(vm->fd, KVM_X86_SET_MSR_FILTER, &tdx_msr_test_filter); > + TEST_ASSERT(ret == 0, > + "KVM_X86_SET_MSR_FILTER failed, ret: %i errno: %i (%s)", > + ret, errno, strerror(errno)); > + > + vcpu = td_vcpu_add(vm, 0, guest_msr_write); > + td_finalize(vm); > + > + printf("Verifying guest msr writes:\n"); > + > + printf("\t ... Running guest\n"); > + /* Only the write to MSR_IA32_MISC_ENABLE should trigger an exit */ > + td_vcpu_run(vcpu); > + TDX_TEST_CHECK_GUEST_FAILURE(vcpu); > + data = tdx_test_read_64bit_report_from_guest(vcpu); > + TEST_ASSERT_EQ(data, TDG_VP_VMCALL_INVALID_OPERAND); > + > + td_vcpu_run(vcpu); > + TDX_TEST_ASSERT_SUCCESS(vcpu); > + > + printf("\t ... Verifying MSR values writen by guest\n"); > + > + TEST_ASSERT_EQ(vcpu_get_msr(vcpu, MSR_X2APIC_APIC_ICR), 4); > + TEST_ASSERT_EQ(vcpu_get_msr(vcpu, MSR_IA32_MISC_ENABLE), 0x1800); > + TEST_ASSERT_EQ(vcpu_get_msr(vcpu, MSR_IA32_POWER_CTL), 6); > + > + kvm_vm_free(vm); > + printf("\t ... PASSED\n"); > +} > + > + > int main(int argc, char **argv) > { > setbuf(stdout, NULL); > @@ -531,6 +738,8 @@ int main(int argc, char **argv) > run_in_new_process(&verify_get_td_vmcall_info); > run_in_new_process(&verify_guest_writes); > run_in_new_process(&verify_guest_reads); > + run_in_new_process(&verify_guest_msr_writes); > + run_in_new_process(&verify_guest_msr_reads); > > return 0; > }