Add various event injection test. Those tests use testdev to unmap pages from shadow pages/ept tables which make it possible to test rare scenarios. Signed-off-by: Gleb Natapov <gleb@xxxxxxxxxx> --- config-x86-common.mak | 4 +- lib/x86/desc.c | 7 +- lib/x86/desc.h | 3 + lib/x86/vm.c | 6 + lib/x86/vm.h | 1 + x86/eventinj.c | 372 +++++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 391 insertions(+), 2 deletions(-) create mode 100644 x86/eventinj.c diff --git a/config-x86-common.mak b/config-x86-common.mak index 3a77a93..732c4b7 100644 --- a/config-x86-common.mak +++ b/config-x86-common.mak @@ -33,7 +33,7 @@ tests-common = $(TEST_DIR)/vmexit.flat $(TEST_DIR)/tsc.flat \ $(TEST_DIR)/smptest.flat $(TEST_DIR)/port80.flat \ $(TEST_DIR)/realmode.flat $(TEST_DIR)/msr.flat \ $(TEST_DIR)/hypercall.flat $(TEST_DIR)/sieve.flat \ - $(TEST_DIR)/kvmclock_test.flat + $(TEST_DIR)/kvmclock_test.flat $(TEST_DIR)/eventinj.flat tests_and_config = $(TEST_DIR)/*.flat $(TEST_DIR)/unittests.cfg @@ -77,6 +77,8 @@ $(TEST_DIR)/svm.elf: $(cstart.o) $(TEST_DIR)/kvmclock_test.elf: $(cstart.o) $(TEST_DIR)/kvmclock.o \ $(TEST_DIR)/kvmclock_test.o +$(TEST_DIR)/eventinj.elf: $(cstart.o) $(TEST_DIR)/eventinj.o + arch_clean: $(RM) $(TEST_DIR)/*.o $(TEST_DIR)/*.flat $(TEST_DIR)/*.elf \ $(TEST_DIR)/.*.d $(TEST_DIR)/lib/.*.d $(TEST_DIR)/lib/*.o diff --git a/lib/x86/desc.c b/lib/x86/desc.c index 0da8989..1bd4421 100644 --- a/lib/x86/desc.c +++ b/lib/x86/desc.c @@ -62,7 +62,7 @@ typedef struct { u16 iomap_base; } tss32_t; -static idt_entry_t idt[256]; +static idt_entry_t idt[256] __attribute__((aligned(4096))); void load_lidt(idt_entry_t *idt, int nentries) { @@ -90,6 +90,11 @@ void set_idt_entry(int vec, void *addr, int dpl) #endif } +void set_idt_sel(int vec, u16 sel) +{ + idt_entry_t *e = &idt[vec]; + e->selector = sel; +} struct ex_record { unsigned long rip; diff --git a/lib/x86/desc.h b/lib/x86/desc.h index 073878d..0b4897c 100644 --- a/lib/x86/desc.h +++ b/lib/x86/desc.h @@ -37,9 +37,12 @@ struct ex_regs { #define TSS_MAIN 0x20 #define TSS_INTR 0x28 +#define NP_SEL 0x18 + unsigned exception_vector(void); unsigned exception_error_code(void); void set_idt_entry(int vec, void *addr, int dpl); +void set_idt_sel(int vec, u16 sel); void set_gdt_entry(int num, u32 base, u32 limit, u8 access, u8 gran); void set_intr_task_gate(int e, void *fn); void print_current_tss_info(void); diff --git a/lib/x86/vm.c b/lib/x86/vm.c index 1ca8a05..abbb0c9 100644 --- a/lib/x86/vm.c +++ b/lib/x86/vm.c @@ -248,3 +248,9 @@ void *vmap(unsigned long long phys, unsigned long size) } return mem; } + +void *alloc_vpage(void) +{ + vfree_top -= PAGE_SIZE; + return vfree_top; +} diff --git a/lib/x86/vm.h b/lib/x86/vm.h index a3d2676..bf8fd52 100644 --- a/lib/x86/vm.h +++ b/lib/x86/vm.h @@ -20,6 +20,7 @@ void setup_vm(); void *vmalloc(unsigned long size); void vfree(void *mem); void *vmap(unsigned long long phys, unsigned long size); +void *alloc_vpage(void); void install_pte(unsigned long *cr3, int pte_level, diff --git a/x86/eventinj.c b/x86/eventinj.c new file mode 100644 index 0000000..bcdc481 --- /dev/null +++ b/x86/eventinj.c @@ -0,0 +1,372 @@ +#include "libcflat.h" +#include "processor.h" +#include "vm.h" +#include "desc.h" +#include "isr.h" +#include "apic.h" +#include "apic-defs.h" + +#ifdef __x86_64__ +# define R "r" +#else +# define R "e" +#endif + +static int g_fail; +static int g_tests; + +static inline void io_delay(void) +{ +} + +static inline void outl(int addr, int val) +{ + asm volatile ("outl %1, %w0" : : "d" (addr), "a" (val)); +} + +static void report(const char *msg, int pass) +{ + ++g_tests; + printf("%s: %s\n", msg, (pass ? "PASS" : "FAIL")); + if (!pass) + ++g_fail; +} + +void apic_self_ipi(u8 v) +{ + apic_icr_write(APIC_DEST_SELF | APIC_DEST_PHYSICAL | APIC_DM_FIXED | + APIC_INT_ASSERT | v, 0); +} + +void apic_self_nmi(void) +{ + apic_icr_write(APIC_DEST_PHYSICAL | APIC_DM_NMI | APIC_INT_ASSERT, 0); +} + +static void eoi(void) +{ + apic_write(APIC_EOI, 0); +} + +#define flush_phys_addr(__s) outl(0xe4, __s) +#define flush_stack() do { \ + int __l; \ + flush_phys_addr(virt_to_phys(&__l)); \ + } while (0) + +extern char isr_iret_ip[]; + +static void flush_idt_page() +{ + struct descriptor_table_ptr ptr; + sidt(&ptr); + flush_phys_addr(virt_to_phys((void*)ptr.base)); +} + +static volatile unsigned int test_divider; +static volatile int test_count; + +#ifndef __x86_64__ +ulong stack_phys; +void *stack_va; + +static void pf_tss(void) +{ +start: + printf("PF running\n"); + install_pte(phys_to_virt(read_cr3()), 1, stack_va, + stack_phys | PTE_PRESENT | PTE_WRITE, 0); + invlpg(stack_va); + asm volatile ("iret"); + goto start; +} + +static void of_isr(struct ex_regs *r) +{ + printf("OF isr running\n"); + test_count++; +} + +static void np_isr(struct ex_regs *r) +{ + printf("NP isr running %x err=%x\n", r->rip, r->error_code); + set_idt_sel(33, read_cs()); + test_count++; +} +#endif + +static void de_isr(struct ex_regs *r) +{ + printf("DE isr running divider is %d\n", test_divider); + test_divider = 10; +} + +static void bp_isr(struct ex_regs *r) +{ + printf("BP isr running\n"); + test_count++; +} + +static void nested_nmi_isr(struct ex_regs *r) +{ + printf("Nested NMI isr running rip=%x\n", r->rip); + + if (r->rip != (ulong)&isr_iret_ip) + test_count++; +} +static void nmi_isr(struct ex_regs *r) +{ + printf("NMI isr running %x\n", &isr_iret_ip); + test_count++; + handle_exception(2, nested_nmi_isr); + printf("Try send nested NMI to itself\n"); + apic_self_nmi(); + io_delay(); + printf("After nested NMI to itself\n"); +} + +static void tirq0(isr_regs_t *r) +{ + printf("irq0 running\n"); + if (test_count != 0) + test_count++; + eoi(); +} + +static void tirq1(isr_regs_t *r) +{ + printf("irq1 running\n"); + test_count++; + eoi(); +} + +ulong saved_stack; + +#define switch_stack(S) do { \ + asm volatile ("mov %%"R"sp, %0":"=r"(saved_stack)); \ + asm volatile ("mov %0, %%"R"sp"::"r"(S)); \ + } while(0) + +#define restore_stack() do { \ + asm volatile ("mov %0, %%"R"sp"::"r"(saved_stack)); \ + } while(0) + +int main() +{ + unsigned int res; + ulong *pt, *cr3, i; + + setup_vm(); + setup_idt(); + setup_gdt(); + setup_tss32(); + + handle_irq(32, tirq0); + handle_irq(33, tirq1); + + /* generate HW exception that will fault on IDT and stack */ + handle_exception(0, de_isr); + printf("Try to divide by 0\n"); + flush_idt_page(); + flush_stack(); + asm volatile ("divl %3": "=a"(res) + : "d"(0), "a"(1500), "m"(test_divider)); + printf("Result is %d\n", res); + report("DE exception", res == 150); + + /* generate soft exception (BP) that will fault on IDT and stack */ + test_count = 0; + handle_exception(3, bp_isr); + printf("Try int 3\n"); + flush_idt_page(); + flush_stack(); + asm volatile ("int $3"); + printf("After int 3\n"); + report("BP exception", test_count == 1); + +#ifndef __x86_64__ + /* generate soft exception (OF) that will fault on IDT */ + test_count = 0; + handle_exception(4, of_isr); + flush_idt_page(); + printf("Try into\n"); + asm volatile ("addb $127, %b0\ninto"::"a"(127)); + printf("After into\n"); + report("OF exception", test_count == 1); + + /* generate soft exception (OF) using two bit instruction that will + fault on IDT */ + test_count = 0; + handle_exception(4, of_isr); + flush_idt_page(); + printf("Try into\n"); + asm volatile ("addb $127, %b0\naddr16 into"::"a"(127)); + printf("After into\n"); + report("2 byte OF exception", test_count == 1); +#endif + + /* generate HW interrupt that will fault on IDT */ + test_count = 0; + flush_idt_page(); + printf("Try send vec 33 to itself\n"); + irq_enable(); + apic_self_ipi(33); + io_delay(); + irq_disable(); + printf("After vec 33 to itself\n"); + report("vec 33", test_count == 1); + + /* generate soft interrupt that will fault on IDT and stack */ + test_count = 0; + flush_idt_page(); + printf("Try int $33\n"); + flush_stack(); + asm volatile ("int $33"); + printf("After int $33\n"); + report("int $33", test_count == 1); + + /* Inject two HW interrupt than open iterrupt windows. Both interrupt + will fault on IDT access */ + test_count = 0; + flush_idt_page(); + printf("Try send vec 32 and 33 to itself\n"); + apic_self_ipi(32); + apic_self_ipi(33); + io_delay(); + irq_enable(); + asm volatile("nop"); + irq_disable(); + printf("After vec 32 and 33 to itself\n"); + report("vec 32/33", test_count == 2); + + + /* Inject HW interrupt, do sti and than (while in irq shadow) inject + soft interrupt. Fault during soft interrupt. Soft interrup shoud be + handled before HW interrupt */ + test_count = 0; + flush_idt_page(); + printf("Try send vec 32 and int $33\n"); + apic_self_ipi(32); + flush_stack(); + io_delay(); + irq_enable(); + asm volatile ("int $33"); + irq_disable(); + printf("After vec 32 and int $33\n"); + report("vec 32/int $33", test_count == 2); + + /* test that TPR is honored */ + test_count = 0; + handle_irq(62, tirq1); + flush_idt_page(); + printf("Try send vec 33 and 62 and mask one with TPR\n"); + apic_write(APIC_TASKPRI, 0xf << 4); + irq_enable(); + apic_self_ipi(32); + apic_self_ipi(62); + io_delay(); + apic_write(APIC_TASKPRI, 0x2 << 4); + printf("After 33/62 TPR test\n"); + report("TPR", test_count == 1); + apic_write(APIC_TASKPRI, 0x0); + while(test_count != 2); /* wait for second irq */ + irq_disable(); + +#ifndef __x86_64__ + /* test fault durint NP delivery */ + printf("Before NP test\n"); + test_count = 0; + handle_exception(11, np_isr); + set_idt_sel(33, NP_SEL); + flush_idt_page(); + flush_stack(); + asm volatile ("int $33"); + printf("After int33\n"); + report("NP exception", test_count == 2); +#endif + + /* generate NMI that will fault on IDT */ + test_count = 0; + handle_exception(2, nmi_isr); + flush_idt_page(); + printf("Try send NMI to itself\n"); + apic_self_nmi(); + printf("After NMI to itself\n"); + /* this is needed on VMX without NMI window notificatoin. + Interrupt windows is used instead, so let pending NMI + to be injected */ + irq_enable(); + asm volatile ("nop"); + irq_disable(); + report("NMI", test_count == 2); + +#ifndef __x86_64__ + stack_phys = (ulong)virt_to_phys(alloc_page()); + stack_va = alloc_vpage(); + + /* Generate DE and PF exceptions serially */ + test_divider = 0; + set_intr_task_gate(14, pf_tss); + handle_exception(0, de_isr); + printf("Try to divide by 0\n"); + /* install read only pte */ + install_pte(phys_to_virt(read_cr3()), 1, stack_va, + stack_phys | PTE_PRESENT, 0); + invlpg(stack_va); + flush_phys_addr(stack_phys); + switch_stack(stack_va + 4095); + flush_idt_page(); + asm volatile ("divl %3": "=a"(res) + : "d"(0), "a"(1500), "m"(test_divider)); + restore_stack(); + printf("Result is %d\n", res); + report("DE PF exceptions", res == 150); + + /* Generate NP and PF exceptions serially */ + printf("Before NP test\n"); + test_count = 0; + set_intr_task_gate(14, pf_tss); + handle_exception(11, np_isr); + set_idt_sel(33, NP_SEL); + /* install read only pte */ + install_pte(phys_to_virt(read_cr3()), 1, stack_va, + stack_phys | PTE_PRESENT, 0); + invlpg(stack_va); + flush_idt_page(); + flush_phys_addr(stack_phys); + switch_stack(stack_va + 4095); + asm volatile ("int $33"); + restore_stack(); + printf("After int33\n"); + report("NP PF exceptions", test_count == 2); +#endif + + pt = alloc_page(); + cr3 = (void*)read_cr3(); + memset(pt, 0, 4096); + /* use shadowed stack during interrupt delivery */ + for (i = 0; i < 4096/sizeof(ulong); i++) { + if (!cr3[i]) { + cr3[i] = virt_to_phys(pt) | PTE_PRESENT | PTE_WRITE; + pt[0] = virt_to_phys(pt) | PTE_PRESENT | PTE_WRITE; +#ifndef __x86_64__ + ((ulong*)(i<<22))[1] = 0; +#else + ((ulong*)(i<<39))[1] = 0; +#endif + write_cr3(virt_to_phys(cr3)); + break; + } + } + test_count = 0; + printf("Try int 33 with shadowed stack\n"); + switch_stack(((char*)pt) + 4095); + asm volatile("int $33"); + restore_stack(); + printf("After int 33 with shadowed stack\n"); + report("int 33 with shadowed stack", test_count == 1); + + printf("\nsummary: %d tests, %d failures\n", g_tests, g_fail); + + return g_fail != 0; +} -- 1.7.2.3 -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html