| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 Jan 2022 17:51:14 +0100
From: Janis Schoetterl-Glausch <scgl@...ux.ibm.com>
To: Paolo Bonzini <pbonzini@...hat.com>, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org
Cc: guang.zeng@...el.com, jing2.liu@...el.com, kevin.tian@...el.com,
seanjc@...gle.com, tglx@...utronix.de, wei.w.wang@...el.com,
yang.zhong@...el.com
Subject: Re: [PATCH v6 19/21] kvm: selftests: Add support for KVM_CAP_XSAVE2
On 1/7/22 19:55, Paolo Bonzini wrote:
> From: Wei Wang <wei.w.wang@...el.com>
>
> When KVM_CAP_XSAVE2 is supported, userspace is expected to allocate
> buffer for KVM_GET_XSAVE2 and KVM_SET_XSAVE using the size returned
> by KVM_CHECK_EXTENSION(KVM_CAP_XSAVE2).
>
> Signed-off-by: Wei Wang <wei.w.wang@...el.com>
> Signed-off-by: Guang Zeng <guang.zeng@...el.com>
> Signed-off-by: Jing Liu <jing2.liu@...el.com>
> Signed-off-by: Yang Zhong <yang.zhong@...el.com>
> Message-Id: <20220105123532.12586-20-yang.zhong@...el.com>
> Signed-off-by: Paolo Bonzini <pbonzini@...hat.com>
> ---
> tools/arch/x86/include/uapi/asm/kvm.h | 16 ++++-
> tools/include/uapi/linux/kvm.h | 3 +
> .../selftests/kvm/include/kvm_util_base.h | 2 +
> .../selftests/kvm/include/x86_64/processor.h | 10 +++
> tools/testing/selftests/kvm/lib/kvm_util.c | 32 +++++++++
> .../selftests/kvm/lib/x86_64/processor.c | 67 ++++++++++++++++++-
> .../testing/selftests/kvm/x86_64/evmcs_test.c | 2 +-
> tools/testing/selftests/kvm/x86_64/smm_test.c | 2 +-
> .../testing/selftests/kvm/x86_64/state_test.c | 2 +-
> .../kvm/x86_64/vmx_preemption_timer_test.c | 2 +-
> 10 files changed, 130 insertions(+), 8 deletions(-)
>
[...]
> diff --git a/tools/testing/selftests/kvm/include/kvm_util_base.h b/tools/testing/selftests/kvm/include/kvm_util_base.h
> index 1e5ab6a92848..66775de26952 100644
> --- a/tools/testing/selftests/kvm/include/kvm_util_base.h
> +++ b/tools/testing/selftests/kvm/include/kvm_util_base.h
> @@ -103,6 +103,7 @@ extern const struct vm_guest_mode_params vm_guest_mode_params[];
> int open_path_or_exit(const char *path, int flags);
> int open_kvm_dev_path_or_exit(void);
> int kvm_check_cap(long cap);
> +int vm_check_cap(struct kvm_vm *vm, long cap);
> int vm_enable_cap(struct kvm_vm *vm, struct kvm_enable_cap *cap);
> int vcpu_enable_cap(struct kvm_vm *vm, uint32_t vcpu_id,
> struct kvm_enable_cap *cap);
> @@ -344,6 +345,7 @@ struct kvm_vm *vm_create_with_vcpus(enum vm_guest_mode mode, uint32_t nr_vcpus,
> * guest_code - The vCPU's entry point
> */
> void vm_vcpu_add_default(struct kvm_vm *vm, uint32_t vcpuid, void *guest_code);
> +void vm_xsave_req_perm(void);
>
> bool vm_is_unrestricted_guest(struct kvm_vm *vm);
>
[...]
> diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/selftests/kvm/lib/kvm_util.c
> index ecc53d108ad8..4a645dc77f34 100644
> --- a/tools/testing/selftests/kvm/lib/kvm_util.c
> +++ b/tools/testing/selftests/kvm/lib/kvm_util.c
> @@ -85,6 +85,33 @@ int kvm_check_cap(long cap)
> return ret;
> }
>
> +/* VM Check Capability
> + *
> + * Input Args:
> + * vm - Virtual Machine
> + * cap - Capability
> + *
> + * Output Args: None
> + *
> + * Return:
> + * On success, the Value corresponding to the capability (KVM_CAP_*)
> + * specified by the value of cap. On failure a TEST_ASSERT failure
> + * is produced.
> + *
> + * Looks up and returns the value corresponding to the capability
> + * (KVM_CAP_*) given by cap.
> + */
> +int vm_check_cap(struct kvm_vm *vm, long cap)
> +{
> + int ret;
> +
> + ret = ioctl(vm->fd, KVM_CHECK_EXTENSION, cap);
> + TEST_ASSERT(ret >= 0, "KVM_CHECK_EXTENSION VM IOCTL failed,\n"
> + " rc: %i errno: %i", ret, errno);
> +
> + return ret;
> +}
> +
> /* VM Enable Capability
> *
> * Input Args:
> @@ -366,6 +393,11 @@ struct kvm_vm *vm_create_with_vcpus(enum vm_guest_mode mode, uint32_t nr_vcpus,
> struct kvm_vm *vm;
> int i;
>
> + /*
> + * Permission needs to be requested before KVM_SET_CPUID2.
> + */
> + vm_xsave_req_perm();
> +
Since
79e06c4c4950 (Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm)
on s390x I'm getting:
/usr/bin/ld: tools/testing/selftests/kvm/libkvm.a(kvm_util.o): in function `vm_create_with_vcpus':
tools/testing/selftests/kvm/lib/kvm_util.c:399: undefined reference to `vm_xsave_req_perm'
collect2: error: ld returned 1 exit status
make: *** [../lib.mk:146: tools/testing/selftests/kvm/s390x/memop] Error 1
Looks like it only exists for x86.
v2 had a comment about unconditional enablement:
https://lore.kernel.org/kvm/e20f590b-b9d9-237d-3b9c-77dd82a24b40@redhat.com/
Thanks for having a look.
> /* Force slot0 memory size not small than DEFAULT_GUEST_PHY_PAGES */
> if (slot0_mem_pages < DEFAULT_GUEST_PHY_PAGES)
> slot0_mem_pages = DEFAULT_GUEST_PHY_PAGES;
> diff --git a/tools/testing/selftests/kvm/lib/x86_64/processor.c b/tools/testing/selftests/kvm/lib/x86_64/processor.c
> index eef7b34756d5..f19d6d201977 100644
> --- a/tools/testing/selftests/kvm/lib/x86_64/processor.c
> +++ b/tools/testing/selftests/kvm/lib/x86_64/processor.c
> @@ -650,6 +650,45 @@ static void vcpu_setup(struct kvm_vm *vm, int vcpuid)
> vcpu_sregs_set(vm, vcpuid, &sregs);
> }
>
> +#define CPUID_XFD_BIT (1 << 4)
> +static bool is_xfd_supported(void)
> +{
> + int eax, ebx, ecx, edx;
> + const int leaf = 0xd, subleaf = 0x1;
> +
> + __asm__ __volatile__(
> + "cpuid"
> + : /* output */ "=a"(eax), "=b"(ebx),
> + "=c"(ecx), "=d"(edx)
> + : /* input */ "0"(leaf), "2"(subleaf));
> +
> + return !!(eax & CPUID_XFD_BIT);
> +}
> +
> +void vm_xsave_req_perm(void)
> +{
> + unsigned long bitmask;
> + long rc;
> +
> + if (!is_xfd_supported())
> + return;
> +
> + rc = syscall(SYS_arch_prctl, ARCH_REQ_XCOMP_GUEST_PERM,
> + XSTATE_XTILE_DATA_BIT);
> + /*
> + * The older kernel version(<5.15) can't support
> + * ARCH_REQ_XCOMP_GUEST_PERM and directly return.
> + */
> + if (rc)
> + return;
> +
> + rc = syscall(SYS_arch_prctl, ARCH_GET_XCOMP_GUEST_PERM, &bitmask);
> + TEST_ASSERT(rc == 0, "prctl(ARCH_GET_XCOMP_GUEST_PERM) error: %ld", rc);
> + TEST_ASSERT(bitmask & XFEATURE_XTILE_MASK,
> + "prctl(ARCH_REQ_XCOMP_GUEST_PERM) failure bitmask=0x%lx",
> + bitmask);
> +}
> +
[...]
Powered by blists - more mailing lists