lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <d47dc156-405f-77c5-787a-99073053a06b@linux.ibm.com>
Date:   Mon, 17 Jan 2022 17:51:14 +0100
From:   Janis Schoetterl-Glausch <scgl@...ux.ibm.com>
To:     Paolo Bonzini <pbonzini@...hat.com>, linux-kernel@...r.kernel.org,
        kvm@...r.kernel.org
Cc:     guang.zeng@...el.com, jing2.liu@...el.com, kevin.tian@...el.com,
        seanjc@...gle.com, tglx@...utronix.de, wei.w.wang@...el.com,
        yang.zhong@...el.com
Subject: Re: [PATCH v6 19/21] kvm: selftests: Add support for KVM_CAP_XSAVE2

On 1/7/22 19:55, Paolo Bonzini wrote:
> From: Wei Wang <wei.w.wang@...el.com>
> 
> When KVM_CAP_XSAVE2 is supported, userspace is expected to allocate
> buffer for KVM_GET_XSAVE2 and KVM_SET_XSAVE using the size returned
> by KVM_CHECK_EXTENSION(KVM_CAP_XSAVE2).
> 
> Signed-off-by: Wei Wang <wei.w.wang@...el.com>
> Signed-off-by: Guang Zeng <guang.zeng@...el.com>
> Signed-off-by: Jing Liu <jing2.liu@...el.com>
> Signed-off-by: Yang Zhong <yang.zhong@...el.com>
> Message-Id: <20220105123532.12586-20-yang.zhong@...el.com>
> Signed-off-by: Paolo Bonzini <pbonzini@...hat.com>
> ---
>  tools/arch/x86/include/uapi/asm/kvm.h         | 16 ++++-
>  tools/include/uapi/linux/kvm.h                |  3 +
>  .../selftests/kvm/include/kvm_util_base.h     |  2 +
>  .../selftests/kvm/include/x86_64/processor.h  | 10 +++
>  tools/testing/selftests/kvm/lib/kvm_util.c    | 32 +++++++++
>  .../selftests/kvm/lib/x86_64/processor.c      | 67 ++++++++++++++++++-
>  .../testing/selftests/kvm/x86_64/evmcs_test.c |  2 +-
>  tools/testing/selftests/kvm/x86_64/smm_test.c |  2 +-
>  .../testing/selftests/kvm/x86_64/state_test.c |  2 +-
>  .../kvm/x86_64/vmx_preemption_timer_test.c    |  2 +-
>  10 files changed, 130 insertions(+), 8 deletions(-)
> 

[...]

> diff --git a/tools/testing/selftests/kvm/include/kvm_util_base.h b/tools/testing/selftests/kvm/include/kvm_util_base.h
> index 1e5ab6a92848..66775de26952 100644
> --- a/tools/testing/selftests/kvm/include/kvm_util_base.h
> +++ b/tools/testing/selftests/kvm/include/kvm_util_base.h
> @@ -103,6 +103,7 @@ extern const struct vm_guest_mode_params vm_guest_mode_params[];
>  int open_path_or_exit(const char *path, int flags);
>  int open_kvm_dev_path_or_exit(void);
>  int kvm_check_cap(long cap);
> +int vm_check_cap(struct kvm_vm *vm, long cap);
>  int vm_enable_cap(struct kvm_vm *vm, struct kvm_enable_cap *cap);
>  int vcpu_enable_cap(struct kvm_vm *vm, uint32_t vcpu_id,
>  		    struct kvm_enable_cap *cap);
> @@ -344,6 +345,7 @@ struct kvm_vm *vm_create_with_vcpus(enum vm_guest_mode mode, uint32_t nr_vcpus,
>   *   guest_code - The vCPU's entry point
>   */
>  void vm_vcpu_add_default(struct kvm_vm *vm, uint32_t vcpuid, void *guest_code);
> +void vm_xsave_req_perm(void);
> 
>  bool vm_is_unrestricted_guest(struct kvm_vm *vm);
> 

[...]

> diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/selftests/kvm/lib/kvm_util.c
> index ecc53d108ad8..4a645dc77f34 100644
> --- a/tools/testing/selftests/kvm/lib/kvm_util.c
> +++ b/tools/testing/selftests/kvm/lib/kvm_util.c
> @@ -85,6 +85,33 @@ int kvm_check_cap(long cap)
>  	return ret;
>  }
> 
> +/* VM Check Capability
> + *
> + * Input Args:
> + *   vm - Virtual Machine
> + *   cap - Capability
> + *
> + * Output Args: None
> + *
> + * Return:
> + *   On success, the Value corresponding to the capability (KVM_CAP_*)
> + *   specified by the value of cap.  On failure a TEST_ASSERT failure
> + *   is produced.
> + *
> + * Looks up and returns the value corresponding to the capability
> + * (KVM_CAP_*) given by cap.
> + */
> +int vm_check_cap(struct kvm_vm *vm, long cap)
> +{
> +	int ret;
> +
> +	ret = ioctl(vm->fd, KVM_CHECK_EXTENSION, cap);
> +	TEST_ASSERT(ret >= 0, "KVM_CHECK_EXTENSION VM IOCTL failed,\n"
> +		"  rc: %i errno: %i", ret, errno);
> +
> +	return ret;
> +}
> +
>  /* VM Enable Capability
>   *
>   * Input Args:
> @@ -366,6 +393,11 @@ struct kvm_vm *vm_create_with_vcpus(enum vm_guest_mode mode, uint32_t nr_vcpus,
>  	struct kvm_vm *vm;
>  	int i;
> 
> +	/*
> +	 * Permission needs to be requested before KVM_SET_CPUID2.
> +	 */
> +	vm_xsave_req_perm();
> +

Since

79e06c4c4950 (Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm)

on s390x I'm getting:

/usr/bin/ld: tools/testing/selftests/kvm/libkvm.a(kvm_util.o): in function `vm_create_with_vcpus':
tools/testing/selftests/kvm/lib/kvm_util.c:399: undefined reference to `vm_xsave_req_perm'
collect2: error: ld returned 1 exit status
make: *** [../lib.mk:146: tools/testing/selftests/kvm/s390x/memop] Error 1

Looks like it only exists for x86.
v2 had a comment about unconditional enablement:
https://lore.kernel.org/kvm/e20f590b-b9d9-237d-3b9c-77dd82a24b40@redhat.com/

Thanks for having a look.

>  	/* Force slot0 memory size not small than DEFAULT_GUEST_PHY_PAGES */
>  	if (slot0_mem_pages < DEFAULT_GUEST_PHY_PAGES)
>  		slot0_mem_pages = DEFAULT_GUEST_PHY_PAGES;
> diff --git a/tools/testing/selftests/kvm/lib/x86_64/processor.c b/tools/testing/selftests/kvm/lib/x86_64/processor.c
> index eef7b34756d5..f19d6d201977 100644
> --- a/tools/testing/selftests/kvm/lib/x86_64/processor.c
> +++ b/tools/testing/selftests/kvm/lib/x86_64/processor.c
> @@ -650,6 +650,45 @@ static void vcpu_setup(struct kvm_vm *vm, int vcpuid)
>  	vcpu_sregs_set(vm, vcpuid, &sregs);
>  }
> 
> +#define CPUID_XFD_BIT (1 << 4)
> +static bool is_xfd_supported(void)
> +{
> +	int eax, ebx, ecx, edx;
> +	const int leaf = 0xd, subleaf = 0x1;
> +
> +	__asm__ __volatile__(
> +		"cpuid"
> +		: /* output */ "=a"(eax), "=b"(ebx),
> +		  "=c"(ecx), "=d"(edx)
> +		: /* input */ "0"(leaf), "2"(subleaf));
> +
> +	return !!(eax & CPUID_XFD_BIT);
> +}
> +
> +void vm_xsave_req_perm(void)
> +{
> +	unsigned long bitmask;
> +	long rc;
> +
> +	if (!is_xfd_supported())
> +		return;
> +
> +	rc = syscall(SYS_arch_prctl, ARCH_REQ_XCOMP_GUEST_PERM,
> +		     XSTATE_XTILE_DATA_BIT);
> +	/*
> +	 * The older kernel version(<5.15) can't support
> +	 * ARCH_REQ_XCOMP_GUEST_PERM and directly return.
> +	 */
> +	if (rc)
> +		return;
> +
> +	rc = syscall(SYS_arch_prctl, ARCH_GET_XCOMP_GUEST_PERM, &bitmask);
> +	TEST_ASSERT(rc == 0, "prctl(ARCH_GET_XCOMP_GUEST_PERM) error: %ld", rc);
> +	TEST_ASSERT(bitmask & XFEATURE_XTILE_MASK,
> +		    "prctl(ARCH_REQ_XCOMP_GUEST_PERM) failure bitmask=0x%lx",
> +		    bitmask);
> +}
> +

[...]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ