lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 10 Jun 2024 17:51:26 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Reinette Chatre <reinette.chatre@...el.com>
Cc: isaku.yamahata@...el.com, pbonzini@...hat.com, erdemaktas@...gle.com, 
	vkuznets@...hat.com, vannapurve@...gle.com, jmattson@...gle.com, 
	mlevitsk@...hat.com, xiaoyao.li@...el.com, chao.gao@...el.com, 
	rick.p.edgecombe@...el.com, yuan.yao@...el.com, kvm@...r.kernel.org, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH V8 2/2] KVM: selftests: Add test for configure of x86 APIC
 bus frequency

On Mon, Jun 10, 2024, Reinette Chatre wrote:
> diff --git a/tools/testing/selftests/kvm/x86_64/apic_bus_clock_test.c b/tools/testing/selftests/kvm/x86_64/apic_bus_clock_test.c
> new file mode 100644
> index 000000000000..602cec91d8ee
> --- /dev/null
> +++ b/tools/testing/selftests/kvm/x86_64/apic_bus_clock_test.c
> @@ -0,0 +1,219 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +/*
> + * Copyright (c) 2024 Intel Corporation
> + *
> + * Verify KVM correctly emulates the APIC bus frequency when the VMM configures
> + * the frequency via KVM_CAP_X86_APIC_BUS_CYCLES_NS.  Start the APIC timer by
> + * programming TMICT (timer initial count) to the largest value possible (so
> + * that the timer will not expire during the test).  Then, after an arbitrary
> + * amount of time has elapsed, verify TMCCT (timer current count) is within 1%
> + * of the expected value based on the time elapsed, the APIC bus frequency, and
> + * the programmed TDCR (timer divide configuration register).
> + */
> +
> +#include "apic.h"
> +#include "test_util.h"
> +
> +/*
> + * Pick 25MHz for APIC bus frequency. Different enough from the default 1GHz.
> + * User can override via command line.
> + */
> +unsigned long apic_hz = 25 * 1000 * 1000;

static, and maybe a uint64_t to match the other stuff?

> +/*
> + * Possible TDCR values with matching divide count. Used to modify APIC
> + * timer frequency.
> + */
> +struct {
> +	uint32_t tdcr;
> +	uint32_t divide_count;
> +} tdcrs[] = {
> +	{0x0, 2},
> +	{0x1, 4},
> +	{0x2, 8},
> +	{0x3, 16},
> +	{0x8, 32},
> +	{0x9, 64},
> +	{0xa, 128},
> +	{0xb, 1},
> +};
> +
> +void guest_verify(uint64_t tsc_cycles, uint32_t apic_cycles, uint32_t divide_count)

uin64_t for apic_cycles?  And maybe something like guest_check_apic_count(), to
make it more obvious what is being verified?  Actually, it should be quite easy
to have the two flavors share the bulk of the code.

> +{
> +	unsigned long tsc_hz = tsc_khz * 1000;
> +	uint64_t freq;
> +
> +	GUEST_ASSERT(tsc_cycles > 0);

Is this necessary?  Won't the "freq < ..." check fail?  I love me some paranoia,
but this seems unnecessary.

> +	freq = apic_cycles * divide_count * tsc_hz / tsc_cycles;
> +	/* Check if measured frequency is within 1% of configured frequency. */
> +	GUEST_ASSERT(freq < apic_hz * 101 / 100);
> +	GUEST_ASSERT(freq > apic_hz * 99 / 100);
> +}
> +
> +void x2apic_guest_code(void)
> +{
> +	uint32_t tmict, tmcct;
> +	uint64_t tsc0, tsc1;
> +	int i;
> +
> +	x2apic_enable();
> +
> +	/*
> +	 * Setup one-shot timer.  The vector does not matter because the
> +	 * interrupt should not fire.
> +	 */
> +	x2apic_write_reg(APIC_LVTT, APIC_LVT_TIMER_ONESHOT | APIC_LVT_MASKED);
> +
> +	for (i = 0; i < ARRAY_SIZE(tdcrs); i++) {
> +		x2apic_write_reg(APIC_TDCR, tdcrs[i].tdcr);
> +
> +		/* Set the largest value to not trigger the interrupt. */

Nit, the goal isn't to avoid triggering the interrupt, e.g. the above masking
takes care of that.  The goal is to prevent the timer from expiring, because if
the timer expires it stops counting and will trigger a false failure because the
TSC doesn't stop counting.

Honestly, I would just delete the comment.  Same with the "busy wait for 100 msec"
and "Read APIC timer and TSC" comments.  They state the obvious.  Loading the max
TMICT is mildly interesting, but that's covered by the file-level comment.

> +		tmict = ~0;

This really belongs outside of the loop, e.g.

	const uint32_t tmict = ~0u;

> +		x2apic_write_reg(APIC_TMICT, tmict);
> +
> +		/* Busy wait for 100 msec. */

Hmm, should this be configurable?

> +		tsc0 = rdtsc();
> +		udelay(100000);
> +		/* Read APIC timer and TSC. */
> +		tmcct = x2apic_read_reg(APIC_TMCCT);
> +		tsc1 = rdtsc();
> +
> +		/* Stop timer. */

This comment is a bit more interesting, as readers might not know writing '0'
stops the timer.  But that's even more interesting is the ordering, e.g. it's
not at all unreasonable to think that the timer should be stopped _before_ reading
the current count.  E.g. something like:

		/*
		 * Stop the timer _after_ reading the current, final count, as
		 * writing the initial counter also modifies the current count.
		 */

> +		x2apic_write_reg(APIC_TMICT, 0);
> +
> +		guest_verify(tsc1 - tsc0, tmict - tmcct, tdcrs[i].divide_count);
> +	}
> +
> +	GUEST_DONE();
> +}
> +
> +void xapic_guest_code(void)
> +{
> +	uint32_t tmict, tmcct;
> +	uint64_t tsc0, tsc1;
> +	int i;
> +
> +	xapic_enable();
> +
> +	/*
> +	 * Setup one-shot timer.  The vector does not matter because the
> +	 * interrupt should not fire.
> +	 */
> +	xapic_write_reg(APIC_LVTT, APIC_LVT_TIMER_ONESHOT | APIC_LVT_MASKED);
> +
> +	for (i = 0; i < ARRAY_SIZE(tdcrs); i++) {
> +		xapic_write_reg(APIC_TDCR, tdcrs[i].tdcr);
> +
> +		/* Set the largest value to not trigger the interrupt. */
> +		tmict = ~0;
> +		xapic_write_reg(APIC_TMICT, tmict);
> +
> +		/* Busy wait for 100 msec. */
> +		tsc0 = rdtsc();
> +		udelay(100000);
> +		/* Read APIC timer and TSC. */
> +		tmcct = xapic_read_reg(APIC_TMCCT);
> +		tsc1 = rdtsc();
> +
> +		/* Stop timer. */
> +		xapic_write_reg(APIC_TMICT, 0);
> +
> +		guest_verify(tsc1 - tsc0, tmict - tmcct, tdcrs[i].divide_count);

That's some nice copy+paste :-)

This test isn't writing ICR, so the whole 32-bit vs. 64-bit weirdness with xAPIC
vs X2APIC is irrevelant.  Two tiny helpers, a global flag, and you can avoid a
pile of copy+paste, and the need to find a better name than guest_verify().

static bool is_x2apic;

static uint32_t apic_read_reg(unsigned int reg)
{
	return is_x2apic ? x2apic_read_reg(reg) : xapic_read_reg(reg);
}

static void apic_read_write(unsigned int reg, uint32_t val)
{
	if (is_x2apic)
		x2apic_write_reg(reg, val);
	else
		xapic_write_reg(reg, val);
	return is_x2apic ? x2apic_read_reg(reg) : xapic_read_reg(reg);
}

> +	}
> +
> +	GUEST_DONE();
> +}
> +
> +void test_apic_bus_clock(struct kvm_vcpu *vcpu)
> +{
> +	bool done = false;
> +	struct ucall uc;
> +
> +	while (!done) {
> +		vcpu_run(vcpu);
> +		TEST_ASSERT_KVM_EXIT_REASON(vcpu, KVM_EXIT_IO);
> +
> +		switch (get_ucall(vcpu, &uc)) {
> +		case UCALL_DONE:
> +			done = true;
> +			break;
> +		case UCALL_ABORT:
> +			REPORT_GUEST_ASSERT(uc);
> +			break;
> +		default:
> +			TEST_FAIL("Unknown ucall %lu", uc.cmd);
> +			break;
> +		}
> +	}
> +}
> +
> +void run_apic_bus_clock_test(bool xapic)
> +{
> +	struct kvm_vcpu *vcpu;
> +	struct kvm_vm *vm;
> +	int ret;
> +
> +	vm = vm_create(1);
> +
> +	sync_global_to_guest(vm, apic_hz);
> +
> +	vm_enable_cap(vm, KVM_CAP_X86_APIC_BUS_CYCLES_NS,
> +		      NSEC_PER_SEC / apic_hz);
> +
> +	vcpu = vm_vcpu_add(vm, 0, xapic ? xapic_guest_code : x2apic_guest_code);
> +
> +	ret = __vm_enable_cap(vm, KVM_CAP_X86_APIC_BUS_CYCLES_NS,
> +			      NSEC_PER_SEC / apic_hz);
> +	TEST_ASSERT(ret < 0 && errno == EINVAL,
> +		    "Setting of APIC bus frequency after vCPU is created should fail.");
> +
> +	if (xapic)
> +		virt_pg_map(vm, APIC_DEFAULT_GPA, APIC_DEFAULT_GPA);
> +
> +	test_apic_bus_clock(vcpu);
> +	kvm_vm_free(vm);
> +}
> +
> +void run_xapic_bus_clock_test(void)
> +{
> +	run_apic_bus_clock_test(true);
> +}
> +
> +void run_x2apic_bus_clock_test(void)
> +{
> +	run_apic_bus_clock_test(false);
> +}
> +
> +void help(char *name)
> +{
> +	puts("");
> +	printf("usage: %s [-h] [-a APIC bus freq]\n", name);
> +	puts("");
> +	printf("-a: The APIC bus frequency (in Hz) to be configured for the guest.\n");
> +	puts("");
> +}
> +
> +int main(int argc, char *argv[])
> +{
> +	int opt;
> +
> +	TEST_REQUIRE(kvm_has_cap(KVM_CAP_X86_APIC_BUS_CYCLES_NS));
> +	TEST_REQUIRE(kvm_has_cap(KVM_CAP_GET_TSC_KHZ));
> +
> +	while ((opt = getopt(argc, argv, "a:h")) != -1) {
> +		switch (opt) {
> +		case 'a':

Maybe -f for frequency instead of -a for APIC?  And if we make the delay
configurable, -d (delay)?

> +			apic_hz = atol(optarg);
> +			break;
> +		case 'h':
> +			help(argv[0]);
> +			exit(0);
> +		default:
> +			help(argv[0]);
> +			exit(1);
> +		}
> +	}
> +
> +	run_xapic_bus_clock_test();
> +	run_x2apic_bus_clock_test();
> +}
> -- 
> 2.34.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ