tools/testing/selftests/kvm/s390/tprot.c

root/tools/testing/selftests/kvm/s390/tprot.c
// SPDX-License-Identifier: GPL-2.0-or-later
/*
 * Test TEST PROTECTION emulation.
 *
 * Copyright IBM Corp. 2021
 */
#include <sys/mman.h>
#include "test_util.h"
#include "kvm_util.h"
#include "kselftest.h"
#include "ucall_common.h"
#include "processor.h"

#define CR0_FETCH_PROTECTION_OVERRIDE   (1UL << (63 - 38))
#define CR0_STORAGE_PROTECTION_OVERRIDE (1UL << (63 - 39))

static __aligned(PAGE_SIZE) uint8_t pages[2][PAGE_SIZE];
static uint8_t *const page_store_prot = pages[0];
static uint8_t *const page_fetch_prot = pages[1];

/* Nonzero return value indicates that address not mapped */
static int set_storage_key(void *addr, uint8_t key)
{
        int not_mapped = 0;

        asm volatile (
                       "lra     %[addr], 0(0,%[addr])\n"
                "       jz      0f\n"
                "       llill   %[not_mapped],1\n"
                "       j       1f\n"
                "0:     sske    %[key], %[addr]\n"
                "1:"
                : [addr] "+&a" (addr), [not_mapped] "+r" (not_mapped)
                : [key] "r" (key)
                : "cc"
        );
        return -not_mapped;
}

enum permission {
        READ_WRITE = 0,
        READ = 1,
        RW_PROTECTED = 2,
        TRANSL_UNAVAIL = 3,
};

static enum permission test_protection(void *addr, uint8_t key)
{
        uint64_t mask;

        asm volatile (
                       "tprot   %[addr], 0(%[key])\n"
                "       ipm     %[mask]\n"
                : [mask] "=r" (mask)
                : [addr] "Q" (*(char *)addr),
                  [key] "a" (key)
                : "cc"
        );

        return (enum permission)(mask >> 28);
}

enum stage {
        STAGE_INIT_SIMPLE,
        TEST_SIMPLE,
        STAGE_INIT_FETCH_PROT_OVERRIDE,
        TEST_FETCH_PROT_OVERRIDE,
        TEST_STORAGE_PROT_OVERRIDE,
        STAGE_END       /* must be the last entry (it's the amount of tests) */
};

struct test {
        enum stage stage;
        void *addr;
        uint8_t key;
        enum permission expected;
} tests[] = {
        /*
         * We perform each test in the array by executing TEST PROTECTION on
         * the specified addr with the specified key and checking if the returned
         * permissions match the expected value.
         * Both guest and host cooperate to set up the required test conditions.
         * A central condition is that the page targeted by addr has to be DAT
         * protected in the host mappings, in order for KVM to emulate the
         * TEST PROTECTION instruction.
         * Since the page tables are shared, the host uses mprotect to achieve
         * this.
         *
         * Test resulting in RW_PROTECTED/TRANSL_UNAVAIL will be interpreted
         * by SIE, not KVM, but there is no harm in testing them also.
         * See Enhanced Suppression-on-Protection Facilities in the
         * Interpretive-Execution Mode
         */
        /*
         * guest: set storage key of page_store_prot to 1
         *        storage key of page_fetch_prot to 9 and enable
         *        protection for it
         * STAGE_INIT_SIMPLE
         * host: write protect both via mprotect
         */
        /* access key 0 matches any storage key -> RW */
        { TEST_SIMPLE, page_store_prot, 0x00, READ_WRITE },
        /* access key matches storage key -> RW */
        { TEST_SIMPLE, page_store_prot, 0x10, READ_WRITE },
        /* mismatched keys, but no fetch protection -> RO */
        { TEST_SIMPLE, page_store_prot, 0x20, READ },
        /* access key 0 matches any storage key -> RW */
        { TEST_SIMPLE, page_fetch_prot, 0x00, READ_WRITE },
        /* access key matches storage key -> RW */
        { TEST_SIMPLE, page_fetch_prot, 0x90, READ_WRITE },
        /* mismatched keys, fetch protection -> inaccessible */
        { TEST_SIMPLE, page_fetch_prot, 0x10, RW_PROTECTED },
        /* page 0 not mapped yet -> translation not available */
        { TEST_SIMPLE, (void *)0x00, 0x10, TRANSL_UNAVAIL },
        /*
         * host: try to map page 0
         * guest: set storage key of page 0 to 9 and enable fetch protection
         * STAGE_INIT_FETCH_PROT_OVERRIDE
         * host: write protect page 0
         *       enable fetch protection override
         */
        /* mismatched keys, fetch protection, but override applies -> RO */
        { TEST_FETCH_PROT_OVERRIDE, (void *)0x00, 0x10, READ },
        /* mismatched keys, fetch protection, override applies to 0-2048 only -> inaccessible */
        { TEST_FETCH_PROT_OVERRIDE, (void *)2049, 0x10, RW_PROTECTED },
        /*
         * host: enable storage protection override
         */
        /* mismatched keys, but override applies (storage key 9) -> RW */
        { TEST_STORAGE_PROT_OVERRIDE, page_fetch_prot, 0x10, READ_WRITE },
        /* mismatched keys, no fetch protection, override doesn't apply -> RO */
        { TEST_STORAGE_PROT_OVERRIDE, page_store_prot, 0x20, READ },
        /* mismatched keys, but override applies (storage key 9) -> RW */
        { TEST_STORAGE_PROT_OVERRIDE, (void *)2049, 0x10, READ_WRITE },
        /* end marker */
        { STAGE_END, 0, 0, 0 },
};

static enum stage perform_next_stage(int *i, bool mapped_0)
{
        enum stage stage = tests[*i].stage;
        enum permission result;
        bool skip;

        for (; tests[*i].stage == stage; (*i)++) {
                /*
                 * Some fetch protection override tests require that page 0
                 * be mapped, however, when the hosts tries to map that page via
                 * vm_vaddr_alloc, it may happen that some other page gets mapped
                 * instead.
                 * In order to skip these tests we detect this inside the guest
                 */
                skip = tests[*i].addr < (void *)PAGE_SIZE &&
                       tests[*i].expected != TRANSL_UNAVAIL &&
                       !mapped_0;
                if (!skip) {
                        result = test_protection(tests[*i].addr, tests[*i].key);
                        __GUEST_ASSERT(result == tests[*i].expected,
                                       "Wanted %u, got %u, for i = %u",
                                       tests[*i].expected, result, *i);
                }
        }
        return stage;
}

static void guest_code(void)
{
        bool mapped_0;
        int i = 0;

        GUEST_ASSERT_EQ(set_storage_key(page_store_prot, 0x10), 0);
        GUEST_ASSERT_EQ(set_storage_key(page_fetch_prot, 0x98), 0);
        GUEST_SYNC(STAGE_INIT_SIMPLE);
        GUEST_SYNC(perform_next_stage(&i, false));

        /* Fetch-protection override */
        mapped_0 = !set_storage_key((void *)0, 0x98);
        GUEST_SYNC(STAGE_INIT_FETCH_PROT_OVERRIDE);
        GUEST_SYNC(perform_next_stage(&i, mapped_0));

        /* Storage-protection override */
        GUEST_SYNC(perform_next_stage(&i, mapped_0));
}

#define HOST_SYNC_NO_TAP(vcpup, stage)                          \
({                                                              \
        struct kvm_vcpu *__vcpu = (vcpup);                      \
        struct ucall uc;                                        \
        int __stage = (stage);                                  \
                                                                \
        vcpu_run(__vcpu);                                       \
        get_ucall(__vcpu, &uc);                                 \
        if (uc.cmd == UCALL_ABORT)                              \
                REPORT_GUEST_ASSERT(uc);                        \
        TEST_ASSERT_EQ(uc.cmd, UCALL_SYNC);                     \
        TEST_ASSERT_EQ(uc.args[1], __stage);                    \
})

#define HOST_SYNC(vcpu, stage)                  \
({                                              \
        HOST_SYNC_NO_TAP(vcpu, stage);          \
        ksft_test_result_pass("" #stage "\n");  \
})

int main(int argc, char *argv[])
{
        struct kvm_vcpu *vcpu;
        struct kvm_vm *vm;
        struct kvm_run *run;
        vm_vaddr_t guest_0_page;

        ksft_print_header();
        ksft_set_plan(STAGE_END);

        vm = vm_create_with_one_vcpu(&vcpu, guest_code);
        run = vcpu->run;

        HOST_SYNC(vcpu, STAGE_INIT_SIMPLE);
        mprotect(addr_gva2hva(vm, (vm_vaddr_t)pages), PAGE_SIZE * 2, PROT_READ);
        HOST_SYNC(vcpu, TEST_SIMPLE);

        guest_0_page = vm_vaddr_alloc(vm, PAGE_SIZE, 0);
        if (guest_0_page != 0) {
                /* Use NO_TAP so we don't get a PASS print */
                HOST_SYNC_NO_TAP(vcpu, STAGE_INIT_FETCH_PROT_OVERRIDE);
                ksft_test_result_skip("STAGE_INIT_FETCH_PROT_OVERRIDE - "
                                      "Did not allocate page at 0\n");
        } else {
                HOST_SYNC(vcpu, STAGE_INIT_FETCH_PROT_OVERRIDE);
        }
        if (guest_0_page == 0)
                mprotect(addr_gva2hva(vm, (vm_vaddr_t)0), PAGE_SIZE, PROT_READ);
        run->s.regs.crs[0] |= CR0_FETCH_PROTECTION_OVERRIDE;
        run->kvm_dirty_regs = KVM_SYNC_CRS;
        HOST_SYNC(vcpu, TEST_FETCH_PROT_OVERRIDE);

        run->s.regs.crs[0] |= CR0_STORAGE_PROTECTION_OVERRIDE;
        run->kvm_dirty_regs = KVM_SYNC_CRS;
        HOST_SYNC(vcpu, TEST_STORAGE_PROT_OVERRIDE);

        kvm_vm_free(vm);

        ksft_finished();        /* Print results and exit() accordingly */
}
Linux
