hvm: Honour test_wants_user_mappings

Fewer tests overall need user mappings, so construct the identity pagetables
without _PAGE_USER set in leaf entries by default.

Before loading paging settings, check whether a test has opted-in to user
mappings, and re-add _PAGE_USER to the l1 and l2 pagetable entries.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Provide PTE_SIZE and PTE_ORDER appropriate for the in-use paging mode

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

pv: Honour test_wants_user_mappings

32bit PV guests start on supervisor mappings, and previously unilaterally
switched to user mappings.  Now, only switch to user mappings if a test has
opted in.

64bit PV guests run at cpl3, must use user mappings and architecturally have
no choice in the matter.

This change is best reviewed with `git show --ignore-all-space`

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce a per-test opt-in for using user mappings

The choice of user or supervisor mappings is currently chosen for the
test, and is inflexible for a test needing to run in situations where
Xen leaks SMEP/SMAP into the guest, or where the test specifically wants
to use SMEP/SMAP itself.

As it turns out, fewer tests require user mappings than not.  For the
tests which don't require user mappings, allowing them to run on
supervisor mappings is quicker to set up, and allows the test to run
even if Xen leaks paging state.

Introduce test_wants_user_mappings and default it to false.  Tests which
want user mappings can opt-in by overriding the weak reference to true.
Explicit set the opt-in for the three tests which currently require
them.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce more memory management helpers

These are still simply, relying on identity mappings and state provided by the
domain builder for PV guests.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Add Xen ABI for update_va_mapping flags, and replace opencoded constants

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Replace @sa with @see in all documentation

They are identical as far as Doxygen is concerned, but more intuitive when
reading the raw text.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce invlpg() helper

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Helpers to pack and unpack a frame in a PSE36 superpage

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Create aliases of the live L1 and L2 pagetables

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce paddr_t

rather than just using uint64_t.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce PRI helper definitions for PTEs

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

More pagetable order and entries information

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

More space for static inline pagetable helpers

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce typesafe min()/max() helpers

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce mmu_update() hypercall infrastructure

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Collect CPU family/model/stepping information on boot

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Add FEP utility

Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

Helpers to retrieve %ss and %esp from cpu_regs

In 32bit, if not stack switch occurs, this information isn't present in an
exception frame.  As a result, regs->sp and regs->ss may actually alias the
interrupted stack frame.  To avoid accidental incorrect use, prefix the names
in cpu_regs with an underscore.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce ASSERT() and BUILD_BUG_ON()

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

xtf-runner: Extend test selection to run multiple tests at once

A caller may now specify a test name (in which case all environments will be
run), an environment (in which case every test supporting that environment
will be run), or a category (in which case all tests in that category will be
run).

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

xtf-runner: Support listing tests

Without parameters, all tests will be returned.

Alternatively, specific environments or categories can be specified, to filter
the results.  A special input of "host" will query Xen for the available
environments, and filter accordingly.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

xtf-runner: Basic test runner

Currently just accepts a list of full test-$ENV-$NAME, runs them in order, and
provides a results summary at the end.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce a pylint configuration file

Also ignore python intermediate files.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Constants for all EFER bits

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Fix _ASM_EXTABLE_HANDLER() to expand preprocessor tokens in its parameters

Currently it stringises the literal parameter, which can result in a
non-expanded token ending up in at the assembler, causing a build failure.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce _PAGE_* constants for all pagetable entry bits

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Provide cpu_has_* helper predicates for common features

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Collect the CPU vendor on boot, and make it available for tests

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Provide {BITS,BYTES}_PER_LONG

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Add cpuid_e[abcd]x() helper wrappers

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Helper script to create new tests, and high level tests documentation

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Disable implicit makefile rules

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Remove setting ROOT path in common.mk

Since it might be included from different paths that have different levels
of nestedness. Also all makefiles that include common.mk already define ROOT
on their own.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

Provide _PAGE_AD as shorthand, and simplify the invlpg test

Pass _PAGE_AD as parameter to the asm block, to reduce the use of magic
constants.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Collect feature information from cpuid

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Use IS_DEFINED() in preference to #ifdef

By exposing more code and having the compiler optimise it out, there is less
chance of bitrot.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce IS_DEFINED() for use in C code

Alter CONFIG_{PV,HVM} to be explicitly defined as 1.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Provide function pointer abstractions for cpuid() and cpuid_count()

Code common between PV and HVM using cpuid() needs to use different cpuid()
implementations, as PV guests need to use the Xen forced emulation prefix.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce an architecture specific convenience header

Avoid introducing arch/x86/lib.h implicitly via xtf/lib.h

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

XSA-173 PoC

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Make the tables from hvm/pagetables.S available to C code

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Allow selecting objcopy binary to use

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

Only set CC if it's not set

This prevents overwriting CC if it's already set on the environment.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

Invlpg handling test

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Extend exception table support to include custom handlers

Provide additional documentation, and a selftest.  Introduce __used to
indicate to the compiler that an object is referenced, even if the reference
isn't visible.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Avoid shifting a negative value

Because it's undefined behaviour.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

Fix usage of "-executable" with find

"-executable" is a GNU only extension to find. Instead replace it with a
POSIX compatible one.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

Don't re-define __noinline

On FreeBSD __noinline is already defined in cdefs.h

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

Provide all {read,write}_cr[02348]() stub functions

Both GCC and Clang correctly encode %cr8 accesses using the lock
instruction prefix in 32bit mode.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Add 64bit segment base MSRs to the index

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reserve space in the GDT for test use

Currently four entries, although this is an arbitrary choice.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Print more information when dumping exceptions

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Helper routines for decoding x86 architectural state

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce snprintf() and give vsnprintf() an appropriate __printf() attribute

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Create xtf.h and avoid using xtf/lib.h as the include-all header

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

XSA-123 PoC

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Extend the pv-iopl test to test VMASST_TYPE_architectural_iopl

A varient of exec_user() is introduced which takes an IOPL parameter.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

PV IOPL emulation testing

A test to verify correct behaviour of vIOPL shadowing in Xen.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce DECLSTR() for declaring strings in ASM

Put the string in the mergeable string section, declare it as data, and set
its size.

Replace the partial open-coding of this in head_{pv,hvm}.S for main_err_msg,
and switch the label to being local.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce ENDFUNC() and annotate ASM functions as such

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Annotate hvm pagetables as data

Introduce PAGETABLE_{START,END}() helpers which wrap the appropriate
directives.  Fix a copy&paste bug from c/s 3382222 "Introduce the hvm32pse
environment" which stated the size of pse_l1_identmap twice, and omitted
pse_l2_identmap.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Avoid generating *UND* symbols in object files

The swint-emulation test contains hand-generated asm stubs which use arbitrary
identifiers just for their mnemonic properties.  Unfortunately, their use in
the .if statements generate *UND* symbols listed in the object files export
table.

Use .ifc rather than .if, which explicit interprets its parameters as strings
rather than expressions.  Unfortunately, there is no .elseifc directive.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Annotate hypercall stubs as functions

Move DECLARE_HYPERCALL() from asm_macros.h to being local, as it is not useful
elsewhere.  Link hypercall_page in .data rather than .text, to avoid polluting
the disassembly.  Annotate hypercall_page itself as data.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Move arch/x86/hvm_pagetables.S into arch/x86/hvm/ directory

This is a more appropriate place for it to live.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce more linker alignment assertions

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Fix XSA-168 PoC on Gen1 AMD hardware

We care simply that the vulnerability is fixed, rather than the architectural
correctness of the emulation of `invlpg`.  Correctness should be implemented
by a functional test.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce Memory op ABI and infrastructure

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Fix GCC build following c/s 72442d4

GCC and Clang have different permitted syntax for nested initialisers.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce the hvm32pse environment

This uses 32bit paging, along with the PSE extension.

Regular 32bit paging and PSE paging differ only in whether the PSE bit may be
set, to create 4M superpages.  Since PSE is available on all hardware Xen will
now run on, forgo the `hvm32pg` environment to avoid the overhead of requiring
small pages for all mappings.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Improve the legibility of the pagetable generation code

Factor the common _PAGE_xxx attributes out into PAGE_COMMON, and introduce a
macro for the index calculation.

Add _ACCESSED and _DIRTY to the common attributes, to avoid the processor
needing to set the bits.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Split common pagetable infrastructure from PAE specific infrastructure

In preparation for the introduction of PSE paging.  In most cases, add a PAE
prefix to existing constants.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

XSA-168 Proof of Concept test

Must be run with shadow paging

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Allow tests to supply extra settings for their .cfg file

by setting $(TEST-EXTRA-CFG)

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

XSA-122 Proof of Concept test

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce xen_version hypercall and ABI

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Drop CONFIG_PAGING_PAE

It can uniquely be determined from PAGING_LEVELS == 3 or 4, and doing so
simplifies the early ASM.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce IS_ALIGNED()

While at it comment the entities in this file, and guard _p() to avoid it
accidentally being used in assembly code.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Test `into` even in 64bit

In 64bit, the instruction should fail unilaterally with #UD.  Check that the
emulator provides this behaviour.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Add memcpy() to the framework's libc implementation

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Correct the generation of the `cd 03` instruction

Some assemblers "helpfully" turn the two-byte `int $3` into its one-byte form
`int3`.  This defeats the purpose of the test case, so hand-roll the
instrucion.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reintroduce the test_NULL_unmapped() selftest

c/s f571b0b "Implement the hvm32 environment" introduced a guard to the
test_NULL_unmapped() selftest, as it is inapplicable in an unpaged
environment.

However, CONFIG_PAGING wasn't ever defined (it disappeared during
development), causing the selftest to be unconditionally omitted even in paged
environments.

Reintroduce the check, based on CONFIG_PAGING_LEVELS being non-zero.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Utility for dumping MSRs visible to a guest

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Utility for dumping the CPUID information visible to a guest

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Add documentation noting that swint-emulation serves as a test for XSAs 106 and 156

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

XSA-167 Proof of Concept test

Introduce a brand new category called 'xsa' for dedicated XSA tests.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Alter xtf_success() to take a string to print

... to be consistent with the rest of the reporting interface.  Every
reporting function is modified to accept NULL if there is nothing interesting
to print.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce test categories and create a test-info.json for each test

test-info.json will accumulate relevant test metadata.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Install each test into a separate directory

This allows for better delineation of tests and their resources.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Accept a PREFIX parameter when generating test configuration

This allows the test paths to be configured for the install destination if it
isn't to be run out the build working tree.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce links from test descriptions to their main.c

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Document the build requirements

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Specify initalisers for each structure item

Fixes an error from clang.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Don't doubly declare the name label in ENTRY()

GLOBAL() already declares it.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Declare the size of l1_identmap

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Disable implicit makefile rules

They are not needed, and cause unexpected behaviour.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Implement the hvm32 environment; a 32bit HVM guest without paging

The test_NULL_unmapped() selftest is not applicable in an unpaged environment,
so is made conditional.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Rework config.h and head_hvm.S for better paging separation

config.h is modified to turn CONFIG_ENV_$foo into the finer grain
CONFIG_{PV,HVM}, CONFIG_PAGING_LEVELS and possibly CONFIG_PAGING_PAE.  It then
undefines the CONFIG_ENV_$foo #define, to prevent mistakes in regular code.
Generation of environment_description is also moved into config.h, and it is
extended to include paging information.

head_hvm.S is then modified to use the finer grain #defines.  Specifically,
CR4.PAE is only set if CONFIG_PAGING_PAE, and CR3 and CR0.PG are only set if
CONFIG_PAGING_LEVELS is greater than 0.

The existing setting of CR0.PE is removed, as it is guaranteed always to be
set.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Rename the {pv,hvm}32 environments to {pv,hvm}32pae

to indicate the paging mode in use.  More 32bit HVM environments will be
introduced, using different paging modes.

In principle, other 32bit PV environments exist, but are unable to run under a
64bit Xen, so are unlikely to be implemented.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Rename CONFIG_ENV_{pv,hvm} to CONFIG_{PV,HVM}

to avoid them being easily confused with the environment-specific defined.

Additionally, reduce the usage of the environment-specific defines to an
absolute minimum, to avoid latent issues when introducing new environments.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>