XSA-286 PoC

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

hypercall: Reposition hypercall_xen_version()

It has gotten out of order.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

XSA-333 PoC

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

build: Allow tests to specify the number of vcpus required

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

barrier: Use LOCK ADD rather than MFENCE

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

XSA-339 PoC

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Adjust XSA-221 PoC based on XSA-343 behaviour change

XSA-343 has made SCHEDOP_poll fail for un-established event channels, which is
reasonable behaviour.  Don't bother trying to audit the error codes, and
always run to the end of the loop.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Update copyright years

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

XSA-317 PoC

Signed-off-by: Julien Grall <jgrall@amazon.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

xenbus: Don't wait if the response ring is full

XenStore response can be bigger than the response ring. In this case,
it is possible to have the ring full (e.g cons = 19 and prod = 1043).

However, XTF will consider that there is no data and therefore wait for
more input. This will result to block indefinitely as the ring is full.

This can be solved by avoiding to mask the difference between prod and
cons.

Signed-off-by: Julien Grall <jgrall@amazon.com>
Reviewed-by: Pawel Wieczorkiewicz <wipawel@amazon.de>

pv: Add sysenter handling for guests

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

pv: Register callbacks in a loop

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

libc: add strncmp() function

Signed-off-by: Pawel Wieczorkiewicz <wipawel@amazon.de>
[Fix style]
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Remove ambiguous uses of iret/lret

GAS of at least version 2.34 complains:

  Warning: no instruction mnemonic suffix given and no register operands; using default for `lret'

This is legitimate, as without a suffix, there are up to 3 possible encodings
actually meant.

Use l/q suffixes as appropriate, using __ASM_SEL() in cases where we need to
conditionally select between the suffixes.  Use the same trick to clean up
some code32/64 statements.

Sadly, this cannot be done for the single ambiguous use of lcall, because
lcallq isn't accepted as a valid mnemonic.  Leave the XSA-298 PoC as it is.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

vsnprintf: Expand \n to \r\n for console output

xenconsoled doesn't automatically convert \n into \r\n, which causes test
output to appear like this in some terminals:

  [root@host ~]# xl create -c tests/selftest/test-pv64-selftest.cfg
  Parsing config from tests/selftest/test-pv64-selftest.cfg
  --- Xen Test Framework ---
                            Environment: PV 64bit (Long mode 4 levels)
                                                                      XTF Selftests

There are a number of ways to do this, but by far the most efficient way is to
have vsnprintf() expand \n's in the output buffer.

This however is non-standard behaviour for vsnprintf().  Rename it to
vsnprintf_internal() and take extra flags, and have vprintk() use the new
LF_TO_CRLF control flag.

Inside vsnprintf_internal(), rearrange the non-format and %c logic to share
the expansion logic, as well as extending the logic to fmt_string().

Extend the selftests to confirm correct behaviour in both modes, for all ways
of being able to pass newline characters into a format operation.

Reported-by: Pawel Wieczorkiewicz <wipawel@amazon.de>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Fix assembler type warnings with newer binutils

GAS of at least version 2.34 complains:

  hypercall_page.S: Assembler messages:
  hypercall_page.S:24: Warning: symbol 'HYPERCALL_set_trap_table' already has its type set
  ...
  hypercall_page.S:71: Warning: symbol 'HYPERCALL_arch_7' already has its type set

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

xtf-runner: Python3 fix when not specifying --quiet

Andy reports:
  Combined test results:
  Traceback (most recent call last):
    File "./xtf-runner", line 716, in <module>
      sys.exit(main())
    File "./xtf-runner", line 711, in main
      return run_tests(opts)
    File "./xtf-runner", line 559, in run_tests
      if res == "SUCCESS" and opts.quiet >= 2:
  TypeError: '>=' not supported between instances of 'NoneType' and 'int'

Reported-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

XSA-316 PoC

Signed-off-by: Igor Druzhinin <igor.druzhinin@citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

xenbus: fix xenbus_write() ring overflow

Currently the xenbus_write() does not handle ring wrapping around
correctly. When ring buffer is almost full and there is not enough
space for next packet (e.g. there is 12 bytes of space left, but the
packet header needs to transmit 16 bytes) the memcpy() goes out of the
ring buffer boundry.
Instead, the part variable should be limited to the space available in
the ring buffer, so the memcpy() can fill up the buffer, update len
variable (to indicate that there is still some data to be copied) and
thereby the xenbus_write() loop can iterate again to finish copying
the remainder of data to the beginning of the ring buffer.

Signed-off-by: Pawel Wieczorkiewicz <wipawel@amazon.de>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

docs: Fix formatting in the all-docs index

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Fix asm constraints for push/pop instructions

There are several issues with 64bit builds.  Correct the types/constraints to
prohibit encoding 32bit registers, and immediates which can't be represented
as a 32bit signed extended number.

Introduce asm_checks() in selftest as a build-time check for constraint corner
cases, to be extended as needed.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Avoid "q" constraint unless necessary

Several tests are better off using "r", which permits the use of
%esi/%edi/%ebp/%esp in 32bit builds.

For the XSA-170 test, jmp indirect doesn't have an immediate encoding, but
will happily accept a memory encoding.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Simplify setting the overflow flag

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Doxygen: Fix ref linkage for xsa-consoleio-write

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

XSA-308 PoC

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

xtf-runner: More Python 2.6 compatibility fixes

The {} shorthand for .format() is only valid in Python 2.7

Reported-by: Glenn Enright <glenn@rimuhosting.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Misc extra instruction wrappers

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Fix LTO build in xsa-consoleio-write

The compiler can't spot the assembly reference to zero_page[]

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Revert another part of ""Revert "Fix the use of ./xtf-runner on Python 2.4""

subprocess.check_output() is Python 2.7 only.

Reported-by: Glenn Enright <glenn@rimuhosting.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

xtf-runner: Support multiple quiet settings

Particularly useful for './xtf-runner -aqq' for "run all tests" and trying to
spot problems amongst the output.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

CONSOLEIO_write stack overflow PoC

Classify it as an XSA test (which arguably ought to be named 'security'),
despite no XSA being issued.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>

XSA-298 PoC

XSA-296 PoC

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

idt: Constify the xtf_idte parameter to xtf_set_idte()

It is only ever read.  Take the opportunity to adjust all callers to construct
their struct xtf_idte in .rodata.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

docs: Use https:// links in preference to http://

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Drop custom stack handling for nested tasks

I don't recall how I came to this conclusion, but its not correct.  IRET with
NT set doesn't inspect the stack at all.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

link: Introduce _start[] to match _end[]

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Revert part of "Revert "Fix the use of ./xtf-runner on Python 2.4""

{} for set notation isn't Py 2.6 compatible.

Reported-by: Glenn Enright <glenn@rimuhosting.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

xtf-runner: Python 3 compatibility

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Revert "Fix the use of ./xtf-runner on Python 2.4"

In order to add Python 3 compatibility, we must set a baseline of Python 2.6.
Drop the 2.4 compatibility hacks.

This logically reverts 1313f37eef92d427bbd77838c3e1b95be323e607

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Use named asm parameters for _ASM_EXTABLE_HANDLER()

LTO builds need to know that ex_record_fault_{eax,edi} are referenced from
within asm, to avoid the functions being discarded.

Previously, this was done with an "X" parameter listing the function twice,
but this can lead to copy/paste mistakes.  Instead, use a named parameter and
the "p" type and "P" modifier, which works compatibly between GCC and Clang.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

XSA-173: Update test to newer idioms

 * Use TEST-EXTRA-CFG to request shadow by default
 * Use exinfo_t to avoid opencoding the check for Rsvd

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

TSX: Fix the encoding of XEND

0xd6 is XTEST, not XEND.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce evntchn handling support for PV guests

Fill in the event callback, and use a weak do_evtchn() hook which can be
implemented by guests.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Simplify the unhandled_exception handling for tests

Tests, being single-purpose by their very nature, don't in practice use the
flexibility to change the unhandled exception hook.  Furthermore, updating the
pointer has to be done carefully (i.e. with compiler barriers) because the
compiler doesn't see any connection between the hook and surrounding code
which may fault.

Switch to the using method already used by the syscall infrastructure and use
a single weak do_unhandled_exception() function which may be overridden by
guests wanting to implement their own custom behaviour.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Misc trivial code cleanup

 * Use named asm parameters for non-trivial blocks
 * "=r" (x) : "r" (x) is more commonly "+r" (x)
 * Correct the header guard in x86-gate.h
 * Remove brackets from absolute memory addresss
 * Use unsigned int rather than unsigned long and forcing back to int with %k
 * Drop unused ex_record_fault_eax reference

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce pack_{tss,ldt}_desc() to work around latent 64bit issues

LDT and TSS descriptors use two slots in 64bit.  While no published tests are
affected, some in-development ones are.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce pack_intr_gate() to mirror pack_task_gate()

In HVM's arch_init_traps(), fold setup_gate() and setup_doublefault(), as they
are only token wrappers at this point.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

LTO: Specify the use of gold with a compiler option rather than an explicit path

This allows the compiler to pick up gold from the path, rather than forcing
the use of the system gold all the time.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

libc: Fix strcmp() ABI violations

The C standard specifies that strcmp() interprets the provided strings as
unsigned char, rather than signed.  This affects the result when used on
strings with the high bit set.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

PV FSGSBASE behaviour

Functional test, which also doubles for XSA-293

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

XSA-279 PoC

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

XSA-277 PoC

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

nested-vmx: exceptions take priority over VMFail*

The way the instruction invocations are coded, it is compiler version
dependent whether things work: With old gcc, fail_{,in}valid will not
get touched and hence remain at their initial values, while with newer
gcc evaluation of the status flags occurs outside of the asm(), i.e.
also when an exception was received (in which case EFLAGS didn't change
from its value before the faulting instruction).

Since it is more logical anyway to check for a possible exception first,
do so uniformly instead of trying to fiddle with the asm() in some way.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

XSA-278 PoC

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

debug-regs: Check the vcpu's initial register state

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

debug-regs: Detect the PV IO shadow handling bugs

Also fix up some poor choice of constant names.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

XSA-269 PoC

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

XSA-265 PoC

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

TSX intrinsics

These are implemented to the GCC API, but are compatible with older
toolchains.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

XSA-260: Work around toolchain problems with older GCC

GCC 4.4.7 of RHEL/CentOS 6 vintage can't cope with an ebp/rbp register clobber
when compiling with frame pointers enabled.  Switch to ebx/rbx instead.

Reported-by: Glenn Enright <glenn@rimuhosting.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Tested-by: Glenn Enright <glenn@rimuhosting.com>

XSA-261 PoC

This requires adding some basic IO APIC and HPET functionality.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Compile fixes, misc cleanup and consistency improvements, and written
documentation.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

XSA-260 PoC

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

x86/msr: Clean up MSR field declarations

 * Consistently use ULL for the benefit of 32bit builds
 * Drop leading MSR_ prefixes from bit names
 * Drop unnecessary bit-position defines

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

x86: mov to/from sreg can be encoded with a memory operand

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

XSA-259 PoC

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Properly bracket EXINFO()'s parameters before operating on them

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Rudimentary syscall handling for PV guests

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce __user_data

Fix up the missing __user_text in Doxyfile, and the missing linker assertions
that the user bss boundaries are page aligned.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

x86/io-apic: Fix 64bit MMIO accesses

While most of the IO-APIC registers are 64 bits wide, the spec states that
they must be accessed with 32bit accesses.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce some basic IO-APIC infrastructure

Replace some opencoded IOAPIC_DEFAULT_BASE constants.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce some basic HPET infrastructure

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce __{KERN,USER}_{CS,DS}32 selector constants

These are intended to facilitate 64bit compatiblity mode segments, but are
exposed in 32bit builds as straight aliases of __{KERN,USER}_{CS,DS} for the
benefit of common code.

Fix up one opencoded use in the XSA-196 PoC.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce and use __user_page_aligned_bss

This avoids special casing user_stack[] as data, and allows the
!test_wants_user_mappings remapping logic to become entirely generic.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Use a linker ASSERT() to check that the mappings are within l1_identmap[]

This avoids needing the runtime checks in hvm's arch_init_traps()

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce and use __maybe_unused

This allows for the 32bit ifdefary of ex_pf_user to be dropped without
suffering a warning in the 64bit build, while still allowing LTO to drop the
function.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

XSA-255 PoC

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Fix latent bug in 64bit exec_user_param()

Use a full %rsp reference rather than %esp.  Only a latent bug as the upper
bits will be clear.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce a basic test for debugging infrastructure

To begin with, this just checks that the PV %dr7 latch issue is resolved.
There are many more bugs to fix.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce new debug register definitions and helpers

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Factor out debug register infrastructure into a new header

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce update_desc() for updates to live descriptor entries

GCC 4.4 from CentOS 6 is clever enough to turn the invlpg test's

  gdt[GDTE_AVAIL0] = GDTE_SYM(0, 1, COMMON, DATA, DPL0, B, W);
  write_fs(GDTE_AVAIL0 << 3);

into

  103927:       b8 48 00 00 00                  mov    $0x48,%eax
  10392c:       c7 05 48 f0 10 00 01 00 00 00   movl   $0x1,0x10f048
  103936:       8e e0                           mov    %eax,%fs
  103938:       c7 05 4c f0 10 00 00 93 c0 00   movl   $0xc09300,0x10f04c

which hardware rightfully complains about, as the descriptor isn't valid at
the point that %fs is loaded.

Introduce update_desc() which copes with PV and HVM differences, and enforces
a compiler barrier to prevent reordering of later operations.

Reported-by: Glenn Enright <glenn@rimuhosting.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Add more helpful GDTE() helpers

All tests and some setup infrastructure need explicitly typed versions of
INIT_GDTE() and INIT_GDTE_SYM().  Introduce GDTE() and GDTE_SYM() to do just
this, and update the impacted users.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

vmx: Don't create strings[] on the stack of every vmx_insn_err_strerror() call

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

x86/apic: Set SPIV.EN in apic_init() so the device is ready for use

This is more useful behaviour than forcing all tests which call apic_init() to
set up SPIV themselves to actually receive interrupts.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

selftest: test x2apic basic initialisation as well if possible

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Fix cdefs.h conflict with __section

On FreeBSD the build fails with:

/root/src/xtf/include/xtf/compiler.h:13:9: error: '__section' macro redefined
      [-Werror,-Wmacro-redefined]
        ^
/usr/include/sys/cdefs.h:229:9: note: previous definition is here
        ^
1 error generated.

Only define __section if it's undefined in order to prevent conflicts.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>

Memory operand and segment emulation tests

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Support the use of GDTs in PV guests

GDT frames in PV guests need to be page aligned, and like pagetables, mapped
read-only.  Move gdt[] into __page_aligned_{data,bss} and leave it empty for
PV guests to begin with.

The PV arch_init_traps() code registers the frame with Xen, and tests wanting
to make use of it need to use hypercall_update_descriptor().

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Allow for fine tuning of the exec_user_* infrastructure

At the moment, %cs, %ss and eflags are hard coded.  Introduce
exec_user_{cs,ss,efl_{and,or}_mask} with suitable defaults.

This allows for the complete removal of exec_user_with_iopl() from the pv-iopl
test, which can now use the common infrastructure.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Move more includes into arch/xtf.h to ease writing tests

It is currently very hit and miss whether functionality is included, and some
current inclusions are already unnecessary.  Make it easier for tests by
putting all common includes in arch/xtf.h, so tests only have to include xtf.h

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

32bit: Save and restore %ds and %es when handling exceptions

For tests which play with segments (especially those which reduce %ds.limit),
failing to restore usable segments can result in cascade failures (most
obviously when trying to poke characters into the console ring).

Remove the vm86 special case in handle_exception() and load __KERN_DS into %ds
and %es unconditionally.  Forgo the unconditional loading of %fs and %gs as
they are unreferenced in exception context.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce and use xenstore_init()

This really should have been introduced along with xenstore_read(), but the
problem only becomes apparent when booting an XTF test as the initial domain.
The presence of xenstore must not be assumed.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce a nested-svm skeleton test

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Rename the vvmx test to nested-vmx

In preparation for introducing nested-svm as well.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Cope being booting as the initial domain

When booted as the initial domain (most commonly in PV-shim mode), the console
and xenbus rings aren't configured, as it is the responsibility of the initial
domain to provide xenconsole/xenstored services for other domains.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce support for booting with the PVH ABI

All XTF HVM guests are compatible with the PVH ABI.  Populate the PHYS32_ENTRY
elfnote and stash the pvh_start_info pointer provided by the domain builder.

Skip the Qemu console setup when booting PVH.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Rename start_info to pv_start_info

In preparation to introduce pvh_start_info.  Rename the type to match, fix up
the accidental double extern, and move the variable into pv/traps.c to match
with its declaration in traps.h.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

xtf-runner: Sort tests by variation as well

This removes instability in the running order of tests with multiple
variations.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

x86/msr: Introduce xtf_msr_consistency_test()

To help with testing the correctness of MSRs which may be passed directly
through to a guest.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>