xtf: fix usage of "-executable" with find

"-executable" is a GNU only extension to find. Instead replace it with a
POSIX compatible one.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
---
Cc: Andrew Cooper <andrew.cooper3@citrix.com>

xtf: avoid shifting a negative value

Because it's undefined behaviour.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
---
Cc: Andrew Cooper <andrew.cooper3@citrix.com>

xtf: don't re-define __noinline

On FreeBSD __noinline is already defined in cdefs.h

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
---
Cc: Andrew Cooper <andrew.cooper3@citrix.com>

Provide all {read,write}_cr[02348]() stub functions

Both GCC and Clang correctly encode %cr8 accesses using the lock
instruction prefix in 32bit mode.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Add 64bit segment base MSRs to the index

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reserve space in the GDT for test use

Currently four entries, although this is an arbitrary choice.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Print more information when dumping exceptions

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Helper routines for decoding x86 architectural state

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce snprintf() and give vsnprintf() an appropriate __printf() attribute

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Create xtf.h and avoid using xtf/lib.h as the include-all header

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

XSA-123 PoC

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Extend the pv-iopl test to test VMASST_TYPE_architectural_iopl

A varient of exec_user() is introduced which takes an IOPL parameter.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

PV IOPL emulation testing

A test to verify correct behaviour of vIOPL shadowing in Xen.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce DECLSTR() for declaring strings in ASM

Put the string in the mergeable string section, declare it as data, and set
its size.

Replace the partial open-coding of this in head_{pv,hvm}.S for main_err_msg,
and switch the label to being local.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce ENDFUNC() and annotate ASM functions as such

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Annotate hvm pagetables as data

Introduce PAGETABLE_{START,END}() helpers which wrap the appropriate
directives.  Fix a copy&paste bug from c/s 3382222 "Introduce the hvm32pse
environment" which stated the size of pse_l1_identmap twice, and omitted
pse_l2_identmap.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Avoid generating *UND* symbols in object files

The swint-emulation test contains hand-generated asm stubs which use arbitrary
identifiers just for their mnemonic properties.  Unfortunately, their use in
the .if statements generate *UND* symbols listed in the object files export
table.

Use .ifc rather than .if, which explicit interprets its parameters as strings
rather than expressions.  Unfortunately, there is no .elseifc directive.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Annotate hypercall stubs as functions

Move DECLARE_HYPERCALL() from asm_macros.h to being local, as it is not useful
elsewhere.  Link hypercall_page in .data rather than .text, to avoid polluting
the disassembly.  Annotate hypercall_page itself as data.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Move arch/x86/hvm_pagetables.S into arch/x86/hvm/ directory

This is a more appropriate place for it to live.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce more linker alignment assertions

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Fix XSA-168 PoC on Gen1 AMD hardware

We care simply that the vulnerability is fixed, rather than the architectural
correctness of the emulation of `invlpg`.  Correctness should be implemented
by a functional test.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce Memory op ABI and infrastructure

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Fix GCC build following c/s 72442d4

GCC and Clang have different permitted syntax for nested initialisers.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce the hvm32pse environment

This uses 32bit paging, along with the PSE extension.

Regular 32bit paging and PSE paging differ only in whether the PSE bit may be
set, to create 4M superpages.  Since PSE is available on all hardware Xen will
now run on, forgo the `hvm32pg` environment to avoid the overhead of requiring
small pages for all mappings.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Improve the legibility of the pagetable generation code

Factor the common _PAGE_xxx attributes out into PAGE_COMMON, and introduce a
macro for the index calculation.

Add _ACCESSED and _DIRTY to the common attributes, to avoid the processor
needing to set the bits.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Split common pagetable infrastructure from PAE specific infrastructure

In preparation for the introduction of PSE paging.  In most cases, add a PAE
prefix to existing constants.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

XSA-168 Proof of Concept test

Must be run with shadow paging

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Allow tests to supply extra settings for their .cfg file

by setting $(TEST-EXTRA-CFG)

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

XSA-122 Proof of Concept test

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce xen_version hypercall and ABI

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Drop CONFIG_PAGING_PAE

It can uniquely be determined from PAGING_LEVELS == 3 or 4, and doing so
simplifies the early ASM.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce IS_ALIGNED()

While at it comment the entities in this file, and guard _p() to avoid it
accidentally being used in assembly code.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Test `into` even in 64bit

In 64bit, the instruction should fail unilaterally with #UD.  Check that the
emulator provides this behaviour.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Add memcpy() to the framework's libc implementation

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Correct the generation of the `cd 03` instruction

Some assemblers "helpfully" turn the two-byte `int $3` into its one-byte form
`int3`.  This defeats the purpose of the test case, so hand-roll the
instrucion.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reintroduce the test_NULL_unmapped() selftest

c/s f571b0b "Implement the hvm32 environment" introduced a guard to the
test_NULL_unmapped() selftest, as it is inapplicable in an unpaged
environment.

However, CONFIG_PAGING wasn't ever defined (it disappeared during
development), causing the selftest to be unconditionally omitted even in paged
environments.

Reintroduce the check, based on CONFIG_PAGING_LEVELS being non-zero.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Utility for dumping MSRs visible to a guest

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Utility for dumping the CPUID information visible to a guest

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Add documentation noting that swint-emulation serves as a test for XSAs 106 and 156

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

XSA-167 Proof of Concept test

Introduce a brand new category called 'xsa' for dedicated XSA tests.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Alter xtf_success() to take a string to print

... to be consistent with the rest of the reporting interface.  Every
reporting function is modified to accept NULL if there is nothing interesting
to print.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce test categories and create a test-info.json for each test

test-info.json will accumulate relevant test metadata.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Install each test into a separate directory

This allows for better delineation of tests and their resources.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Accept a PREFIX parameter when generating test configuration

This allows the test paths to be configured for the install destination if it
isn't to be run out the build working tree.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce links from test descriptions to their main.c

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Document the build requirements

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Specify initalisers for each structure item

Fixes an error from clang.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Don't doubly declare the name label in ENTRY()

GLOBAL() already declares it.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Declare the size of l1_identmap

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Disable implicit makefile rules

They are not needed, and cause unexpected behaviour.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Implement the hvm32 environment; a 32bit HVM guest without paging

The test_NULL_unmapped() selftest is not applicable in an unpaged environment,
so is made conditional.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Rework config.h and head_hvm.S for better paging separation

config.h is modified to turn CONFIG_ENV_$foo into the finer grain
CONFIG_{PV,HVM}, CONFIG_PAGING_LEVELS and possibly CONFIG_PAGING_PAE.  It then
undefines the CONFIG_ENV_$foo #define, to prevent mistakes in regular code.
Generation of environment_description is also moved into config.h, and it is
extended to include paging information.

head_hvm.S is then modified to use the finer grain #defines.  Specifically,
CR4.PAE is only set if CONFIG_PAGING_PAE, and CR3 and CR0.PG are only set if
CONFIG_PAGING_LEVELS is greater than 0.

The existing setting of CR0.PE is removed, as it is guaranteed always to be
set.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Rename the {pv,hvm}32 environments to {pv,hvm}32pae

to indicate the paging mode in use.  More 32bit HVM environments will be
introduced, using different paging modes.

In principle, other 32bit PV environments exist, but are unable to run under a
64bit Xen, so are unlikely to be implemented.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Rename CONFIG_ENV_{pv,hvm} to CONFIG_{PV,HVM}

to avoid them being easily confused with the environment-specific defined.

Additionally, reduce the usage of the environment-specific defines to an
absolute minimum, to avoid latent issues when introducing new environments.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Rework the build systems environment list generation

and use this to reduce the amount of repetition in the object list generation.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Misc docs improvements

* Include assembly files.  They are not processed for structured comments, but
  are are available to be viewed and referred to.
* Use the preferred @# to prevent automatic linking when using #
* Disable timestamps.  Helps when comparing generated content.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Include local variables in all files currently missing them

Correct some accidental introduction of tabs in arch/x86/link.lds.S

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Avoid overflow in compare_extable_entry() when entries are far appart

Constrain the return value to strictly between -1 and 1.  Without this,
sorting extable entries which are further than 2GB apart fails, as the
calculation overflows the return value.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Import xen/errno.h from Xen's public API

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce 'skip' as a test result

There are situations where the test cannot be completed, and this might be
considered success or failure, depending on the exact outcome intended by the
individual who is running the tests.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Include xtf/hypercall.h in xtf/lib.h

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Test software injection of `into` in 32bit builds

The `into` instruction is another software interrupt, which raises an #OF trap
if the overflow flag is set.  It is only recognised in 32bit code however, and
yields #UD if exectued in long mode.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Document the history of the framework

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Software interrupt emulation testing

Test documentation is at the head of main.c

Additionally

* Don't warn on unused parameters - there are legitimate reasons for a
  parameter to be unused.
* Make xtf/extable.h safe for inclusion in assembly files.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introductory documentation

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Update Doxyfile to Doxygen 1.8.8

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Provide a Forced Emulation identifier rather than hand-rolling assembly

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Allow tests to provide their own custom unhandled exception handler

Useful for non-standard fixup, or for logging something more helpful than the
plain panic() message.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Error code constants for selector-based error codes

Provide symbolic constant support as well.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Make symbolic constant generation more generic

The existing _GDTE_ATTR() macros are fine for GDT entries, but not much use
for anything else.

Replace the existing VAR_MACRO() with VAR_MACRO_C1(), which works in the same
way but passes a constant through, and use this to implement TOK_OR() which
works like _GDTE_ATTR() but takes a parameter rather than a hard coded
SEG_ATTR_.

Document the entities fully, and fix them to work correctly with empty
__VA_ARGS__.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Split out symbolic constant support into a separate file

While moving, rename _INIT_GDTE() to INIT_GDTE() and drop INIT_GDTE_RAW()
entirely.  Document the new INIT_GDTE() and implement INIT_GDTE_SYM() using
it.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Rearrange includes

For simplicity, tests should just include <xtf/lib.h> and get all the common
infrastructure for free.  All type definitions should come from <xtf/types.h>.
Fix one declaration vs definition mismatch uncovered.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Unmap the page at 0 to catch errors with NULL pointers

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce exec_user() to run a function at user privilege

Add a selftest to confirm functionality.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Allow a test to raise privilege back to kernel level

to facilitate tests which switches privilege during the course of its run.

This is achieved by providing a dpl3 IDT entry which restores %esp and jumps
to the %eip found in the exception frame.

Therefore, 'int $0x20' acts as function call which returns at the kernels cpl.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Setup for 32bit PV userspace execution

* Implement hypercall_update_va_mapping().
* Walk the live pagetables setting _PAGE_USER.

For now, 32bit PV XTF guests need to be run on a hypervisor booted with
"smep=0 smap=0" to prevent Xen's %cr4 settings from interfering.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Setup for 64bit PV userspace execution

* Implement read_cr3(), HYPERCALL4() and hypercall_mmuext_op().
* Use FLAT_RING3_SS64 for __{KERN,USER}_DS.
* Set user %cr3.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Setup for common PV userspace execution

* Implement and use hypercall_stack_switch().
* Implement {read,write}_[cdefgs]s() wrappers.
* Use __USER_DS for the regular data segment selectors.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Setup for HVM userspace execution

* Introduce definitions for a task state segment and load one.
* Use __USER_DS for the regular data segment selectors.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Factor low level difference between PV and HVM into macros

to reduce code duplication when further entry/exit paths are added.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Common infrastructure for userspace execution

Introduce __USER_{CS,DS}, expand the boot stack to two pages, add some DPL3
GDT descriptors, and space in GDT for a TSS.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce test_setup() to detect runtime support relevant for tests

Currently it just identifies whether the Forced Emulation Prefix is available.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Exception Logging support

Provide an interface whereby a test can log all exceptions which occur, and
query the log after the fact.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Alter pv64 kernel selectors to be rpl0

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Exception table infrastructure

To redirect control flow if a fault occurs.  Entries are registered with the
_ASM_EXTABLE() and placed in the .ex_table section, which is collected
together by the linker.

The .ex_table section is sorted on boot (to facilitate fast searching), and
searched in do_exception() when a fault or abort is encountered.  If a
matching entry is found, control flow is redirected and the exception returned
from.

Some of the changes are to make the two asm_macros.h files safe to include in
C code.  In addition, an extra selftest is added, making use of the exception
table infrastructure.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Provide a heapsort() implementation

Modelled after qsort() in the C standard library.  Sorts in place.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Avoid __always_inline conflicting with cdef.h

Fixes build issues with the build-time selftests.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

XTF Selftests

Provide a sanity test of the environment and infrastructure provided by the
test framework itself.  These are all expected to pass.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Modify entry points to be able to return from exceptions

Trap and Interrupt exceptions will now return, while Fault and Abort
exceptions are still fatal.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Represent exception frames in C

Introduce struct cpu_regs, and make the entry points create the expected
layout.

As part of this, split the very x86 bits of asm_macros.h into a new header
file.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

PV exception entry points

Infrastructure to register the virtual IDT with Xen and get execution back
into C when an exception occurs.  The existing 32 and 64bit entry points are
mostly reused, with small adjustments for PV guests.

Most of this change is importing and implementing Xen ABI bits for PV guests.

Exceptions are currently fatal.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

HVM exception entry points

Infrastructure to set up the IDT and get execution back into C when an
exception occurs.

Exceptions are currently fatal.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Refactor architectural trap setup

The setup of entry points is very different between PV and HVM guests.
Introduce two new traps.c to accommodate, a stub arch_init_traps(), and a stub
do_trap() as the C entry point for traps.

Adjust the single arch_crash_hard() into the relevant arch traps.c to reduce
the #ifdef'ary

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

x86 architectural infrastructure for exception handling

Unlike the GDT which PV guests might have a legitimate interest in, a PV guest
genuinely has no interest in an x86 architectural IDT.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Move build system into build/

In hindsight, config/ was not the best choice of names.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Import and declare all hypercall entry points

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reduce the quantity of token concatenation with hypercall declarations

Allows better indexing from tools such as cscope

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Avoid a constantly rebooting domain when triple faults occur

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Fix booting the HVM tests on hardware without hap support

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Introduce __noinline and __always_inline annotations

Additionally, switch to uniformly use of the double-underscore variants of
attribute names.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>