From a554be1738d019e4b5d5b0b0ee9aac6b6ac302a6 Mon Sep 17 00:00:00 2001 From: Louis Burda Date: Mon, 23 Jan 2023 20:38:36 +0100 Subject: Use 16-bit realmode assembly for guests (!) --- test/kvm-eviction.c | 15 +++++++---- test/kvm-eviction_guest.S | 13 +++++++--- test/kvm-step.c | 64 ++++++++++++++++++++++++++++++++++++++--------- test/kvm-step_guest.S | 27 ++++++++++++-------- test/kvm.c | 7 ++++-- 5 files changed, 93 insertions(+), 33 deletions(-) (limited to 'test') diff --git a/test/kvm-eviction.c b/test/kvm-eviction.c index 0c04baa..d25b29c 100644 --- a/test/kvm-eviction.c +++ b/test/kvm-eviction.c @@ -50,7 +50,7 @@ vm_init(struct kvm *kvm, void *code_start, void *code_end) { size_t ramsize; - ramsize = L1_SIZE * 2; + ramsize = L1_SIZE; if (!strcmp(vmtype, "kvm")) { kvm_init(kvm, ramsize, code_start, code_end); } else if (!strcmp(vmtype, "sev")) { @@ -77,15 +77,17 @@ collect(struct kvm *kvm, uint8_t *counts) ret = ioctl(kvm->vcpufd, KVM_RUN, NULL); if (ret == -1) err(1, "KVM_RUN"); - // warnx("rip:%lu code:%i", vm_get_rip(kvm), kvm->run->exit_reason); - if (kvm->run->exit_reason != KVM_EXIT_HLT) { + if (kvm->run->exit_reason == KVM_EXIT_MMIO) { + errx(1, "KVM died from OOB access! rip:%lu addr:%lu", + vm_get_rip(kvm), kvm->run->mmio.phys_addr); + } else if (kvm->run->exit_reason != KVM_EXIT_HLT) { errx(1, "KVM died! rip:%lu code:%i", vm_get_rip(kvm), kvm->run->exit_reason); } ret = ioctl(kvm_dev, KVM_CPC_READ_COUNTS, counts); - if (ret == -1) err(1, "ioctl KVM_CPC_READ_COUNTS"); + if (ret == -1) err(1, "KVM_CPC_READ_COUNTS"); } int @@ -114,7 +116,10 @@ main(int argc, const char **argv) /* reset kernel module state */ ret = ioctl(kvm_dev, KVM_CPC_RESET); - if (ret == -1) err(1, "ioctl KVM_CPC_RESET"); + if (ret == -1) err(1, "KVM_CPC_RESET"); + + ret = ioctl(kvm_dev, KVM_CPC_LONG_STEP); + if (ret == -1) err(1, "KVM_CPC_LONG_STEP"); /* resolve page faults in advance (code only covers 1 page).. * we want the read counts to apply between KVM_RUN and KVM_EXIT_HLT, diff --git a/test/kvm-eviction_guest.S b/test/kvm-eviction_guest.S index ce696cd..16a07a5 100644 --- a/test/kvm-eviction_guest.S +++ b/test/kvm-eviction_guest.S @@ -7,13 +7,20 @@ .global guest_without_start .global guest_without_stop +.align(16) +.code16gcc + guest_with_start: - mov (L1_LINESIZE * (TARGET_SET + L1_SETS)), %rbx + mov $(L1_LINESIZE * (L1_SETS + TARGET_SET)), %bx + movb (%bx), %bl hlt - jmp guest_with_start + + mov $0x00, %ax + jmp *%ax guest_with_stop: guest_without_start: hlt - jmp guest_without_start + mov $0x00, %ax + jmp *%ax guest_without_stop: diff --git a/test/kvm-step.c b/test/kvm-step.c index 6b21092..b5703cc 100644 --- a/test/kvm-step.c +++ b/test/kvm-step.c @@ -35,19 +35,51 @@ extern uint8_t guest_start[]; extern uint8_t guest_stop[]; -uint8_t * -read_counts() +static const char *vmtype; + +uint64_t +vm_get_rip(struct kvm *kvm) { - uint8_t *counts; + struct kvm_regs regs; + uint64_t rip; int ret; - counts = malloc(L1_SETS * sizeof(uint8_t)); - if (!counts) err(1, "malloc"); + if (!strcmp(vmtype, "sev-snp")) { + rip = snp_dbg_decrypt_rip(kvm->vmfd); + } else if (!strcmp(vmtype, "sev-es")) { + rip = sev_dbg_decrypt_rip(kvm->vmfd); + } else { + ret = ioctl(kvm_dev, KVM_CPC_GET_REGS, ®s); + if (ret == -1) err(1, "KVM_CPC_GET_REGS"); + rip = regs.rip; + } - ret = ioctl(kvm_dev, KVM_CPC_READ_COUNTS, counts); - if (ret) err(1, "ioctl KVM_CPC_READ_COUNTS"); + return rip; +} - return counts; +void +vm_init(struct kvm *kvm, void *code_start, void *code_end) +{ + size_t ramsize; + + ramsize = L1_SIZE * 2; + if (!strcmp(vmtype, "kvm")) { + kvm_init(kvm, ramsize, code_start, code_end); + } else if (!strcmp(vmtype, "sev")) { + sev_kvm_init(kvm, ramsize, code_start, code_end); + } else if (!strcmp(vmtype, "sev-es")) { + sev_es_kvm_init(kvm, ramsize, code_start, code_end); + } else if (!strcmp(vmtype, "sev-snp")) { + sev_snp_kvm_init(kvm, ramsize, code_start, code_end); + } else { + errx(1, "invalid version"); + } +} + +void +vm_deinit(struct kvm *kvm) +{ + kvm_deinit(kvm); } uint64_t @@ -68,8 +100,8 @@ monitor(struct kvm *kvm, bool baseline) ret = ioctl(kvm_dev, KVM_CPC_READ_COUNTS, counts); if (ret) err(1, "ioctl KVM_CPC_READ_COUNTS"); - printf("Event: cnt:%llu rip:%lu inst:%llu data:%llu retired:%llu\n", - event.step.fault_count, snp_dbg_decrypt_rip(kvm->vmfd), + printf("Event: rip:%llu cnt:%llu inst:%llu data:%llu ret:%llu\n", + vm_get_rip(kvm), event.step.fault_count, event.step.fault_gfns[0], event.step.fault_gfns[1], event.step.retinst); print_counts(counts); @@ -92,13 +124,20 @@ main(int argc, const char **argv) uint32_t arg; int ret; + vmtype = "kvm"; + if (argc > 1) vmtype = argv[1]; + if (strcmp(vmtype, "kvm") && strcmp(vmtype, "sev") + && strcmp(vmtype, "sev-es") + && strcmp(vmtype, "sev-snp")) + errx(1, "invalid vm mode: %s", vmtype); + setvbuf(stdout, NULL, _IONBF, 0); pin_process(0, TARGET_CORE, true); kvm_setup_init(); - sev_snp_kvm_init(&kvm, L1_SIZE * 2, guest_start, guest_stop); + vm_init(&kvm, guest_start, guest_stop); /* reset kernel module state */ ret = ioctl(kvm_dev, KVM_CPC_RESET, NULL); @@ -141,6 +180,7 @@ main(int argc, const char **argv) while (eventcnt < 50) { eventcnt += monitor(&kvm, true); } + printf("Baseline done\n"); ret = ioctl(kvm_dev, KVM_CPC_VM_REQ_PAUSE); if (ret) err(1, "ioctl KVM_CPC_VM_REQ_PAUSE"); @@ -191,7 +231,7 @@ main(int argc, const char **argv) exit(0); } - kvm_deinit(&kvm); + vm_deinit(&kvm); kvm_setup_deinit(); } diff --git a/test/kvm-step_guest.S b/test/kvm-step_guest.S index 29c29f2..3d1b0e7 100644 --- a/test/kvm-step_guest.S +++ b/test/kvm-step_guest.S @@ -5,18 +5,23 @@ .global guest_start .global guest_stop +.align(16) +.code16gcc + guest_start: - mov $(L1_LINESIZE * (L1_SETS + 9)), %rbx -# hlt -# mov $(L1_LINESIZE * (L1_SETS + 10)), %rbx - mov $(L1_LINESIZE * (L1_SETS + 11)), %rbx -# hlt -# mov $(L1_LINESIZE * (L1_SETS + 12)), %rbx - mov $(L1_LINESIZE * (L1_SETS + 13)), %rbx -# hlt -# mov $(L1_LINESIZE * (L1_SETS + 14)), %rbx - mov $(L1_LINESIZE * (L1_SETS + 15)), %rbx + mov $(L1_LINESIZE * (L1_SETS + 11)), %bx + movb (%bx), %bl + hlt + + mov $(L1_LINESIZE * (L1_SETS + 13)), %bx + movb (%bx), %bl hlt - jmp guest_start + + mov $(L1_LINESIZE * (L1_SETS + 15)), %bx + movb (%bx), %bl + hlt + + mov $0x00, %ax + jmp *%ax guest_stop: diff --git a/test/kvm.c b/test/kvm.c index 5b7aa12..91ab839 100644 --- a/test/kvm.c +++ b/test/kvm.c @@ -220,10 +220,14 @@ kvm_init_memory(struct kvm *kvm, size_t ramsize, kvm->mem = mmap(NULL, kvm->memsize, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS, -1, 0); if (!kvm->mem) err(1, "mmap kvm->mem"); - memset(kvm->mem, 0, kvm->memsize); + /* nop slide oob to detect errors quickly */ + memset(kvm->mem, 0x90, kvm->memsize); assert(code_stop - code_start <= kvm->memsize); memcpy(kvm->mem, code_start, code_stop - code_start); + printf("KVM Memory:\n"); + hexdump(code_start, code_stop - code_start); + memset(®ion, 0, sizeof(region)); region.slot = 0; region.memory_size = kvm->memsize; @@ -272,7 +276,6 @@ kvm_init_regs(struct kvm *kvm) regs.rip = 0; regs.rsp = kvm->memsize - 8; regs.rbp = kvm->memsize - 8; - regs.rflags = 0x2; ret = ioctl(kvm->vcpufd, KVM_SET_REGS, ®s); if (ret == -1) err(1, "KVM_SET_REGS"); } -- cgit v1.2.3-71-gd317