[v1] KVM: x86: Clean up MSR interception code

[PATCH 28/28] KVM: selftests: Verify KVM disable interception (for userspace) on filter change

Posted by Sean Christopherson 8 months, 2 weeks ago

Re-read MSR_{FS,GS}_BASE after restoring the "allow everything" userspace
MSR filter to verify that KVM stops forwarding exits to userspace.  This
can also be used in conjunction with manual verification (e.g. printk) to
ensure KVM is correctly updating the MSR bitmaps consumed by hardware.

Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 tools/testing/selftests/kvm/x86/userspace_msr_exit_test.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tools/testing/selftests/kvm/x86/userspace_msr_exit_test.c b/tools/testing/selftests/kvm/x86/userspace_msr_exit_test.c
index 32b2794b78fe..8463a9956410 100644
--- a/tools/testing/selftests/kvm/x86/userspace_msr_exit_test.c
+++ b/tools/testing/selftests/kvm/x86/userspace_msr_exit_test.c
@@ -343,6 +343,12 @@ static void guest_code_permission_bitmap(void)
 	data = test_rdmsr(MSR_GS_BASE);
 	GUEST_ASSERT(data == MSR_GS_BASE);
 
+	/* Access the MSRs again to ensure KVM has disabled interception.*/
+	data = test_rdmsr(MSR_FS_BASE);
+	GUEST_ASSERT(data != MSR_FS_BASE);
+	data = test_rdmsr(MSR_GS_BASE);
+	GUEST_ASSERT(data != MSR_GS_BASE);
+
 	GUEST_DONE();
 }
 
@@ -682,6 +688,8 @@ KVM_ONE_VCPU_TEST(user_msr, msr_permission_bitmap, guest_code_permission_bitmap)
 		    "Expected ucall state to be UCALL_SYNC.");
 	vm_ioctl(vm, KVM_X86_SET_MSR_FILTER, &filter_gs);
 	run_guest_then_process_rdmsr(vcpu, MSR_GS_BASE);
+
+	vm_ioctl(vm, KVM_X86_SET_MSR_FILTER, &filter_allow);
 	run_guest_then_process_ucall_done(vcpu);
 }
 
-- 
2.49.0.1204.g71687c7c1d-goog

Re: [PATCH 28/28] KVM: selftests: Verify KVM disable interception (for userspace) on filter change

Posted by Mi, Dapeng 8 months, 1 week ago

On 5/30/2025 7:40 AM, Sean Christopherson wrote:
> Re-read MSR_{FS,GS}_BASE after restoring the "allow everything" userspace
> MSR filter to verify that KVM stops forwarding exits to userspace.  This
> can also be used in conjunction with manual verification (e.g. printk) to
> ensure KVM is correctly updating the MSR bitmaps consumed by hardware.
>
> Signed-off-by: Sean Christopherson <seanjc@google.com>
> ---
>  tools/testing/selftests/kvm/x86/userspace_msr_exit_test.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
>
> diff --git a/tools/testing/selftests/kvm/x86/userspace_msr_exit_test.c b/tools/testing/selftests/kvm/x86/userspace_msr_exit_test.c
> index 32b2794b78fe..8463a9956410 100644
> --- a/tools/testing/selftests/kvm/x86/userspace_msr_exit_test.c
> +++ b/tools/testing/selftests/kvm/x86/userspace_msr_exit_test.c
> @@ -343,6 +343,12 @@ static void guest_code_permission_bitmap(void)
>  	data = test_rdmsr(MSR_GS_BASE);
>  	GUEST_ASSERT(data == MSR_GS_BASE);
>  
> +	/* Access the MSRs again to ensure KVM has disabled interception.*/
> +	data = test_rdmsr(MSR_FS_BASE);
> +	GUEST_ASSERT(data != MSR_FS_BASE);
> +	data = test_rdmsr(MSR_GS_BASE);
> +	GUEST_ASSERT(data != MSR_GS_BASE);
> +
>  	GUEST_DONE();
>  }
>  
> @@ -682,6 +688,8 @@ KVM_ONE_VCPU_TEST(user_msr, msr_permission_bitmap, guest_code_permission_bitmap)
>  		    "Expected ucall state to be UCALL_SYNC.");
>  	vm_ioctl(vm, KVM_X86_SET_MSR_FILTER, &filter_gs);
>  	run_guest_then_process_rdmsr(vcpu, MSR_GS_BASE);
> +
> +	vm_ioctl(vm, KVM_X86_SET_MSR_FILTER, &filter_allow);
>  	run_guest_then_process_ucall_done(vcpu);
>  }
>  

Test passes on Intel platform (Sapphire Rapids).

Tested-by: Dapeng Mi <dapeng1.mi@linux.intel.com>

Re: [PATCH 28/28] KVM: selftests: Verify KVM disable interception (for userspace) on filter change

Posted by Manali Shukla 8 months, 1 week ago

On 6/3/2025 11:17 AM, Mi, Dapeng wrote:
> 
> On 5/30/2025 7:40 AM, Sean Christopherson wrote:
>> Re-read MSR_{FS,GS}_BASE after restoring the "allow everything" userspace
>> MSR filter to verify that KVM stops forwarding exits to userspace.  This
>> can also be used in conjunction with manual verification (e.g. printk) to
>> ensure KVM is correctly updating the MSR bitmaps consumed by hardware.
>>
>> Signed-off-by: Sean Christopherson <seanjc@google.com>
>> ---
>>  tools/testing/selftests/kvm/x86/userspace_msr_exit_test.c | 8 ++++++++
>>  1 file changed, 8 insertions(+)
>>
>> diff --git a/tools/testing/selftests/kvm/x86/userspace_msr_exit_test.c b/tools/testing/selftests/kvm/x86/userspace_msr_exit_test.c
>> index 32b2794b78fe..8463a9956410 100644
>> --- a/tools/testing/selftests/kvm/x86/userspace_msr_exit_test.c
>> +++ b/tools/testing/selftests/kvm/x86/userspace_msr_exit_test.c
>> @@ -343,6 +343,12 @@ static void guest_code_permission_bitmap(void)
>>  	data = test_rdmsr(MSR_GS_BASE);
>>  	GUEST_ASSERT(data == MSR_GS_BASE);
>>  
>> +	/* Access the MSRs again to ensure KVM has disabled interception.*/
>> +	data = test_rdmsr(MSR_FS_BASE);
>> +	GUEST_ASSERT(data != MSR_FS_BASE);
>> +	data = test_rdmsr(MSR_GS_BASE);
>> +	GUEST_ASSERT(data != MSR_GS_BASE);
>> +
>>  	GUEST_DONE();
>>  }
>>  
>> @@ -682,6 +688,8 @@ KVM_ONE_VCPU_TEST(user_msr, msr_permission_bitmap, guest_code_permission_bitmap)
>>  		    "Expected ucall state to be UCALL_SYNC.");
>>  	vm_ioctl(vm, KVM_X86_SET_MSR_FILTER, &filter_gs);
>>  	run_guest_then_process_rdmsr(vcpu, MSR_GS_BASE);
>> +
>> +	vm_ioctl(vm, KVM_X86_SET_MSR_FILTER, &filter_allow);
>>  	run_guest_then_process_ucall_done(vcpu);
>>  }
>>  
> 
> Test passes on Intel platform (Sapphire Rapids).
> 
> Tested-by: Dapeng Mi <dapeng1.mi@linux.intel.com>
> 
> 

This test passes on AMD platform (Genoa)

Tested-by: Manali Shukla <Manali.Shukla@amd.com>