zircon/kernel/arch/x86/platform_tests.cc - fuchsia - Git at Google

 // Copyright 2019 The Fuchsia Authors
 //
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file or at
 // https://opensource.org/licenses/MIT

 #include <../syscalls/system_priv.h>
 #include <iovec.h>

 #include <arch/arch_ops.h>
 #include <arch/mp.h>
 #include <arch/x86.h>
 #include <arch/x86/cpuid.h>
 #include <arch/x86/cpuid_test_data.h>
 #include <arch/x86/feature.h>
 #include <arch/x86/platform_access.h>
 #include <ktl/array.h>
 #include <lib/console.h>
 #include <lib/unittest/unittest.h>
 #include <zircon/syscalls/system.h>
 namespace {

   static bool test_x64_msrs() {
     BEGIN_TEST;

     arch_disable_ints();
     // Test read_msr for an MSR that is known to always exist on x64.
     uint64_t val = read_msr(X86_MSR_IA32_LSTAR);
     EXPECT_NE(val, 0ull, "");

     // Test write_msr to write that value back.
     write_msr(X86_MSR_IA32_LSTAR, val);
     arch_enable_ints();

     // Test read_msr_safe for an MSR that is known to not exist.
     // If read_msr_safe is busted, then this will #GP (panic).
     // TODO: Enable when the QEMU TCG issue is sorted (TCG never
     // generates a #GP on MSR access).
 #ifdef DISABLED
     uint64_t bad_val;
     // AMD MSRC001_2xxx are only readable via Processor Debug.
     auto bad_status = read_msr_safe(0xC0012000, &bad_val);
     EXPECT_NE(bad_status, ZX_OK, "");
 #endif

     // Test read_msr_on_cpu.
     uint64_t initial_fmask = read_msr(X86_MSR_IA32_FMASK);
     for (uint i = 0; i < arch_max_num_cpus(); i++) {
       if (!mp_is_cpu_online(i)) {
         continue;
       }
       uint64_t fmask = read_msr_on_cpu(/*cpu=*/i, X86_MSR_IA32_FMASK);
       EXPECT_EQ(initial_fmask, fmask, "");
     }

     // Test write_msr_on_cpu
     for (uint i = 0; i < arch_max_num_cpus(); i++) {
       if (!mp_is_cpu_online(i)) {
         continue;
       }
       write_msr_on_cpu(/*cpu=*/i, X86_MSR_IA32_FMASK, /*val=*/initial_fmask);
     }

     END_TEST;
   }

   static bool test_x64_msrs_k_commands() {
     BEGIN_TEST;

     console_run_script_locked("cpu rdmsr 0 0x10");

     END_TEST;
   }

   class FakeMsrAccess : public MsrAccess {
    public:
     struct FakeMsr {
       uint32_t index;
       uint64_t value;
     };

     uint64_t read_msr(uint32_t msr_index) override {
       for (uint i = 0; i < msrs_.size(); i++) {
         if (msrs_[i].index == msr_index) {
           return msrs_[i].value;
         }
       }
       DEBUG_ASSERT(0);  // Unexpected MSR read
       return 0;
     }

     void write_msr(uint32_t msr_index, uint64_t value) override {
       for (uint i = 0; i < msrs_.size(); i++) {
         if (msrs_[i].index == msr_index) {
           msrs_[i].value = value;
           return;
         }
       }
       DEBUG_ASSERT(0);  // Unexpected MSR write
     }

     ktl::array<FakeMsr, 3> msrs_;
   };

   static bool test_x64_meltdown_enumeration() {
     BEGIN_TEST;

     {
       // Test an Intel Xeon E5-2690 V4 w/ older microcode (no ARCH_CAPABILITIES)
       FakeMsrAccess fake_msrs;
       EXPECT_TRUE(x86_intel_cpu_has_meltdown(&cpu_id::kCpuIdXeon2690v4, &fake_msrs), "");
     }

     {
       // Test an Intel Xeon E5-2690 V4 w/ new microcode (ARCH_CAPABILITIES available)
       cpu_id::TestDataSet data = cpu_id::kTestDataXeon2690v4;
       data.leaf7.reg[cpu_id::Features::ARCH_CAPABILITIES.reg] |=
           (1 << cpu_id::Features::ARCH_CAPABILITIES.bit);
       cpu_id::FakeCpuId cpu(data);
       FakeMsrAccess fake_msrs = {};
       fake_msrs.msrs_[0] = {X86_MSR_IA32_ARCH_CAPABILITIES, 0};
       EXPECT_TRUE(x86_intel_cpu_has_meltdown(&cpu, &fake_msrs), "");
     }

     {
       // Intel(R) Core(TM) i5-5257U has Meltdown
       cpu_id::TestDataSet data = {};
       data.leaf0 = {.reg = {0x14, 0x756e6547, 0x6c65746e, 0x49656e69}};
       data.leaf1 = {.reg = {0x306d4, 0x100800, 0x7ffafbbf, 0xbfebfbff}};
       data.leaf4 = {.reg = {0x1c004121, 0x1c0003f, 0x3f, 0x0}};
       data.leaf7 = {.reg = {0x0, 0x21c27ab, 0x0, 0x9c000000}};
       cpu_id::FakeCpuId cpu(data);
       FakeMsrAccess fake_msrs = {};
       EXPECT_TRUE(x86_intel_cpu_has_meltdown(&cpu, &fake_msrs), "");
     }

     {
       // Intel(R) Xeon(R) Gold 6xxx; does not have Meltdown, reports via RDCL_NO
       cpu_id::TestDataSet data = {};
       data.leaf0 = {.reg = {0x16, 0x756e6547, 0x6c65746e, 0x49656e69}};
       data.leaf1 = {.reg = {0x50656, 0x12400800, 0x7ffefbff, 0xbfebfbff}};
       data.leaf4 = {.reg = {0x7c004121, 0x1c0003f, 0x3f, 0x0}};
       data.leaf7 = {.reg = {0x0, 0xd39ffffb, 0x808, 0xbc000400}};

       cpu_id::FakeCpuId cpu(data);
       FakeMsrAccess fake_msrs = {};
       fake_msrs.msrs_[0] = {X86_MSR_IA32_ARCH_CAPABILITIES, 0x2b};
       EXPECT_FALSE(x86_intel_cpu_has_meltdown(&cpu, &fake_msrs), "");
     }

     {
       // Intel(R) Celeron(R) CPU J3455 (Goldmont) does not have L1TF, reports via RDCL_NO
       cpu_id::TestDataSet data = {};
       data.leaf0 = {.reg = {0x15, 0x756e6547, 0x6c65746e, 0x49656e69}};
       data.leaf1 = {.reg = {0x506c9, 0x2200800, 0x4ff8ebbf, 0xbfebfbff}};
       data.leaf4 = {.reg = {0x3c000121, 0x140003f, 0x3f, 0x1}};
       data.leaf7 = {.reg = {0x0, 0x2294e283, 0x0, 0x2c000000}};

       cpu_id::FakeCpuId cpu(data);
       FakeMsrAccess fake_msrs = {};
       // 0x19 = RDCL_NO | SKIP_VMENTRY_L1DFLUSH | SSB_NO
       fake_msrs.msrs_[0] = {X86_MSR_IA32_ARCH_CAPABILITIES, 0x19};
       EXPECT_FALSE(x86_intel_cpu_has_meltdown(&cpu, &fake_msrs), "");
     }

     END_TEST;
   }

   static bool test_x64_l1tf_enumeration() {
     BEGIN_TEST;

     {
       // Test an Intel Xeon E5-2690 V4 w/ older microcode (no ARCH_CAPABILITIES)
       FakeMsrAccess fake_msrs;
       EXPECT_TRUE(x86_intel_cpu_has_l1tf(&cpu_id::kCpuIdXeon2690v4, &fake_msrs), "");
     }

     {
       // Test an Intel Xeon E5-2690 V4 w/ new microcode (ARCH_CAPABILITIES available)
       cpu_id::TestDataSet data = cpu_id::kTestDataXeon2690v4;
       data.leaf7.reg[cpu_id::Features::ARCH_CAPABILITIES.reg] |=
           (1 << cpu_id::Features::ARCH_CAPABILITIES.bit);
       cpu_id::FakeCpuId cpu(data);
       FakeMsrAccess fake_msrs = {};
       fake_msrs.msrs_[0] = {X86_MSR_IA32_ARCH_CAPABILITIES, 0};
       EXPECT_TRUE(x86_intel_cpu_has_l1tf(&cpu, &fake_msrs), "");
     }

     {
       // Intel(R) Xeon(R) Gold 6xxx; does not have Meltdown, reports via RDCL_NO
       cpu_id::TestDataSet data = {};
       data.leaf0 = {.reg = {0x16, 0x756e6547, 0x6c65746e, 0x49656e69}};
       data.leaf1 = {.reg = {0x50656, 0x12400800, 0x7ffefbff, 0xbfebfbff}};
       data.leaf4 = {.reg = {0x7c004121, 0x1c0003f, 0x3f, 0x0}};
       data.leaf7 = {.reg = {0x0, 0xd39ffffb, 0x808, 0xbc000400}};

       cpu_id::FakeCpuId cpu(data);
       FakeMsrAccess fake_msrs = {};
       fake_msrs.msrs_[0] = {X86_MSR_IA32_ARCH_CAPABILITIES, 0x2b};
       EXPECT_FALSE(x86_intel_cpu_has_l1tf(&cpu, &fake_msrs), "");
     }

     {
       // Intel(R) Celeron(R) CPU J3455 (Goldmont) does not have Meltdown, reports via RDCL_NO
       cpu_id::TestDataSet data = {};
       data.leaf0 = {.reg = {0x15, 0x756e6547, 0x6c65746e, 0x49656e69}};
       data.leaf1 = {.reg = {0x506c9, 0x2200800, 0x4ff8ebbf, 0xbfebfbff}};
       data.leaf4 = {.reg = {0x3c000121, 0x140003f, 0x3f, 0x1}};
       data.leaf7 = {.reg = {0x0, 0x2294e283, 0x0, 0x2c000000}};

       cpu_id::FakeCpuId cpu(data);
       FakeMsrAccess fake_msrs = {};
       // 0x19 = RDCL_NO | SKIP_VMENTRY_L1DFLUSH | SSB_NO
       fake_msrs.msrs_[0] = {X86_MSR_IA32_ARCH_CAPABILITIES, 0x19};
       EXPECT_FALSE(x86_intel_cpu_has_l1tf(&cpu, &fake_msrs), "");
     }

     END_TEST;
   }

   static bool test_x64_mds_enumeration() {
     BEGIN_TEST;

     {
       // Test an Intel Xeon E5-2690 V4 w/ older microcode (no ARCH_CAPABILITIES)
       FakeMsrAccess fake_msrs;
       EXPECT_TRUE(x86_intel_cpu_has_mds(&cpu_id::kCpuIdXeon2690v4, &fake_msrs), "");
     }

     {
       // Test an Intel Xeon E5-2690 V4 w/ new microcode (ARCH_CAPABILITIES available)
       cpu_id::TestDataSet data = cpu_id::kTestDataXeon2690v4;
       data.leaf7.reg[cpu_id::Features::ARCH_CAPABILITIES.reg] |=
           (1 << cpu_id::Features::ARCH_CAPABILITIES.bit);
       cpu_id::FakeCpuId cpu(data);
       FakeMsrAccess fake_msrs = {};
       fake_msrs.msrs_[0] = {X86_MSR_IA32_ARCH_CAPABILITIES, 0};
       EXPECT_TRUE(x86_intel_cpu_has_mds(&cpu, &fake_msrs), "");
     }

     {
       // Intel(R) Xeon(R) Gold 6xxx; does not have MDS
       cpu_id::TestDataSet data = {};
       data.leaf0 = {.reg = {0x16, 0x756e6547, 0x6c65746e, 0x49656e69}};
       data.leaf1 = {.reg = {0x50656, 0x12400800, 0x7ffefbff, 0xbfebfbff}};
       data.leaf4 = {.reg = {0x7c004121, 0x1c0003f, 0x3f, 0x0}};
       data.leaf7 = {.reg = {0x0, 0xd39ffffb, 0x808, 0xbc000400}};

       cpu_id::FakeCpuId cpu(data);
       FakeMsrAccess fake_msrs = {};
       fake_msrs.msrs_[0] = {X86_MSR_IA32_ARCH_CAPABILITIES, 0x2b};
       EXPECT_FALSE(x86_intel_cpu_has_mds(&cpu, &fake_msrs), "");
     }

     {
       // Intel(R) Celeron(R) CPU J3455 (Goldmont) does not have MDS but does not
       // enumerate MDS_NO with microcode 32h (at least)
       cpu_id::TestDataSet data = {};
       data.leaf0 = {.reg = {0x15, 0x756e6547, 0x6c65746e, 0x49656e69}};
       data.leaf1 = {.reg = {0x506c9, 0x2200800, 0x4ff8ebbf, 0xbfebfbff}};
       data.leaf4 = {.reg = {0x3c000121, 0x140003f, 0x3f, 0x1}};
       data.leaf7 = {.reg = {0x0, 0x2294e283, 0x0, 0x2c000000}};

       cpu_id::FakeCpuId cpu(data);
       FakeMsrAccess fake_msrs = {};
       // 0x19 = RDCL_NO | SKIP_VMENTRY_L1DFLUSH | SSB_NO
       fake_msrs.msrs_[0] = {X86_MSR_IA32_ARCH_CAPABILITIES, 0x19};
       EXPECT_FALSE(x86_intel_cpu_has_mds(&cpu, &fake_msrs), "");
     }

     END_TEST;
   }

   static uint32_t intel_make_microcode_checksum(uint32_t * patch, size_t bytes) {
     size_t dwords = bytes / sizeof(uint32_t);
     uint32_t sum = 0;
     for (size_t i = 0; i < dwords; i++) {
       sum += patch[i];
     }
     return -sum;
   }

   static bool test_x64_intel_ucode_loader() {
     BEGIN_TEST;

     // x86_intel_check_microcode_patch checks if a microcode patch is suitable for a particular
     // CPU. Test that its match logic works for various CPUs and conditions we commonly use.

     {
       uint32_t fake_patch[512] = {};
       // Intel(R) Celeron(R) CPU J3455 (Goldmont), NUC6CAYH
       cpu_id::TestDataSet data = {};
       data.leaf0 = {.reg = {0x15, 0x756e6547, 0x6c65746e, 0x49656e69}};
       data.leaf1 = {.reg = {0x506c9, 0x2200800, 0x4ff8ebbf, 0xbfebfbff}};
       data.leaf4 = {.reg = {0x3c000121, 0x140003f, 0x3f, 0x1}};
       data.leaf7 = {.reg = {0x0, 0x2294e283, 0x0, 0x2c000000}};
       cpu_id::FakeCpuId cpu(data);
       FakeMsrAccess fake_msrs = {};
       fake_msrs.msrs_[0] = {X86_MSR_IA32_PLATFORM_ID, 0x1ull << 50};  // Apollo Lake

       // Reject an all-zero patch.
       EXPECT_FALSE(
           x86_intel_check_microcode_patch(&cpu, &fake_msrs, {fake_patch, sizeof(fake_patch)}), "");

       // Reject patch with non-matching processor signature.
       fake_patch[0] = 0x1;
       fake_patch[4] = intel_make_microcode_checksum(fake_patch, sizeof(fake_patch));
       EXPECT_FALSE(
           x86_intel_check_microcode_patch(&cpu, &fake_msrs, {fake_patch, sizeof(fake_patch)}), "");

       // Expect matching patch to pass
       fake_patch[0] = 0x1;
       fake_patch[3] = data.leaf1.reg[0];  // Signature match
       fake_patch[6] = 0x3;                // Processor flags match PLATFORM_ID
       fake_patch[4] = 0;
       fake_patch[4] = intel_make_microcode_checksum(fake_patch, sizeof(fake_patch));
       EXPECT_TRUE(
           x86_intel_check_microcode_patch(&cpu, &fake_msrs, {fake_patch, sizeof(fake_patch)}), "");
       // Real header from 2019-01-15, rev 38
       fake_patch[0] = 0x1;
       fake_patch[1] = 0x38;
       fake_patch[2] = 0x01152019;
       fake_patch[3] = 0x506c9;
       fake_patch[6] = 0x3;  // Processor flags match PLATFORM_ID
       fake_patch[4] = 0;
       fake_patch[4] = intel_make_microcode_checksum(fake_patch, sizeof(fake_patch));
       EXPECT_TRUE(
           x86_intel_check_microcode_patch(&cpu, &fake_msrs, {fake_patch, sizeof(fake_patch)}), "");
     }

     END_TEST;
   }

   class FakeWriteMsr : public MsrAccess {
    public:
     void write_msr(uint32_t msr_index, uint64_t value) override {
       DEBUG_ASSERT(written_ == false);
       written_ = true;
       msr_index_ = msr_index;
     }

     bool written_ = false;
     uint32_t msr_index_;
   };

   static bool test_x64_intel_ucode_patch_loader() {
     BEGIN_TEST;

     cpu_id::TestDataSet data = {};
     cpu_id::FakeCpuId cpu(data);
     FakeWriteMsr msrs;
     uint32_t fake_patch[512] = {};

     // Expect that a patch == current patch is not loaded.
     uint32_t current_patch_level = x86_intel_get_patch_level();
     fake_patch[1] = current_patch_level;
     x86_intel_load_microcode_patch(&cpu, &msrs, {fake_patch, sizeof(fake_patch)});
     EXPECT_FALSE(msrs.written_, "");

     // Expect that a newer patch is loaded.
     fake_patch[1] = current_patch_level + 1;
     x86_intel_load_microcode_patch(&cpu, &msrs, {fake_patch, sizeof(fake_patch)});
     EXPECT_TRUE(msrs.written_, "");
     EXPECT_EQ(msrs.msr_index_, X86_MSR_IA32_BIOS_UPDT_TRIG, "");

     END_TEST;
   }

   static bool test_x64_power_limits() {
     BEGIN_TEST;

     FakeMsrAccess fake_msrs = {};

     // defaults on Ava/Eve. They both use the same Intel chipset
     // only diff is the WiFi. Ava uses Broadcomm vs Eve uses Intel
     fake_msrs.msrs_[0] = {X86_MSR_PKG_POWER_LIMIT, 0x1807800dd8038};
     fake_msrs.msrs_[1] = {X86_MSR_RAPL_POWER_UNIT, 0xA0E03};
     // This default value does not look right, but this is a RO MSR
     fake_msrs.msrs_[2] = {X86_MSR_PKG_POWER_INFO, 0x24};

     // Read the defaults from pkg power msr.
     uint64_t default_val = fake_msrs.read_msr(X86_MSR_PKG_POWER_LIMIT);
     uint64_t units = fake_msrs.read_msr(X86_MSR_RAPL_POWER_UNIT);
     uint32_t power_unit = 1000 / (1 << (units & 0x0f));
     uint32_t new_power_limit = 4500;

   zx_system_powerctl_arg_t arg;
   arg.x86_power_limit.clamp = static_cast<uint8_t>(default_val >> 16 & 0x01);
   arg.x86_power_limit.enable = static_cast<uint8_t>(default_val >> 15 & 0x01);
   // changing the value to 4.5W from 7W = 0x24 in the MSR
   // X86_MSR_PKG_POWER_LIMIT & 0x7FFF = 0x24 * power_units should give 4.5W
   arg.x86_power_limit.power_limit = new_power_limit;

   // write it back again to see if the new function does it right
   arch_system_powerctl(ZX_SYSTEM_POWERCTL_X86_SET_PKG_PL1, &arg, &fake_msrs);

   uint64_t new_val = fake_msrs.read_msr(X86_MSR_PKG_POWER_LIMIT);
   uint32_t power_limit = static_cast<uint32_t>(new_val & 0x7FFF);

   power_limit *= power_unit;

   EXPECT_EQ(new_power_limit, power_limit, "Set power limit failed");

   END_TEST;
 }
 }  // anonymous namespace

 UNITTEST_START_TESTCASE(x64_platform_tests)
 UNITTEST("basic test of read/write MSR variants", test_x64_msrs)
 UNITTEST("test k cpu rdmsr commands", test_x64_msrs_k_commands)
 UNITTEST("test enumeration of x64 Meltdown vulnerability", test_x64_meltdown_enumeration)
 UNITTEST("test enumeration of x64 L1TF vulnerability", test_x64_l1tf_enumeration)
 UNITTEST("test enumeration of x64 MDS vulnerability", test_x64_mds_enumeration)
 UNITTEST("test Intel x86 microcode patch loader match and load logic", test_x64_intel_ucode_loader)
 UNITTEST("test Intel x86 microcode patch loader mechanism", test_x64_intel_ucode_patch_loader)
 UNITTEST("test pkg power limit change", test_x64_power_limits)
 UNITTEST_END_TESTCASE(x64_platform_tests, "x64_platform_tests", "");
	// Copyright 2019 The Fuchsia Authors
	//
	// Use of this source code is governed by a MIT-style
	// license that can be found in the LICENSE file or at
	// https://opensource.org/licenses/MIT

	#include <../syscalls/system_priv.h>
	#include <iovec.h>

	#include <arch/arch_ops.h>
	#include <arch/mp.h>
	#include <arch/x86.h>
	#include <arch/x86/cpuid.h>
	#include <arch/x86/cpuid_test_data.h>
	#include <arch/x86/feature.h>
	#include <arch/x86/platform_access.h>
	#include <ktl/array.h>
	#include <lib/console.h>
	#include <lib/unittest/unittest.h>
	#include <zircon/syscalls/system.h>
	namespace {

	static bool test_x64_msrs() {
	BEGIN_TEST;

	arch_disable_ints();
	// Test read_msr for an MSR that is known to always exist on x64.
	uint64_t val = read_msr(X86_MSR_IA32_LSTAR);
	EXPECT_NE(val, 0ull, "");

	// Test write_msr to write that value back.
	write_msr(X86_MSR_IA32_LSTAR, val);
	arch_enable_ints();

	// Test read_msr_safe for an MSR that is known to not exist.
	// If read_msr_safe is busted, then this will #GP (panic).
	// TODO: Enable when the QEMU TCG issue is sorted (TCG never
	// generates a #GP on MSR access).
	#ifdef DISABLED
	uint64_t bad_val;
	// AMD MSRC001_2xxx are only readable via Processor Debug.
	auto bad_status = read_msr_safe(0xC0012000, &bad_val);
	EXPECT_NE(bad_status, ZX_OK, "");
	#endif

	// Test read_msr_on_cpu.
	uint64_t initial_fmask = read_msr(X86_MSR_IA32_FMASK);
	for (uint i = 0; i < arch_max_num_cpus(); i++) {
	if (!mp_is_cpu_online(i)) {
	continue;
	}
	uint64_t fmask = read_msr_on_cpu(/cpu=/i, X86_MSR_IA32_FMASK);
	EXPECT_EQ(initial_fmask, fmask, "");
	}

	// Test write_msr_on_cpu
	for (uint i = 0; i < arch_max_num_cpus(); i++) {
	if (!mp_is_cpu_online(i)) {
	continue;
	}
	write_msr_on_cpu(/cpu=/i, X86_MSR_IA32_FMASK, /val=/initial_fmask);
	}

	END_TEST;
	}

	static bool test_x64_msrs_k_commands() {
	BEGIN_TEST;

	console_run_script_locked("cpu rdmsr 0 0x10");

	END_TEST;
	}

	class FakeMsrAccess : public MsrAccess {
	public:
	struct FakeMsr {
	uint32_t index;
	uint64_t value;
	};

	uint64_t read_msr(uint32_t msr_index) override {
	for (uint i = 0; i < msrs_.size(); i++) {
	if (msrs_[i].index == msr_index) {
	return msrs_[i].value;
	}
	}
	DEBUG_ASSERT(0); // Unexpected MSR read
	return 0;
	}

	void write_msr(uint32_t msr_index, uint64_t value) override {
	for (uint i = 0; i < msrs_.size(); i++) {
	if (msrs_[i].index == msr_index) {
	msrs_[i].value = value;
	return;
	}
	}
	DEBUG_ASSERT(0); // Unexpected MSR write
	}

	ktl::array<FakeMsr, 3> msrs_;
	};

	static bool test_x64_meltdown_enumeration() {
	BEGIN_TEST;

	{
	// Test an Intel Xeon E5-2690 V4 w/ older microcode (no ARCH_CAPABILITIES)
	FakeMsrAccess fake_msrs;
	EXPECT_TRUE(x86_intel_cpu_has_meltdown(&cpu_id::kCpuIdXeon2690v4, &fake_msrs), "");
	}

	{
	// Test an Intel Xeon E5-2690 V4 w/ new microcode (ARCH_CAPABILITIES available)
	cpu_id::TestDataSet data = cpu_id::kTestDataXeon2690v4;
	data.leaf7.reg[cpu_id::Features::ARCH_CAPABILITIES.reg] \|=
	(1 << cpu_id::Features::ARCH_CAPABILITIES.bit);
	cpu_id::FakeCpuId cpu(data);
	FakeMsrAccess fake_msrs = {};
	fake_msrs.msrs_[0] = {X86_MSR_IA32_ARCH_CAPABILITIES, 0};
	EXPECT_TRUE(x86_intel_cpu_has_meltdown(&cpu, &fake_msrs), "");
	}

	{
	// Intel(R) Core(TM) i5-5257U has Meltdown
	cpu_id::TestDataSet data = {};
	data.leaf0 = {.reg = {0x14, 0x756e6547, 0x6c65746e, 0x49656e69}};
	data.leaf1 = {.reg = {0x306d4, 0x100800, 0x7ffafbbf, 0xbfebfbff}};
	data.leaf4 = {.reg = {0x1c004121, 0x1c0003f, 0x3f, 0x0}};
	data.leaf7 = {.reg = {0x0, 0x21c27ab, 0x0, 0x9c000000}};
	cpu_id::FakeCpuId cpu(data);
	FakeMsrAccess fake_msrs = {};
	EXPECT_TRUE(x86_intel_cpu_has_meltdown(&cpu, &fake_msrs), "");
	}

	{
	// Intel(R) Xeon(R) Gold 6xxx; does not have Meltdown, reports via RDCL_NO
	cpu_id::TestDataSet data = {};
	data.leaf0 = {.reg = {0x16, 0x756e6547, 0x6c65746e, 0x49656e69}};
	data.leaf1 = {.reg = {0x50656, 0x12400800, 0x7ffefbff, 0xbfebfbff}};
	data.leaf4 = {.reg = {0x7c004121, 0x1c0003f, 0x3f, 0x0}};
	data.leaf7 = {.reg = {0x0, 0xd39ffffb, 0x808, 0xbc000400}};

	cpu_id::FakeCpuId cpu(data);
	FakeMsrAccess fake_msrs = {};
	fake_msrs.msrs_[0] = {X86_MSR_IA32_ARCH_CAPABILITIES, 0x2b};
	EXPECT_FALSE(x86_intel_cpu_has_meltdown(&cpu, &fake_msrs), "");
	}

	{
	// Intel(R) Celeron(R) CPU J3455 (Goldmont) does not have L1TF, reports via RDCL_NO
	cpu_id::TestDataSet data = {};
	data.leaf0 = {.reg = {0x15, 0x756e6547, 0x6c65746e, 0x49656e69}};
	data.leaf1 = {.reg = {0x506c9, 0x2200800, 0x4ff8ebbf, 0xbfebfbff}};
	data.leaf4 = {.reg = {0x3c000121, 0x140003f, 0x3f, 0x1}};
	data.leaf7 = {.reg = {0x0, 0x2294e283, 0x0, 0x2c000000}};

	cpu_id::FakeCpuId cpu(data);
	FakeMsrAccess fake_msrs = {};
	// 0x19 = RDCL_NO \| SKIP_VMENTRY_L1DFLUSH \| SSB_NO
	fake_msrs.msrs_[0] = {X86_MSR_IA32_ARCH_CAPABILITIES, 0x19};
	EXPECT_FALSE(x86_intel_cpu_has_meltdown(&cpu, &fake_msrs), "");
	}

	END_TEST;
	}

	static bool test_x64_l1tf_enumeration() {
	BEGIN_TEST;

	{
	// Test an Intel Xeon E5-2690 V4 w/ older microcode (no ARCH_CAPABILITIES)
	FakeMsrAccess fake_msrs;
	EXPECT_TRUE(x86_intel_cpu_has_l1tf(&cpu_id::kCpuIdXeon2690v4, &fake_msrs), "");
	}

	{
	// Test an Intel Xeon E5-2690 V4 w/ new microcode (ARCH_CAPABILITIES available)
	cpu_id::TestDataSet data = cpu_id::kTestDataXeon2690v4;
	data.leaf7.reg[cpu_id::Features::ARCH_CAPABILITIES.reg] \|=
	(1 << cpu_id::Features::ARCH_CAPABILITIES.bit);
	cpu_id::FakeCpuId cpu(data);
	FakeMsrAccess fake_msrs = {};
	fake_msrs.msrs_[0] = {X86_MSR_IA32_ARCH_CAPABILITIES, 0};
	EXPECT_TRUE(x86_intel_cpu_has_l1tf(&cpu, &fake_msrs), "");
	}

	{
	// Intel(R) Xeon(R) Gold 6xxx; does not have Meltdown, reports via RDCL_NO
	cpu_id::TestDataSet data = {};
	data.leaf0 = {.reg = {0x16, 0x756e6547, 0x6c65746e, 0x49656e69}};
	data.leaf1 = {.reg = {0x50656, 0x12400800, 0x7ffefbff, 0xbfebfbff}};
	data.leaf4 = {.reg = {0x7c004121, 0x1c0003f, 0x3f, 0x0}};
	data.leaf7 = {.reg = {0x0, 0xd39ffffb, 0x808, 0xbc000400}};

	cpu_id::FakeCpuId cpu(data);
	FakeMsrAccess fake_msrs = {};
	fake_msrs.msrs_[0] = {X86_MSR_IA32_ARCH_CAPABILITIES, 0x2b};
	EXPECT_FALSE(x86_intel_cpu_has_l1tf(&cpu, &fake_msrs), "");
	}

	{
	// Intel(R) Celeron(R) CPU J3455 (Goldmont) does not have Meltdown, reports via RDCL_NO
	cpu_id::TestDataSet data = {};
	data.leaf0 = {.reg = {0x15, 0x756e6547, 0x6c65746e, 0x49656e69}};
	data.leaf1 = {.reg = {0x506c9, 0x2200800, 0x4ff8ebbf, 0xbfebfbff}};
	data.leaf4 = {.reg = {0x3c000121, 0x140003f, 0x3f, 0x1}};
	data.leaf7 = {.reg = {0x0, 0x2294e283, 0x0, 0x2c000000}};

	cpu_id::FakeCpuId cpu(data);
	FakeMsrAccess fake_msrs = {};
	// 0x19 = RDCL_NO \| SKIP_VMENTRY_L1DFLUSH \| SSB_NO
	fake_msrs.msrs_[0] = {X86_MSR_IA32_ARCH_CAPABILITIES, 0x19};
	EXPECT_FALSE(x86_intel_cpu_has_l1tf(&cpu, &fake_msrs), "");
	}

	END_TEST;
	}

	static bool test_x64_mds_enumeration() {
	BEGIN_TEST;

	{
	// Test an Intel Xeon E5-2690 V4 w/ older microcode (no ARCH_CAPABILITIES)
	FakeMsrAccess fake_msrs;
	EXPECT_TRUE(x86_intel_cpu_has_mds(&cpu_id::kCpuIdXeon2690v4, &fake_msrs), "");
	}

	{
	// Test an Intel Xeon E5-2690 V4 w/ new microcode (ARCH_CAPABILITIES available)
	cpu_id::TestDataSet data = cpu_id::kTestDataXeon2690v4;
	data.leaf7.reg[cpu_id::Features::ARCH_CAPABILITIES.reg] \|=
	(1 << cpu_id::Features::ARCH_CAPABILITIES.bit);
	cpu_id::FakeCpuId cpu(data);
	FakeMsrAccess fake_msrs = {};
	fake_msrs.msrs_[0] = {X86_MSR_IA32_ARCH_CAPABILITIES, 0};
	EXPECT_TRUE(x86_intel_cpu_has_mds(&cpu, &fake_msrs), "");
	}

	{
	// Intel(R) Xeon(R) Gold 6xxx; does not have MDS
	cpu_id::TestDataSet data = {};
	data.leaf0 = {.reg = {0x16, 0x756e6547, 0x6c65746e, 0x49656e69}};
	data.leaf1 = {.reg = {0x50656, 0x12400800, 0x7ffefbff, 0xbfebfbff}};
	data.leaf4 = {.reg = {0x7c004121, 0x1c0003f, 0x3f, 0x0}};
	data.leaf7 = {.reg = {0x0, 0xd39ffffb, 0x808, 0xbc000400}};

	cpu_id::FakeCpuId cpu(data);
	FakeMsrAccess fake_msrs = {};
	fake_msrs.msrs_[0] = {X86_MSR_IA32_ARCH_CAPABILITIES, 0x2b};
	EXPECT_FALSE(x86_intel_cpu_has_mds(&cpu, &fake_msrs), "");
	}

	{
	// Intel(R) Celeron(R) CPU J3455 (Goldmont) does not have MDS but does not
	// enumerate MDS_NO with microcode 32h (at least)
	cpu_id::TestDataSet data = {};
	data.leaf0 = {.reg = {0x15, 0x756e6547, 0x6c65746e, 0x49656e69}};
	data.leaf1 = {.reg = {0x506c9, 0x2200800, 0x4ff8ebbf, 0xbfebfbff}};
	data.leaf4 = {.reg = {0x3c000121, 0x140003f, 0x3f, 0x1}};
	data.leaf7 = {.reg = {0x0, 0x2294e283, 0x0, 0x2c000000}};

	cpu_id::FakeCpuId cpu(data);
	FakeMsrAccess fake_msrs = {};
	// 0x19 = RDCL_NO \| SKIP_VMENTRY_L1DFLUSH \| SSB_NO
	fake_msrs.msrs_[0] = {X86_MSR_IA32_ARCH_CAPABILITIES, 0x19};
	EXPECT_FALSE(x86_intel_cpu_has_mds(&cpu, &fake_msrs), "");
	}

	END_TEST;
	}

	static uint32_t intel_make_microcode_checksum(uint32_t * patch, size_t bytes) {
	size_t dwords = bytes / sizeof(uint32_t);
	uint32_t sum = 0;
	for (size_t i = 0; i < dwords; i++) {
	sum += patch[i];
	}
	return -sum;
	}

	static bool test_x64_intel_ucode_loader() {
	BEGIN_TEST;

	// x86_intel_check_microcode_patch checks if a microcode patch is suitable for a particular
	// CPU. Test that its match logic works for various CPUs and conditions we commonly use.

	{
	uint32_t fake_patch[512] = {};
	// Intel(R) Celeron(R) CPU J3455 (Goldmont), NUC6CAYH
	cpu_id::TestDataSet data = {};
	data.leaf0 = {.reg = {0x15, 0x756e6547, 0x6c65746e, 0x49656e69}};
	data.leaf1 = {.reg = {0x506c9, 0x2200800, 0x4ff8ebbf, 0xbfebfbff}};
	data.leaf4 = {.reg = {0x3c000121, 0x140003f, 0x3f, 0x1}};
	data.leaf7 = {.reg = {0x0, 0x2294e283, 0x0, 0x2c000000}};
	cpu_id::FakeCpuId cpu(data);
	FakeMsrAccess fake_msrs = {};
	fake_msrs.msrs_[0] = {X86_MSR_IA32_PLATFORM_ID, 0x1ull << 50}; // Apollo Lake

	// Reject an all-zero patch.
	EXPECT_FALSE(
	x86_intel_check_microcode_patch(&cpu, &fake_msrs, {fake_patch, sizeof(fake_patch)}), "");

	// Reject patch with non-matching processor signature.
	fake_patch[0] = 0x1;
	fake_patch[4] = intel_make_microcode_checksum(fake_patch, sizeof(fake_patch));
	EXPECT_FALSE(
	x86_intel_check_microcode_patch(&cpu, &fake_msrs, {fake_patch, sizeof(fake_patch)}), "");

	// Expect matching patch to pass
	fake_patch[0] = 0x1;
	fake_patch[3] = data.leaf1.reg[0]; // Signature match
	fake_patch[6] = 0x3; // Processor flags match PLATFORM_ID
	fake_patch[4] = 0;
	fake_patch[4] = intel_make_microcode_checksum(fake_patch, sizeof(fake_patch));
	EXPECT_TRUE(
	x86_intel_check_microcode_patch(&cpu, &fake_msrs, {fake_patch, sizeof(fake_patch)}), "");
	// Real header from 2019-01-15, rev 38
	fake_patch[0] = 0x1;
	fake_patch[1] = 0x38;
	fake_patch[2] = 0x01152019;
	fake_patch[3] = 0x506c9;
	fake_patch[6] = 0x3; // Processor flags match PLATFORM_ID
	fake_patch[4] = 0;
	fake_patch[4] = intel_make_microcode_checksum(fake_patch, sizeof(fake_patch));
	EXPECT_TRUE(
	x86_intel_check_microcode_patch(&cpu, &fake_msrs, {fake_patch, sizeof(fake_patch)}), "");
	}

	END_TEST;
	}

	class FakeWriteMsr : public MsrAccess {
	public:
	void write_msr(uint32_t msr_index, uint64_t value) override {
	DEBUG_ASSERT(written_ == false);
	written_ = true;
	msr_index_ = msr_index;
	}

	bool written_ = false;
	uint32_t msr_index_;
	};

	static bool test_x64_intel_ucode_patch_loader() {
	BEGIN_TEST;

	cpu_id::TestDataSet data = {};
	cpu_id::FakeCpuId cpu(data);
	FakeWriteMsr msrs;
	uint32_t fake_patch[512] = {};

	// Expect that a patch == current patch is not loaded.
	uint32_t current_patch_level = x86_intel_get_patch_level();
	fake_patch[1] = current_patch_level;
	x86_intel_load_microcode_patch(&cpu, &msrs, {fake_patch, sizeof(fake_patch)});
	EXPECT_FALSE(msrs.written_, "");

	// Expect that a newer patch is loaded.
	fake_patch[1] = current_patch_level + 1;
	x86_intel_load_microcode_patch(&cpu, &msrs, {fake_patch, sizeof(fake_patch)});
	EXPECT_TRUE(msrs.written_, "");
	EXPECT_EQ(msrs.msr_index_, X86_MSR_IA32_BIOS_UPDT_TRIG, "");

	END_TEST;
	}

	static bool test_x64_power_limits() {
	BEGIN_TEST;

	FakeMsrAccess fake_msrs = {};

	// defaults on Ava/Eve. They both use the same Intel chipset
	// only diff is the WiFi. Ava uses Broadcomm vs Eve uses Intel
	fake_msrs.msrs_[0] = {X86_MSR_PKG_POWER_LIMIT, 0x1807800dd8038};
	fake_msrs.msrs_[1] = {X86_MSR_RAPL_POWER_UNIT, 0xA0E03};
	// This default value does not look right, but this is a RO MSR
	fake_msrs.msrs_[2] = {X86_MSR_PKG_POWER_INFO, 0x24};

	// Read the defaults from pkg power msr.
	uint64_t default_val = fake_msrs.read_msr(X86_MSR_PKG_POWER_LIMIT);
	uint64_t units = fake_msrs.read_msr(X86_MSR_RAPL_POWER_UNIT);
	uint32_t power_unit = 1000 / (1 << (units & 0x0f));
	uint32_t new_power_limit = 4500;

	zx_system_powerctl_arg_t arg;
	arg.x86_power_limit.clamp = static_cast<uint8_t>(default_val >> 16 & 0x01);
	arg.x86_power_limit.enable = static_cast<uint8_t>(default_val >> 15 & 0x01);
	// changing the value to 4.5W from 7W = 0x24 in the MSR
	// X86_MSR_PKG_POWER_LIMIT & 0x7FFF = 0x24 * power_units should give 4.5W
	arg.x86_power_limit.power_limit = new_power_limit;

	// write it back again to see if the new function does it right
	arch_system_powerctl(ZX_SYSTEM_POWERCTL_X86_SET_PKG_PL1, &arg, &fake_msrs);

	uint64_t new_val = fake_msrs.read_msr(X86_MSR_PKG_POWER_LIMIT);
	uint32_t power_limit = static_cast<uint32_t>(new_val & 0x7FFF);

	power_limit *= power_unit;

	EXPECT_EQ(new_power_limit, power_limit, "Set power limit failed");

	END_TEST;
	}
	} // anonymous namespace

	UNITTEST_START_TESTCASE(x64_platform_tests)
	UNITTEST("basic test of read/write MSR variants", test_x64_msrs)
	UNITTEST("test k cpu rdmsr commands", test_x64_msrs_k_commands)
	UNITTEST("test enumeration of x64 Meltdown vulnerability", test_x64_meltdown_enumeration)
	UNITTEST("test enumeration of x64 L1TF vulnerability", test_x64_l1tf_enumeration)
	UNITTEST("test enumeration of x64 MDS vulnerability", test_x64_mds_enumeration)
	UNITTEST("test Intel x86 microcode patch loader match and load logic", test_x64_intel_ucode_loader)
	UNITTEST("test Intel x86 microcode patch loader mechanism", test_x64_intel_ucode_patch_loader)
	UNITTEST("test pkg power limit change", test_x64_power_limits)
	UNITTEST_END_TESTCASE(x64_platform_tests, "x64_platform_tests", "");