kvm.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Paolo Bonzini <pbonzini@redhat.com>
To: Lai Jiangshan <jiangshanlai@gmail.com>, kvm@vger.kernel.org
Cc: Sean Christopherson <seanjc@google.com>,
	Hou Wenlong <houwenlong.hwl@antgroup.com>,
	Lai Jiangshan <laijs@linux.alibaba.com>
Subject: Re: [kvm-unit-tests PATCH V3] x86: Add a test to check effective permissions
Date: Tue, 8 Jun 2021 20:49:32 +0200	[thread overview]
Message-ID: <4ea8682d-b602-807e-d7b9-6c8b828ccadf@redhat.com> (raw)
In-Reply-To: <20210605174901.157556-1-jiangshanlai@gmail.com>

On 05/06/21 19:49, Lai Jiangshan wrote:
> From: Lai Jiangshan <laijs@linux.alibaba.com>
> 
> Add a test to verify that KVM correctly handles the case where two or
> more non-leaf page table entries point at the same table gfn, but with
> different parent access permissions.
> 
> For example, here is a shared pagetable:
>     pgd[]   pud[]        pmd[]            virtual address pointers
>                       /->pmd1(u--)->pte1(uw-)->page1 <- ptr1 (u--)
>          /->pud1(uw-)--->pmd2(uw-)->pte2(uw-)->page2 <- ptr2 (uw-)
>     pgd-|           (shared pmd[] as above)
>          \->pud2(u--)--->pmd1(u--)->pte1(uw-)->page1 <- ptr3 (u--)
>                       \->pmd2(uw-)->pte2(uw-)->page2 <- ptr4 (u--)
>    pud1 and pud2 point to the same pmd table
> 
> The test is useful when TDP is not enabled.
> 
> Co-Developed-by: Hou Wenlong <houwenlong.hwl@antgroup.com>
> Signed-off-by: Hou Wenlong <houwenlong.hwl@antgroup.com>
> Signed-off-by: Lai Jiangshan <laijs@linux.alibaba.com>
> ---
>   x86/access.c | 106 ++++++++++++++++++++++++++++++++++++++++++++++++---
>   1 file changed, 100 insertions(+), 6 deletions(-)
> 
> diff --git a/x86/access.c b/x86/access.c
> index 7dc9eb6..0ad677e 100644
> --- a/x86/access.c
> +++ b/x86/access.c
> @@ -60,6 +60,12 @@ enum {
>       AC_PDE_BIT36_BIT,
>       AC_PDE_BIT13_BIT,
>   
> +    /*
> +     *  special test case to DISABLE writable bit on page directory
> +     *  pointer table entry.
> +     */
> +    AC_PDPTE_NO_WRITABLE_BIT,
> +
>       AC_PKU_AD_BIT,
>       AC_PKU_WD_BIT,
>       AC_PKU_PKEY_BIT,
> @@ -97,6 +103,8 @@ enum {
>   #define AC_PDE_BIT36_MASK     (1 << AC_PDE_BIT36_BIT)
>   #define AC_PDE_BIT13_MASK     (1 << AC_PDE_BIT13_BIT)
>   
> +#define AC_PDPTE_NO_WRITABLE_MASK  (1 << AC_PDPTE_NO_WRITABLE_BIT)
> +
>   #define AC_PKU_AD_MASK        (1 << AC_PKU_AD_BIT)
>   #define AC_PKU_WD_MASK        (1 << AC_PKU_WD_BIT)
>   #define AC_PKU_PKEY_MASK      (1 << AC_PKU_PKEY_BIT)
> @@ -130,6 +138,7 @@ const char *ac_names[] = {
>       [AC_PDE_BIT51_BIT] = "pde.51",
>       [AC_PDE_BIT36_BIT] = "pde.36",
>       [AC_PDE_BIT13_BIT] = "pde.13",
> +    [AC_PDPTE_NO_WRITABLE_BIT] = "pdpte.ro",
>       [AC_PKU_AD_BIT] = "pkru.ad",
>       [AC_PKU_WD_BIT] = "pkru.wd",
>       [AC_PKU_PKEY_BIT] = "pkey=1",
> @@ -326,6 +335,7 @@ static pt_element_t ac_test_alloc_pt(ac_pool_t *pool)
>   {
>       pt_element_t ret = pool->pt_pool + pool->pt_pool_current;
>       pool->pt_pool_current += PAGE_SIZE;
> +    memset(va(ret), 0, PAGE_SIZE);
>       return ret;
>   }
>   
> @@ -408,7 +418,7 @@ static void ac_emulate_access(ac_test_t *at, unsigned flags)
>   	goto fault;
>       }
>   
> -    writable = F(AC_PDE_WRITABLE);
> +    writable = !F(AC_PDPTE_NO_WRITABLE) && F(AC_PDE_WRITABLE);
>       user = F(AC_PDE_USER);
>       executable = !F(AC_PDE_NX);
>   
> @@ -471,7 +481,7 @@ static void ac_set_expected_status(ac_test_t *at)
>       ac_emulate_access(at, at->flags);
>   }
>   
> -static void __ac_setup_specific_pages(ac_test_t *at, ac_pool_t *pool,
> +static void __ac_setup_specific_pages(ac_test_t *at, ac_pool_t *pool, bool reuse,
>   				      u64 pd_page, u64 pt_page)
>   
>   {
> @@ -496,13 +506,29 @@ static void __ac_setup_specific_pages(ac_test_t *at, ac_pool_t *pool,
>   	    goto next;
>   	}
>   	skip = false;
> +	if (reuse && vroot[index]) {
> +	    switch (i) {
> +	    case 2:
> +		at->pdep = &vroot[index];
> +		break;
> +	    case 1:
> +		at->ptep = &vroot[index];
> +		break;
> +	    }
> +	    goto next;
> +	}
>   
>   	switch (i) {
>   	case 5:
>   	case 4:
> +	    pte = ac_test_alloc_pt(pool);
> +	    pte |= PT_PRESENT_MASK | PT_WRITABLE_MASK | PT_USER_MASK;
> +	    break;
>   	case 3:
>   	    pte = pd_page ? pd_page : ac_test_alloc_pt(pool);
> -	    pte |= PT_PRESENT_MASK | PT_WRITABLE_MASK | PT_USER_MASK;
> +	    pte |= PT_PRESENT_MASK | PT_USER_MASK;
> +	    if (!F(AC_PDPTE_NO_WRITABLE))
> +		pte |= PT_WRITABLE_MASK;
>   	    break;
>   	case 2:
>   	    if (!F(AC_PDE_PSE)) {
> @@ -568,13 +594,13 @@ static void __ac_setup_specific_pages(ac_test_t *at, ac_pool_t *pool,
>   
>   static void ac_test_setup_pte(ac_test_t *at, ac_pool_t *pool)
>   {
> -	__ac_setup_specific_pages(at, pool, 0, 0);
> +	__ac_setup_specific_pages(at, pool, false, 0, 0);
>   }
>   
>   static void ac_setup_specific_pages(ac_test_t *at, ac_pool_t *pool,
>   				    u64 pd_page, u64 pt_page)
>   {
> -	return __ac_setup_specific_pages(at, pool, pd_page, pt_page);
> +	return __ac_setup_specific_pages(at, pool, false, pd_page, pt_page);
>   }
>   
>   static void dump_mapping(ac_test_t *at)
> @@ -930,6 +956,73 @@ err:
>   	return 0;
>   }
>   
> +static int check_effective_sp_permissions(ac_pool_t *pool)
> +{
> +	unsigned long ptr1 = 0x123480000000;
> +	unsigned long ptr2 = ptr1 + SZ_2M;
> +	unsigned long ptr3 = ptr1 + SZ_1G;
> +	unsigned long ptr4 = ptr3 + SZ_2M;
> +	pt_element_t pmd = ac_test_alloc_pt(pool);
> +	ac_test_t at1, at2, at3, at4;
> +	int err_read_at1, err_write_at2;
> +	int err_read_at3, err_write_at4;
> +
> +	/*
> +	 * pgd[]   pud[]        pmd[]            virtual address pointers
> +	 *                   /->pmd1(u--)->pte1(uw-)->page1 <- ptr1 (u--)
> +	 *      /->pud1(uw-)--->pmd2(uw-)->pte2(uw-)->page2 <- ptr2 (uw-)
> +	 * pgd-|           (shared pmd[] as above)
> +	 *      \->pud2(u--)--->pmd1(u--)->pte1(uw-)->page1 <- ptr3 (u--)
> +	 *                   \->pmd2(uw-)->pte2(uw-)->page2 <- ptr4 (u--)
> +	 * pud1 and pud2 point to the same pmd page.
> +	 */
> +
> +	ac_test_init(&at1, (void *)(ptr1));
> +	at1.flags = AC_PDE_PRESENT_MASK | AC_PTE_PRESENT_MASK |
> +		    AC_PDE_USER_MASK | AC_PTE_USER_MASK |
> +		    AC_PDE_ACCESSED_MASK | AC_PTE_ACCESSED_MASK |
> +		    AC_PTE_WRITABLE_MASK | AC_ACCESS_USER_MASK;
> +	__ac_setup_specific_pages(&at1, pool, false, pmd, 0);
> +
> +	ac_test_init(&at2, (void *)(ptr2));
> +	at2.flags = at1.flags | AC_PDE_WRITABLE_MASK | AC_PTE_DIRTY_MASK | AC_ACCESS_WRITE_MASK;
> +	__ac_setup_specific_pages(&at2, pool, true, pmd, 0);
> +
> +	ac_test_init(&at3, (void *)(ptr3));
> +	at3.flags = AC_PDPTE_NO_WRITABLE_MASK | at1.flags;
> +	__ac_setup_specific_pages(&at3, pool, true, pmd, 0);
> +
> +	ac_test_init(&at4, (void *)(ptr4));
> +	at4.flags = AC_PDPTE_NO_WRITABLE_MASK | at2.flags;
> +	__ac_setup_specific_pages(&at4, pool, true, pmd, 0);
> +
> +	err_read_at1 = ac_test_do_access(&at1);
> +	if (!err_read_at1) {
> +		printf("%s: read access at1 fail\n", __FUNCTION__);
> +		return 0;
> +	}
> +
> +	err_write_at2 = ac_test_do_access(&at2);
> +	if (!err_write_at2) {
> +		printf("%s: write access at2 fail\n", __FUNCTION__);
> +		return 0;
> +	}
> +
> +	err_read_at3 = ac_test_do_access(&at3);
> +	if (!err_read_at3) {
> +		printf("%s: read access at3 fail\n", __FUNCTION__);
> +		return 0;
> +	}
> +
> +	err_write_at4 = ac_test_do_access(&at4);
> +	if (!err_write_at4) {
> +		printf("%s: write access at4 should fail\n", __FUNCTION__);
> +		return 0;
> +	}
> +
> +	return 1;
> +}
> +
>   static int ac_test_exec(ac_test_t *at, ac_pool_t *pool)
>   {
>       int r;
> @@ -948,7 +1041,8 @@ const ac_test_fn ac_test_cases[] =
>   	corrupt_hugepage_triger,
>   	check_pfec_on_prefetch_pte,
>   	check_large_pte_dirty_for_nowp,
> -	check_smep_andnot_wp
> +	check_smep_andnot_wp,
> +	check_effective_sp_permissions,
>   };
>   
>   static int ac_test_run(void)
> 

Applied, thanks.

Paolo


      parent reply	other threads:[~2021-06-08 18:51 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-03  5:05 [kvm-unit-tests PATCH] x86: test combined access Lai Jiangshan
2021-06-03 18:39 ` Sean Christopherson
2021-06-03 22:58   ` [kvm-unit-tests PATCH V2] x86: Add a test to check effective permissions Lai Jiangshan
2021-06-04 21:40     ` Sean Christopherson
2021-06-06  3:20       ` Lai Jiangshan
2021-06-05 17:49         ` [kvm-unit-tests PATCH V3] " Lai Jiangshan
2021-06-08  0:24           ` Sean Christopherson
2021-06-08 18:49           ` Paolo Bonzini [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4ea8682d-b602-807e-d7b9-6c8b828ccadf@redhat.com \
    --to=pbonzini@redhat.com \
    --cc=houwenlong.hwl@antgroup.com \
    --cc=jiangshanlai@gmail.com \
    --cc=kvm@vger.kernel.org \
    --cc=laijs@linux.alibaba.com \
    --cc=seanjc@google.com \
    --subject='Re: [kvm-unit-tests PATCH V3] x86: Add a test to check effective permissions' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).