KVM Archive on lore.kernel.org
 help / color / Atom feed
* [kvm-unit-tests PATCH] x86: vmx: Mask undefined bits in exit qualifications
@ 2019-05-03 17:49 nadav.amit
  2019-06-17 19:52 ` Nadav Amit
  0 siblings, 1 reply; 6+ messages in thread
From: nadav.amit @ 2019-05-03 17:49 UTC (permalink / raw)
  To: Paolo Bonzini; +Cc: kvm, Nadav Amit

From: Nadav Amit <nadav.amit@gmail.com>

On EPT violation, the exit qualifications may have some undefined bits.

Bit 6 is undefined if "mode-based execute control" is 0.

Bits 9-11 are undefined unless the processor supports advanced VM-exit
information for EPT violations.

Right now on KVM these bits are always undefined inside the VM (i.e., in
an emulated VM-exit). Mask these bits to avoid potential false
indication of failures.

Signed-off-by: Nadav Amit <nadav.amit@gmail.com>
---
 x86/vmx.h       | 20 ++++++++++++--------
 x86/vmx_tests.c |  4 ++++
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/x86/vmx.h b/x86/vmx.h
index cc377ef..5053d6f 100644
--- a/x86/vmx.h
+++ b/x86/vmx.h
@@ -603,16 +603,20 @@ enum vm_instruction_error_number {
 #define EPT_ADDR_MASK		GENMASK_ULL(51, 12)
 #define PAGE_MASK_2M		(~(PAGE_SIZE_2M-1))
 
-#define EPT_VLT_RD		1
-#define EPT_VLT_WR		(1 << 1)
-#define EPT_VLT_FETCH		(1 << 2)
-#define EPT_VLT_PERM_RD		(1 << 3)
-#define EPT_VLT_PERM_WR		(1 << 4)
-#define EPT_VLT_PERM_EX		(1 << 5)
+#define EPT_VLT_RD		(1ull << 0)
+#define EPT_VLT_WR		(1ull << 1)
+#define EPT_VLT_FETCH		(1ull << 2)
+#define EPT_VLT_PERM_RD		(1ull << 3)
+#define EPT_VLT_PERM_WR		(1ull << 4)
+#define EPT_VLT_PERM_EX		(1ull << 5)
+#define EPT_VLT_PERM_USER_EX	(1ull << 6)
 #define EPT_VLT_PERMS		(EPT_VLT_PERM_RD | EPT_VLT_PERM_WR | \
 				 EPT_VLT_PERM_EX)
-#define EPT_VLT_LADDR_VLD	(1 << 7)
-#define EPT_VLT_PADDR		(1 << 8)
+#define EPT_VLT_LADDR_VLD	(1ull << 7)
+#define EPT_VLT_PADDR		(1ull << 8)
+#define EPT_VLT_GUEST_USER	(1ull << 9)
+#define EPT_VLT_GUEST_WR	(1ull << 10)
+#define EPT_VLT_GUEST_EX	(1ull << 11)
 
 #define MAGIC_VAL_1		0x12345678ul
 #define MAGIC_VAL_2		0x87654321ul
diff --git a/x86/vmx_tests.c b/x86/vmx_tests.c
index c52ebc6..b4129e1 100644
--- a/x86/vmx_tests.c
+++ b/x86/vmx_tests.c
@@ -2365,6 +2365,10 @@ static void do_ept_violation(bool leaf, enum ept_access_op op,
 
 	qual = vmcs_read(EXI_QUALIFICATION);
 
+	/* Mask undefined bits (which may later be defined in certain cases). */
+	qual &= ~(EPT_VLT_GUEST_USER | EPT_VLT_GUEST_WR | EPT_VLT_GUEST_EX |
+		 EPT_VLT_PERM_USER_EX);
+
 	diagnose_ept_violation_qual(expected_qual, qual);
 	TEST_EXPECT_EQ(expected_qual, qual);
 
-- 
2.17.1


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [kvm-unit-tests PATCH] x86: vmx: Mask undefined bits in exit qualifications
  2019-05-03 17:49 [kvm-unit-tests PATCH] x86: vmx: Mask undefined bits in exit qualifications nadav.amit
@ 2019-06-17 19:52 ` Nadav Amit
  2019-06-17 22:22   ` Krish Sadhukhan
  0 siblings, 1 reply; 6+ messages in thread
From: Nadav Amit @ 2019-06-17 19:52 UTC (permalink / raw)
  To: Paolo Bonzini; +Cc: kvm

> On May 3, 2019, at 10:49 AM, nadav.amit@gmail.com wrote:
> 
> From: Nadav Amit <nadav.amit@gmail.com>
> 
> On EPT violation, the exit qualifications may have some undefined bits.
> 
> Bit 6 is undefined if "mode-based execute control" is 0.
> 
> Bits 9-11 are undefined unless the processor supports advanced VM-exit
> information for EPT violations.
> 
> Right now on KVM these bits are always undefined inside the VM (i.e., in
> an emulated VM-exit). Mask these bits to avoid potential false
> indication of failures.
> 
> Signed-off-by: Nadav Amit <nadav.amit@gmail.com>
> ---
> x86/vmx.h       | 20 ++++++++++++--------
> x86/vmx_tests.c |  4 ++++
> 2 files changed, 16 insertions(+), 8 deletions(-)
> 
> diff --git a/x86/vmx.h b/x86/vmx.h
> index cc377ef..5053d6f 100644
> --- a/x86/vmx.h
> +++ b/x86/vmx.h
> @@ -603,16 +603,20 @@ enum vm_instruction_error_number {
> #define EPT_ADDR_MASK		GENMASK_ULL(51, 12)
> #define PAGE_MASK_2M		(~(PAGE_SIZE_2M-1))
> 
> -#define EPT_VLT_RD		1
> -#define EPT_VLT_WR		(1 << 1)
> -#define EPT_VLT_FETCH		(1 << 2)
> -#define EPT_VLT_PERM_RD		(1 << 3)
> -#define EPT_VLT_PERM_WR		(1 << 4)
> -#define EPT_VLT_PERM_EX		(1 << 5)
> +#define EPT_VLT_RD		(1ull << 0)
> +#define EPT_VLT_WR		(1ull << 1)
> +#define EPT_VLT_FETCH		(1ull << 2)
> +#define EPT_VLT_PERM_RD		(1ull << 3)
> +#define EPT_VLT_PERM_WR		(1ull << 4)
> +#define EPT_VLT_PERM_EX		(1ull << 5)
> +#define EPT_VLT_PERM_USER_EX	(1ull << 6)
> #define EPT_VLT_PERMS		(EPT_VLT_PERM_RD | EPT_VLT_PERM_WR | \
> 				 EPT_VLT_PERM_EX)
> -#define EPT_VLT_LADDR_VLD	(1 << 7)
> -#define EPT_VLT_PADDR		(1 << 8)
> +#define EPT_VLT_LADDR_VLD	(1ull << 7)
> +#define EPT_VLT_PADDR		(1ull << 8)
> +#define EPT_VLT_GUEST_USER	(1ull << 9)
> +#define EPT_VLT_GUEST_WR	(1ull << 10)
> +#define EPT_VLT_GUEST_EX	(1ull << 11)
> 
> #define MAGIC_VAL_1		0x12345678ul
> #define MAGIC_VAL_2		0x87654321ul
> diff --git a/x86/vmx_tests.c b/x86/vmx_tests.c
> index c52ebc6..b4129e1 100644
> --- a/x86/vmx_tests.c
> +++ b/x86/vmx_tests.c
> @@ -2365,6 +2365,10 @@ static void do_ept_violation(bool leaf, enum ept_access_op op,
> 
> 	qual = vmcs_read(EXI_QUALIFICATION);
> 
> +	/* Mask undefined bits (which may later be defined in certain cases). */
> +	qual &= ~(EPT_VLT_GUEST_USER | EPT_VLT_GUEST_WR | EPT_VLT_GUEST_EX |
> +		 EPT_VLT_PERM_USER_EX);
> +
> 	diagnose_ept_violation_qual(expected_qual, qual);
> 	TEST_EXPECT_EQ(expected_qual, qual);
> 
> -- 
> 2.17.1

Ping.


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [kvm-unit-tests PATCH] x86: vmx: Mask undefined bits in exit qualifications
  2019-06-17 19:52 ` Nadav Amit
@ 2019-06-17 22:22   ` Krish Sadhukhan
  2019-06-17 22:46     ` Nadav Amit
  2019-06-18  8:50     ` Paolo Bonzini
  0 siblings, 2 replies; 6+ messages in thread
From: Krish Sadhukhan @ 2019-06-17 22:22 UTC (permalink / raw)
  To: Nadav Amit, Paolo Bonzini; +Cc: kvm



On 06/17/2019 12:52 PM, Nadav Amit wrote:
>> On May 3, 2019, at 10:49 AM, nadav.amit@gmail.com wrote:
>>
>> From: Nadav Amit <nadav.amit@gmail.com>
>>
>> On EPT violation, the exit qualifications may have some undefined bits.
>>
>> Bit 6 is undefined if "mode-based execute control" is 0.
>>
>> Bits 9-11 are undefined unless the processor supports advanced VM-exit
>> information for EPT violations.
>>
>> Right now on KVM these bits are always undefined inside the VM (i.e., in
>> an emulated VM-exit). Mask these bits to avoid potential false
>> indication of failures.
>>
>> Signed-off-by: Nadav Amit <nadav.amit@gmail.com>
>> ---
>> x86/vmx.h       | 20 ++++++++++++--------
>> x86/vmx_tests.c |  4 ++++
>> 2 files changed, 16 insertions(+), 8 deletions(-)
>>
>> diff --git a/x86/vmx.h b/x86/vmx.h
>> index cc377ef..5053d6f 100644
>> --- a/x86/vmx.h
>> +++ b/x86/vmx.h
>> @@ -603,16 +603,20 @@ enum vm_instruction_error_number {
>> #define EPT_ADDR_MASK		GENMASK_ULL(51, 12)
>> #define PAGE_MASK_2M		(~(PAGE_SIZE_2M-1))
>>
>> -#define EPT_VLT_RD		1
>> -#define EPT_VLT_WR		(1 << 1)
>> -#define EPT_VLT_FETCH		(1 << 2)
>> -#define EPT_VLT_PERM_RD		(1 << 3)
>> -#define EPT_VLT_PERM_WR		(1 << 4)
>> -#define EPT_VLT_PERM_EX		(1 << 5)
>> +#define EPT_VLT_RD		(1ull << 0)
>> +#define EPT_VLT_WR		(1ull << 1)
>> +#define EPT_VLT_FETCH		(1ull << 2)
>> +#define EPT_VLT_PERM_RD		(1ull << 3)
>> +#define EPT_VLT_PERM_WR		(1ull << 4)
>> +#define EPT_VLT_PERM_EX		(1ull << 5)
>> +#define EPT_VLT_PERM_USER_EX	(1ull << 6)
>> #define EPT_VLT_PERMS		(EPT_VLT_PERM_RD | EPT_VLT_PERM_WR | \
>> 				 EPT_VLT_PERM_EX)
>> -#define EPT_VLT_LADDR_VLD	(1 << 7)
>> -#define EPT_VLT_PADDR		(1 << 8)
>> +#define EPT_VLT_LADDR_VLD	(1ull << 7)
>> +#define EPT_VLT_PADDR		(1ull << 8)
>> +#define EPT_VLT_GUEST_USER	(1ull << 9)
>> +#define EPT_VLT_GUEST_WR	(1ull << 10)

This one should be named EPT_VLT_GUEST_RW,  assuming you are naming them 
according to the 1-setting of the bits.

>> +#define EPT_VLT_GUEST_EX	(1ull << 11)
>>
>> #define MAGIC_VAL_1		0x12345678ul
>> #define MAGIC_VAL_2		0x87654321ul
>> diff --git a/x86/vmx_tests.c b/x86/vmx_tests.c
>> index c52ebc6..b4129e1 100644
>> --- a/x86/vmx_tests.c
>> +++ b/x86/vmx_tests.c
>> @@ -2365,6 +2365,10 @@ static void do_ept_violation(bool leaf, enum ept_access_op op,
>>
>> 	qual = vmcs_read(EXI_QUALIFICATION);
>>
>> +	/* Mask undefined bits (which may later be defined in certain cases). */
>> +	qual &= ~(EPT_VLT_GUEST_USER | EPT_VLT_GUEST_WR | EPT_VLT_GUEST_EX |
>> +		 EPT_VLT_PERM_USER_EX);
>> +

The "DIAGNOSE" macro doesn't check any of these bits, so this masking 
seems redundant.

Also, don't we need to check for the relevant conditions before masking 
the bits ? For example, EPT_VLT_PERM_USER_EX is dependent on "mode-based 
execute control" VM-execution control"  and the other ones depend on bit 
7 and 8 of the Exit Qualification field.

>> 	diagnose_ept_violation_qual(expected_qual, qual);
>> 	TEST_EXPECT_EQ(expected_qual, qual);
>>
>> -- 
>> 2.17.1
> Ping.
>


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [kvm-unit-tests PATCH] x86: vmx: Mask undefined bits in exit qualifications
  2019-06-17 22:22   ` Krish Sadhukhan
@ 2019-06-17 22:46     ` Nadav Amit
  2019-06-17 23:52       ` Krish Sadhukhan
  2019-06-18  8:50     ` Paolo Bonzini
  1 sibling, 1 reply; 6+ messages in thread
From: Nadav Amit @ 2019-06-17 22:46 UTC (permalink / raw)
  To: Krish Sadhukhan; +Cc: Paolo Bonzini, kvm

> On Jun 17, 2019, at 3:22 PM, Krish Sadhukhan <krish.sadhukhan@oracle.com> wrote:
> 
> 
> 
> On 06/17/2019 12:52 PM, Nadav Amit wrote:
>>> On May 3, 2019, at 10:49 AM, nadav.amit@gmail.com wrote:
>>> 
>>> From: Nadav Amit <nadav.amit@gmail.com>
>>> 
>>> On EPT violation, the exit qualifications may have some undefined bits.
>>> 
>>> Bit 6 is undefined if "mode-based execute control" is 0.
>>> 
>>> Bits 9-11 are undefined unless the processor supports advanced VM-exit
>>> information for EPT violations.
>>> 
>>> Right now on KVM these bits are always undefined inside the VM (i.e., in
>>> an emulated VM-exit). Mask these bits to avoid potential false
>>> indication of failures.
>>> 
>>> Signed-off-by: Nadav Amit <nadav.amit@gmail.com>
>>> ---
>>> x86/vmx.h       | 20 ++++++++++++--------
>>> x86/vmx_tests.c |  4 ++++
>>> 2 files changed, 16 insertions(+), 8 deletions(-)
>>> 
>>> diff --git a/x86/vmx.h b/x86/vmx.h
>>> index cc377ef..5053d6f 100644
>>> --- a/x86/vmx.h
>>> +++ b/x86/vmx.h
>>> @@ -603,16 +603,20 @@ enum vm_instruction_error_number {
>>> #define EPT_ADDR_MASK		GENMASK_ULL(51, 12)
>>> #define PAGE_MASK_2M		(~(PAGE_SIZE_2M-1))
>>> 
>>> -#define EPT_VLT_RD		1
>>> -#define EPT_VLT_WR		(1 << 1)
>>> -#define EPT_VLT_FETCH		(1 << 2)
>>> -#define EPT_VLT_PERM_RD		(1 << 3)
>>> -#define EPT_VLT_PERM_WR		(1 << 4)
>>> -#define EPT_VLT_PERM_EX		(1 << 5)
>>> +#define EPT_VLT_RD		(1ull << 0)
>>> +#define EPT_VLT_WR		(1ull << 1)
>>> +#define EPT_VLT_FETCH		(1ull << 2)
>>> +#define EPT_VLT_PERM_RD		(1ull << 3)
>>> +#define EPT_VLT_PERM_WR		(1ull << 4)
>>> +#define EPT_VLT_PERM_EX		(1ull << 5)
>>> +#define EPT_VLT_PERM_USER_EX	(1ull << 6)
>>> #define EPT_VLT_PERMS		(EPT_VLT_PERM_RD | EPT_VLT_PERM_WR | \
>>> 				 EPT_VLT_PERM_EX)
>>> -#define EPT_VLT_LADDR_VLD	(1 << 7)
>>> -#define EPT_VLT_PADDR		(1 << 8)
>>> +#define EPT_VLT_LADDR_VLD	(1ull << 7)
>>> +#define EPT_VLT_PADDR		(1ull << 8)
>>> +#define EPT_VLT_GUEST_USER	(1ull << 9)
>>> +#define EPT_VLT_GUEST_WR	(1ull << 10)
> 
> This one should be named EPT_VLT_GUEST_RW, assuming you are naming them
> according to the 1-setting of the bits.

Whatever you wish (unless someone else has different preference).

>>> +#define EPT_VLT_GUEST_EX	(1ull << 11)
>>> 
>>> #define MAGIC_VAL_1		0x12345678ul
>>> #define MAGIC_VAL_2		0x87654321ul
>>> diff --git a/x86/vmx_tests.c b/x86/vmx_tests.c
>>> index c52ebc6..b4129e1 100644
>>> --- a/x86/vmx_tests.c
>>> +++ b/x86/vmx_tests.c
>>> @@ -2365,6 +2365,10 @@ static void do_ept_violation(bool leaf, enum ept_access_op op,
>>> 
>>> 	qual = vmcs_read(EXI_QUALIFICATION);
>>> 
>>> +	/* Mask undefined bits (which may later be defined in certain cases). */
>>> +	qual &= ~(EPT_VLT_GUEST_USER | EPT_VLT_GUEST_WR | EPT_VLT_GUEST_EX |
>>> +		 EPT_VLT_PERM_USER_EX);
>>> +
> 
> The "DIAGNOSE" macro doesn't check any of these bits, so this masking
> seems redundant.

The DIAGNOSE macro is not the one who causes errors. It’s the:

  TEST_EXPECT_EQ(expected_qual, qual);

That comes right after the call to diagnose_ept_violation_qual().

> 
> Also, don't we need to check for the relevant conditions before masking
> the bits ? For example, EPT_VLT_PERM_USER_EX is dependent on "mode-based
> execute control" VM-execution control" and the other ones depend on bit 7
> and 8 of the Exit Qualification field.

The tests right now do not “emulate” these bits, so the expected
qualification would never have EPT_VLT_PERM_USER_EX (for instance) set. Once
someone implements tests for these bits, he would need to change the
masking.


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [kvm-unit-tests PATCH] x86: vmx: Mask undefined bits in exit qualifications
  2019-06-17 22:46     ` Nadav Amit
@ 2019-06-17 23:52       ` Krish Sadhukhan
  0 siblings, 0 replies; 6+ messages in thread
From: Krish Sadhukhan @ 2019-06-17 23:52 UTC (permalink / raw)
  To: Nadav Amit; +Cc: Paolo Bonzini, kvm



On 06/17/2019 03:46 PM, Nadav Amit wrote:
>> On Jun 17, 2019, at 3:22 PM, Krish Sadhukhan <krish.sadhukhan@oracle.com> wrote:
>>
>>
>>
>> On 06/17/2019 12:52 PM, Nadav Amit wrote:
>>>> On May 3, 2019, at 10:49 AM, nadav.amit@gmail.com wrote:
>>>>
>>>> From: Nadav Amit <nadav.amit@gmail.com>
>>>>
>>>> On EPT violation, the exit qualifications may have some undefined bits.
>>>>
>>>> Bit 6 is undefined if "mode-based execute control" is 0.
>>>>
>>>> Bits 9-11 are undefined unless the processor supports advanced VM-exit
>>>> information for EPT violations.
>>>>
>>>> Right now on KVM these bits are always undefined inside the VM (i.e., in
>>>> an emulated VM-exit). Mask these bits to avoid potential false
>>>> indication of failures.
>>>>
>>>> Signed-off-by: Nadav Amit <nadav.amit@gmail.com>
>>>> ---
>>>> x86/vmx.h       | 20 ++++++++++++--------
>>>> x86/vmx_tests.c |  4 ++++
>>>> 2 files changed, 16 insertions(+), 8 deletions(-)
>>>>
>>>> diff --git a/x86/vmx.h b/x86/vmx.h
>>>> index cc377ef..5053d6f 100644
>>>> --- a/x86/vmx.h
>>>> +++ b/x86/vmx.h
>>>> @@ -603,16 +603,20 @@ enum vm_instruction_error_number {
>>>> #define EPT_ADDR_MASK		GENMASK_ULL(51, 12)
>>>> #define PAGE_MASK_2M		(~(PAGE_SIZE_2M-1))
>>>>
>>>> -#define EPT_VLT_RD		1
>>>> -#define EPT_VLT_WR		(1 << 1)
>>>> -#define EPT_VLT_FETCH		(1 << 2)
>>>> -#define EPT_VLT_PERM_RD		(1 << 3)
>>>> -#define EPT_VLT_PERM_WR		(1 << 4)
>>>> -#define EPT_VLT_PERM_EX		(1 << 5)
>>>> +#define EPT_VLT_RD		(1ull << 0)
>>>> +#define EPT_VLT_WR		(1ull << 1)
>>>> +#define EPT_VLT_FETCH		(1ull << 2)
>>>> +#define EPT_VLT_PERM_RD		(1ull << 3)
>>>> +#define EPT_VLT_PERM_WR		(1ull << 4)
>>>> +#define EPT_VLT_PERM_EX		(1ull << 5)
>>>> +#define EPT_VLT_PERM_USER_EX	(1ull << 6)
>>>> #define EPT_VLT_PERMS		(EPT_VLT_PERM_RD | EPT_VLT_PERM_WR | \
>>>> 				 EPT_VLT_PERM_EX)
>>>> -#define EPT_VLT_LADDR_VLD	(1 << 7)
>>>> -#define EPT_VLT_PADDR		(1 << 8)
>>>> +#define EPT_VLT_LADDR_VLD	(1ull << 7)
>>>> +#define EPT_VLT_PADDR		(1ull << 8)
>>>> +#define EPT_VLT_GUEST_USER	(1ull << 9)
>>>> +#define EPT_VLT_GUEST_WR	(1ull << 10)
>> This one should be named EPT_VLT_GUEST_RW, assuming you are naming them
>> according to the 1-setting of the bits.
> Whatever you wish (unless someone else has different preference).
>
>>>> +#define EPT_VLT_GUEST_EX	(1ull << 11)
>>>>
>>>> #define MAGIC_VAL_1		0x12345678ul
>>>> #define MAGIC_VAL_2		0x87654321ul
>>>> diff --git a/x86/vmx_tests.c b/x86/vmx_tests.c
>>>> index c52ebc6..b4129e1 100644
>>>> --- a/x86/vmx_tests.c
>>>> +++ b/x86/vmx_tests.c
>>>> @@ -2365,6 +2365,10 @@ static void do_ept_violation(bool leaf, enum ept_access_op op,
>>>>
>>>> 	qual = vmcs_read(EXI_QUALIFICATION);
>>>>
>>>> +	/* Mask undefined bits (which may later be defined in certain cases). */
>>>> +	qual &= ~(EPT_VLT_GUEST_USER | EPT_VLT_GUEST_WR | EPT_VLT_GUEST_EX |
>>>> +		 EPT_VLT_PERM_USER_EX);
>>>> +
>> The "DIAGNOSE" macro doesn't check any of these bits, so this masking
>> seems redundant.
> The DIAGNOSE macro is not the one who causes errors. It’s the:
>
>    TEST_EXPECT_EQ(expected_qual, qual);
>
> That comes right after the call to diagnose_ept_violation_qual().

Sorry, I missed that !

>
>> Also, don't we need to check for the relevant conditions before masking
>> the bits ? For example, EPT_VLT_PERM_USER_EX is dependent on "mode-based
>> execute control" VM-execution control" and the other ones depend on bit 7
>> and 8 of the Exit Qualification field.
> The tests right now do not “emulate” these bits, so the expected
> qualification would never have EPT_VLT_PERM_USER_EX (for instance) set. Once
> someone implements tests for these bits, he would need to change the
> masking.
>

Reviewed-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [kvm-unit-tests PATCH] x86: vmx: Mask undefined bits in exit qualifications
  2019-06-17 22:22   ` Krish Sadhukhan
  2019-06-17 22:46     ` Nadav Amit
@ 2019-06-18  8:50     ` Paolo Bonzini
  1 sibling, 0 replies; 6+ messages in thread
From: Paolo Bonzini @ 2019-06-18  8:50 UTC (permalink / raw)
  To: Krish Sadhukhan, Nadav Amit; +Cc: kvm

On 18/06/19 00:22, Krish Sadhukhan wrote:
> 
> 
> On 06/17/2019 12:52 PM, Nadav Amit wrote:
>>> On May 3, 2019, at 10:49 AM, nadav.amit@gmail.com wrote:
>>>
>>> From: Nadav Amit <nadav.amit@gmail.com>
>>>
>>> On EPT violation, the exit qualifications may have some undefined bits.
>>>
>>> Bit 6 is undefined if "mode-based execute control" is 0.
>>>
>>> Bits 9-11 are undefined unless the processor supports advanced VM-exit
>>> information for EPT violations.
>>>
>>> Right now on KVM these bits are always undefined inside the VM (i.e., in
>>> an emulated VM-exit). Mask these bits to avoid potential false
>>> indication of failures.
>>>
>>> Signed-off-by: Nadav Amit <nadav.amit@gmail.com>
>>> ---
>>> x86/vmx.h       | 20 ++++++++++++--------
>>> x86/vmx_tests.c |  4 ++++
>>> 2 files changed, 16 insertions(+), 8 deletions(-)
>>>
>>> diff --git a/x86/vmx.h b/x86/vmx.h
>>> index cc377ef..5053d6f 100644
>>> --- a/x86/vmx.h
>>> +++ b/x86/vmx.h
>>> @@ -603,16 +603,20 @@ enum vm_instruction_error_number {
>>> #define EPT_ADDR_MASK        GENMASK_ULL(51, 12)
>>> #define PAGE_MASK_2M        (~(PAGE_SIZE_2M-1))
>>>
>>> -#define EPT_VLT_RD        1
>>> -#define EPT_VLT_WR        (1 << 1)
>>> -#define EPT_VLT_FETCH        (1 << 2)
>>> -#define EPT_VLT_PERM_RD        (1 << 3)
>>> -#define EPT_VLT_PERM_WR        (1 << 4)
>>> -#define EPT_VLT_PERM_EX        (1 << 5)
>>> +#define EPT_VLT_RD        (1ull << 0)
>>> +#define EPT_VLT_WR        (1ull << 1)
>>> +#define EPT_VLT_FETCH        (1ull << 2)
>>> +#define EPT_VLT_PERM_RD        (1ull << 3)
>>> +#define EPT_VLT_PERM_WR        (1ull << 4)
>>> +#define EPT_VLT_PERM_EX        (1ull << 5)
>>> +#define EPT_VLT_PERM_USER_EX    (1ull << 6)
>>> #define EPT_VLT_PERMS        (EPT_VLT_PERM_RD | EPT_VLT_PERM_WR | \
>>>                  EPT_VLT_PERM_EX)
>>> -#define EPT_VLT_LADDR_VLD    (1 << 7)
>>> -#define EPT_VLT_PADDR        (1 << 8)
>>> +#define EPT_VLT_LADDR_VLD    (1ull << 7)
>>> +#define EPT_VLT_PADDR        (1ull << 8)
>>> +#define EPT_VLT_GUEST_USER    (1ull << 9)
>>> +#define EPT_VLT_GUEST_WR    (1ull << 10)
> 
> This one should be named EPT_VLT_GUEST_RW,  assuming you are naming them
> according to the 1-setting of the bits.

Applied with this change, thanks.

Paolo


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, back to index

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-03 17:49 [kvm-unit-tests PATCH] x86: vmx: Mask undefined bits in exit qualifications nadav.amit
2019-06-17 19:52 ` Nadav Amit
2019-06-17 22:22   ` Krish Sadhukhan
2019-06-17 22:46     ` Nadav Amit
2019-06-17 23:52       ` Krish Sadhukhan
2019-06-18  8:50     ` Paolo Bonzini

KVM Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/kvm/0 kvm/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 kvm kvm/ https://lore.kernel.org/kvm \
		kvm@vger.kernel.org kvm@archiver.kernel.org
	public-inbox-index kvm


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.kvm


AGPL code for this site: git clone https://public-inbox.org/ public-inbox