[patch 4/5] KVM: VMX: EPT misconfiguration handler

From: Marcelo Tosatti <mtosatti@redhat.com>
To: kvm@vger.kernel.org
Cc: avi@redhat.com, sheng.yang@intel.com,
	Marcelo Tosatti <mtosatti@redhat.com>
Subject: [patch 4/5] KVM: VMX: EPT misconfiguration handler
Date: Tue, 09 Jun 2009 18:30:13 -0300	[thread overview]
Message-ID: <20090609213312.917760122@amt.cnet> (raw)
In-Reply-To: 20090609213009.436123773@amt.cnet

[-- Attachment #1: vmx-misconfig-handler --]
[-- Type: text/plain, Size: 3355 bytes --]

Handler for EPT misconfiguration which checks for valid state 
in the shadow pagetables, printing the spte on each level.

The separate WARN_ONs are useful for kerneloops.org.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

Index: kvm/arch/x86/kvm/vmx.c
===================================================================

--- kvm.orig/arch/x86/kvm/vmx.c
+++ kvm/arch/x86/kvm/vmx.c
@@ -3173,6 +3173,100 @@ static int handle_ept_violation(struct k
 	return kvm_mmu_page_fault(vcpu, gpa & PAGE_MASK, 0);
 }
 
+static u64 ept_rsvd_mask(u64 *sptep, int level)
+{
+	int i;
+	u64 mask = 0;
+
+	for (i = 51; i > boot_cpu_data.x86_phys_bits; i--)
+		mask |= (1ULL << i);
+
+	if (level > 2)
+		/* bits 7:3 reserved */
+		mask |= 0xf8;
+	else if (level == 2) {
+		if (*sptep & (1ULL << 7))
+			/* 2MB ref, bits 20:12 reserved */
+			mask |= 0x1ff000;
+		else
+			/* bits 6:3 reserved */
+			mask |= 0x78;
+	}
+
+	return mask;
+}
+
+struct ept_inspect_spte {
+	int print;
+	struct mmu_shadow_walk walk;
+};
+
+static int ept_misconfig_inspect_spte(struct kvm_vcpu *vcpu, u64 *sptep,
+				      int level,
+				      struct mmu_shadow_walk *walk)
+{
+	struct ept_inspect_spte *iept = container_of(walk,
+					struct ept_inspect_spte, walk);
+
+	if (iept->print)
+		printk(KERN_ERR "%s: sptep %p spte 0x%llx level %d\n",
+				__func__, sptep, *sptep, level);
+
+	/* 010b (write-only) */
+	WARN_ON((*sptep & 0x7) == 0x2);
+
+	/* 110b (write/execute) */
+	WARN_ON((*sptep & 0x7) == 0x6);
+
+	/* 100b (execute-only) and value not supported by logical processor */
+	if (!cpu_has_vmx_ept_execute_only())
+		WARN_ON((*sptep & 0x7) == 0x4);
+
+	/* not 000b */
+	if ((*sptep & 0x7)) {
+		u64 rsvd_bits = *sptep & ept_rsvd_mask(sptep, level);
+
+		if (rsvd_bits != 0) {
+			printk(KERN_ERR "%s: rsvd_bits = 0x%llx\n",
+					 __func__, rsvd_bits);
+			WARN_ON(1);
+		}
+
+		if (level == 1 || (level == 2 && (*sptep & (1ULL << 7)))) {
+			u64 ept_mem_type = (*sptep & 0x38) >> 3;
+
+			if (ept_mem_type == 2 || ept_mem_type == 3 ||
+			    ept_mem_type == 7) {
+				printk(KERN_ERR "%s: ept_mem_type=0x%llx\n",
+						__func__, ept_mem_type);
+				WARN_ON(1);
+			}
+		}
+	}
+
+	return 0;
+}
+
+static int handle_ept_misconfig(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+{
+	gpa_t gpa;
+	struct ept_inspect_spte iept = { .print = 1,
+					 .walk.fn =
+					  ept_misconfig_inspect_spte };
+
+	gpa = vmcs_read64(GUEST_PHYSICAL_ADDRESS);
+
+	printk(KERN_ERR "EPT: Misconfiguration.\n");
+	printk(KERN_ERR "EPT: GPA: 0x%llx\n", gpa);
+
+	kvm_mmu_shadow_walk(vcpu, gpa, &iept.walk);
+
+	kvm_run->exit_reason = KVM_EXIT_UNKNOWN;
+	kvm_run->hw.hardware_exit_reason = EXIT_REASON_EPT_MISCONFIG;
+
+	return 0;
+}
+
 static int handle_nmi_window(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 {
 	u32 cpu_based_vm_exec_control;
@@ -3243,8 +3337,9 @@ static int (*kvm_vmx_exit_handlers[])(st
 	[EXIT_REASON_APIC_ACCESS]             = handle_apic_access,
 	[EXIT_REASON_WBINVD]                  = handle_wbinvd,
 	[EXIT_REASON_TASK_SWITCH]             = handle_task_switch,
-	[EXIT_REASON_EPT_VIOLATION]	      = handle_ept_violation,
 	[EXIT_REASON_MCE_DURING_VMENTRY]      = handle_machine_check,
+	[EXIT_REASON_EPT_VIOLATION]	      = handle_ept_violation,
+	[EXIT_REASON_EPT_MISCONFIG]           = handle_ept_misconfig,
 };
 
 static const int kvm_vmx_max_exit_handlers =


