From patchwork Tue Jun  9 21:30:13 2009
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marcelo Tosatti <mtosatti@redhat.com>
X-Patchwork-Id: 29095
Received: from vger.kernel.org (vger.kernel.org [209.132.176.167])
	by demeter.kernel.org (8.14.2/8.14.2) with ESMTP id n59LZ3BF016078
	for <patchwork-kvm@patchwork.kernel.org>; Tue, 9 Jun 2009 21:35:03 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756875AbZFIVe4 (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Tue, 9 Jun 2009 17:34:56 -0400
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1756863AbZFIVe4
	(ORCPT <rfc822;kvm-outgoing>); Tue, 9 Jun 2009 17:34:56 -0400
Received: from mx2.redhat.com ([66.187.237.31]:42287 "EHLO mx2.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1756774AbZFIVey (ORCPT <rfc822;kvm@vger.kernel.org>);
	Tue, 9 Jun 2009 17:34:54 -0400
Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com
	[172.16.27.26])
	by mx2.redhat.com (8.13.8/8.13.8) with ESMTP id n59LYvuf014205;
	Tue, 9 Jun 2009 17:34:57 -0400
Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199])
	by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id
	n59LYtWX001270; Tue, 9 Jun 2009 17:34:56 -0400
Received: from amt.cnet (vpn-10-71.str.redhat.com [10.32.10.71])
	by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id n59LYreA020563;
	Tue, 9 Jun 2009 17:34:54 -0400
Received: from amt.cnet (amt.cnet [127.0.0.1])
	by amt.cnet (Postfix) with ESMTP id 90E6D274FD6;
	Tue,  9 Jun 2009 18:34:22 -0300 (BRT)
Received: (from marcelo@localhost)
	by amt.cnet (8.14.3/8.14.3/Submit) id n59LYKPQ003029;
	Tue, 9 Jun 2009 18:34:20 -0300
Message-Id: <20090609213312.917760122@amt.cnet>
User-Agent: quilt/0.47-1
Date: Tue, 09 Jun 2009 18:30:13 -0300
From: Marcelo Tosatti <mtosatti@redhat.com>
To: kvm@vger.kernel.org
Cc: avi@redhat.com, sheng.yang@intel.com,
	Marcelo Tosatti <mtosatti@redhat.com>
Subject: [patch 4/5] KVM: VMX: EPT misconfiguration handler
References: <20090609213009.436123773@amt.cnet>
Content-Disposition: inline; filename=vmx-misconfig-handler
X-Scanned-By: MIMEDefang 2.58 on 172.16.27.26
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org

Handler for EPT misconfiguration which checks for valid state 
in the shadow pagetables, printing the spte on each level.

The separate WARN_ONs are useful for kerneloops.org.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
---
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Index: kvm/arch/x86/kvm/vmx.c
===================================================================
--- kvm.orig/arch/x86/kvm/vmx.c
+++ kvm/arch/x86/kvm/vmx.c
@@ -3173,6 +3173,100 @@ static int handle_ept_violation(struct k
 	return kvm_mmu_page_fault(vcpu, gpa & PAGE_MASK, 0);
 }
 
+static u64 ept_rsvd_mask(u64 *sptep, int level)
+{
+	int i;
+	u64 mask = 0;
+
+	for (i = 51; i > boot_cpu_data.x86_phys_bits; i--)
+		mask |= (1ULL << i);
+
+	if (level > 2)
+		/* bits 7:3 reserved */
+		mask |= 0xf8;
+	else if (level == 2) {
+		if (*sptep & (1ULL << 7))
+			/* 2MB ref, bits 20:12 reserved */
+			mask |= 0x1ff000;
+		else
+			/* bits 6:3 reserved */
+			mask |= 0x78;
+	}
+
+	return mask;
+}
+
+struct ept_inspect_spte {
+	int print;
+	struct mmu_shadow_walk walk;
+};
+
+static int ept_misconfig_inspect_spte(struct kvm_vcpu *vcpu, u64 *sptep,
+				      int level,
+				      struct mmu_shadow_walk *walk)
+{
+	struct ept_inspect_spte *iept = container_of(walk,
+					struct ept_inspect_spte, walk);
+
+	if (iept->print)
+		printk(KERN_ERR "%s: sptep %p spte 0x%llx level %d\n",
+				__func__, sptep, *sptep, level);
+
+	/* 010b (write-only) */
+	WARN_ON((*sptep & 0x7) == 0x2);
+
+	/* 110b (write/execute) */
+	WARN_ON((*sptep & 0x7) == 0x6);
+
+	/* 100b (execute-only) and value not supported by logical processor */
+	if (!cpu_has_vmx_ept_execute_only())
+		WARN_ON((*sptep & 0x7) == 0x4);
+
+	/* not 000b */
+	if ((*sptep & 0x7)) {
+		u64 rsvd_bits = *sptep & ept_rsvd_mask(sptep, level);
+
+		if (rsvd_bits != 0) {
+			printk(KERN_ERR "%s: rsvd_bits = 0x%llx\n",
+					 __func__, rsvd_bits);
+			WARN_ON(1);
+		}
+
+		if (level == 1 || (level == 2 && (*sptep & (1ULL << 7)))) {
+			u64 ept_mem_type = (*sptep & 0x38) >> 3;
+
+			if (ept_mem_type == 2 || ept_mem_type == 3 ||
+			    ept_mem_type == 7) {
+				printk(KERN_ERR "%s: ept_mem_type=0x%llx\n",
+						__func__, ept_mem_type);
+				WARN_ON(1);
+			}
+		}
+	}
+
+	return 0;
+}
+
+static int handle_ept_misconfig(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+{
+	gpa_t gpa;
+	struct ept_inspect_spte iept = { .print = 1,
+					 .walk.fn =
+					  ept_misconfig_inspect_spte };
+
+	gpa = vmcs_read64(GUEST_PHYSICAL_ADDRESS);
+
+	printk(KERN_ERR "EPT: Misconfiguration.\n");
+	printk(KERN_ERR "EPT: GPA: 0x%llx\n", gpa);
+
+	kvm_mmu_shadow_walk(vcpu, gpa, &iept.walk);
+
+	kvm_run->exit_reason = KVM_EXIT_UNKNOWN;
+	kvm_run->hw.hardware_exit_reason = EXIT_REASON_EPT_MISCONFIG;
+
+	return 0;
+}
+
 static int handle_nmi_window(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 {
 	u32 cpu_based_vm_exec_control;
@@ -3243,8 +3337,9 @@ static int (*kvm_vmx_exit_handlers[])(st
 	[EXIT_REASON_APIC_ACCESS]             = handle_apic_access,
 	[EXIT_REASON_WBINVD]                  = handle_wbinvd,
 	[EXIT_REASON_TASK_SWITCH]             = handle_task_switch,
-	[EXIT_REASON_EPT_VIOLATION]	      = handle_ept_violation,
 	[EXIT_REASON_MCE_DURING_VMENTRY]      = handle_machine_check,
+	[EXIT_REASON_EPT_VIOLATION]	      = handle_ept_violation,
+	[EXIT_REASON_EPT_MISCONFIG]           = handle_ept_misconfig,
 };
 
 static const int kvm_vmx_max_exit_handlers =