From patchwork Mon Nov 26 23:42:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jim Mattson X-Patchwork-Id: 10699429 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2DA53181D for ; Mon, 26 Nov 2018 23:42:50 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1DA4A2A5D3 for ; Mon, 26 Nov 2018 23:42:50 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 115952A661; Mon, 26 Nov 2018 23:42:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9A3C82A660 for ; Mon, 26 Nov 2018 23:42:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727685AbeK0Kih (ORCPT ); Tue, 27 Nov 2018 05:38:37 -0500 Received: from mail-pg1-f202.google.com ([209.85.215.202]:55689 "EHLO mail-pg1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727646AbeK0Kih (ORCPT ); Tue, 27 Nov 2018 05:38:37 -0500 Received: by mail-pg1-f202.google.com with SMTP id g188so8780200pgc.22 for ; Mon, 26 Nov 2018 15:42:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=eiXSUf3+3fPBJ7rjDEJz0YphO9AKaZpSglDbgzxvzWQ=; b=ZqIwPFyJcRl52T8c1d/qu3CfdnAHz5JlG9cuqTFEBvWYfcMdZt3wBRSuKtLbfB82l6 JsoHGmyJ1Ydf957cZcdueLorrvpJ7Ax6CXwJoPncF8Pd+XmFsylx+3Mn2sT+LTT+4tNb pMOKVyVS4cq5pJmjqUPIgU25a+bml0MVSJ+M8N4vUkzhAmifNJu3ItCxX5XxkQJlyG1T ux3r12IxFgi2iDMakA8aj9DieBz27j1vqdVc0fnqaOTl88TblNaGeHvtSsmwXrYoGJA1 bCN+i2CvQ73HhNCQbVtP2lhgEDVbPoIT0QIC4DOkBLlCIXX1zcBYqqdBPjvj9HYgJsRU hJKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=eiXSUf3+3fPBJ7rjDEJz0YphO9AKaZpSglDbgzxvzWQ=; b=nVpnSOll+0XJwPC58jxz8cP7TkoesoUybnRulMM87EaaYgdfPxBb+Iz76MM7UEOCBF 6ypVkdPfE49sdv+LP1W2Ni4qxQRDYmTpr2zkNROl3zpROOEYmh5I8OIcCssVU2jgmU9M zvSdxVQzXzYykPkLG90zFlY4DAYgccnk1055Fq3ghQn+VLmx8RveLVC9fu8Cdw0vHuRG lpEPp8qIG0CZl1tI9RMir66z//UltRRGqY7d9umwzdZjayNx/B6wi+L778Yv8tE7iD3L FvaegKOae+RUNch9c77A6rj94mVuaMTBFrlZ9x4DoBew0B5cFvVriKV4KzFb1+oP1CeO WMmw== X-Gm-Message-State: AGRZ1gL24gtgiRlhhqKUMomvy/Uj4/gbHZtEEagzTapsy5YgPzoAUeEW 2eiUVDutndtJBVOf7SUK1p9NhtVoHYrzuy3Nb4JW8piw6FxrK46Ccvs4fqckrAHvOGknH6EVy0w nrkhkS96USXfoNsBJVIYVLkgRh21rQ2/9tGrqNYyofABTY5UPCOYiD15WkTdyA/g= X-Google-Smtp-Source: AJdET5ejifNKIAT+YNcXvde8B495VIXDHEVYe+sge2bB2tcKYYQwBcBrLk1IYLYTZZvcaNWRhOzp7r3S4NjkMQ== X-Received: by 2002:a62:c07:: with SMTP id u7mr12265665pfi.58.1543275767069; Mon, 26 Nov 2018 15:42:47 -0800 (PST) Date: Mon, 26 Nov 2018 15:42:15 -0800 In-Reply-To: Message-Id: <20181126234215.154241-1-jmattson@google.com> Mime-Version: 1.0 References: X-Mailer: git-send-email 2.20.0.rc0.387.gc7a69e6b6c-goog Subject: [kvm-unit-tests PATCH] x86: nVMX: Test VMPTRLD with operand outside of backed memory From: Jim Mattson To: kvm@vger.kernel.org Cc: Konrad Rzeszutek Wilk , Jim Mattson , Peter Shier Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Reads of unbacked addresses from the PCI bus should return all ones. Since kvm's VMCS revision identifier isn't 0xffffffff, this means that a VMPTRLD with an argument outside of backed memory should set the VM-instruction error number to 11 (VMPTRLD with incorrect VMCS revision identifier) if there is already a valid VMCS pointer loaded. make_vmcs_current() has been modified to return all of the arithmetic flags, so that the caller can distinguish VMfailInvalid from VMfailValid. Suggested-by: Konrad Rzeszutek Wilk Signed-off-by: Jim Mattson Reviewed-by: Peter Shier Reviewed-by: Konrad Rzeszutek Wilk --- x86/vmx.c | 17 ++++++++++++++--- x86/vmx.h | 10 ++++++---- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/x86/vmx.c b/x86/vmx.c index 79a21d8..1318548 100644 --- a/x86/vmx.c +++ b/x86/vmx.c @@ -31,6 +31,7 @@ #include "libcflat.h" #include "processor.h" #include "alloc_page.h" +#include "fwcfg.h" #include "vm.h" #include "desc.h" #include "vmx.h" @@ -1374,23 +1375,33 @@ static void test_vmptrld(void) /* Unaligned page access */ tmp_root = (struct vmcs *)((intptr_t)vmcs + 1); report("test vmptrld with unaligned vmcs", - make_vmcs_current(tmp_root) == 1); + make_vmcs_current(tmp_root) == VM_FAIL_INVALID); /* gpa bits beyond physical address width are set*/ tmp_root = (struct vmcs *)((intptr_t)vmcs | ((u64)1 << (width+1))); report("test vmptrld with vmcs address bits set beyond physical address width", - make_vmcs_current(tmp_root) == 1); + make_vmcs_current(tmp_root) == VM_FAIL_INVALID); /* Pass VMXON region */ make_vmcs_current(vmcs); tmp_root = (struct vmcs *)vmxon_region; report("test vmptrld with vmxon region", - make_vmcs_current(tmp_root) == 1); + make_vmcs_current(tmp_root) == VM_FAIL_VALID); report("test vmptrld with vmxon region vm-instruction error", vmcs_read(VMX_INST_ERROR) == VMXERR_VMPTRLD_VMXON_POINTER); + tmp_root = (struct vmcs *)(fwcfg_get_u64(FW_CFG_RAM_SIZE)); + if ((uintptr_t)tmp_root < (1ul << width)) { + report("test vmptrld of unbacked physical address", + make_vmcs_current(tmp_root) == VM_FAIL_VALID); + report("test vmptrld of unbacked physical address vm-instruction error", + vmcs_read(VMX_INST_ERROR) == + VMXERR_VMPTRLD_INCORRECT_VMCS_REVISION_ID); + } + report("test vmptrld with valid vmcs region", make_vmcs_current(vmcs) == 0); + } static void test_vmptrst(void) diff --git a/x86/vmx.h b/x86/vmx.h index ba47455..6e3620b 100644 --- a/x86/vmx.h +++ b/x86/vmx.h @@ -7,6 +7,9 @@ #include "asm/page.h" #include "asm/io.h" +#define VM_FAIL_INVALID X86_EFLAGS_CF +#define VM_FAIL_VALID X86_EFLAGS_ZF + struct vmcs_hdr { u32 revision_id:31; u32 shadow_vmcs:1; @@ -680,12 +683,11 @@ static int vmx_off(void) static inline int make_vmcs_current(struct vmcs *vmcs) { - bool ret; u64 rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF; - asm volatile ("push %1; popf; vmptrld %2; setbe %0" - : "=q" (ret) : "q" (rflags), "m" (vmcs) : "cc"); - return ret; + asm volatile ("push %1; popf; vmptrld %2; pushf; pop %0" + : "=r" (rflags) : "0" (rflags), "m" (vmcs) : "cc"); + return rflags & VMX_ENTRY_FLAGS; } static inline int vmcs_clear(struct vmcs *vmcs)