On Tue, May 2, 2017 at 7:00 AM, Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote:
>
>
> On 21/04/2017 02:49, David Matlack wrote:
>>
>> 4 of the EPT access tests reveal KVM bugs (4.11-rc6, on a Haswell CPU):
>> vmx_ept_access_test_execute_only
>> vmx_ept_access_test_paddr_not_present_ad_disabled
>> vmx_ept_access_test_paddr_read_only_ad_disabled
>> vmx_ept_access_test_paddr_read_execute_ad_disabled
>
> These are the failure I get:
>
> FAIL vmx_ept_access_test_execute_only (164 tests, 6 unexpected failures)
> FAIL vmx_ept_access_test_paddr_not_present_ad_enabled (65 tests, 3 unexpected failures)
> FAIL vmx_ept_access_test_paddr_read_only_ad_disabled (timeout; duration=90s)
> FAIL vmx_ept_access_test_paddr_read_only_ad_enabled (175 tests, 9 unexpected failures)
> FAIL vmx_ept_access_test_paddr_read_execute_ad_disabled (timeout; duration=90s)
> FAIL vmx_ept_access_test_paddr_read_execute_ad_enabled (175 tests, 9 unexpected failures)
I get the same set of failures when testing a kernel sync'd to
kvm/next (at commit bd17117bb2af).
>
> The problem is that there is the tests have no comment explaining what is being tested.
> For example in ept_access_test_paddr_read_only_ad_enabled they are all like this:
>
> EPT_VLT_RD unexpected
> FAIL: x86/vmx_tests.c:2124: Expectation failed: (expected_qual) == (qual)
> LHS: 0x000000000000008a - 0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'1000'1010 - 138
> RHS: 0x000000000000008b - 0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'1000'1011 - 139
> STACK: 4072ad 407a00 407acc 407be6 401a9c 403653 4002d2
>
> and it's not obvious what is the difference between them without looking at
> the source. The problem is that, when only one of them is broken, it's not
> clear which one it is. Please make sure that prefix push/pop is used
> consistently around each subtest; it's okay to do it on top of these patches,
> so I've placed them in the next branch of kvm-unit-tests.git.
The stack trace identifies which test case failed. For example, in
logs/vmx_ept_access_test_paddr_not_present_ad_enabled.log I see:
EPT_VLT_RD unexpected
FAIL: x86/vmx_tests.c:2124: Expectation failed: (expected_qual) == (qual)
LHS: 0x0000000000000082 -
0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'1000'0010
- 130
RHS: 0x0000000000000083 -
0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'0000'1000'0011
- 131
STACK: 4072ad 407a00 407acc 407d09 401a9c 403653 4002d2
0x00000000004072ac: do_ept_violation at x86/vmx_tests.c:2124 (discriminator 1)
diagnose_ept_violation_qual(expected_qual, qual);
> TEST_EXPECT_EQ(expected_qual, qual);
0x00000000004079ff: ept_access_paddr at x86/vmx_tests.c:2252
if (expect_violation)
> do_ept_violation(/*leaf=*/true, op,
expected_qual |
EPT_VLT_LADDR_VLD, gpa);
0x0000000000407acb: ept_access_violation_paddr at x86/vmx_tests.c:2278
{
> ept_access_paddr(ept_access, pte_ad, op,
/*expect_violation=*/true,
expected_qual);
0x0000000000407d08: ept_access_test_paddr_not_present_ad_enabled at
x86/vmx_tests.c:2690
ept_access_violation_paddr(0, PT_AD_MASK, OP_WRITE, EPT_VLT_WR);
> ept_access_violation_paddr(0, PT_AD_MASK, OP_EXEC, EPT_VLT_WR);
}
0x0000000000401a9b: test_run at x86/vmx.c:1675
if (test->v2)
> test->v2();
else
0x0000000000403652: main at x86/vmx.c:1857
continue;
> if (test_run(&vmx_tests[i]))
goto exit;
0x00000000004002d1: start64 at x86/cstart64.S:210
lea __environ(%rip), %rdx
> call main
mov %eax, %edi
Does this work for you?
>
> In this case, in addition, the exit qualification comes straight from the
> processor, so I think the failures are a testcase bug: "If such an access
> causes an EPT violation, the processor sets both bit 0 and bit 1 of the
> exit qualification", footnote 1 of table 27-7 "Exit Qualification for EPT
> Violations".
Agreed, good catch. I will send a patch to fix the tests.
>
> Paolo
