[kvm-unit-tests PATCH] x86: vmx: Mask undefined bits in exit qualifications

nadav.amit@xxxxxxxxx · Fri, 3 May 2019 10:49:19 -0700

From: Nadav Amit <nadav.amit@xxxxxxxxx>

On EPT violation, the exit qualifications may have some undefined bits.

Bit 6 is undefined if "mode-based execute control" is 0.

Bits 9-11 are undefined unless the processor supports advanced VM-exit
information for EPT violations.

Right now on KVM these bits are always undefined inside the VM (i.e., in
an emulated VM-exit). Mask these bits to avoid potential false
indication of failures.

Signed-off-by: Nadav Amit <nadav.amit@xxxxxxxxx>
---
 x86/vmx.h       | 20 ++++++++++++--------
 x86/vmx_tests.c |  4 ++++
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/x86/vmx.h b/x86/vmx.h
index cc377ef..5053d6f 100644
--- a/x86/vmx.h
+++ b/x86/vmx.h
@@ -603,16 +603,20 @@ enum vm_instruction_error_number {
 #define EPT_ADDR_MASK		GENMASK_ULL(51, 12)
 #define PAGE_MASK_2M		(~(PAGE_SIZE_2M-1))
 
-#define EPT_VLT_RD		1
-#define EPT_VLT_WR		(1 << 1)
-#define EPT_VLT_FETCH		(1 << 2)
-#define EPT_VLT_PERM_RD		(1 << 3)
-#define EPT_VLT_PERM_WR		(1 << 4)
-#define EPT_VLT_PERM_EX		(1 << 5)
+#define EPT_VLT_RD		(1ull << 0)
+#define EPT_VLT_WR		(1ull << 1)
+#define EPT_VLT_FETCH		(1ull << 2)
+#define EPT_VLT_PERM_RD		(1ull << 3)
+#define EPT_VLT_PERM_WR		(1ull << 4)
+#define EPT_VLT_PERM_EX		(1ull << 5)
+#define EPT_VLT_PERM_USER_EX	(1ull << 6)
 #define EPT_VLT_PERMS		(EPT_VLT_PERM_RD | EPT_VLT_PERM_WR | \
 				 EPT_VLT_PERM_EX)
-#define EPT_VLT_LADDR_VLD	(1 << 7)
-#define EPT_VLT_PADDR		(1 << 8)
+#define EPT_VLT_LADDR_VLD	(1ull << 7)
+#define EPT_VLT_PADDR		(1ull << 8)
+#define EPT_VLT_GUEST_USER	(1ull << 9)
+#define EPT_VLT_GUEST_WR	(1ull << 10)
+#define EPT_VLT_GUEST_EX	(1ull << 11)
 
 #define MAGIC_VAL_1		0x12345678ul
 #define MAGIC_VAL_2		0x87654321ul
diff --git a/x86/vmx_tests.c b/x86/vmx_tests.c
index c52ebc6..b4129e1 100644
--- a/x86/vmx_tests.c
+++ b/x86/vmx_tests.c
@@ -2365,6 +2365,10 @@ static void do_ept_violation(bool leaf, enum ept_access_op op,
 
 	qual = vmcs_read(EXI_QUALIFICATION);
 
+	/* Mask undefined bits (which may later be defined in certain cases). */
+	qual &= ~(EPT_VLT_GUEST_USER | EPT_VLT_GUEST_WR | EPT_VLT_GUEST_EX |
+		 EPT_VLT_PERM_USER_EX);
+
 	diagnose_ept_violation_qual(expected_qual, qual);
 	TEST_EXPECT_EQ(expected_qual, qual);
 
-- 
2.17.1







