According to section "Canonicalization and Consistency Checks" in APM vol 2,
the following guest state is illegal:
"The MSR or IOIO intercept tables extend to a physical address that
is greater than or equal to the maximum supported physical address.
The VMRUN instruction ignores the lower 12 bits of the address
specified in the VMCB."
Signed-off-by: Krish Sadhukhan <krish.sadhukhan@xxxxxxxxxx>
---
x86/svm_tests.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 77 insertions(+), 1 deletion(-)
diff --git a/x86/svm_tests.c b/x86/svm_tests.c
index 29a0b59..15be8f5 100644
--- a/x86/svm_tests.c
+++ b/x86/svm_tests.c
@@ -2304,15 +2304,91 @@ static void test_dr(void)
vmcb->save.dr7 = dr_saved;
}
+#define TEST_BITMAP_ADDR(save_intercept, type, addr, exit_code, \
+ consistency_fail, msg) { \
+ u32 exit_code_hi; \
+ vmcb->control.intercept = saved_intercept | 1ULL << type; \
+ if (type == INTERCEPT_MSR_PROT) \
+ vmcb->control.msrpm_base_pa = addr; \
+ else \
+ vmcb->control.iopm_base_pa = addr; \
+ exit_code_hi = consistency_fail ? SVM_CONSISTENCY_ERR : 0; \
+ report(svm_vmrun() == exit_code && \
+ vmcb->control.exit_code_hi == exit_code_hi, \
+ "Test %s address: %lx %x", msg, addr, vmcb->control.exit_code_hi);\
+}
+
+/*
+ * If the MSR or IOIO intercept table extends to a physical address that
+ * is greater than or equal to the maximum supported physical address, the
+ * guest state is illegal.
+ *
+ * The VMRUN instruction ignores the lower 12 bits of the address specified
+ * in the VMCB.
+ *
+ * MSRPM spans 2 contiguous 4KB pages while IOPM spans 2 contiguous 4KB
+ * pages + 1 byte.
+ *
+ * [APM vol 2]
+ *
+ * Note: Unallocated MSRPM addresses conforming to consistency checks, generate
+ * #NPF.
+ */
+static void test_msrpm_iopm_bitmap_addrs(void)
+{
+ u64 saved_intercept = vmcb->control.intercept;
+ u64 addr_beyond_limit = 1ull << cpuid_maxphyaddr();
+ u64 addr = virt_to_phys(msr_bitmap) & (~((1ull << 12) - 1));
+
+ TEST_BITMAP_ADDR(saved_intercept, INTERCEPT_MSR_PROT,
+ addr_beyond_limit - 3 * PAGE_SIZE, SVM_EXIT_ERR, false,
+ "MSRPM");
+ TEST_BITMAP_ADDR(saved_intercept, INTERCEPT_MSR_PROT,
+ addr_beyond_limit - 2 * PAGE_SIZE, SVM_EXIT_ERR, false,
+ "MSRPM");
+ TEST_BITMAP_ADDR(saved_intercept, INTERCEPT_MSR_PROT,
+ addr_beyond_limit - 2 * PAGE_SIZE + 1, SVM_EXIT_ERR,
+ true, "MSRPM");
+ TEST_BITMAP_ADDR(saved_intercept, INTERCEPT_MSR_PROT,
+ addr_beyond_limit - PAGE_SIZE, SVM_EXIT_ERR, true,
+ "MSRPM");
+ TEST_BITMAP_ADDR(saved_intercept, INTERCEPT_MSR_PROT, addr,
+ SVM_EXIT_VMMCALL, false, "MSRPM");
+ addr |= (1ull << 12) - 1;
+ TEST_BITMAP_ADDR(saved_intercept, INTERCEPT_MSR_PROT, addr,
+ SVM_EXIT_VMMCALL, false, "MSRPM");
+
+ TEST_BITMAP_ADDR(saved_intercept, INTERCEPT_IOIO_PROT,
+ addr_beyond_limit - 4 * PAGE_SIZE, SVM_EXIT_VMMCALL,
+ false, "IOPM");
+ TEST_BITMAP_ADDR(saved_intercept, INTERCEPT_IOIO_PROT,
+ addr_beyond_limit - 3 * PAGE_SIZE, SVM_EXIT_VMMCALL,
+ false, "IOPM");
+ TEST_BITMAP_ADDR(saved_intercept, INTERCEPT_IOIO_PROT,
+ addr_beyond_limit - 3 * PAGE_SIZE + 1, SVM_EXIT_ERR,
+ true, "IOPM");
+ TEST_BITMAP_ADDR(saved_intercept, INTERCEPT_IOIO_PROT,
+ addr_beyond_limit - PAGE_SIZE, SVM_EXIT_ERR, true,
+ "IOPM");
+ addr = virt_to_phys(io_bitmap) & (~((1ull << 11) - 1));
+ TEST_BITMAP_ADDR(saved_intercept, INTERCEPT_IOIO_PROT, addr,
+ SVM_EXIT_VMMCALL, false, "IOPM");
+ addr |= (1ull << 12) - 1;
+ TEST_BITMAP_ADDR(saved_intercept, INTERCEPT_IOIO_PROT, addr,
+ SVM_EXIT_VMMCALL, false, "IOPM");
+
+ vmcb->control.intercept = saved_intercept;
+}
+
static void svm_guest_state_test(void)
{
test_set_guest(basic_guest_main);
-
test_efer();
test_cr0();
test_cr3();
test_cr4();
test_dr();
+ test_msrpm_iopm_bitmap_addrs();
}
--
2.27.0
