Re: [PATCH kvm-unit-tests] access: check SMEP on prefetch pte path

Xiao Guangrong <xiaoguangrong@xxxxxxxxxxxxxx> · Fri, 24 Jun 2011 17:11:48 +0800

On 06/24/2011 03:16 PM, Yang, Wei wrote:

> +void set_cr4_smep(int smep)
> +{
> +    unsigned long cr4 = read_cr4();
> +
> +    cr4 &= ~CR4_SMEP_MASK;
> +    if (smep)
> +	cr4 |= CR4_SMEP_MASK;
> +    write_cr4(cr4);
> +}
> +

It can work if the box does not support SMEP?

>  void set_efer_nx(int nx)
>  {
>      unsigned long long efer;
> @@ -176,7 +188,7 @@ void ac_test_init(ac_test_t *at, void *virt)
>  
>  int ac_test_bump_one(ac_test_t *at)
>  {
> -    for (int i = 0; i < NR_AC_FLAGS; ++i)
> +    for (int i = 0; i < NR_AC_FLAGS-1; ++i)

Why not test "SMEP" for all test case?

>  	if (!at->flags[i]) {
>  	    at->flags[i] = 1;
>  	    return 1;
> @@ -287,6 +299,9 @@ void ac_set_expected_status(ac_test_t *at)
>      if (at->flags[AC_PDE_PSE]) {
>  	if (at->flags[AC_ACCESS_WRITE] && !at->expected_fault)
>  	    at->expected_pde |= PT_DIRTY_MASK;
> +	if (at->flags[AC_ACCESS_FETCH] && at->flags[AC_PDE_USER]
> +	    && at->flags[AC_CPU_CR4_SMEP])
> +	    at->expected_fault = 1;
>  	goto no_pte;
>      }
>  
> @@ -306,7 +321,11 @@ void ac_set_expected_status(ac_test_t *at)
>  	&& (at->flags[AC_CPU_CR0_WP] || at->flags[AC_ACCESS_USER]))
>  	at->expected_fault = 1;
>  
> -    if (at->flags[AC_ACCESS_FETCH] && at->flags[AC_PTE_NX])
> +    if (at->flags[AC_ACCESS_FETCH]
> +	&& (at->flags[AC_PTE_NX]
> +	    || (at->flags[AC_CPU_CR4_SMEP]
> +		&& at->flags[AC_PDE_USER]
> +		&& at->flags[AC_PTE_USER])))
>  	at->expected_fault = 1;
>  
>      if (at->expected_fault)
> @@ -320,7 +339,7 @@ no_pte:
>  fault:
>      if (!at->expected_fault)
>          at->ignore_pde = 0;
> -    if (!at->flags[AC_CPU_EFER_NX])
> +    if (!at->flags[AC_CPU_EFER_NX] && !at->flags[AC_CPU_CR4_SMEP])
>          at->expected_error &= ~PFERR_FETCH_MASK;
>  }
>  

You check the AC_CPU_CR4_SMEP for all case, but only set the cr4 bit for
check_smep_on_prefetch_pte(), it is better to move set_cr4_smep to
ac_test_do_access()?

> @@ -645,6 +664,72 @@ err:
>      return 0;
>  }
>  
> +static int check_smep_on_prefetch_pte(ac_pool_t *pool)
> +{
> +	ac_test_t at1;
> +	int err_smep, err_prepare_notwp, err_smep_notwp;
> +	extern u64 ptl2[];
> +
> +	ac_test_init(&at1, (void *)(0x123406001000));
> +
> +	at1.flags[AC_PDE_PRESENT] = 1;
> +	at1.flags[AC_PTE_PRESENT] = 1;
> +	at1.flags[AC_PDE_USER] = 1;
> +	at1.flags[AC_PTE_USER] = 1;
> +	at1.flags[AC_PDE_ACCESSED] = 1;
> +	at1.flags[AC_PTE_ACCESSED] = 1;
> +	at1.flags[AC_ACCESS_FETCH] = 1;
> +	at1.flags[AC_CPU_CR4_SMEP] = 1;
> +	at1.flags[AC_CPU_CR0_WP] = 1;
> +	ac_test_setup_pte(&at1, pool);
> +	ptl2[2] -= 0x4;

Why is it needed? :-)
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html