From: Sean Christopherson <seanjc@google.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, Sean Christopherson <seanjc@google.com>
Subject: [kvm-unit-tests PATCH 11/39] x86/access: Use upper half of virtual address space
Date: Thu, 25 Nov 2021 01:28:29 +0000 [thread overview]
Message-ID: <20211125012857.508243-12-seanjc@google.com> (raw)
In-Reply-To: <20211125012857.508243-1-seanjc@google.com>
Use the upper half of the virtual address space so that 5-level paging
doesn't collide with the core infrastucture in the top-level PTE, which
hides bugs, e.g. SMEP + 5-level, and is generally a nightmare to debug.
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
x86/access.c | 50 ++++++++++++++++++++++++++++++--------------------
1 file changed, 30 insertions(+), 20 deletions(-)
diff --git a/x86/access.c b/x86/access.c
index 5bd446c..6ccdb76 100644
--- a/x86/access.c
+++ b/x86/access.c
@@ -34,7 +34,7 @@ static int invalid_mask;
#define EFER_NX_MASK (1ull << 11)
#define PT_INDEX(address, level) \
- ((address) >> (12 + ((level)-1) * 9)) & 511
+ (((address) >> (12 + ((level)-1) * 9)) & 511)
/*
* page table access check tests
@@ -340,12 +340,21 @@ static void ac_test_reset_pt_pool(ac_pt_env_t *pt_env)
pt_env->pt_pool_current = 0;
}
-static void ac_test_init(ac_test_t *at, void *virt, ac_pt_env_t *pt_env)
+static void ac_test_init(ac_test_t *at, unsigned long virt, ac_pt_env_t *pt_env)
{
+ /*
+ * The KUT infrastructure, e.g. this function, must use a different
+ * top-level SPTE than the test, otherwise modifying SPTEs can affect
+ * normal behavior, e.g. crash the test due to marking code SPTEs
+ * USER when CR4.SMEP=1.
+ */
+ assert(PT_INDEX(virt, pt_env->pt_levels) !=
+ PT_INDEX((unsigned long)ac_test_init, pt_env->pt_levels));
+
set_efer_nx(1);
set_cr0_wp(1);
at->flags = 0;
- at->virt = virt;
+ at->virt = (void *)virt;
at->phys = AT_CODE_DATA_PHYS;
at->pt_levels = pt_env->pt_levels;
}
@@ -571,12 +580,13 @@ static void __ac_setup_specific_pages(ac_test_t *at, ac_pt_env_t *pt_env, bool r
pt_element_t pte;
/*
- * Reuse existing page tables along the path to the test code and data
- * (which is in the bottom 2MB).
+ * Reuse existing page tables along the highest index, some
+ * tests rely on sharing upper level paging structures between
+ * two separate sub-tests.
*/
- if (skip && i >= 2 && index == 0) {
+ if (skip && i >= 2 && index == 511 && (*ptep & PT_PRESENT_MASK))
goto next;
- }
+
skip = false;
if (reuse && *ptep) {
switch (i) {
@@ -863,8 +873,8 @@ static int corrupt_hugepage_triger(ac_pt_env_t *pt_env)
{
ac_test_t at1, at2;
- ac_test_init(&at1, (void *)(0x123400000000), pt_env);
- ac_test_init(&at2, (void *)(0x666600000000), pt_env);
+ ac_test_init(&at1, 0xffff923400000000ul, pt_env);
+ ac_test_init(&at2, 0xffffe66600000000ul, pt_env);
at2.flags = AC_CPU_CR0_WP_MASK | AC_PDE_PSE_MASK | AC_PDE_PRESENT_MASK;
ac_test_setup_pte(&at2, pt_env);
@@ -901,8 +911,8 @@ static int check_pfec_on_prefetch_pte(ac_pt_env_t *pt_env)
{
ac_test_t at1, at2;
- ac_test_init(&at1, (void *)(0x123406001000), pt_env);
- ac_test_init(&at2, (void *)(0x123406003000), pt_env);
+ ac_test_init(&at1, 0xffff923406001000ul, pt_env);
+ ac_test_init(&at2, 0xffff923406003000ul, pt_env);
at1.flags = AC_PDE_PRESENT_MASK | AC_PTE_PRESENT_MASK;
ac_setup_specific_pages(&at1, pt_env, 30 * 1024 * 1024, 30 * 1024 * 1024);
@@ -946,8 +956,8 @@ static int check_large_pte_dirty_for_nowp(ac_pt_env_t *pt_env)
{
ac_test_t at1, at2;
- ac_test_init(&at1, (void *)(0x123403000000), pt_env);
- ac_test_init(&at2, (void *)(0x666606000000), pt_env);
+ ac_test_init(&at1, 0xffff923403000000ul, pt_env);
+ ac_test_init(&at2, 0xffffe66606000000ul, pt_env);
at2.flags = AC_PDE_PRESENT_MASK | AC_PDE_PSE_MASK;
ac_test_setup_pte(&at2, pt_env);
@@ -985,7 +995,7 @@ static int check_smep_andnot_wp(ac_pt_env_t *pt_env)
return 1;
}
- ac_test_init(&at1, (void *)(0x123406001000), pt_env);
+ ac_test_init(&at1, 0xffff923406001000ul, pt_env);
at1.flags = AC_PDE_PRESENT_MASK | AC_PTE_PRESENT_MASK |
AC_PDE_USER_MASK | AC_PTE_USER_MASK |
@@ -1028,7 +1038,7 @@ err:
static int check_effective_sp_permissions(ac_pt_env_t *pt_env)
{
- unsigned long ptr1 = 0x123480000000;
+ unsigned long ptr1 = 0xffff923480000000;
unsigned long ptr2 = ptr1 + SZ_2M;
unsigned long ptr3 = ptr1 + SZ_1G;
unsigned long ptr4 = ptr3 + SZ_2M;
@@ -1047,22 +1057,22 @@ static int check_effective_sp_permissions(ac_pt_env_t *pt_env)
* pud1 and pud2 point to the same pmd page.
*/
- ac_test_init(&at1, (void *)(ptr1), pt_env);
+ ac_test_init(&at1, ptr1, pt_env);
at1.flags = AC_PDE_PRESENT_MASK | AC_PTE_PRESENT_MASK |
AC_PDE_USER_MASK | AC_PTE_USER_MASK |
AC_PDE_ACCESSED_MASK | AC_PTE_ACCESSED_MASK |
AC_PTE_WRITABLE_MASK | AC_ACCESS_USER_MASK;
__ac_setup_specific_pages(&at1, pt_env, false, pmd, 0);
- ac_test_init(&at2, (void *)(ptr2), pt_env);
+ ac_test_init(&at2, ptr2, pt_env);
at2.flags = at1.flags | AC_PDE_WRITABLE_MASK | AC_PTE_DIRTY_MASK | AC_ACCESS_WRITE_MASK;
__ac_setup_specific_pages(&at2, pt_env, true, pmd, 0);
- ac_test_init(&at3, (void *)(ptr3), pt_env);
+ ac_test_init(&at3, ptr3, pt_env);
at3.flags = AC_PDPTE_NO_WRITABLE_MASK | at1.flags;
__ac_setup_specific_pages(&at3, pt_env, true, pmd, 0);
- ac_test_init(&at4, (void *)(ptr4), pt_env);
+ ac_test_init(&at4, ptr4, pt_env);
at4.flags = AC_PDPTE_NO_WRITABLE_MASK | at2.flags;
__ac_setup_specific_pages(&at4, pt_env, true, pmd, 0);
@@ -1139,7 +1149,7 @@ int ac_test_run(int pt_levels)
}
ac_env_int(&pt_env, pt_levels);
- ac_test_init(&at, (void *)(0x123400000000), &pt_env);
+ ac_test_init(&at, 0xffff923400000000ul, &pt_env);
if (this_cpu_has(X86_FEATURE_PKU)) {
set_cr4_pke(1);
--
2.34.0.rc2.393.gf8c9666880-goog
next prev parent reply other threads:[~2021-11-25 1:58 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-25 1:28 [kvm-unit-tests PATCH 00/39] x86/access: nVMX: Big overhaul Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 01/39] x86/access: Add proper defines for hardcoded addresses Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 02/39] x86/access: Cache CR3 to improve performance Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 03/39] x86/access: Use do-while loop for what is obviously a do-while loop Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 04/39] x86/access: Stop pretending the test is SMP friendly Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 05/39] x86/access: Refactor so called "page table pool" logic Sean Christopherson
2021-11-26 18:03 ` Paolo Bonzini
2021-11-25 1:28 ` [kvm-unit-tests PATCH 06/39] x86/access: Stash root page table level in test environment Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 07/39] x86/access: Hoist page table allocator helpers above "init" helper Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 08/39] x86/access: Rename variables in page table walkers Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 09/39] x86/access: Abort if page table insertion hits an unexpected level Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 10/39] x86/access: Make SMEP place nice with 5-level paging Sean Christopherson
2021-11-25 1:28 ` Sean Christopherson [this message]
2021-11-25 1:28 ` [kvm-unit-tests PATCH 12/39] x86/access: Print the index when dumping PTEs Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 13/39] x86/access: Pre-allocate all page tables at (sub)test init Sean Christopherson
2021-11-26 18:15 ` Paolo Bonzini
2021-11-25 1:28 ` [kvm-unit-tests PATCH 14/39] x86/access: Don't write page tables if desired PTE is same as current PTE Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 15/39] x86/access: Preserve A/D bits when writing paging structure entries Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 16/39] x86/access: Make toggling of PRESENT bit a "higher order" action Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 17/39] x86/access: Manually override PMD in effective permissions sub-test Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 18/39] x86/access: Remove manual override of PUD/PMD in prefetch sub-test Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 19/39] x86/access: Remove PMD/PT target overrides Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 20/39] x86/access: Remove timeout overrides now that performance doesn't suck Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 21/39] nVMX: Skip EPT tests if INVEPT(SINGLE_CONTEXT) is unsupported Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 22/39] nVMX: Hoist assert macros to the top of vmx.h Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 23/39] nVMX: Add a non-reporting assertion macro Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 24/39] nVMX: Assert success in unchecked INVEPT/INVVPID helpers Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 25/39] nVMX: Drop less-than-useless ept_sync() wrapper Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 26/39] nVMX: Move EPT capability check helpers to vmx.h Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 27/39] nVMX: Drop unused and useless vpid_sync() helper Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 28/39] nVMX: Remove "v1" version of INVVPID test Sean Christopherson
2021-11-26 18:28 ` Paolo Bonzini
2021-11-25 1:28 ` [kvm-unit-tests PATCH 29/39] nVMX: Add helper to check if INVVPID type is supported Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 30/39] nVMX: Add helper to check if INVVPID " Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 31/39] nVMX: Add helper to get first supported INVVPID type Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 32/39] nVMX: Use helper to check for EPT A/D support Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 33/39] nVMX: Add helpers to check for 4/5-level EPT support Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 34/39] nVMX: Fix name of macro defining EPT execute only capability Sean Christopherson
2021-11-26 18:31 ` Paolo Bonzini
2021-11-25 1:28 ` [kvm-unit-tests PATCH 35/39] nVMX: Add helper to check if a memtype is supported for EPT structures Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 36/39] nVMX: Get rid of horribly named "ctrl" boolean in test_ept_eptp() Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 37/39] nVMX: Rename awful "ctrl" booleans to "is_ctrl_valid" Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 38/39] nVMX: Add helper to check if VPID is supported Sean Christopherson
2021-11-25 1:28 ` [kvm-unit-tests PATCH 39/39] x86/access: nVMX: Add "access" test variants to invalidate via (INV)VPID Sean Christopherson
2021-11-26 18:43 ` [kvm-unit-tests PATCH 00/39] x86/access: nVMX: Big overhaul Paolo Bonzini
2021-11-29 19:04 ` Sean Christopherson
2021-11-29 19:15 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211125012857.508243-12-seanjc@google.com \
--to=seanjc@google.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox