From: Jon Kohler <jon@nutanix.com>
To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org
Cc: Jon Kohler <jon@nutanix.com>
Subject: [kvm-unit-tests PATCH 07/17] x86/vmx: switch to new vmx.h EPT RWX defs
Date: Tue, 16 Sep 2025 10:22:36 -0700 [thread overview]
Message-ID: <20250916172247.610021-8-jon@nutanix.com> (raw)
In-Reply-To: <20250916172247.610021-1-jon@nutanix.com>
Migrate to new vmx.h's EPT RWX defs, which makes it easier
to grok from one code base to another.
Fix a few small formatting issues along the way.
No functional change intended.
Signed-off-by: Jon Kohler <jon@nutanix.com>
---
x86/vmx.c | 14 +--
x86/vmx.h | 4 -
x86/vmx_tests.c | 245 +++++++++++++++++++++++++++++++-----------------
3 files changed, 165 insertions(+), 98 deletions(-)
diff --git a/x86/vmx.c b/x86/vmx.c
index e79781f2..6b7dca34 100644
--- a/x86/vmx.c
+++ b/x86/vmx.c
@@ -823,7 +823,7 @@ static void split_large_ept_entry(unsigned long *ptep, int level)
int i;
pte = *ptep;
- assert(pte & EPT_PRESENT);
+ assert(pte & VMX_EPT_RWX_MASK);
assert(pte & EPT_LARGE_PAGE);
assert(level == 2 || level == 3);
@@ -870,15 +870,17 @@ void install_ept_entry(unsigned long *pml4,
for (level = EPT_PAGE_LEVEL; level > pte_level; --level) {
offset = (guest_addr >> EPT_LEVEL_SHIFT(level))
& EPT_PGDIR_MASK;
- if (!(pt[offset] & (EPT_PRESENT))) {
+ if (!(pt[offset] & (VMX_EPT_RWX_MASK))) {
unsigned long *new_pt = pt_page;
if (!new_pt)
new_pt = alloc_page();
else
pt_page = 0;
memset(new_pt, 0, PAGE_SIZE);
- pt[offset] = virt_to_phys(new_pt)
- | EPT_RA | EPT_WA | EPT_EA;
+ pt[offset] = virt_to_phys(new_pt) |
+ VMX_EPT_READABLE_MASK |
+ VMX_EPT_WRITABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK;
} else if (pt[offset] & EPT_LARGE_PAGE)
split_large_ept_entry(&pt[offset], level);
pt = phys_to_virt(pt[offset] & EPT_ADDR_MASK);
@@ -965,7 +967,7 @@ bool get_ept_pte(unsigned long *pml4, unsigned long guest_addr, int level,
break;
if (l < 4 && (iter_pte & EPT_LARGE_PAGE))
return false;
- if (!(iter_pte & (EPT_PRESENT)))
+ if (!(iter_pte & (VMX_EPT_RWX_MASK)))
return false;
pt = (unsigned long *)(iter_pte & EPT_ADDR_MASK);
}
@@ -1089,7 +1091,7 @@ void set_ept_pte(unsigned long *pml4, unsigned long guest_addr,
offset = (guest_addr >> EPT_LEVEL_SHIFT(l)) & EPT_PGDIR_MASK;
if (l == level)
break;
- assert(pt[offset] & EPT_PRESENT);
+ assert(pt[offset] & VMX_EPT_RWX_MASK);
pt = (unsigned long *)(pt[offset] & EPT_ADDR_MASK);
}
offset = (guest_addr >> EPT_LEVEL_SHIFT(l)) & EPT_PGDIR_MASK;
diff --git a/x86/vmx.h b/x86/vmx.h
index 9b076b0c..3f792d4a 100644
--- a/x86/vmx.h
+++ b/x86/vmx.h
@@ -578,10 +578,6 @@ enum Intr_type {
#define EPT_MEM_TYPE_WP 5ul
#define EPT_MEM_TYPE_WB 6ul
-#define EPT_RA 1ul
-#define EPT_WA 2ul
-#define EPT_EA 4ul
-#define EPT_PRESENT (EPT_RA | EPT_WA | EPT_EA)
#define EPT_ACCESS_FLAG (1ul << 8)
#define EPT_DIRTY_FLAG (1ul << 9)
#define EPT_LARGE_PAGE (1ul << 7)
diff --git a/x86/vmx_tests.c b/x86/vmx_tests.c
index a09b687f..eda9e88a 100644
--- a/x86/vmx_tests.c
+++ b/x86/vmx_tests.c
@@ -1101,7 +1101,9 @@ static int setup_ept(bool enable_ad)
*/
setup_ept_range(pml4, 0, end_of_memory, 0,
!enable_ad && ept_2m_supported(),
- EPT_WA | EPT_RA | EPT_EA);
+ VMX_EPT_WRITABLE_MASK |
+ VMX_EPT_READABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK);
return 0;
}
@@ -1180,7 +1182,9 @@ static int ept_init_common(bool have_ad)
*((u32 *)data_page1) = MAGIC_VAL_1;
*((u32 *)data_page2) = MAGIC_VAL_2;
install_ept(pml4, (unsigned long)data_page1, (unsigned long)data_page2,
- EPT_RA | EPT_WA | EPT_EA);
+ VMX_EPT_READABLE_MASK |
+ VMX_EPT_WRITABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK);
apic_version = apic_read(APIC_LVR);
@@ -1360,29 +1364,33 @@ static int ept_exit_handler_common(union exit_reason exit_reason, bool have_ad)
*((u32 *)data_page2) == MAGIC_VAL_2) {
vmx_inc_test_stage();
install_ept(pml4, (unsigned long)data_page2,
- (unsigned long)data_page2,
- EPT_RA | EPT_WA | EPT_EA);
+ (unsigned long)data_page2,
+ VMX_EPT_READABLE_MASK |
+ VMX_EPT_WRITABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK);
} else
report_fail("EPT basic framework - write");
break;
case 1:
install_ept(pml4, (unsigned long)data_page1,
- (unsigned long)data_page1, EPT_WA);
+ (unsigned long)data_page1, VMX_EPT_WRITABLE_MASK);
invept(INVEPT_SINGLE, eptp);
break;
case 2:
install_ept(pml4, (unsigned long)data_page1,
- (unsigned long)data_page1,
- EPT_RA | EPT_WA | EPT_EA |
- (2 << EPT_MEM_TYPE_SHIFT));
+ (unsigned long)data_page1,
+ VMX_EPT_READABLE_MASK |
+ VMX_EPT_WRITABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK |
+ (2 << EPT_MEM_TYPE_SHIFT));
invept(INVEPT_SINGLE, eptp);
break;
case 3:
clear_ept_ad(pml4, guest_cr3, (unsigned long)data_page1);
TEST_ASSERT(get_ept_pte(pml4, (unsigned long)data_page1,
1, &data_page1_pte));
- set_ept_pte(pml4, (unsigned long)data_page1,
- 1, data_page1_pte & ~EPT_PRESENT);
+ set_ept_pte(pml4, (unsigned long)data_page1,
+ 1, data_page1_pte & ~VMX_EPT_RWX_MASK);
invept(INVEPT_SINGLE, eptp);
break;
case 4:
@@ -1391,7 +1399,7 @@ static int ept_exit_handler_common(union exit_reason exit_reason, bool have_ad)
TEST_ASSERT(get_ept_pte(pml4, guest_pte_addr, 2, &data_page1_pte_pte));
set_ept_pte(pml4, guest_pte_addr, 2,
- data_page1_pte_pte & ~EPT_PRESENT);
+ data_page1_pte_pte & ~VMX_EPT_RWX_MASK);
invept(INVEPT_SINGLE, eptp);
break;
case 5:
@@ -1418,8 +1426,10 @@ static int ept_exit_handler_common(union exit_reason exit_reason, bool have_ad)
case 2:
vmx_inc_test_stage();
install_ept(pml4, (unsigned long)data_page1,
- (unsigned long)data_page1,
- EPT_RA | EPT_WA | EPT_EA);
+ (unsigned long)data_page1,
+ VMX_EPT_READABLE_MASK |
+ VMX_EPT_WRITABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK);
invept(INVEPT_SINGLE, eptp);
break;
// Should not reach here
@@ -1448,7 +1458,7 @@ static int ept_exit_handler_common(union exit_reason exit_reason, bool have_ad)
EPT_VIOLATION_GVA_TRANSLATED))
vmx_inc_test_stage();
set_ept_pte(pml4, (unsigned long)data_page1,
- 1, data_page1_pte | (EPT_PRESENT));
+ 1, data_page1_pte | (VMX_EPT_RWX_MASK));
invept(INVEPT_SINGLE, eptp);
break;
case 4:
@@ -1460,7 +1470,8 @@ static int ept_exit_handler_common(union exit_reason exit_reason, bool have_ad)
EPT_VIOLATION_GVA_IS_VALID))
vmx_inc_test_stage();
set_ept_pte(pml4, guest_pte_addr, 2,
- data_page1_pte_pte | (EPT_PRESENT));
+ data_page1_pte_pte |
+ (VMX_EPT_RWX_MASK));
invept(INVEPT_SINGLE, eptp);
break;
case 5:
@@ -1468,7 +1479,8 @@ static int ept_exit_handler_common(union exit_reason exit_reason, bool have_ad)
vmx_inc_test_stage();
TEST_ASSERT(get_ept_pte(pml4, (unsigned long)pci_physaddr,
1, &memaddr_pte));
- set_ept_pte(pml4, memaddr_pte, 1, memaddr_pte | EPT_RA);
+ set_ept_pte(pml4, memaddr_pte, 1,
+ memaddr_pte | VMX_EPT_READABLE_MASK);
invept(INVEPT_SINGLE, eptp);
break;
case 6:
@@ -1476,7 +1488,9 @@ static int ept_exit_handler_common(union exit_reason exit_reason, bool have_ad)
vmx_inc_test_stage();
TEST_ASSERT(get_ept_pte(pml4, (unsigned long)pci_physaddr,
1, &memaddr_pte));
- set_ept_pte(pml4, memaddr_pte, 1, memaddr_pte | EPT_RA | EPT_WA);
+ set_ept_pte(pml4, memaddr_pte, 1,
+ memaddr_pte | VMX_EPT_READABLE_MASK |
+ VMX_EPT_WRITABLE_MASK);
invept(INVEPT_SINGLE, eptp);
break;
default:
@@ -2419,7 +2433,7 @@ static void ept_violation(unsigned long clear, unsigned long set,
static void ept_access_violation(unsigned long access, enum ept_access_op op,
u64 expected_qual)
{
- ept_violation(EPT_PRESENT, access, op,
+ ept_violation(VMX_EPT_RWX_MASK, access, op,
expected_qual | EPT_VIOLATION_GVA_IS_VALID |
EPT_VIOLATION_GVA_TRANSLATED);
}
@@ -2489,9 +2503,9 @@ static void ept_access_paddr(unsigned long ept_access, unsigned long pte_ad,
* otherwise our level=1 twiddling below will fail. We use the
* identity map (gpa = gpa) since page tables are shared with the host.
*/
- install_ept(pml4, gpa, gpa, EPT_PRESENT);
+ install_ept(pml4, gpa, gpa, VMX_EPT_RWX_MASK);
orig_epte = ept_twiddle(gpa, /*mkhuge=*/0, /*level=*/1,
- /*clear=*/EPT_PRESENT, /*set=*/ept_access);
+ /*clear=*/VMX_EPT_RWX_MASK, /*set=*/ept_access);
if (expect_violation) {
do_ept_violation(/*leaf=*/true, op,
@@ -2588,7 +2602,7 @@ static void ept_ignored_bit(int bit)
static void ept_access_allowed(unsigned long access, enum ept_access_op op)
{
- ept_allowed(EPT_PRESENT, access, op);
+ ept_allowed(VMX_EPT_RWX_MASK, access, op);
}
@@ -2658,7 +2672,7 @@ static void ept_misconfig(unsigned long clear, unsigned long set)
static void ept_access_misconfig(unsigned long access)
{
- ept_misconfig(EPT_PRESENT, access);
+ ept_misconfig(VMX_EPT_RWX_MASK, access);
}
static void ept_reserved_bit_at_level_nohuge(int level, int bit)
@@ -2667,7 +2681,7 @@ static void ept_reserved_bit_at_level_nohuge(int level, int bit)
ept_misconfig_at_level_mkhuge(false, level, 0, 1ul << bit);
/* Making the entry non-present turns reserved bits into ignored. */
- ept_violation_at_level(level, EPT_PRESENT, 1ul << bit, OP_READ,
+ ept_violation_at_level(level, VMX_EPT_RWX_MASK, 1ul << bit, OP_READ,
EPT_VIOLATION_ACC_READ |
EPT_VIOLATION_GVA_IS_VALID |
EPT_VIOLATION_GVA_TRANSLATED);
@@ -2679,7 +2693,7 @@ static void ept_reserved_bit_at_level_huge(int level, int bit)
ept_misconfig_at_level_mkhuge(true, level, 0, 1ul << bit);
/* Making the entry non-present turns reserved bits into ignored. */
- ept_violation_at_level(level, EPT_PRESENT, 1ul << bit, OP_READ,
+ ept_violation_at_level(level, VMX_EPT_RWX_MASK, 1ul << bit, OP_READ,
EPT_VIOLATION_ACC_READ |
EPT_VIOLATION_GVA_IS_VALID |
EPT_VIOLATION_GVA_TRANSLATED);
@@ -2691,7 +2705,7 @@ static void ept_reserved_bit_at_level(int level, int bit)
ept_misconfig_at_level(level, 0, 1ul << bit);
/* Making the entry non-present turns reserved bits into ignored. */
- ept_violation_at_level(level, EPT_PRESENT, 1ul << bit, OP_READ,
+ ept_violation_at_level(level, VMX_EPT_RWX_MASK, 1ul << bit, OP_READ,
EPT_VIOLATION_ACC_READ |
EPT_VIOLATION_GVA_IS_VALID |
EPT_VIOLATION_GVA_TRANSLATED);
@@ -2787,7 +2801,7 @@ static void ept_access_test_setup(void)
*/
TEST_ASSERT(get_ept_pte(pml4, data->gpa, 4, &pte) && pte == 0);
TEST_ASSERT(get_ept_pte(pml4, data->gpa + size - 1, 4, &pte) && pte == 0);
- install_ept(pml4, data->hpa, data->gpa, EPT_PRESENT);
+ install_ept(pml4, data->hpa, data->gpa, VMX_EPT_RWX_MASK);
data->hva[0] = MAGIC_VAL_1;
memcpy(&data->hva[1], &ret42_start, &ret42_end - &ret42_start);
@@ -2807,10 +2821,12 @@ static void ept_access_test_read_only(void)
ept_access_test_setup();
/* r-- */
- ept_access_allowed(EPT_RA, OP_READ);
- ept_access_violation(EPT_RA, OP_WRITE, EPT_VIOLATION_ACC_WRITE |
+ ept_access_allowed(VMX_EPT_READABLE_MASK, OP_READ);
+ ept_access_violation(VMX_EPT_READABLE_MASK, OP_WRITE,
+ EPT_VIOLATION_ACC_WRITE |
EPT_VIOLATION_PROT_READ);
- ept_access_violation(EPT_RA, OP_EXEC, EPT_VIOLATION_ACC_INSTR |
+ ept_access_violation(VMX_EPT_READABLE_MASK, OP_EXEC,
+ EPT_VIOLATION_ACC_INSTR |
EPT_VIOLATION_PROT_READ);
}
@@ -2818,16 +2834,19 @@ static void ept_access_test_write_only(void)
{
ept_access_test_setup();
/* -w- */
- ept_access_misconfig(EPT_WA);
+ ept_access_misconfig(VMX_EPT_WRITABLE_MASK);
}
static void ept_access_test_read_write(void)
{
ept_access_test_setup();
/* rw- */
- ept_access_allowed(EPT_RA | EPT_WA, OP_READ);
- ept_access_allowed(EPT_RA | EPT_WA, OP_WRITE);
- ept_access_violation(EPT_RA | EPT_WA, OP_EXEC,
+ ept_access_allowed(VMX_EPT_READABLE_MASK | VMX_EPT_WRITABLE_MASK,
+ OP_READ);
+ ept_access_allowed(VMX_EPT_READABLE_MASK | VMX_EPT_WRITABLE_MASK,
+ OP_WRITE);
+ ept_access_violation(VMX_EPT_READABLE_MASK | VMX_EPT_WRITABLE_MASK,
+ OP_EXEC,
EPT_VIOLATION_ACC_INSTR |
EPT_VIOLATION_PROT_READ |
EPT_VIOLATION_PROT_WRITE);
@@ -2839,15 +2858,15 @@ static void ept_access_test_execute_only(void)
ept_access_test_setup();
/* --x */
if (ept_execute_only_supported()) {
- ept_access_violation(EPT_EA, OP_READ,
+ ept_access_violation(VMX_EPT_EXECUTABLE_MASK, OP_READ,
EPT_VIOLATION_ACC_READ |
EPT_VIOLATION_PROT_EXEC);
- ept_access_violation(EPT_EA, OP_WRITE,
+ ept_access_violation(VMX_EPT_EXECUTABLE_MASK, OP_WRITE,
EPT_VIOLATION_ACC_WRITE |
EPT_VIOLATION_PROT_EXEC);
- ept_access_allowed(EPT_EA, OP_EXEC);
+ ept_access_allowed(VMX_EPT_EXECUTABLE_MASK, OP_EXEC);
} else {
- ept_access_misconfig(EPT_EA);
+ ept_access_misconfig(VMX_EPT_EXECUTABLE_MASK);
}
}
@@ -2855,28 +2874,34 @@ static void ept_access_test_read_execute(void)
{
ept_access_test_setup();
/* r-x */
- ept_access_allowed(EPT_RA | EPT_EA, OP_READ);
- ept_access_violation(EPT_RA | EPT_EA, OP_WRITE,
+ ept_access_allowed(VMX_EPT_READABLE_MASK | VMX_EPT_EXECUTABLE_MASK,
+ OP_READ);
+ ept_access_violation(VMX_EPT_READABLE_MASK | VMX_EPT_EXECUTABLE_MASK,
+ OP_WRITE,
EPT_VIOLATION_ACC_WRITE |
EPT_VIOLATION_PROT_READ |
EPT_VIOLATION_PROT_EXEC);
- ept_access_allowed(EPT_RA | EPT_EA, OP_EXEC);
+ ept_access_allowed(VMX_EPT_READABLE_MASK | VMX_EPT_EXECUTABLE_MASK,
+ OP_EXEC);
}
static void ept_access_test_write_execute(void)
{
ept_access_test_setup();
/* -wx */
- ept_access_misconfig(EPT_WA | EPT_EA);
+ ept_access_misconfig(VMX_EPT_WRITABLE_MASK | VMX_EPT_EXECUTABLE_MASK);
}
static void ept_access_test_read_write_execute(void)
{
ept_access_test_setup();
/* rwx */
- ept_access_allowed(EPT_RA | EPT_WA | EPT_EA, OP_READ);
- ept_access_allowed(EPT_RA | EPT_WA | EPT_EA, OP_WRITE);
- ept_access_allowed(EPT_RA | EPT_WA | EPT_EA, OP_EXEC);
+ ept_access_allowed(VMX_EPT_READABLE_MASK | VMX_EPT_WRITABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK, OP_READ);
+ ept_access_allowed(VMX_EPT_READABLE_MASK | VMX_EPT_WRITABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK, OP_WRITE);
+ ept_access_allowed(VMX_EPT_READABLE_MASK | VMX_EPT_WRITABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK, OP_EXEC);
}
static void ept_access_test_reserved_bits(void)
@@ -2989,17 +3014,20 @@ static void ept_access_test_paddr_read_only_ad_disabled(void)
ept_disable_ad_bits();
/* Can't update A bit, so all accesses fail. */
- ept_access_violation_paddr(EPT_RA, 0, OP_READ, qual);
- ept_access_violation_paddr(EPT_RA, 0, OP_WRITE, qual);
- ept_access_violation_paddr(EPT_RA, 0, OP_EXEC, qual);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK, 0, OP_READ, qual);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK, 0, OP_WRITE, qual);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK, 0, OP_EXEC, qual);
/* AD bits disabled, so only writes try to update the D bit. */
- ept_access_allowed_paddr(EPT_RA, PT_ACCESSED_MASK, OP_READ);
- ept_access_violation_paddr(EPT_RA, PT_ACCESSED_MASK, OP_WRITE, qual);
- ept_access_allowed_paddr(EPT_RA, PT_ACCESSED_MASK, OP_EXEC);
+ ept_access_allowed_paddr(VMX_EPT_READABLE_MASK, PT_ACCESSED_MASK,
+ OP_READ);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK, PT_ACCESSED_MASK,
+ OP_WRITE, qual);
+ ept_access_allowed_paddr(VMX_EPT_READABLE_MASK, PT_ACCESSED_MASK,
+ OP_EXEC);
/* Both A and D already set, so read-only is OK. */
- ept_access_allowed_paddr(EPT_RA, PT_AD_MASK, OP_READ);
- ept_access_allowed_paddr(EPT_RA, PT_AD_MASK, OP_WRITE);
- ept_access_allowed_paddr(EPT_RA, PT_AD_MASK, OP_EXEC);
+ ept_access_allowed_paddr(VMX_EPT_READABLE_MASK, PT_AD_MASK, OP_READ);
+ ept_access_allowed_paddr(VMX_EPT_READABLE_MASK, PT_AD_MASK, OP_WRITE);
+ ept_access_allowed_paddr(VMX_EPT_READABLE_MASK, PT_AD_MASK, OP_EXEC);
}
static void ept_access_test_paddr_read_only_ad_enabled(void)
@@ -3015,33 +3043,42 @@ static void ept_access_test_paddr_read_only_ad_enabled(void)
ept_access_test_setup();
ept_enable_ad_bits_or_skip_test();
- ept_access_violation_paddr(EPT_RA, 0, OP_READ, qual);
- ept_access_violation_paddr(EPT_RA, 0, OP_WRITE, qual);
- ept_access_violation_paddr(EPT_RA, 0, OP_EXEC, qual);
- ept_access_violation_paddr(EPT_RA, PT_ACCESSED_MASK, OP_READ, qual);
- ept_access_violation_paddr(EPT_RA, PT_ACCESSED_MASK, OP_WRITE, qual);
- ept_access_violation_paddr(EPT_RA, PT_ACCESSED_MASK, OP_EXEC, qual);
- ept_access_violation_paddr(EPT_RA, PT_AD_MASK, OP_READ, qual);
- ept_access_violation_paddr(EPT_RA, PT_AD_MASK, OP_WRITE, qual);
- ept_access_violation_paddr(EPT_RA, PT_AD_MASK, OP_EXEC, qual);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK, 0, OP_READ, qual);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK, 0, OP_WRITE, qual);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK, 0, OP_EXEC, qual);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK, PT_ACCESSED_MASK,
+ OP_READ, qual);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK, PT_ACCESSED_MASK,
+ OP_WRITE, qual);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK, PT_ACCESSED_MASK,
+ OP_EXEC, qual);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK, PT_AD_MASK, OP_READ,
+ qual);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK, PT_AD_MASK, OP_WRITE,
+ qual);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK, PT_AD_MASK, OP_EXEC,
+ qual);
}
static void ept_access_test_paddr_read_write(void)
{
ept_access_test_setup();
/* Read-write access to paging structure. */
- ept_access_allowed_paddr(EPT_RA | EPT_WA, 0, OP_READ);
- ept_access_allowed_paddr(EPT_RA | EPT_WA, 0, OP_WRITE);
- ept_access_allowed_paddr(EPT_RA | EPT_WA, 0, OP_EXEC);
+ ept_access_allowed_paddr(VMX_EPT_READABLE_MASK | VMX_EPT_WRITABLE_MASK, 0,
+ OP_READ);
+ ept_access_allowed_paddr(VMX_EPT_READABLE_MASK | VMX_EPT_WRITABLE_MASK, 0,
+ OP_WRITE);
+ ept_access_allowed_paddr(VMX_EPT_READABLE_MASK | VMX_EPT_WRITABLE_MASK, 0,
+ OP_EXEC);
}
static void ept_access_test_paddr_read_write_execute(void)
{
ept_access_test_setup();
/* RWX access to paging structure. */
- ept_access_allowed_paddr(EPT_PRESENT, 0, OP_READ);
- ept_access_allowed_paddr(EPT_PRESENT, 0, OP_WRITE);
- ept_access_allowed_paddr(EPT_PRESENT, 0, OP_EXEC);
+ ept_access_allowed_paddr(VMX_EPT_RWX_MASK, 0, OP_READ);
+ ept_access_allowed_paddr(VMX_EPT_RWX_MASK, 0, OP_WRITE);
+ ept_access_allowed_paddr(VMX_EPT_RWX_MASK, 0, OP_EXEC);
}
static void ept_access_test_paddr_read_execute_ad_disabled(void)
@@ -3059,17 +3096,31 @@ static void ept_access_test_paddr_read_execute_ad_disabled(void)
ept_disable_ad_bits();
/* Can't update A bit, so all accesses fail. */
- ept_access_violation_paddr(EPT_RA | EPT_EA, 0, OP_READ, qual);
- ept_access_violation_paddr(EPT_RA | EPT_EA, 0, OP_WRITE, qual);
- ept_access_violation_paddr(EPT_RA | EPT_EA, 0, OP_EXEC, qual);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK, 0, OP_READ, qual);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK, 0, OP_WRITE,
+ qual);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK, 0, OP_EXEC,
+ qual);
/* AD bits disabled, so only writes try to update the D bit. */
- ept_access_allowed_paddr(EPT_RA | EPT_EA, PT_ACCESSED_MASK, OP_READ);
- ept_access_violation_paddr(EPT_RA | EPT_EA, PT_ACCESSED_MASK, OP_WRITE, qual);
- ept_access_allowed_paddr(EPT_RA | EPT_EA, PT_ACCESSED_MASK, OP_EXEC);
+ ept_access_allowed_paddr(VMX_EPT_READABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK, PT_ACCESSED_MASK,
+ OP_READ);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK, PT_ACCESSED_MASK,
+ OP_WRITE, qual);
+ ept_access_allowed_paddr(VMX_EPT_READABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK, PT_ACCESSED_MASK,
+ OP_EXEC);
/* Both A and D already set, so read-only is OK. */
- ept_access_allowed_paddr(EPT_RA | EPT_EA, PT_AD_MASK, OP_READ);
- ept_access_allowed_paddr(EPT_RA | EPT_EA, PT_AD_MASK, OP_WRITE);
- ept_access_allowed_paddr(EPT_RA | EPT_EA, PT_AD_MASK, OP_EXEC);
+ ept_access_allowed_paddr(VMX_EPT_READABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK, PT_AD_MASK, OP_READ);
+ ept_access_allowed_paddr(VMX_EPT_READABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK, PT_AD_MASK, OP_WRITE);
+ ept_access_allowed_paddr(VMX_EPT_READABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK, PT_AD_MASK, OP_EXEC);
}
static void ept_access_test_paddr_read_execute_ad_enabled(void)
@@ -3085,15 +3136,31 @@ static void ept_access_test_paddr_read_execute_ad_enabled(void)
ept_access_test_setup();
ept_enable_ad_bits_or_skip_test();
- ept_access_violation_paddr(EPT_RA | EPT_EA, 0, OP_READ, qual);
- ept_access_violation_paddr(EPT_RA | EPT_EA, 0, OP_WRITE, qual);
- ept_access_violation_paddr(EPT_RA | EPT_EA, 0, OP_EXEC, qual);
- ept_access_violation_paddr(EPT_RA | EPT_EA, PT_ACCESSED_MASK, OP_READ, qual);
- ept_access_violation_paddr(EPT_RA | EPT_EA, PT_ACCESSED_MASK, OP_WRITE, qual);
- ept_access_violation_paddr(EPT_RA | EPT_EA, PT_ACCESSED_MASK, OP_EXEC, qual);
- ept_access_violation_paddr(EPT_RA | EPT_EA, PT_AD_MASK, OP_READ, qual);
- ept_access_violation_paddr(EPT_RA | EPT_EA, PT_AD_MASK, OP_WRITE, qual);
- ept_access_violation_paddr(EPT_RA | EPT_EA, PT_AD_MASK, OP_EXEC, qual);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK, 0, OP_READ, qual);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK, 0, OP_WRITE,
+ qual);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK, 0, OP_EXEC, qual);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK, PT_ACCESSED_MASK,
+ OP_READ, qual);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK, PT_ACCESSED_MASK,
+ OP_WRITE, qual);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK, PT_ACCESSED_MASK,
+ OP_EXEC, qual);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK, PT_AD_MASK,
+ OP_READ, qual);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK, PT_AD_MASK,
+ OP_WRITE, qual);
+ ept_access_violation_paddr(VMX_EPT_READABLE_MASK |
+ VMX_EPT_EXECUTABLE_MASK, PT_AD_MASK,
+ OP_EXEC, qual);
}
static void ept_access_test_paddr_not_present_page_fault(void)
@@ -3113,12 +3180,14 @@ static void ept_access_test_force_2m_page(void)
TEST_ASSERT_EQ(ept_2m_supported(), true);
ept_allowed_at_level_mkhuge(true, 2, 0, 0, OP_READ);
- ept_violation_at_level_mkhuge(true, 2, EPT_PRESENT, EPT_RA, OP_WRITE,
+ ept_violation_at_level_mkhuge(true, 2, VMX_EPT_RWX_MASK,
+ VMX_EPT_READABLE_MASK, OP_WRITE,
EPT_VIOLATION_ACC_WRITE |
EPT_VIOLATION_PROT_READ |
EPT_VIOLATION_GVA_IS_VALID |
EPT_VIOLATION_GVA_TRANSLATED);
- ept_misconfig_at_level_mkhuge(true, 2, EPT_PRESENT, EPT_WA);
+ ept_misconfig_at_level_mkhuge(true, 2, VMX_EPT_RWX_MASK,
+ VMX_EPT_WRITABLE_MASK);
}
static bool invvpid_valid(u64 type, u64 vpid, u64 gla)
--
2.43.0
next prev parent reply other threads:[~2025-09-16 16:44 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-16 17:22 [kvm-unit-tests PATCH 00/17] x86/vmx: align with Linux kernel VMX definitions Jon Kohler
2025-09-16 17:22 ` [kvm-unit-tests PATCH 01/17] lib: add linux vmx.h clone from 6.16 Jon Kohler
2025-09-16 17:22 ` [kvm-unit-tests PATCH 02/17] lib: add linux trapnr.h " Jon Kohler
2025-09-16 17:22 ` [kvm-unit-tests PATCH 03/17] lib: add vmxfeatures.h " Jon Kohler
2025-09-16 17:22 ` [kvm-unit-tests PATCH 04/17] lib: define __aligned() in compiler.h Jon Kohler
2025-09-16 17:22 ` [kvm-unit-tests PATCH 05/17] x86/vmx: basic integration for new vmx.h Jon Kohler
2025-09-16 17:22 ` [kvm-unit-tests PATCH 06/17] x86/vmx: switch to new vmx.h EPT violation defs Jon Kohler
2025-09-16 17:22 ` Jon Kohler [this message]
2025-09-16 17:22 ` [kvm-unit-tests PATCH 08/17] x86/vmx: switch to new vmx.h EPT access and dirty defs Jon Kohler
2025-09-16 17:22 ` [kvm-unit-tests PATCH 09/17] x86/vmx: switch to new vmx.h EPT capability and memory type defs Jon Kohler
2025-09-16 17:22 ` [kvm-unit-tests PATCH 10/17] x86/vmx: switch to new vmx.h primary processor-based VM-execution controls Jon Kohler
2025-09-16 17:22 ` [kvm-unit-tests PATCH 11/17] x86/vmx: switch to new vmx.h secondary execution control bit Jon Kohler
2025-09-16 17:22 ` [kvm-unit-tests PATCH 12/17] x86/vmx: switch to new vmx.h secondary execution controls Jon Kohler
2025-09-16 17:22 ` [kvm-unit-tests PATCH 13/17] x86/vmx: switch to new vmx.h pin based VM-execution controls Jon Kohler
2025-09-16 17:22 ` [kvm-unit-tests PATCH 14/17] x86/vmx: switch to new vmx.h exit controls Jon Kohler
2025-09-16 17:22 ` [kvm-unit-tests PATCH 15/17] x86/vmx: switch to new vmx.h entry controls Jon Kohler
2025-09-16 17:22 ` [kvm-unit-tests PATCH 16/17] x86/vmx: switch to new vmx.h interrupt defs Jon Kohler
2025-09-16 17:22 ` [kvm-unit-tests PATCH 17/17] x86/vmx: align exit reasons with Linux uapi Jon Kohler
2025-11-12 19:02 ` [kvm-unit-tests PATCH 00/17] x86/vmx: align with Linux kernel VMX definitions Sean Christopherson
2025-11-14 14:52 ` Jon Kohler
2025-11-17 17:41 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250916172247.610021-8-jon@nutanix.com \
--to=jon@nutanix.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox