From: Paolo Bonzini <pbonzini@redhat.com>
To: kvm@vger.kernel.org
Cc: Jon Kohler <jon@nutanix.com>, Nikunj A Dadhania <nikunj@amd.com>,
Amit Shah <amit.shah@amd.com>,
Sean Christopherson <seanjc@google.com>
Subject: [PATCH kvm-unit-tests 9/9] x86/vmx: add EPT tests covering XU permission
Date: Thu, 26 Mar 2026 10:50:35 -0400 [thread overview]
Message-ID: <20260326145035.119519-10-pbonzini@redhat.com> (raw)
In-Reply-To: <20260326145035.119519-1-pbonzini@redhat.com>
Add tests to validate MBEC execute access when XU=1, with and without XS=1.
Co-authored-by: Jon Kohler <jon@nutanix.com>
Signed-off-by: Jon Kohler <jon@nutanix.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
x86/vmx_tests.c | 120 ++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 120 insertions(+)
diff --git a/x86/vmx_tests.c b/x86/vmx_tests.c
index bf03451a..a47e8470 100644
--- a/x86/vmx_tests.c
+++ b/x86/vmx_tests.c
@@ -2924,6 +2924,52 @@ static void ept_access_test_execute_only(void)
}
}
+static void ept_access_test_execute_user_only(void)
+{
+ if (!is_mbec_supported()) {
+ report_skip("MBEC not supported");
+ return;
+ }
+
+ ept_access_test_setup();
+ /* --x (exec user only) */
+ if (ept_execute_only_supported()) {
+ ept_access_violation(EPT_EA_USER, OP_READ,
+ EPT_VLT_RD |
+ EPT_VLT_PERM_USER_EX);
+ ept_access_violation(EPT_EA_USER, OP_WRITE,
+ EPT_VLT_WR |
+ EPT_VLT_PERM_USER_EX);
+ ept_access_violation(EPT_EA_USER, OP_EXEC,
+ EPT_VLT_FETCH |
+ EPT_VLT_PERM_USER_EX);
+ ept_access_allowed(EPT_EA_USER, OP_EXEC_USER);
+ } else {
+ ept_access_misconfig(EPT_EA_USER);
+ }
+}
+
+static void ept_access_test_execute_both(void)
+{
+ if (!is_mbec_supported()) {
+ report_skip("MBEC not supported");
+ return;
+ }
+
+ ept_access_test_setup();
+ /* --x (both XS and XU) */
+ if (ept_execute_only_supported()) {
+ ept_access_violation(EPT_EA | EPT_EA_USER, OP_READ,
+ EPT_VLT_RD | EPT_VLT_PERM_EX | EPT_VLT_PERM_USER_EX);
+ ept_access_violation(EPT_EA | EPT_EA_USER, OP_WRITE,
+ EPT_VLT_WR | EPT_VLT_PERM_EX | EPT_VLT_PERM_USER_EX);
+ ept_access_allowed(EPT_EA | EPT_EA_USER, OP_EXEC);
+ ept_access_allowed(EPT_EA | EPT_EA_USER, OP_EXEC_USER);
+ } else {
+ ept_access_misconfig(EPT_EA | EPT_EA_USER);
+ }
+}
+
static void ept_access_test_read_execute(void)
{
ept_access_test_setup();
@@ -2939,6 +2985,43 @@ static void ept_access_test_read_execute(void)
ept_access_allowed(EPT_RA | EPT_EA, OP_EXEC_USER);
}
+static void ept_access_test_read_execute_user_only(void)
+{
+ if (!is_mbec_supported()) {
+ report_skip("MBEC not supported");
+ return;
+ }
+
+ ept_access_test_setup();
+ /* r-x (exec user only) */
+ ept_access_allowed(EPT_RA | EPT_EA_USER, OP_READ);
+ ept_access_violation(EPT_RA | EPT_EA_USER, OP_WRITE,
+ EPT_VLT_WR | EPT_VLT_PERM_RD |
+ EPT_VLT_PERM_USER_EX);
+ ept_access_violation(EPT_RA | EPT_EA_USER, OP_EXEC,
+ EPT_VLT_FETCH | EPT_VLT_PERM_RD |
+ EPT_VLT_PERM_USER_EX);
+ ept_access_allowed(EPT_RA | EPT_EA_USER, OP_EXEC_USER);
+}
+
+static void ept_access_test_read_execute_both(void)
+{
+ if (!is_mbec_supported()) {
+ report_skip("MBEC not supported");
+ return;
+ }
+
+ ept_access_test_setup();
+ /* r-x (both XS and XU) */
+ ept_access_allowed(EPT_RA | EPT_EA | EPT_EA_USER, OP_READ);
+ ept_access_violation(EPT_RA | EPT_EA | EPT_EA_USER, OP_WRITE,
+ EPT_VLT_WR | EPT_VLT_PERM_RD |
+ EPT_VLT_PERM_EX | EPT_VLT_PERM_USER_EX);
+ ept_access_allowed(EPT_RA | EPT_EA | EPT_EA_USER, OP_EXEC);
+ ept_access_allowed(EPT_RA | EPT_EA | EPT_EA_USER, OP_EXEC_USER);
+}
+
+
static void ept_access_test_write_execute(void)
{
ept_access_test_setup();
@@ -2960,6 +3043,37 @@ static void ept_access_test_read_write_execute(void)
ept_access_allowed(EPT_RA | EPT_WA | EPT_EA, OP_EXEC_USER);
}
+static void ept_access_test_read_write_execute_user_only(void)
+{
+ if (!is_mbec_supported()) {
+ report_skip("MBEC not supported");
+ return;
+ }
+
+ ept_access_test_setup();
+ /* rwx (exec user only) */
+ ept_access_allowed(EPT_RA | EPT_WA | EPT_EA_USER, OP_READ);
+ ept_access_allowed(EPT_RA | EPT_WA | EPT_EA_USER, OP_WRITE);
+ ept_access_violation(EPT_RA | EPT_WA | EPT_EA_USER, OP_EXEC,
+ EPT_VLT_FETCH | EPT_VLT_PERM_RD | EPT_VLT_PERM_WR | EPT_VLT_PERM_USER_EX);
+ ept_access_allowed(EPT_RA | EPT_WA | EPT_EA_USER, OP_EXEC_USER);
+}
+
+static void ept_access_test_read_write_execute_both(void)
+{
+ if (!is_mbec_supported()) {
+ report_skip("MBEC not supported");
+ return;
+ }
+
+ ept_access_test_setup();
+ /* rwx (both XS and XU) */
+ ept_access_allowed(EPT_RA | EPT_WA | EPT_EA | EPT_EA_USER, OP_READ);
+ ept_access_allowed(EPT_RA | EPT_WA | EPT_EA | EPT_EA_USER, OP_WRITE);
+ ept_access_allowed(EPT_RA | EPT_WA | EPT_EA | EPT_EA_USER, OP_EXEC);
+ ept_access_allowed(EPT_RA | EPT_WA | EPT_EA | EPT_EA_USER, OP_EXEC_USER);
+}
+
static void ept_access_test_reserved_bits(void)
{
int i;
@@ -11722,9 +11836,15 @@ struct vmx_test vmx_tests[] = {
TEST(ept_access_test_write_only),
TEST(ept_access_test_read_write),
TEST(ept_access_test_execute_only),
+ TEST(ept_access_test_execute_user_only),
+ TEST(ept_access_test_execute_both),
TEST(ept_access_test_read_execute),
+ TEST(ept_access_test_read_execute_user_only),
+ TEST(ept_access_test_read_execute_both),
TEST(ept_access_test_write_execute),
TEST(ept_access_test_read_write_execute),
+ TEST(ept_access_test_read_write_execute_user_only),
+ TEST(ept_access_test_read_write_execute_both),
TEST(ept_access_test_reserved_bits),
TEST(ept_access_test_ignored_bits),
TEST(ept_access_test_paddr_not_present_ad_disabled),
--
2.52.0
next prev parent reply other threads:[~2026-03-26 14:50 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-26 14:50 [PATCH kvm-unit-tests 0/9] Combined GMET and MBEC tests Paolo Bonzini
2026-03-26 14:50 ` [PATCH kvm-unit-tests 1/9] move PFERR_* constants to lib Paolo Bonzini
2026-03-26 14:50 ` [PATCH kvm-unit-tests 2/9] add definitions for nested_ctl Paolo Bonzini
2026-03-26 14:50 ` [PATCH kvm-unit-tests 3/9] svm: add basic GMET tests Paolo Bonzini
2026-03-27 16:03 ` Jon Kohler
2026-03-26 14:50 ` [PATCH kvm-unit-tests 4/9] x86/vmx: update EPT installation to use EPT_PRESENT flag Paolo Bonzini
2026-03-26 14:50 ` [PATCH kvm-unit-tests 5/9] x86/vmx: diagnose unexpected EPT violations Paolo Bonzini
2026-03-26 14:50 ` [PATCH kvm-unit-tests 6/9] x86/vmx: add mode-based execute control test for Skylake and above Paolo Bonzini
2026-03-27 15:57 ` Jon Kohler
2026-03-26 14:50 ` [PATCH kvm-unit-tests 7/9] x86/vmx: add user execution operation to EPT access tests Paolo Bonzini
2026-03-26 14:50 ` [PATCH kvm-unit-tests 8/9] x86/vmx: run EPT tests with MBEC enabled when available Paolo Bonzini
2026-03-26 16:13 ` Paolo Bonzini
2026-03-27 15:57 ` Jon Kohler
2026-03-27 15:57 ` Jon Kohler
2026-03-26 14:50 ` Paolo Bonzini [this message]
2026-03-27 15:56 ` [PATCH kvm-unit-tests 9/9] x86/vmx: add EPT tests covering XU permission Jon Kohler
2026-05-12 11:06 ` [PATCH kvm-unit-tests 0/9] Combined GMET and MBEC tests Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260326145035.119519-10-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=amit.shah@amd.com \
--cc=jon@nutanix.com \
--cc=kvm@vger.kernel.org \
--cc=nikunj@amd.com \
--cc=seanjc@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox