From mboxrd@z Thu Jan  1 00:00:00 1970
From: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
Subject: Re: [PATCH kvm-unit-tests v2] access: check SMEP on prefetch pte
 path
Date: Fri, 01 Jul 2011 16:05:39 +0800
Message-ID: <4E0D7FD3.8030206@cn.fujitsu.com>
References: <1309343079-4895-1-git-send-email-wei.y.yang@intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: avi@redhat.com, kvm@vger.kernel.org
To: "Yang, Wei" <wei.y.yang@intel.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from cn.fujitsu.com ([222.73.24.84]:61768 "EHLO song.cn.fujitsu.com"
	rhost-flags-OK-FAIL-OK-OK) by vger.kernel.org with ESMTP
	id S1755122Ab1GAIDw (ORCPT <rfc822;kvm@vger.kernel.org>);
	Fri, 1 Jul 2011 04:03:52 -0400
In-Reply-To: <1309343079-4895-1-git-send-email-wei.y.yang@intel.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 06/29/2011 06:24 PM, Yang, Wei wrote:

> +
> +	/*
> +	 * Here we write the ro user page when
> +	 * cr0.wp=0, then we execute it and SMEP
> +	 * fault should happen.
> +	 */
> +	err_prepare_notwp = ac_test_do_access(&at1);
> +	if (!err_prepare_notwp) {
> +		printf("%s: SMEP prepare fail\n", __FUNCTION__);
> +		goto clean_up;
> +	}
> +
> +	at1.flags[AC_ACCESS_WRITE] = 0;
> +	at1.flags[AC_ACCESS_FETCH] = 1;
> +	ac_set_expected_status(&at1);
> +	err_smep_notwp = ac_test_do_access(&at1);
> +

The address is accessed in the fist test, it is really "prefetch"-ed
in the second test?

>  
>  int ac_test_run(void)
> @@ -669,16 +765,22 @@ int ac_test_run(void)
>      ac_test_t at;
>      ac_pool_t pool;
>      int i, tests, successes;
> +    extern u64 ptl2[];
>  
>      printf("run\n");
>      tests = successes = 0;
>      ac_env_int(&pool);
>      ac_test_init(&at, (void *)(0x123400000000 + 16 * smp_id()));
>      do {
> +	if (at.flags[AC_CPU_CR4_SMEP] && (ptl2[2] & 0x4))
> +		ptl2[2] -= 0x4;

It seems you just remove the "U/S" bit, but forget to recover it, it can 
break the test if AC_ACCESS_USER && !SMEP