Update the ept_access_test_ignored_bits test only ignore bit 10 if MBEC is not supported, as the bit is not ignored when MBEC is enabled. When MBEC is enabled, test ept_allowed for OP_EXEC_USER in ept_ignored_bit. Update unittest.cfg to break off MBEC into a separate test suite, as using -cpu max will automagically pick up MBEC, and it should be testable with MBEC enabled and disabled. Signed-off-by: Jon Kohler --- x86/unittests.cfg | 12 +++++++++++- x86/vmx_tests.c | 8 +++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/x86/unittests.cfg b/x86/unittests.cfg index b82bbc4e..022ea52c 100644 --- a/x86/unittests.cfg +++ b/x86/unittests.cfg @@ -336,7 +336,17 @@ groups = vmx [ept] file = vmx.flat test_args = "ept_access*" -qemu_params = -cpu max,host-phys-bits,+vmx -m 2560 +qemu_params = -cpu max,host-phys-bits,+vmx,-vmx-mbec -m 2560 +arch = x86_64 +groups = vmx + +# EPT is a generic test; however, mode-based execute control aka MBEC +# is only available on Skylake and above, be specific about the CPU +# model and test it directly. +[ept-mbec] +file = vmx.flat +test_args = "ept_access*" +qemu_params = -cpu Skylake-Server,host-phys-bits,+vmx,+vmx-mbec -m 2560 arch = x86_64 groups = vmx diff --git a/x86/vmx_tests.c b/x86/vmx_tests.c index 3ea6f9e2..9a636eef 100644 --- a/x86/vmx_tests.c +++ b/x86/vmx_tests.c @@ -2586,6 +2586,11 @@ static void ept_ignored_bit(int bit) ept_allowed(1ul << bit, 0, OP_READ); ept_allowed(1ul << bit, 0, OP_WRITE); ept_allowed(1ul << bit, 0, OP_EXEC); + + if (is_mbec_supported()) { + ept_allowed(0, 1ul << bit, OP_EXEC_USER); + ept_allowed(1ul << bit, 0, OP_EXEC_USER); + } } static void ept_access_allowed(unsigned long access, enum ept_access_op op) @@ -2936,7 +2941,8 @@ static void ept_access_test_ignored_bits(void) */ ept_ignored_bit(8); ept_ignored_bit(9); - ept_ignored_bit(10); + if (!is_mbec_supported()) + ept_ignored_bit(10); ept_ignored_bit(11); ept_ignored_bit(52); ept_ignored_bit(53); -- 2.43.0