Prepare for MBEC EPT access test cases by refactoring the EPT installation logic in vmx_tests.c and vmx.c to replace the use of EPT_RA | EPT_WA | EPT_EA flags with the EPT_PRESENT flag. Update the EPT_PRESENT definition in vmx.h to conditionally include user access rights based on MBEC support. No functional change intended, all tests pass with both +vmx-mbec and -vmx-mbec. Signed-off-by: Jon Kohler --- x86/vmx.c | 3 +-- x86/vmx.h | 16 ++++++++++------ x86/vmx_tests.c | 24 ++++++++++++------------ 3 files changed, 23 insertions(+), 20 deletions(-) diff --git a/x86/vmx.c b/x86/vmx.c index c803eaa6..eb2965d8 100644 --- a/x86/vmx.c +++ b/x86/vmx.c @@ -875,8 +875,7 @@ void install_ept_entry(unsigned long *pml4, else pt_page = 0; memset(new_pt, 0, PAGE_SIZE); - pt[offset] = virt_to_phys(new_pt) - | EPT_RA | EPT_WA | EPT_EA; + pt[offset] = virt_to_phys(new_pt) | EPT_PRESENT; } else if (pt[offset] & EPT_LARGE_PAGE) split_large_ept_entry(&pt[offset], level); pt = phys_to_virt(pt[offset] & EPT_ADDR_MASK); diff --git a/x86/vmx.h b/x86/vmx.h index 75667ccc..f88188af 100644 --- a/x86/vmx.h +++ b/x86/vmx.h @@ -665,18 +665,22 @@ enum vm_entry_failure_code { #define EPT_MEM_TYPE_WP 5ul #define EPT_MEM_TYPE_WB 6ul -#define EPT_RA 1ul -#define EPT_WA 2ul -#define EPT_EA 4ul -#define EPT_PRESENT (EPT_RA | EPT_WA | EPT_EA) +#define EPT_RA (1ul << 0) +#define EPT_WA (1ul << 1) +#define EPT_EA (1ul << 2) +#define EPT_IGNORE_PAT (1ul << 6) +#define EPT_LARGE_PAGE (1ul << 7) #define EPT_ACCESS_FLAG (1ul << 8) #define EPT_DIRTY_FLAG (1ul << 9) -#define EPT_LARGE_PAGE (1ul << 7) +#define EPT_EA_USER (1ul << 10) #define EPT_MEM_TYPE_SHIFT 3ul #define EPT_MEM_TYPE_MASK 0x7ul -#define EPT_IGNORE_PAT (1ul << 6) #define EPT_SUPPRESS_VE (1ull << 63) +#define EPT_PRESENT (is_mbec_supported() ? \ + (EPT_RA | EPT_WA | EPT_EA | EPT_EA_USER) : \ + (EPT_RA | EPT_WA | EPT_EA)) + #define EPT_CAP_EXEC_ONLY (1ull << 0) #define EPT_CAP_PWL4 (1ull << 6) #define EPT_CAP_PWL5 (1ull << 7) diff --git a/x86/vmx_tests.c b/x86/vmx_tests.c index ad7cfe83..9d91ce6b 100644 --- a/x86/vmx_tests.c +++ b/x86/vmx_tests.c @@ -1100,7 +1100,7 @@ static int setup_ept(bool enable_ad) */ setup_ept_range(pml4, 0, end_of_memory, 0, !enable_ad && ept_2m_supported(), - EPT_WA | EPT_RA | EPT_EA); + EPT_PRESENT); return 0; } @@ -1179,7 +1179,7 @@ static int ept_init_common(bool have_ad) *((u32 *)data_page1) = MAGIC_VAL_1; *((u32 *)data_page2) = MAGIC_VAL_2; install_ept(pml4, (unsigned long)data_page1, (unsigned long)data_page2, - EPT_RA | EPT_WA | EPT_EA); + EPT_PRESENT); apic_version = apic_read(APIC_LVR); @@ -1359,8 +1359,8 @@ static int ept_exit_handler_common(union exit_reason exit_reason, bool have_ad) *((u32 *)data_page2) == MAGIC_VAL_2) { vmx_inc_test_stage(); install_ept(pml4, (unsigned long)data_page2, - (unsigned long)data_page2, - EPT_RA | EPT_WA | EPT_EA); + (unsigned long)data_page2, + EPT_PRESENT); } else report_fail("EPT basic framework - write"); break; @@ -1371,9 +1371,9 @@ static int ept_exit_handler_common(union exit_reason exit_reason, bool have_ad) break; case 2: install_ept(pml4, (unsigned long)data_page1, - (unsigned long)data_page1, - EPT_RA | EPT_WA | EPT_EA | - (2 << EPT_MEM_TYPE_SHIFT)); + (unsigned long)data_page1, + EPT_PRESENT | + (2 << EPT_MEM_TYPE_SHIFT)); invept(INVEPT_SINGLE, eptp); break; case 3: @@ -1417,8 +1417,8 @@ static int ept_exit_handler_common(union exit_reason exit_reason, bool have_ad) case 2: vmx_inc_test_stage(); install_ept(pml4, (unsigned long)data_page1, - (unsigned long)data_page1, - EPT_RA | EPT_WA | EPT_EA); + (unsigned long)data_page1, + EPT_PRESENT); invept(INVEPT_SINGLE, eptp); break; // Should not reach here @@ -3020,9 +3020,9 @@ static void ept_access_test_paddr_read_write_execute(void) { ept_access_test_setup(); /* RWX access to paging structure. */ - ept_access_allowed_paddr(EPT_PRESENT, 0, OP_READ); - ept_access_allowed_paddr(EPT_PRESENT, 0, OP_WRITE); - ept_access_allowed_paddr(EPT_PRESENT, 0, OP_EXEC); + ept_access_allowed_paddr(EPT_RA | EPT_WA | EPT_EA, 0, OP_READ); + ept_access_allowed_paddr(EPT_RA | EPT_WA | EPT_EA, 0, OP_WRITE); + ept_access_allowed_paddr(EPT_RA | EPT_WA | EPT_EA, 0, OP_EXEC); } static void ept_access_test_paddr_read_execute_ad_disabled(void) -- 2.43.0