Migrate to new vmx.h's EPT RWX defs, which makes it easier to grok from one code base to another. Fix a few small formatting issues along the way. No functional change intended. Signed-off-by: Jon Kohler --- x86/vmx.c | 14 +-- x86/vmx.h | 4 - x86/vmx_tests.c | 245 +++++++++++++++++++++++++++++++----------------- 3 files changed, 165 insertions(+), 98 deletions(-) diff --git a/x86/vmx.c b/x86/vmx.c index e79781f2..6b7dca34 100644 --- a/x86/vmx.c +++ b/x86/vmx.c @@ -823,7 +823,7 @@ static void split_large_ept_entry(unsigned long *ptep, int level) int i; pte = *ptep; - assert(pte & EPT_PRESENT); + assert(pte & VMX_EPT_RWX_MASK); assert(pte & EPT_LARGE_PAGE); assert(level == 2 || level == 3); @@ -870,15 +870,17 @@ void install_ept_entry(unsigned long *pml4, for (level = EPT_PAGE_LEVEL; level > pte_level; --level) { offset = (guest_addr >> EPT_LEVEL_SHIFT(level)) & EPT_PGDIR_MASK; - if (!(pt[offset] & (EPT_PRESENT))) { + if (!(pt[offset] & (VMX_EPT_RWX_MASK))) { unsigned long *new_pt = pt_page; if (!new_pt) new_pt = alloc_page(); else pt_page = 0; memset(new_pt, 0, PAGE_SIZE); - pt[offset] = virt_to_phys(new_pt) - | EPT_RA | EPT_WA | EPT_EA; + pt[offset] = virt_to_phys(new_pt) | + VMX_EPT_READABLE_MASK | + VMX_EPT_WRITABLE_MASK | + VMX_EPT_EXECUTABLE_MASK; } else if (pt[offset] & EPT_LARGE_PAGE) split_large_ept_entry(&pt[offset], level); pt = phys_to_virt(pt[offset] & EPT_ADDR_MASK); @@ -965,7 +967,7 @@ bool get_ept_pte(unsigned long *pml4, unsigned long guest_addr, int level, break; if (l < 4 && (iter_pte & EPT_LARGE_PAGE)) return false; - if (!(iter_pte & (EPT_PRESENT))) + if (!(iter_pte & (VMX_EPT_RWX_MASK))) return false; pt = (unsigned long *)(iter_pte & EPT_ADDR_MASK); } @@ -1089,7 +1091,7 @@ void set_ept_pte(unsigned long *pml4, unsigned long guest_addr, offset = (guest_addr >> EPT_LEVEL_SHIFT(l)) & EPT_PGDIR_MASK; if (l == level) break; - assert(pt[offset] & EPT_PRESENT); + assert(pt[offset] & VMX_EPT_RWX_MASK); pt = (unsigned long *)(pt[offset] & EPT_ADDR_MASK); } offset = (guest_addr >> EPT_LEVEL_SHIFT(l)) & EPT_PGDIR_MASK; diff --git a/x86/vmx.h b/x86/vmx.h index 9b076b0c..3f792d4a 100644 --- a/x86/vmx.h +++ b/x86/vmx.h @@ -578,10 +578,6 @@ enum Intr_type { #define EPT_MEM_TYPE_WP 5ul #define EPT_MEM_TYPE_WB 6ul -#define EPT_RA 1ul -#define EPT_WA 2ul -#define EPT_EA 4ul -#define EPT_PRESENT (EPT_RA | EPT_WA | EPT_EA) #define EPT_ACCESS_FLAG (1ul << 8) #define EPT_DIRTY_FLAG (1ul << 9) #define EPT_LARGE_PAGE (1ul << 7) diff --git a/x86/vmx_tests.c b/x86/vmx_tests.c index a09b687f..eda9e88a 100644 --- a/x86/vmx_tests.c +++ b/x86/vmx_tests.c @@ -1101,7 +1101,9 @@ static int setup_ept(bool enable_ad) */ setup_ept_range(pml4, 0, end_of_memory, 0, !enable_ad && ept_2m_supported(), - EPT_WA | EPT_RA | EPT_EA); + VMX_EPT_WRITABLE_MASK | + VMX_EPT_READABLE_MASK | + VMX_EPT_EXECUTABLE_MASK); return 0; } @@ -1180,7 +1182,9 @@ static int ept_init_common(bool have_ad) *((u32 *)data_page1) = MAGIC_VAL_1; *((u32 *)data_page2) = MAGIC_VAL_2; install_ept(pml4, (unsigned long)data_page1, (unsigned long)data_page2, - EPT_RA | EPT_WA | EPT_EA); + VMX_EPT_READABLE_MASK | + VMX_EPT_WRITABLE_MASK | + VMX_EPT_EXECUTABLE_MASK); apic_version = apic_read(APIC_LVR); @@ -1360,29 +1364,33 @@ static int ept_exit_handler_common(union exit_reason exit_reason, bool have_ad) *((u32 *)data_page2) == MAGIC_VAL_2) { vmx_inc_test_stage(); install_ept(pml4, (unsigned long)data_page2, - (unsigned long)data_page2, - EPT_RA | EPT_WA | EPT_EA); + (unsigned long)data_page2, + VMX_EPT_READABLE_MASK | + VMX_EPT_WRITABLE_MASK | + VMX_EPT_EXECUTABLE_MASK); } else report_fail("EPT basic framework - write"); break; case 1: install_ept(pml4, (unsigned long)data_page1, - (unsigned long)data_page1, EPT_WA); + (unsigned long)data_page1, VMX_EPT_WRITABLE_MASK); invept(INVEPT_SINGLE, eptp); break; case 2: install_ept(pml4, (unsigned long)data_page1, - (unsigned long)data_page1, - EPT_RA | EPT_WA | EPT_EA | - (2 << EPT_MEM_TYPE_SHIFT)); + (unsigned long)data_page1, + VMX_EPT_READABLE_MASK | + VMX_EPT_WRITABLE_MASK | + VMX_EPT_EXECUTABLE_MASK | + (2 << EPT_MEM_TYPE_SHIFT)); invept(INVEPT_SINGLE, eptp); break; case 3: clear_ept_ad(pml4, guest_cr3, (unsigned long)data_page1); TEST_ASSERT(get_ept_pte(pml4, (unsigned long)data_page1, 1, &data_page1_pte)); - set_ept_pte(pml4, (unsigned long)data_page1, - 1, data_page1_pte & ~EPT_PRESENT); + set_ept_pte(pml4, (unsigned long)data_page1, + 1, data_page1_pte & ~VMX_EPT_RWX_MASK); invept(INVEPT_SINGLE, eptp); break; case 4: @@ -1391,7 +1399,7 @@ static int ept_exit_handler_common(union exit_reason exit_reason, bool have_ad) TEST_ASSERT(get_ept_pte(pml4, guest_pte_addr, 2, &data_page1_pte_pte)); set_ept_pte(pml4, guest_pte_addr, 2, - data_page1_pte_pte & ~EPT_PRESENT); + data_page1_pte_pte & ~VMX_EPT_RWX_MASK); invept(INVEPT_SINGLE, eptp); break; case 5: @@ -1418,8 +1426,10 @@ static int ept_exit_handler_common(union exit_reason exit_reason, bool have_ad) case 2: vmx_inc_test_stage(); install_ept(pml4, (unsigned long)data_page1, - (unsigned long)data_page1, - EPT_RA | EPT_WA | EPT_EA); + (unsigned long)data_page1, + VMX_EPT_READABLE_MASK | + VMX_EPT_WRITABLE_MASK | + VMX_EPT_EXECUTABLE_MASK); invept(INVEPT_SINGLE, eptp); break; // Should not reach here @@ -1448,7 +1458,7 @@ static int ept_exit_handler_common(union exit_reason exit_reason, bool have_ad) EPT_VIOLATION_GVA_TRANSLATED)) vmx_inc_test_stage(); set_ept_pte(pml4, (unsigned long)data_page1, - 1, data_page1_pte | (EPT_PRESENT)); + 1, data_page1_pte | (VMX_EPT_RWX_MASK)); invept(INVEPT_SINGLE, eptp); break; case 4: @@ -1460,7 +1470,8 @@ static int ept_exit_handler_common(union exit_reason exit_reason, bool have_ad) EPT_VIOLATION_GVA_IS_VALID)) vmx_inc_test_stage(); set_ept_pte(pml4, guest_pte_addr, 2, - data_page1_pte_pte | (EPT_PRESENT)); + data_page1_pte_pte | + (VMX_EPT_RWX_MASK)); invept(INVEPT_SINGLE, eptp); break; case 5: @@ -1468,7 +1479,8 @@ static int ept_exit_handler_common(union exit_reason exit_reason, bool have_ad) vmx_inc_test_stage(); TEST_ASSERT(get_ept_pte(pml4, (unsigned long)pci_physaddr, 1, &memaddr_pte)); - set_ept_pte(pml4, memaddr_pte, 1, memaddr_pte | EPT_RA); + set_ept_pte(pml4, memaddr_pte, 1, + memaddr_pte | VMX_EPT_READABLE_MASK); invept(INVEPT_SINGLE, eptp); break; case 6: @@ -1476,7 +1488,9 @@ static int ept_exit_handler_common(union exit_reason exit_reason, bool have_ad) vmx_inc_test_stage(); TEST_ASSERT(get_ept_pte(pml4, (unsigned long)pci_physaddr, 1, &memaddr_pte)); - set_ept_pte(pml4, memaddr_pte, 1, memaddr_pte | EPT_RA | EPT_WA); + set_ept_pte(pml4, memaddr_pte, 1, + memaddr_pte | VMX_EPT_READABLE_MASK | + VMX_EPT_WRITABLE_MASK); invept(INVEPT_SINGLE, eptp); break; default: @@ -2419,7 +2433,7 @@ static void ept_violation(unsigned long clear, unsigned long set, static void ept_access_violation(unsigned long access, enum ept_access_op op, u64 expected_qual) { - ept_violation(EPT_PRESENT, access, op, + ept_violation(VMX_EPT_RWX_MASK, access, op, expected_qual | EPT_VIOLATION_GVA_IS_VALID | EPT_VIOLATION_GVA_TRANSLATED); } @@ -2489,9 +2503,9 @@ static void ept_access_paddr(unsigned long ept_access, unsigned long pte_ad, * otherwise our level=1 twiddling below will fail. We use the * identity map (gpa = gpa) since page tables are shared with the host. */ - install_ept(pml4, gpa, gpa, EPT_PRESENT); + install_ept(pml4, gpa, gpa, VMX_EPT_RWX_MASK); orig_epte = ept_twiddle(gpa, /*mkhuge=*/0, /*level=*/1, - /*clear=*/EPT_PRESENT, /*set=*/ept_access); + /*clear=*/VMX_EPT_RWX_MASK, /*set=*/ept_access); if (expect_violation) { do_ept_violation(/*leaf=*/true, op, @@ -2588,7 +2602,7 @@ static void ept_ignored_bit(int bit) static void ept_access_allowed(unsigned long access, enum ept_access_op op) { - ept_allowed(EPT_PRESENT, access, op); + ept_allowed(VMX_EPT_RWX_MASK, access, op); } @@ -2658,7 +2672,7 @@ static void ept_misconfig(unsigned long clear, unsigned long set) static void ept_access_misconfig(unsigned long access) { - ept_misconfig(EPT_PRESENT, access); + ept_misconfig(VMX_EPT_RWX_MASK, access); } static void ept_reserved_bit_at_level_nohuge(int level, int bit) @@ -2667,7 +2681,7 @@ static void ept_reserved_bit_at_level_nohuge(int level, int bit) ept_misconfig_at_level_mkhuge(false, level, 0, 1ul << bit); /* Making the entry non-present turns reserved bits into ignored. */ - ept_violation_at_level(level, EPT_PRESENT, 1ul << bit, OP_READ, + ept_violation_at_level(level, VMX_EPT_RWX_MASK, 1ul << bit, OP_READ, EPT_VIOLATION_ACC_READ | EPT_VIOLATION_GVA_IS_VALID | EPT_VIOLATION_GVA_TRANSLATED); @@ -2679,7 +2693,7 @@ static void ept_reserved_bit_at_level_huge(int level, int bit) ept_misconfig_at_level_mkhuge(true, level, 0, 1ul << bit); /* Making the entry non-present turns reserved bits into ignored. */ - ept_violation_at_level(level, EPT_PRESENT, 1ul << bit, OP_READ, + ept_violation_at_level(level, VMX_EPT_RWX_MASK, 1ul << bit, OP_READ, EPT_VIOLATION_ACC_READ | EPT_VIOLATION_GVA_IS_VALID | EPT_VIOLATION_GVA_TRANSLATED); @@ -2691,7 +2705,7 @@ static void ept_reserved_bit_at_level(int level, int bit) ept_misconfig_at_level(level, 0, 1ul << bit); /* Making the entry non-present turns reserved bits into ignored. */ - ept_violation_at_level(level, EPT_PRESENT, 1ul << bit, OP_READ, + ept_violation_at_level(level, VMX_EPT_RWX_MASK, 1ul << bit, OP_READ, EPT_VIOLATION_ACC_READ | EPT_VIOLATION_GVA_IS_VALID | EPT_VIOLATION_GVA_TRANSLATED); @@ -2787,7 +2801,7 @@ static void ept_access_test_setup(void) */ TEST_ASSERT(get_ept_pte(pml4, data->gpa, 4, &pte) && pte == 0); TEST_ASSERT(get_ept_pte(pml4, data->gpa + size - 1, 4, &pte) && pte == 0); - install_ept(pml4, data->hpa, data->gpa, EPT_PRESENT); + install_ept(pml4, data->hpa, data->gpa, VMX_EPT_RWX_MASK); data->hva[0] = MAGIC_VAL_1; memcpy(&data->hva[1], &ret42_start, &ret42_end - &ret42_start); @@ -2807,10 +2821,12 @@ static void ept_access_test_read_only(void) ept_access_test_setup(); /* r-- */ - ept_access_allowed(EPT_RA, OP_READ); - ept_access_violation(EPT_RA, OP_WRITE, EPT_VIOLATION_ACC_WRITE | + ept_access_allowed(VMX_EPT_READABLE_MASK, OP_READ); + ept_access_violation(VMX_EPT_READABLE_MASK, OP_WRITE, + EPT_VIOLATION_ACC_WRITE | EPT_VIOLATION_PROT_READ); - ept_access_violation(EPT_RA, OP_EXEC, EPT_VIOLATION_ACC_INSTR | + ept_access_violation(VMX_EPT_READABLE_MASK, OP_EXEC, + EPT_VIOLATION_ACC_INSTR | EPT_VIOLATION_PROT_READ); } @@ -2818,16 +2834,19 @@ static void ept_access_test_write_only(void) { ept_access_test_setup(); /* -w- */ - ept_access_misconfig(EPT_WA); + ept_access_misconfig(VMX_EPT_WRITABLE_MASK); } static void ept_access_test_read_write(void) { ept_access_test_setup(); /* rw- */ - ept_access_allowed(EPT_RA | EPT_WA, OP_READ); - ept_access_allowed(EPT_RA | EPT_WA, OP_WRITE); - ept_access_violation(EPT_RA | EPT_WA, OP_EXEC, + ept_access_allowed(VMX_EPT_READABLE_MASK | VMX_EPT_WRITABLE_MASK, + OP_READ); + ept_access_allowed(VMX_EPT_READABLE_MASK | VMX_EPT_WRITABLE_MASK, + OP_WRITE); + ept_access_violation(VMX_EPT_READABLE_MASK | VMX_EPT_WRITABLE_MASK, + OP_EXEC, EPT_VIOLATION_ACC_INSTR | EPT_VIOLATION_PROT_READ | EPT_VIOLATION_PROT_WRITE); @@ -2839,15 +2858,15 @@ static void ept_access_test_execute_only(void) ept_access_test_setup(); /* --x */ if (ept_execute_only_supported()) { - ept_access_violation(EPT_EA, OP_READ, + ept_access_violation(VMX_EPT_EXECUTABLE_MASK, OP_READ, EPT_VIOLATION_ACC_READ | EPT_VIOLATION_PROT_EXEC); - ept_access_violation(EPT_EA, OP_WRITE, + ept_access_violation(VMX_EPT_EXECUTABLE_MASK, OP_WRITE, EPT_VIOLATION_ACC_WRITE | EPT_VIOLATION_PROT_EXEC); - ept_access_allowed(EPT_EA, OP_EXEC); + ept_access_allowed(VMX_EPT_EXECUTABLE_MASK, OP_EXEC); } else { - ept_access_misconfig(EPT_EA); + ept_access_misconfig(VMX_EPT_EXECUTABLE_MASK); } } @@ -2855,28 +2874,34 @@ static void ept_access_test_read_execute(void) { ept_access_test_setup(); /* r-x */ - ept_access_allowed(EPT_RA | EPT_EA, OP_READ); - ept_access_violation(EPT_RA | EPT_EA, OP_WRITE, + ept_access_allowed(VMX_EPT_READABLE_MASK | VMX_EPT_EXECUTABLE_MASK, + OP_READ); + ept_access_violation(VMX_EPT_READABLE_MASK | VMX_EPT_EXECUTABLE_MASK, + OP_WRITE, EPT_VIOLATION_ACC_WRITE | EPT_VIOLATION_PROT_READ | EPT_VIOLATION_PROT_EXEC); - ept_access_allowed(EPT_RA | EPT_EA, OP_EXEC); + ept_access_allowed(VMX_EPT_READABLE_MASK | VMX_EPT_EXECUTABLE_MASK, + OP_EXEC); } static void ept_access_test_write_execute(void) { ept_access_test_setup(); /* -wx */ - ept_access_misconfig(EPT_WA | EPT_EA); + ept_access_misconfig(VMX_EPT_WRITABLE_MASK | VMX_EPT_EXECUTABLE_MASK); } static void ept_access_test_read_write_execute(void) { ept_access_test_setup(); /* rwx */ - ept_access_allowed(EPT_RA | EPT_WA | EPT_EA, OP_READ); - ept_access_allowed(EPT_RA | EPT_WA | EPT_EA, OP_WRITE); - ept_access_allowed(EPT_RA | EPT_WA | EPT_EA, OP_EXEC); + ept_access_allowed(VMX_EPT_READABLE_MASK | VMX_EPT_WRITABLE_MASK | + VMX_EPT_EXECUTABLE_MASK, OP_READ); + ept_access_allowed(VMX_EPT_READABLE_MASK | VMX_EPT_WRITABLE_MASK | + VMX_EPT_EXECUTABLE_MASK, OP_WRITE); + ept_access_allowed(VMX_EPT_READABLE_MASK | VMX_EPT_WRITABLE_MASK | + VMX_EPT_EXECUTABLE_MASK, OP_EXEC); } static void ept_access_test_reserved_bits(void) @@ -2989,17 +3014,20 @@ static void ept_access_test_paddr_read_only_ad_disabled(void) ept_disable_ad_bits(); /* Can't update A bit, so all accesses fail. */ - ept_access_violation_paddr(EPT_RA, 0, OP_READ, qual); - ept_access_violation_paddr(EPT_RA, 0, OP_WRITE, qual); - ept_access_violation_paddr(EPT_RA, 0, OP_EXEC, qual); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK, 0, OP_READ, qual); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK, 0, OP_WRITE, qual); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK, 0, OP_EXEC, qual); /* AD bits disabled, so only writes try to update the D bit. */ - ept_access_allowed_paddr(EPT_RA, PT_ACCESSED_MASK, OP_READ); - ept_access_violation_paddr(EPT_RA, PT_ACCESSED_MASK, OP_WRITE, qual); - ept_access_allowed_paddr(EPT_RA, PT_ACCESSED_MASK, OP_EXEC); + ept_access_allowed_paddr(VMX_EPT_READABLE_MASK, PT_ACCESSED_MASK, + OP_READ); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK, PT_ACCESSED_MASK, + OP_WRITE, qual); + ept_access_allowed_paddr(VMX_EPT_READABLE_MASK, PT_ACCESSED_MASK, + OP_EXEC); /* Both A and D already set, so read-only is OK. */ - ept_access_allowed_paddr(EPT_RA, PT_AD_MASK, OP_READ); - ept_access_allowed_paddr(EPT_RA, PT_AD_MASK, OP_WRITE); - ept_access_allowed_paddr(EPT_RA, PT_AD_MASK, OP_EXEC); + ept_access_allowed_paddr(VMX_EPT_READABLE_MASK, PT_AD_MASK, OP_READ); + ept_access_allowed_paddr(VMX_EPT_READABLE_MASK, PT_AD_MASK, OP_WRITE); + ept_access_allowed_paddr(VMX_EPT_READABLE_MASK, PT_AD_MASK, OP_EXEC); } static void ept_access_test_paddr_read_only_ad_enabled(void) @@ -3015,33 +3043,42 @@ static void ept_access_test_paddr_read_only_ad_enabled(void) ept_access_test_setup(); ept_enable_ad_bits_or_skip_test(); - ept_access_violation_paddr(EPT_RA, 0, OP_READ, qual); - ept_access_violation_paddr(EPT_RA, 0, OP_WRITE, qual); - ept_access_violation_paddr(EPT_RA, 0, OP_EXEC, qual); - ept_access_violation_paddr(EPT_RA, PT_ACCESSED_MASK, OP_READ, qual); - ept_access_violation_paddr(EPT_RA, PT_ACCESSED_MASK, OP_WRITE, qual); - ept_access_violation_paddr(EPT_RA, PT_ACCESSED_MASK, OP_EXEC, qual); - ept_access_violation_paddr(EPT_RA, PT_AD_MASK, OP_READ, qual); - ept_access_violation_paddr(EPT_RA, PT_AD_MASK, OP_WRITE, qual); - ept_access_violation_paddr(EPT_RA, PT_AD_MASK, OP_EXEC, qual); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK, 0, OP_READ, qual); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK, 0, OP_WRITE, qual); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK, 0, OP_EXEC, qual); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK, PT_ACCESSED_MASK, + OP_READ, qual); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK, PT_ACCESSED_MASK, + OP_WRITE, qual); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK, PT_ACCESSED_MASK, + OP_EXEC, qual); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK, PT_AD_MASK, OP_READ, + qual); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK, PT_AD_MASK, OP_WRITE, + qual); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK, PT_AD_MASK, OP_EXEC, + qual); } static void ept_access_test_paddr_read_write(void) { ept_access_test_setup(); /* Read-write access to paging structure. */ - ept_access_allowed_paddr(EPT_RA | EPT_WA, 0, OP_READ); - ept_access_allowed_paddr(EPT_RA | EPT_WA, 0, OP_WRITE); - ept_access_allowed_paddr(EPT_RA | EPT_WA, 0, OP_EXEC); + ept_access_allowed_paddr(VMX_EPT_READABLE_MASK | VMX_EPT_WRITABLE_MASK, 0, + OP_READ); + ept_access_allowed_paddr(VMX_EPT_READABLE_MASK | VMX_EPT_WRITABLE_MASK, 0, + OP_WRITE); + ept_access_allowed_paddr(VMX_EPT_READABLE_MASK | VMX_EPT_WRITABLE_MASK, 0, + OP_EXEC); } static void ept_access_test_paddr_read_write_execute(void) { ept_access_test_setup(); /* RWX access to paging structure. */ - ept_access_allowed_paddr(EPT_PRESENT, 0, OP_READ); - ept_access_allowed_paddr(EPT_PRESENT, 0, OP_WRITE); - ept_access_allowed_paddr(EPT_PRESENT, 0, OP_EXEC); + ept_access_allowed_paddr(VMX_EPT_RWX_MASK, 0, OP_READ); + ept_access_allowed_paddr(VMX_EPT_RWX_MASK, 0, OP_WRITE); + ept_access_allowed_paddr(VMX_EPT_RWX_MASK, 0, OP_EXEC); } static void ept_access_test_paddr_read_execute_ad_disabled(void) @@ -3059,17 +3096,31 @@ static void ept_access_test_paddr_read_execute_ad_disabled(void) ept_disable_ad_bits(); /* Can't update A bit, so all accesses fail. */ - ept_access_violation_paddr(EPT_RA | EPT_EA, 0, OP_READ, qual); - ept_access_violation_paddr(EPT_RA | EPT_EA, 0, OP_WRITE, qual); - ept_access_violation_paddr(EPT_RA | EPT_EA, 0, OP_EXEC, qual); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK | + VMX_EPT_EXECUTABLE_MASK, 0, OP_READ, qual); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK | + VMX_EPT_EXECUTABLE_MASK, 0, OP_WRITE, + qual); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK | + VMX_EPT_EXECUTABLE_MASK, 0, OP_EXEC, + qual); /* AD bits disabled, so only writes try to update the D bit. */ - ept_access_allowed_paddr(EPT_RA | EPT_EA, PT_ACCESSED_MASK, OP_READ); - ept_access_violation_paddr(EPT_RA | EPT_EA, PT_ACCESSED_MASK, OP_WRITE, qual); - ept_access_allowed_paddr(EPT_RA | EPT_EA, PT_ACCESSED_MASK, OP_EXEC); + ept_access_allowed_paddr(VMX_EPT_READABLE_MASK | + VMX_EPT_EXECUTABLE_MASK, PT_ACCESSED_MASK, + OP_READ); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK | + VMX_EPT_EXECUTABLE_MASK, PT_ACCESSED_MASK, + OP_WRITE, qual); + ept_access_allowed_paddr(VMX_EPT_READABLE_MASK | + VMX_EPT_EXECUTABLE_MASK, PT_ACCESSED_MASK, + OP_EXEC); /* Both A and D already set, so read-only is OK. */ - ept_access_allowed_paddr(EPT_RA | EPT_EA, PT_AD_MASK, OP_READ); - ept_access_allowed_paddr(EPT_RA | EPT_EA, PT_AD_MASK, OP_WRITE); - ept_access_allowed_paddr(EPT_RA | EPT_EA, PT_AD_MASK, OP_EXEC); + ept_access_allowed_paddr(VMX_EPT_READABLE_MASK | + VMX_EPT_EXECUTABLE_MASK, PT_AD_MASK, OP_READ); + ept_access_allowed_paddr(VMX_EPT_READABLE_MASK | + VMX_EPT_EXECUTABLE_MASK, PT_AD_MASK, OP_WRITE); + ept_access_allowed_paddr(VMX_EPT_READABLE_MASK | + VMX_EPT_EXECUTABLE_MASK, PT_AD_MASK, OP_EXEC); } static void ept_access_test_paddr_read_execute_ad_enabled(void) @@ -3085,15 +3136,31 @@ static void ept_access_test_paddr_read_execute_ad_enabled(void) ept_access_test_setup(); ept_enable_ad_bits_or_skip_test(); - ept_access_violation_paddr(EPT_RA | EPT_EA, 0, OP_READ, qual); - ept_access_violation_paddr(EPT_RA | EPT_EA, 0, OP_WRITE, qual); - ept_access_violation_paddr(EPT_RA | EPT_EA, 0, OP_EXEC, qual); - ept_access_violation_paddr(EPT_RA | EPT_EA, PT_ACCESSED_MASK, OP_READ, qual); - ept_access_violation_paddr(EPT_RA | EPT_EA, PT_ACCESSED_MASK, OP_WRITE, qual); - ept_access_violation_paddr(EPT_RA | EPT_EA, PT_ACCESSED_MASK, OP_EXEC, qual); - ept_access_violation_paddr(EPT_RA | EPT_EA, PT_AD_MASK, OP_READ, qual); - ept_access_violation_paddr(EPT_RA | EPT_EA, PT_AD_MASK, OP_WRITE, qual); - ept_access_violation_paddr(EPT_RA | EPT_EA, PT_AD_MASK, OP_EXEC, qual); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK | + VMX_EPT_EXECUTABLE_MASK, 0, OP_READ, qual); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK | + VMX_EPT_EXECUTABLE_MASK, 0, OP_WRITE, + qual); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK | + VMX_EPT_EXECUTABLE_MASK, 0, OP_EXEC, qual); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK | + VMX_EPT_EXECUTABLE_MASK, PT_ACCESSED_MASK, + OP_READ, qual); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK | + VMX_EPT_EXECUTABLE_MASK, PT_ACCESSED_MASK, + OP_WRITE, qual); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK | + VMX_EPT_EXECUTABLE_MASK, PT_ACCESSED_MASK, + OP_EXEC, qual); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK | + VMX_EPT_EXECUTABLE_MASK, PT_AD_MASK, + OP_READ, qual); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK | + VMX_EPT_EXECUTABLE_MASK, PT_AD_MASK, + OP_WRITE, qual); + ept_access_violation_paddr(VMX_EPT_READABLE_MASK | + VMX_EPT_EXECUTABLE_MASK, PT_AD_MASK, + OP_EXEC, qual); } static void ept_access_test_paddr_not_present_page_fault(void) @@ -3113,12 +3180,14 @@ static void ept_access_test_force_2m_page(void) TEST_ASSERT_EQ(ept_2m_supported(), true); ept_allowed_at_level_mkhuge(true, 2, 0, 0, OP_READ); - ept_violation_at_level_mkhuge(true, 2, EPT_PRESENT, EPT_RA, OP_WRITE, + ept_violation_at_level_mkhuge(true, 2, VMX_EPT_RWX_MASK, + VMX_EPT_READABLE_MASK, OP_WRITE, EPT_VIOLATION_ACC_WRITE | EPT_VIOLATION_PROT_READ | EPT_VIOLATION_GVA_IS_VALID | EPT_VIOLATION_GVA_TRANSLATED); - ept_misconfig_at_level_mkhuge(true, 2, EPT_PRESENT, EPT_WA); + ept_misconfig_at_level_mkhuge(true, 2, VMX_EPT_RWX_MASK, + VMX_EPT_WRITABLE_MASK); } static bool invvpid_valid(u64 type, u64 vpid, u64 gla) -- 2.43.0