From patchwork Wed Jun  4 21:17:55 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bandan Das <bsd@redhat.com>
X-Patchwork-Id: 4297071
Return-Path: <kvm-owner@kernel.org>
X-Original-To: patchwork-kvm@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id C41189F1D6
	for <patchwork-kvm@patchwork.kernel.org>;
	Wed,  4 Jun 2014 21:18:30 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 09C79201EF
	for <patchwork-kvm@patchwork.kernel.org>;
	Wed,  4 Jun 2014 21:18:30 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 21DB520172
	for <patchwork-kvm@patchwork.kernel.org>;
	Wed,  4 Jun 2014 21:18:29 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751890AbaFDVSY (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Wed, 4 Jun 2014 17:18:24 -0400
Received: from mx1.redhat.com ([209.132.183.28]:16125 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751799AbaFDVSX (ORCPT <rfc822;kvm@vger.kernel.org>);
	Wed, 4 Jun 2014 17:18:23 -0400
Received: from int-mx11.intmail.prod.int.phx2.redhat.com
	(int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s54LIM5V005968
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Wed, 4 Jun 2014 17:18:22 -0400
Received: from nelium.bos.redhat.com ([10.18.17.133])
	by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with
	ESMTP id s54LIBxZ014671; Wed, 4 Jun 2014 17:18:21 -0400
From: Bandan Das <bsd@redhat.com>
To: kvm@vger.kernel.org
Cc: Paolo Bonzini <pbonzini@redhat.com>, Jan Kiszka <jan.kiszka@siemens.com>
Subject: [PATCH kvm-unit-tests 2/2] VMX: Check for validity of vmcs region
	when calling vmclear/vmptrld
Date: Wed,  4 Jun 2014 17:17:55 -0400
Message-Id: <1401916675-1568-3-git-send-email-bsd@redhat.com>
In-Reply-To: <1401916675-1568-1-git-send-email-bsd@redhat.com>
References: <1401916675-1568-1-git-send-email-bsd@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Spam-Status: No, score=-7.5 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	RP_MATCHES_RCVD,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Check if the vmcs pointer is not aligned to page size,
and if bits beyond physical address width are set. Also,
vmclear and vmptrld should fail if the vmxon region is
supplied instead of the vmcs

Signed-off-by: Bandan Das <bsd@redhat.com>
---
 x86/vmx.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 60 insertions(+), 3 deletions(-)

diff --git a/x86/vmx.c b/x86/vmx.c
index 207eb81..64c46aa 100644
--- a/x86/vmx.c
+++ b/x86/vmx.c
@@ -130,10 +130,43 @@ void print_vmexit_info()
 static void test_vmclear(void)
 {
 	u64 rflags;
+	struct vmcs *tmp_root;
+	int width = cpuid(0x80000008).a & 0xff;
+
+	/*
+	 * Note- The tests below do not necessarily have a
+	 * valid VMCS, but that's ok since the invalid vmcs
+	 * is only used for a specific test and is discarded
+	 * without touching its contents
+	 */
+
+	/* Unaligned page access */
+	tmp_root = (struct vmcs *)((intptr_t)vmcs_root + 1);
+	rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF;
+	write_rflags(rflags);
+	report("test vmclear with unaligned vmcs",
+	       vmcs_clear(tmp_root) == 1);
+
+	/* gpa bits beyond physical address width are set*/
+	tmp_root = (struct vmcs *)((intptr_t)vmcs_root |
+				   ((u64)1 << (width+1)));
+	rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF;
+	write_rflags(rflags);
+	report("test vmclear with vmcs address bits set beyond physical address width",
+	       vmcs_clear(tmp_root) == 1);
 
+	/* Pass VMXON region */
+	tmp_root = (struct vmcs *)vmxon_region;
 	rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF;
 	write_rflags(rflags);
-	report("test vmclear", vmcs_clear(vmcs_root) == 0);
+	report("test vmclear with vmxon region",
+	       vmcs_clear(tmp_root) == 1);
+
+	/* Valid VMCS */
+	rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF;
+	write_rflags(rflags);
+	report("test vmclear with valid vmcs region", vmcs_clear(vmcs_root) == 0);
+
 }
 
 static void test_vmxoff(void)
@@ -651,13 +684,37 @@ out:
 static void test_vmptrld(void)
 {
 	u64 rflags;
-	struct vmcs *vmcs;
+	struct vmcs *vmcs, *tmp_root;
+	int width = cpuid(0x80000008).a & 0xff;
 
 	vmcs = alloc_page();
 	vmcs->revision_id = basic.revision;
+
+	/* Unaligned page access */
+	tmp_root = (struct vmcs *)((intptr_t)vmcs + 1);
+	rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF;
+	write_rflags(rflags);
+	report("test vmptrld with unaligned vmcs",
+	       make_vmcs_current(tmp_root) == 1);
+
+	/* gpa bits beyond physical address width are set*/
+	tmp_root = (struct vmcs *)((intptr_t)vmcs |
+				   ((u64)1 << (width+1)));
+	rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF;
+	write_rflags(rflags);
+	report("test vmptrld with vmcs address bits set beyond physical address width",
+	       make_vmcs_current(tmp_root) == 1);
+
+	/* Pass VMXON region */
+	tmp_root = (struct vmcs *)vmxon_region;
+	rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF;
+	write_rflags(rflags);
+	report("test vmptrld with vmxon region",
+	       make_vmcs_current(tmp_root) == 1);
+
 	rflags = read_rflags() | X86_EFLAGS_CF | X86_EFLAGS_ZF;
 	write_rflags(rflags);
-	report("test vmptrld", make_vmcs_current(vmcs) == 0);
+	report("test vmptrld with valid vmcs", make_vmcs_current(vmcs) == 0);
 }
 
 static void test_vmptrst(void)