From patchwork Fri Apr 21 00:49:57 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: David Matlack <dmatlack@google.com>
X-Patchwork-Id: 9691531
Return-Path: <kvm-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	00ED76038D for <patchwork-kvm@patchwork.kernel.org>;
	Fri, 21 Apr 2017 00:50:50 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E75AC2847B
	for <patchwork-kvm@patchwork.kernel.org>;
	Fri, 21 Apr 2017 00:50:49 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id DC31328480; Fri, 21 Apr 2017 00:50:49 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.5 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_HI,
	RCVD_IN_SORBS_SPAM autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 845182847B
	for <patchwork-kvm@patchwork.kernel.org>;
	Fri, 21 Apr 2017 00:50:49 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1034240AbdDUAur (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Thu, 20 Apr 2017 20:50:47 -0400
Received: from mail-oi0-f52.google.com ([209.85.218.52]:34073 "EHLO
	mail-oi0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1034039AbdDUAue (ORCPT <rfc822; kvm@vger.kernel.org>);
	Thu, 20 Apr 2017 20:50:34 -0400
Received: by mail-oi0-f52.google.com with SMTP id x184so74078277oia.1
	for <kvm@vger.kernel.org>; Thu, 20 Apr 2017 17:50:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=h16W77++8m6A1Ef3SNkEQxH9iqyEksZhr9VltRXEubs=;
	b=N6my8+UWeZ+nXw5PUIMyJcLagDy0YekNFv3OlMB8JqRg7OeGf7GiHAKai4sxV11rHV
	Q9Hv25a0nD68+L4gnWG+mbwLw1LHO6Kf+YF/+XICpWxaSne2PJ92lR+k5IQYjs2XSzj2
	HKPkdiXM+foqRsD9eVCUBmpr3CN07f8RGQFIFaxXBDNvEuqRfIz9gksMqEdbX20in4a2
	hbOBXEiEooQ+F/Jfcq2AcBimil5EG2+MoA8g2iZwy3/PZyqpo36EFzBPwXMn4O+7DLoQ
	XVYqW0cBFAEeqO1InGg3Gnj3JCHSqmdmoNISHSpuD/fLUDPelqeqnBYkgrtHIu/Q07yg
	Ho9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=h16W77++8m6A1Ef3SNkEQxH9iqyEksZhr9VltRXEubs=;
	b=As/Fn5Hg+dP5qFtHT5nRFrQhXeUrGPr3KvYIzMF6i3jM5Qd0dQLiEqk0/havQvOX+B
	wjthjGxZo7TnPL6sBnmN3R6f9eo1lDizxrXNGw5IarG0qyn93JKmOSIivt1OY1SMwJ5W
	KK8sf8qSA7dFM67eS3mDNsBDhz7RM9Qxm2sEzyg4HqvxCoh7m1n7Kmo/75BOJRmogLtE
	3yNC8ZSl5vkAdoblhNRfrB87PAZGn54935OlL7Pjt4QKahYXgePEigO2kTy2UsUCw+FD
	QLK6T0mmdRo6RhxODcsJh2sQKJtKvv5SkdrmixUPr0X7MAAkspSgjDngU9WU/IF7ZCme
	PFMg==
X-Gm-Message-State: AN3rC/5lN1MoAtY4MDmS1a5qfrM6jVH7C/z6FTnSygpe1ifuTI9S18m8
	ytY9tqh6QOrYpKV+
X-Received: by 10.84.222.135 with SMTP id x7mr13028395pls.50.1492735833103;
	Thu, 20 Apr 2017 17:50:33 -0700 (PDT)
Received: from dmatlack.sea.corp.google.com ([100.100.206.82])
	by smtp.gmail.com with ESMTPSA id
	e13sm12466486pfb.30.2017.04.20.17.50.31
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Thu, 20 Apr 2017 17:50:31 -0700 (PDT)
From: David Matlack <dmatlack@google.com>
To: kvm@vger.kernel.org
Cc: Peter Feiner <pfeiner@google.com>, David Matlack <dmatlack@google.com>
Subject: [kvm-unit-tests PATCH 25/32] x86: ept assertions
Date: Thu, 20 Apr 2017 17:49:57 -0700
Message-Id: <20170421005004.137260-26-dmatlack@google.com>
X-Mailer: git-send-email 2.12.2.816.g2cccc81164-goog
In-Reply-To: <20170421005004.137260-1-dmatlack@google.com>
References: <20170421005004.137260-1-dmatlack@google.com>
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Peter Feiner <pfeiner@google.com>

The upper bounds on level in set_ept_pte and install_ept_entry were
just wrong. There's nothing wrong with setting an EPT PTE at the
highest (512GiB) level.

Got rid of unused error return values and replaced them with
assertions. Nobody was checking the return values, so these functions
were silently failing.

Change-Id: I4db1e1c2a0c050f5f69cce28df460b4c8ce10d1c
Signed-off-by: David Matlack <dmatlack@google.com>
---
 x86/vmx.c | 23 ++++++++++++-----------
 x86/vmx.h |  2 +-
 2 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/x86/vmx.c b/x86/vmx.c
index cae650ae2e68..c003d5d11e63 100644
--- a/x86/vmx.c
+++ b/x86/vmx.c
@@ -724,6 +724,9 @@ void install_ept_entry(unsigned long *pml4,
 	unsigned long *pt = pml4;
 	unsigned offset;
 
+	/* EPT only uses 48 bits of GPA. */
+	assert(guest_addr < (1ul << 48));
+
 	for (level = EPT_PAGE_LEVEL; level > pte_level; --level) {
 		offset = (guest_addr >> EPT_LEVEL_SHIFT(level))
 				& EPT_PGDIR_MASK;
@@ -813,17 +816,17 @@ unsigned long get_ept_pte(unsigned long *pml4,
 	unsigned long *pt = pml4, pte;
 	unsigned offset;
 
-	if (level < 1 || level > 3)
-		return -1;
+	assert(level >= 1 && level <= 4);
+
 	for (l = EPT_PAGE_LEVEL; ; --l) {
 		offset = (guest_addr >> EPT_LEVEL_SHIFT(l)) & EPT_PGDIR_MASK;
 		pte = pt[offset];
 		if (!(pte & (EPT_PRESENT)))
-			return 0;
+			return -1;
 		if (l == level)
 			break;
 		if (l < 4 && (pte & EPT_LARGE_PAGE))
-			return pte;
+			return -1;
 		pt = (unsigned long *)(pte & EPT_ADDR_MASK);
 	}
 	offset = (guest_addr >> EPT_LEVEL_SHIFT(l)) & EPT_PGDIR_MASK;
@@ -950,26 +953,24 @@ void ept_sync(int type, u64 eptp)
 	}
 }
 
-int set_ept_pte(unsigned long *pml4, unsigned long guest_addr,
-		int level, u64 pte_val)
+void set_ept_pte(unsigned long *pml4, unsigned long guest_addr,
+		 int level, u64 pte_val)
 {
 	int l;
 	unsigned long *pt = pml4;
 	unsigned offset;
 
-	if (level < 1 || level > 3)
-		return -1;
+	assert(level >= 1 && level <= 4);
+
 	for (l = EPT_PAGE_LEVEL; ; --l) {
 		offset = (guest_addr >> EPT_LEVEL_SHIFT(l)) & EPT_PGDIR_MASK;
 		if (l == level)
 			break;
-		if (!(pt[offset] & (EPT_PRESENT)))
-			return -1;
+		assert(pt[offset] & EPT_PRESENT);
 		pt = (unsigned long *)(pt[offset] & EPT_ADDR_MASK);
 	}
 	offset = (guest_addr >> EPT_LEVEL_SHIFT(l)) & EPT_PGDIR_MASK;
 	pt[offset] = pte_val;
-	return 0;
 }
 
 void vpid_sync(int type, u16 vpid)
diff --git a/x86/vmx.h b/x86/vmx.h
index 966fff653561..4b899aa69145 100644
--- a/x86/vmx.h
+++ b/x86/vmx.h
@@ -691,7 +691,7 @@ void setup_ept_range(unsigned long *pml4, unsigned long start,
 		     unsigned long len, int map_1g, int map_2m, u64 perm);
 unsigned long get_ept_pte(unsigned long *pml4,
 		unsigned long guest_addr, int level);
-int set_ept_pte(unsigned long *pml4, unsigned long guest_addr,
+void set_ept_pte(unsigned long *pml4, unsigned long guest_addr,
 		int level, u64 pte_val);
 void check_ept_ad(unsigned long *pml4, u64 guest_cr3,
 		  unsigned long guest_addr, int expected_gpa_ad,