Received: by 10.223.185.116 with SMTP id b49csp1470701wrg;
        Sun, 4 Mar 2018 02:38:48 -0800 (PST)
X-Google-Smtp-Source: AG47ELuY1ivNmh98oj1cjyIEomZWVp6g1PLWZPJcyjKw6pQ6iP8uC2dxbiOO10hSrMr3t8qfQHmJ
X-Received: by 2002:a17:902:9a08:: with SMTP id v8-v6mr2618336plp.252.1520159928069;
        Sun, 04 Mar 2018 02:38:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1520159928; cv=none;
        d=google.com; s=arc-20160816;
        b=iIDow6JIFLnG6+7OlwvfVeALwjCtCeIsGqNGPGHBW3N5efDQKKHfrC6vIq8CE5VZ6X
         zfLGmQWZM2A6Jq+jIGMs9d/e4dI2/NtlNW3Un+PPoIW5gEtKpHMI3k5MYPFFzB9iydm2
         xRBVJhbkKJUg+oLbDWE/DJs92bRN8Q+eMFSQqIVCLGRTTt8h+YCB8DNRGWYrIRhJsRsv
         H4wzhIY0/cpxxsPzzNLwrdrn8FNxmStj2NfR4+f3tn8jDtY0oOfl6Yekh4iul8f5UVPx
         hCv88SHwrE8HAmvcxsJpBNGMoxA+8jM+FR1jf5C0IsElD7zgTgrJY1i0AhYmf0AImo7j
         D4GQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature:arc-authentication-results;
        bh=9WRi0n+N1+jzH4dkXDms222iqki9lMnS6iDQwlVdXs8=;
        b=WHNexGCCQAYh6gYLEnWZgoA2MCgCVIl1SouiXcyGmvvJgSFNrhiv9T+jZw0BRqz44B
         XhZQexUeoXBDrEvTqkN6Uh01c+5LwDKUd5PdiRrn6Ut0kGjwdLv+p/MpzeU1B/ANEPJE
         J+pmCRwC2TreQwrk1l0Ca98WXb4OQ0yuKgKolU1k/QRLEgdvCQBbEkHoO8tvo42fE0yS
         gvYK2SPVtcOMxJ6y4Xrc777TtHYX3P+h/51XKFpYKC3lsUWc7FZPZzlMY2qD23NZfpem
         zaVVVxo+zBR8tlzpjUBxbV10A/0uae1N7Myg2e9RSOruTbZbu9/FBwi37qSmCmKZMpr/
         zuNA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@amazon.de header.s=amazon201209 header.b=pXpCDVGe;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.de
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id j63si6735972pgc.484.2018.03.04.02.38.20;
        Sun, 04 Mar 2018 02:38:48 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amazon.de header.s=amazon201209 header.b=pXpCDVGe;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.de
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752617AbeCDKQ5 (ORCPT <rfc822;nsahula.photo.sharing@gmail.com>
        + 99 others); Sun, 4 Mar 2018 05:16:57 -0500
Received: from smtp-fw-33001.amazon.com ([207.171.190.10]:21519 "EHLO
        smtp-fw-33001.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752453AbeCDKQz (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 4 Mar 2018 05:16:55 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
  d=amazon.de; i=@amazon.de; q=dns/txt; s=amazon201209;
  t=1520158615; x=1551694615;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=9WRi0n+N1+jzH4dkXDms222iqki9lMnS6iDQwlVdXs8=;
  b=pXpCDVGerBdu6HEqxkXhav1JTfBM+/2ZhfFppLcaUy82lFEHbKHCV1Z+
   yO2XRwTyHMrbdLuZmgp2WuIbCAGxWq2s6hTGzu0qP04nIdAAQXWELnQcA
   CBL2+BcVrXQgLs8IGZ6YzYBkgXqLqHMFtuVvZU69tQwVVsUVvRxjPU6VC
   k=;
X-IronPort-AV: E=Sophos;i="5.47,422,1515456000"; 
   d="scan'208";a="722625929"
Received: from sea3-co-svc-lb6-vlan2.sea.amazon.com (HELO email-inbound-relay-2b-c300ac87.us-west-2.amazon.com) ([10.47.22.34])
  by smtp-border-fw-out-33001.sea14.amazon.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 04 Mar 2018 10:16:52 +0000
Received: from u54e1ad5160425a4b64ea.ant.amazon.com (pdx2-ws-svc-lb17-vlan3.amazon.com [10.247.140.70])
        by email-inbound-relay-2b-c300ac87.us-west-2.amazon.com (8.14.7/8.14.7) with ESMTP id w24AGliT049077
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
        Sun, 4 Mar 2018 10:16:49 GMT
Received: from u54e1ad5160425a4b64ea.ant.amazon.com (localhost [127.0.0.1])
        by u54e1ad5160425a4b64ea.ant.amazon.com (8.15.2/8.15.2/Debian-3) with ESMTP id w24AGkb2018146;
        Sun, 4 Mar 2018 11:16:46 +0100
Received: (from karahmed@localhost)
        by u54e1ad5160425a4b64ea.ant.amazon.com (8.15.2/8.15.2/Submit) id w24AGkth018092;
        Sun, 4 Mar 2018 11:16:46 +0100
From:   KarimAllah Ahmed <karahmed@amazon.de>
To:     linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc:     KarimAllah Ahmed <karahmed@amazon.de>,
        Paolo Bonzini <pbonzini@redhat.com>,
        =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>
Subject: [PATCH] nvmx: Check exit qualification RD/WR permission for MMIO accesses
Date:   Sun,  4 Mar 2018 11:16:32 +0100
Message-Id: <1520158592-16952-1-git-send-email-karahmed@amazon.de>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1519841208-23349-1-git-send-email-karahmed@amazon.de>
References: <1519841208-23349-1-git-send-email-karahmed@amazon.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Validate that a write MMIO access that follows a read MMIO access would
have the correct access captured in the exit qualification.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: kvm@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: KarimAllah Ahmed <karahmed@amazon.de>
Message-Id: <1519841208-23349-1-git-send-email-karahmed@amazon.de>
---
 x86/vmx_tests.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 48 insertions(+), 4 deletions(-)

diff --git a/x86/vmx_tests.c b/x86/vmx_tests.c
index 598dd88..a72af1a 100644
--- a/x86/vmx_tests.c
+++ b/x86/vmx_tests.c
@@ -7,6 +7,7 @@
 #include "msr.h"
 #include "processor.h"
 #include "vm.h"
+#include "pci.h"
 #include "fwcfg.h"
 #include "isr.h"
 #include "desc.h"
@@ -28,6 +29,8 @@ unsigned long *pml4;
 u64 eptp;
 void *data_page1, *data_page2;
 
+phys_addr_t pci_physaddr;
+
 void *pml_log;
 #define PML_INDEX 512
 
@@ -1041,6 +1044,9 @@ static int apic_version;
 
 static int ept_init_common(bool have_ad)
 {
+	int ret;
+	struct pci_dev pcidev;
+
 	if (setup_ept(have_ad))
 		return VMX_TEST_EXIT;
 	data_page1 = alloc_page();
@@ -1053,6 +1059,13 @@ static int ept_init_common(bool have_ad)
 			EPT_RA | EPT_WA | EPT_EA);
 
 	apic_version = apic_read(APIC_LVR);
+
+	ret = pci_find_dev(PCI_VENDOR_ID_REDHAT, PCI_DEVICE_ID_REDHAT_TEST);
+	if (ret != PCIDEVADDR_INVALID) {
+		pci_dev_init(&pcidev, ret);
+		pci_physaddr = pcidev.resource[PCI_TESTDEV_BAR_MEM];
+	}
+
 	return VMX_TEST_START;
 }
 
@@ -1101,6 +1114,16 @@ t1:
 	vmcall();
 	*((u32 *)data_page1) = MAGIC_VAL_2;
 	report("EPT violation - paging structure", vmx_get_test_stage() == 5);
+
+	// MMIO Read/Write
+	vmx_set_test_stage(5);
+	vmcall();
+
+	*(u32 volatile *)pci_physaddr;
+	report("MMIO EPT violation - read", vmx_get_test_stage() == 6);
+
+	*(u32 volatile *)pci_physaddr = MAGIC_VAL_1;
+	report("MMIO EPT violation - write", vmx_get_test_stage() == 7);
 }
 
 static void ept_main()
@@ -1108,12 +1131,12 @@ static void ept_main()
 	ept_common();
 
 	// Test EPT access to L1 MMIO
-	vmx_set_test_stage(6);
+	vmx_set_test_stage(7);
 	report("EPT - MMIO access", *((u32 *)0xfee00030UL) == apic_version);
 
 	// Test invalid operand for INVEPT
 	vmcall();
-	report("EPT - unsupported INVEPT", vmx_get_test_stage() == 7);
+	report("EPT - unsupported INVEPT", vmx_get_test_stage() == 8);
 }
 
 bool invept_test(int type, u64 eptp)
@@ -1187,7 +1210,7 @@ static int ept_exit_handler_common(bool have_ad)
 	ulong reason;
 	u32 insn_len;
 	u32 exit_qual;
-	static unsigned long data_page1_pte, data_page1_pte_pte;
+	static unsigned long data_page1_pte, data_page1_pte_pte, memaddr_pte;
 
 	guest_rip = vmcs_read(GUEST_RIP);
 	guest_cr3 = vmcs_read(GUEST_CR3);
@@ -1249,7 +1272,12 @@ static int ept_exit_handler_common(bool have_ad)
 				data_page1_pte_pte & ~EPT_PRESENT);
 			ept_sync(INVEPT_SINGLE, eptp);
 			break;
-		case 6:
+		case 5:
+			install_ept(pml4, (unsigned long)pci_physaddr,
+				(unsigned long)pci_physaddr, 0);
+			ept_sync(INVEPT_SINGLE, eptp);
+			break;
+		case 7:
 			if (!invept_test(0, eptp))
 				vmx_inc_test_stage();
 			break;
@@ -1305,6 +1333,22 @@ static int ept_exit_handler_common(bool have_ad)
 				data_page1_pte_pte | (EPT_PRESENT));
 			ept_sync(INVEPT_SINGLE, eptp);
 			break;
+		case 5:
+			if (exit_qual & EPT_VLT_RD)
+				vmx_inc_test_stage();
+			TEST_ASSERT(get_ept_pte(pml4, (unsigned long)pci_physaddr,
+						1, &memaddr_pte));
+			set_ept_pte(pml4, memaddr_pte, 1, memaddr_pte | EPT_RA);
+			ept_sync(INVEPT_SINGLE, eptp);
+			break;
+		case 6:
+			if (exit_qual & EPT_VLT_WR)
+				vmx_inc_test_stage();
+			TEST_ASSERT(get_ept_pte(pml4, (unsigned long)pci_physaddr,
+						1, &memaddr_pte));
+			set_ept_pte(pml4, memaddr_pte, 1, memaddr_pte | EPT_RA | EPT_WA);
+			ept_sync(INVEPT_SINGLE, eptp);
+			break;
 		default:
 			// Should not reach here
 			report("ERROR : unexpected stage, %d", false,
-- 
2.7.4