From 4870764e7368d13cd6afba11de9b1554609c9f85 Mon Sep 17 00:00:00 2001
From: Masato Imai <mii@sfc.wide.ad.jp>
Date: Fri, 15 Aug 2025 17:21:12 +0000
Subject: [PATCH] add workflow

---
 .gitea/workflows/build.yaml                   |  9 +++++
 .../src/vmm/x86_64/intel/auditor/controls.rs  | 33 +++++++++++++++++++
 2 files changed, 42 insertions(+)
 create mode 100644 .gitea/workflows/build.yaml

diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml
new file mode 100644
index 0000000..44381ac
--- /dev/null
+++ b/.gitea/workflows/build.yaml
@@ -0,0 +1,9 @@
+name: Build iso
+run-name: ${{ gitea.actor }} on ${{ gitea.event_name }}
+on: [push]
+
+jobs:
+  Explore-Gitea-Actions:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "${{ gitea.event_name }}"
diff --git a/nel_os_kernel/src/vmm/x86_64/intel/auditor/controls.rs b/nel_os_kernel/src/vmm/x86_64/intel/auditor/controls.rs
index 7d755cb..75fe504 100644
--- a/nel_os_kernel/src/vmm/x86_64/intel/auditor/controls.rs
+++ b/nel_os_kernel/src/vmm/x86_64/intel/auditor/controls.rs
@@ -18,6 +18,39 @@ pub fn check_vmcs_control_fields() -> Result<(), &'static str> {
         check_secondary_proc_based_exec_ctrl(vmx_true_ctrl)?;
     }
 
+    check_cr3_target()?;
+
+    check_io_bitmap()?;
+
+    Ok(())
+}
+
+fn is_valid_page_aligned_phys_addr(addr: u64) -> bool {
+    (addr & (!((1 << 40) - 1) | 0xfff)) == 0
+}
+
+fn check_cr3_target() -> Result<(), &'static str> {
+    let vmcs_cr3_target_count = vmread(vmcs::control::CR3_TARGET_COUNT)?;
+
+    if vmcs_cr3_target_count > 4 {
+        return Err("VMCS CR3-target count field is greater than 4");
+    }
+
+    Ok(())
+}
+
+fn check_io_bitmap() -> Result<(), &'static str> {
+    let vmcs_io_bitmap_a = vmread(vmcs::control::IO_BITMAP_A_ADDR_FULL)?;
+    let vmcs_io_bitmap_b = vmread(vmcs::control::IO_BITMAP_B_ADDR_FULL)?;
+
+    if !is_valid_page_aligned_phys_addr(vmcs_io_bitmap_a) {
+        return Err("VMCS IO bitmap A address is not a valid page-aligned physical address");
+    }
+
+    if !is_valid_page_aligned_phys_addr(vmcs_io_bitmap_b) {
+        return Err("VMCS IO bitmap B address is not a valid page-aligned physical address");
+    }
+
     Ok(())
 }