diff mbox series

[v2,03/10] selftests: kvm: s390: Add s390x ucontrol test suite with hpage test

Message ID 20240723093126.285319-4-schlameuss@linux.ibm.com (mailing list archive)
State New, archived
Headers show
Series selftests: kvm: s390: Add s390x ucontrol selftests | expand

Commit Message

Christoph Schlameuss July 23, 2024, 9:31 a.m. UTC
Add test suite to validate the s390x architecture specific ucontrol KVM
interface.

Make use of the selftest test harness.

* uc_cap_hpage testcase verifies that a ucontrol VM cannot be run with
  hugepages.

To allow testing of the ucontrol interface the kernel needs a
non-default config containing CONFIG_KVM_S390_UCONTROL.
This config needs to be set to built-in (y) as this cannot be built as
module.

Signed-off-by: Christoph Schlameuss <schlameuss@linux.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
---
 tools/testing/selftests/kvm/.gitignore        |  1 +
 tools/testing/selftests/kvm/Makefile          |  1 +
 tools/testing/selftests/kvm/s390x/config      |  2 +
 .../selftests/kvm/s390x/ucontrol_test.c       | 78 +++++++++++++++++++
 4 files changed, 82 insertions(+)
 create mode 100644 tools/testing/selftests/kvm/s390x/config
 create mode 100644 tools/testing/selftests/kvm/s390x/ucontrol_test.c

Comments

Janosch Frank July 24, 2024, 2:52 p.m. UTC | #1
On 7/23/24 11:31, Christoph Schlameuss wrote:
> Add test suite to validate the s390x architecture specific ucontrol KVM
> interface.
> 
> Make use of the selftest test harness.
> 
> * uc_cap_hpage testcase verifies that a ucontrol VM cannot be run with
>    hugepages.
> 
> To allow testing of the ucontrol interface the kernel needs a
> non-default config containing CONFIG_KVM_S390_UCONTROL.
> This config needs to be set to built-in (y) as this cannot be built as
> module.
> 
> Signed-off-by: Christoph Schlameuss <schlameuss@linux.ibm.com>
> Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
> ---

[...]

> +#include "kselftest_harness.h"
> +#include "kvm_util.h"
> +
> +#include <linux/capability.h>
> +#include <linux/sizes.h>
> +
> +#define SYS_ADMIN_CAP 0x200000

This looked suspicious to me.
Surely this would be available in some form in capability.h since 
CAP_SYS_ADMIN is something that's regularly checked.

[...]

> +
> +/* so directly declare capget to check caps without libcap */
> +int capget(cap_user_header_t header, cap_user_data_t data);
> +
> +/**
> + * In order to create user controlled virtual machines on S390,
> + * check KVM_CAP_S390_UCONTROL and use the flag KVM_VM_S390_UCONTROL
> + * as privileged user (SYS_ADMIN).
> + */
> +void require_ucontrol_admin(void)
> +{
> +	struct __user_cap_data_struct data[_LINUX_CAPABILITY_U32S_3];
> +	struct __user_cap_header_struct hdr = {
> +		.version = _LINUX_CAPABILITY_VERSION_3,
> +	};
> +	int rc;
> +
> +	rc = capget(&hdr, data);
> +	TEST_ASSERT_EQ(0, rc);
> +	TEST_REQUIRE((data->effective & SYS_ADMIN_CAP) > 0);

And in fact capability.h does have defines which hide the magic constant:
data->effective & CAP_TO_MASK(CAP_SYS_ADMIN)


> +
> +	TEST_REQUIRE(kvm_has_cap(KVM_CAP_S390_UCONTROL));
> +}
> +
Christoph Schlameuss July 24, 2024, 4:18 p.m. UTC | #2
On Wed, 24 Jul 2024 16:52:00 +0200
Janosch Frank <frankja@linux.ibm.com> wrote:

> On 7/23/24 11:31, Christoph Schlameuss wrote:
> > Add test suite to validate the s390x architecture specific ucontrol KVM
> > interface.
> > 
> > Make use of the selftest test harness.
> > 
> > * uc_cap_hpage testcase verifies that a ucontrol VM cannot be run with
> >    hugepages.
> > 
> > To allow testing of the ucontrol interface the kernel needs a
> > non-default config containing CONFIG_KVM_S390_UCONTROL.
> > This config needs to be set to built-in (y) as this cannot be built as
> > module.
> > 
> > Signed-off-by: Christoph Schlameuss <schlameuss@linux.ibm.com>
> > Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
> > ---  
> 
> [...]
> 
> > +#include "kselftest_harness.h"
> > +#include "kvm_util.h"
> > +
> > +#include <linux/capability.h>
> > +#include <linux/sizes.h>
> > +
> > +#define SYS_ADMIN_CAP 0x200000  
> 
> This looked suspicious to me.
> Surely this would be available in some form in capability.h since 
> CAP_SYS_ADMIN is something that's regularly checked.
> 
> [...]
> 
> > +
> > +/* so directly declare capget to check caps without libcap */
> > +int capget(cap_user_header_t header, cap_user_data_t data);
> > +
> > +/**
> > + * In order to create user controlled virtual machines on S390,
> > + * check KVM_CAP_S390_UCONTROL and use the flag KVM_VM_S390_UCONTROL
> > + * as privileged user (SYS_ADMIN).
> > + */
> > +void require_ucontrol_admin(void)
> > +{
> > +	struct __user_cap_data_struct data[_LINUX_CAPABILITY_U32S_3];
> > +	struct __user_cap_header_struct hdr = {
> > +		.version = _LINUX_CAPABILITY_VERSION_3,
> > +	};
> > +	int rc;
> > +
> > +	rc = capget(&hdr, data);
> > +	TEST_ASSERT_EQ(0, rc);
> > +	TEST_REQUIRE((data->effective & SYS_ADMIN_CAP) > 0);  
> 
> And in fact capability.h does have defines which hide the magic constant:
> data->effective & CAP_TO_MASK(CAP_SYS_ADMIN)
> 

Yes, thank you, that is much better. Will use that instead and remove
the custom SYS_ADMIN_CAP define above.

> > +
> > +	TEST_REQUIRE(kvm_has_cap(KVM_CAP_S390_UCONTROL));
> > +}
> > +  
>
diff mbox series

Patch

diff --git a/tools/testing/selftests/kvm/.gitignore b/tools/testing/selftests/kvm/.gitignore
index 6d9381d60172..f2a30a58cd71 100644
--- a/tools/testing/selftests/kvm/.gitignore
+++ b/tools/testing/selftests/kvm/.gitignore
@@ -5,3 +5,4 @@ 
 !*.h
 !*.S
 !*.sh
+!config
diff --git a/tools/testing/selftests/kvm/Makefile b/tools/testing/selftests/kvm/Makefile
index 48d32c5aa3eb..b3dc0a5bf0d4 100644
--- a/tools/testing/selftests/kvm/Makefile
+++ b/tools/testing/selftests/kvm/Makefile
@@ -186,6 +186,7 @@  TEST_GEN_PROGS_s390x += s390x/tprot
 TEST_GEN_PROGS_s390x += s390x/cmma_test
 TEST_GEN_PROGS_s390x += s390x/debug_test
 TEST_GEN_PROGS_s390x += s390x/shared_zeropage_test
+TEST_GEN_PROGS_s390x += s390x/ucontrol_test
 TEST_GEN_PROGS_s390x += demand_paging_test
 TEST_GEN_PROGS_s390x += dirty_log_test
 TEST_GEN_PROGS_s390x += guest_print_test
diff --git a/tools/testing/selftests/kvm/s390x/config b/tools/testing/selftests/kvm/s390x/config
new file mode 100644
index 000000000000..23270f2d679f
--- /dev/null
+++ b/tools/testing/selftests/kvm/s390x/config
@@ -0,0 +1,2 @@ 
+CONFIG_KVM=y
+CONFIG_KVM_S390_UCONTROL=y
diff --git a/tools/testing/selftests/kvm/s390x/ucontrol_test.c b/tools/testing/selftests/kvm/s390x/ucontrol_test.c
new file mode 100644
index 000000000000..a706a9f2b9ea
--- /dev/null
+++ b/tools/testing/selftests/kvm/s390x/ucontrol_test.c
@@ -0,0 +1,78 @@ 
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Test code for the s390x kvm ucontrol interface
+ *
+ * Copyright IBM Corp. 2024
+ *
+ * Authors:
+ *  Christoph Schlameuss <schlameuss@linux.ibm.com>
+ */
+#include "kselftest_harness.h"
+#include "kvm_util.h"
+
+#include <linux/capability.h>
+#include <linux/sizes.h>
+
+#define SYS_ADMIN_CAP 0x200000
+
+/* so directly declare capget to check caps without libcap */
+int capget(cap_user_header_t header, cap_user_data_t data);
+
+/**
+ * In order to create user controlled virtual machines on S390,
+ * check KVM_CAP_S390_UCONTROL and use the flag KVM_VM_S390_UCONTROL
+ * as privileged user (SYS_ADMIN).
+ */
+void require_ucontrol_admin(void)
+{
+	struct __user_cap_data_struct data[_LINUX_CAPABILITY_U32S_3];
+	struct __user_cap_header_struct hdr = {
+		.version = _LINUX_CAPABILITY_VERSION_3,
+	};
+	int rc;
+
+	rc = capget(&hdr, data);
+	TEST_ASSERT_EQ(0, rc);
+	TEST_REQUIRE((data->effective & SYS_ADMIN_CAP) > 0);
+
+	TEST_REQUIRE(kvm_has_cap(KVM_CAP_S390_UCONTROL));
+}
+
+/**
+ * Assert HPAGE CAP cannot be enabled on UCONTROL VM
+ */
+TEST(uc_cap_hpage)
+{
+	int rc, kvm_fd, vm_fd, vcpu_fd;
+	struct kvm_enable_cap cap = {
+		.cap = KVM_CAP_S390_HPAGE_1M,
+	};
+
+	require_ucontrol_admin();
+
+	kvm_fd = open_kvm_dev_path_or_exit();
+	vm_fd = ioctl(kvm_fd, KVM_CREATE_VM, KVM_VM_S390_UCONTROL);
+	ASSERT_GE(vm_fd, 0);
+
+	/* assert hpages are not supported on ucontrol vm */
+	rc = ioctl(vm_fd, KVM_CHECK_EXTENSION, KVM_CAP_S390_HPAGE_1M);
+	EXPECT_EQ(0, rc);
+
+	/* Test that KVM_CAP_S390_HPAGE_1M can't be enabled for a ucontrol vm */
+	rc = ioctl(vm_fd, KVM_ENABLE_CAP, cap);
+	EXPECT_EQ(-1, rc);
+	EXPECT_EQ(EINVAL, errno);
+
+	/* assert HPAGE CAP is rejected after vCPU creation */
+	vcpu_fd = ioctl(vm_fd, KVM_CREATE_VCPU, 0);
+	ASSERT_GE(vcpu_fd, 0);
+	rc = ioctl(vm_fd, KVM_ENABLE_CAP, cap);
+	EXPECT_EQ(-1, rc);
+	EXPECT_EQ(EBUSY, errno);
+
+	close(vcpu_fd);
+	close(vm_fd);
+	close(kvm_fd);
+}
+
+TEST_HARNESS_MAIN