From patchwork Wed Dec 8 19:16:40 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Gonda X-Patchwork-Id: 12665089 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 41F20C433EF for ; Wed, 8 Dec 2021 19:16:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231126AbhLHTUW (ORCPT ); Wed, 8 Dec 2021 14:20:22 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53102 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229732AbhLHTUV (ORCPT ); Wed, 8 Dec 2021 14:20:21 -0500 Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com [IPv6:2607:f8b0:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 15039C061746 for ; Wed, 8 Dec 2021 11:16:49 -0800 (PST) Received: by mail-pg1-x549.google.com with SMTP id z8-20020a6553c8000000b00324e0d208d3so1830234pgr.2 for ; Wed, 08 Dec 2021 11:16:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=ojJrL2dJFM5Q++eDGH0upQ2LSoAJ/x18fk0JOthYkyU=; b=F9xUeZvVXMCohXl9eYXKYkj5Q7qFz4AxIrnY3AFhnlke6CeZOEtHdPqb4b2SkwcSPU The/ULJOrwm/KIW3p+mIqGwkytI2MsPOku0O/OwSbXDchG+TqjF6WDgzjSjjou8aVk7g SfEblOnKryn9vWTufvVV2fz7UwN2Vl1ndw5aosfeZe4zw5h79SteWHZmRCxzxEs+/pm2 EXp36xwDVCAc4+YBuPVCliTWzSV1B2yBwnPj+wV93tIxeyTT5ofXA3Gb3+nOglr6ucJF hCSjVXUoouucJNvpXunstQ87fvEwthQ+5sf0IfCQywtTRfiPKHeK2WAsZrgjHuwKx3ee dCMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=ojJrL2dJFM5Q++eDGH0upQ2LSoAJ/x18fk0JOthYkyU=; b=Z39HfZjbvz7CxkHlc6piUVvllZAvV4m4yhCb5DcTOe1k/r1Smsyb2AYwDiAP+YbWUz wfoV6TB5FTiPzV6wZE0CRoTCRRiL+iOJArDEkvF1VeWcLQD5X71wpzVI+vZdpFP18fPS uUazfF7W2EsKD1gv58xPEe2ahK1lIQzf6oLdHZBD3WDEbOAppNSYcdQmPP/lRjOS80LO +Ho1Df41YrGz/hLKGPqfZKYfe/uxG79rGN2BRKfDfMi0BJApI3cRwTUcUYYncOh21KYo i+ZWZckhb/THkwc7dHmphsOfMVAQ5rvY3o8jwvGITOkdblg5qrqoDPzUdlPE1DBSwH2q n+VQ== X-Gm-Message-State: AOAM530ffkxFzRYjwowFZgyV0yWefoWflungF/xMUNUCB+emKtPpNrSN suEWR1YW1dYVC6tzxdppk5xOYhCNzK0= X-Google-Smtp-Source: ABdhPJwMNSfy6bFmz0+Dabi6HgIafA88yZ0BHb9FRAvnuCfanEqqNQ1GjPW0a8MU9L8duFHHHlhi3nKjo6Q= X-Received: from pgonda1.kir.corp.google.com ([2620:15c:29:203:ff20:12b0:c79e:3e6b]) (user=pgonda job=sendgmr) by 2002:a17:903:22c4:b0:141:deda:a744 with SMTP id y4-20020a17090322c400b00141dedaa744mr62116188plg.25.1638991008565; Wed, 08 Dec 2021 11:16:48 -0800 (PST) Date: Wed, 8 Dec 2021 11:16:40 -0800 In-Reply-To: <20211208191642.3792819-1-pgonda@google.com> Message-Id: <20211208191642.3792819-2-pgonda@google.com> Mime-Version: 1.0 References: <20211208191642.3792819-1-pgonda@google.com> X-Mailer: git-send-email 2.34.1.400.ga245620fadb-goog Subject: [PATCH 1/3] selftests: sev_migrate_tests: Fix test_sev_mirror() From: Peter Gonda To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: Peter Gonda , Paolo Bonzini , Sean Christopherson , Marc Orr Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Mirrors should not be able to call LAUNCH_START. Remove the call on the mirror to correct the test before fixing sev_ioctl() to correctly assert on this failed ioctl. Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Marc Orr Signed-off-by: Peter Gonda Reviewed-by: Marc Orr --- tools/testing/selftests/kvm/x86_64/sev_migrate_tests.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/tools/testing/selftests/kvm/x86_64/sev_migrate_tests.c b/tools/testing/selftests/kvm/x86_64/sev_migrate_tests.c index 29b18d565cf4..fbc742b42145 100644 --- a/tools/testing/selftests/kvm/x86_64/sev_migrate_tests.c +++ b/tools/testing/selftests/kvm/x86_64/sev_migrate_tests.c @@ -228,9 +228,6 @@ static void sev_mirror_create(int dst_fd, int src_fd) static void test_sev_mirror(bool es) { struct kvm_vm *src_vm, *dst_vm; - struct kvm_sev_launch_start start = { - .policy = es ? SEV_POLICY_ES : 0 - }; int i; src_vm = sev_vm_create(es); @@ -241,7 +238,7 @@ static void test_sev_mirror(bool es) /* Check that we can complete creation of the mirror VM. */ for (i = 0; i < NR_MIGRATE_TEST_VCPUS; ++i) vm_vcpu_add(dst_vm, i); - sev_ioctl(dst_vm->fd, KVM_SEV_LAUNCH_START, &start); + if (es) sev_ioctl(dst_vm->fd, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL); From patchwork Wed Dec 8 19:16:41 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Gonda X-Patchwork-Id: 12665091 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6842DC433EF for ; Wed, 8 Dec 2021 19:16:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234003AbhLHTUY (ORCPT ); Wed, 8 Dec 2021 14:20:24 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53112 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230401AbhLHTUX (ORCPT ); Wed, 8 Dec 2021 14:20:23 -0500 Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com [IPv6:2607:f8b0:4864:20::64a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ED509C0617A1 for ; Wed, 8 Dec 2021 11:16:50 -0800 (PST) Received: by mail-pl1-x64a.google.com with SMTP id a4-20020a170902ecc400b00142562309c7so1322378plh.6 for ; Wed, 08 Dec 2021 11:16:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=eOpoQheuEChiITz5cym4C+k0co10zhRi6836ZIOv28w=; b=T7kCIG7w2xmIK2EtnGZlhYtaU8xXzQ5YVeEvmIdwJJrc3yNAKNwYigULZRqEmdlBPu VjmmVr8NWxgrMYQxkzzqV7P/NKlHyQZvMDJUgfZEtWebTLycLwgQPQIVxp1cqcyHSdD5 67hwsa36BerMIBXU3kcumPxdLeAPvIbF56S3/PevxAg2hSb8BbGlZr7dsVJK/qVMG6v7 3ISG50tNlt/lLvTYqHmtKJwxlwaXFiw88RBk7G5yvJLgnjnfkSfbWFMSTUdz2aYIkRPe w1QXzh1qcLZNwzAzAjVcLJ/4fDLs4FcZLnlpOV+2wBErPO2iQwfKBI2xtDSiULaOUB47 em9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=eOpoQheuEChiITz5cym4C+k0co10zhRi6836ZIOv28w=; b=y82iHKqEC3+pTV4dhbeyMqBtF+cPbMSC4nJgTbxjnfokGrWEjGFqtpSq+AgocVrrtY lAXGJCnrXvHkHXQ/YG9lkMxsTKuDMrv770tdnq6rW+tldwFMiofC+AUCYu036YLyoXKe h8rs7DAHwHiMWElacBwQNpIsKve7eLNQ/8P5VFrDieD9P/WPQi0W6t1F2rpcb6dJeb9Z ++RarRybxAkrDDKhOREag89WNDRlFcFd0QKSoAK3fErjVYiuZEMa+WcOj/vl0Ilc/cEI rQj9IVfN+6qngRpdrWPTT+btq2JrAQeNgy82+bBOcDQJ5sydHb3yiqZjJQX1aWDkT4t5 lwcw== X-Gm-Message-State: AOAM5325tSxNuURoRLjrxB7q9jyITZC0Ja0BkMSdmpBgczvc5CQKsvV9 OMnA2fuL9IBUzHpp1eC24tFSrfw5oMs= X-Google-Smtp-Source: ABdhPJyupc2xZtwjqqqGvzWU1Z5O0JBqB5W9LbfnGsTyfih5jQlM82Q1KqXD7VYVQ0ZDwAPtuZ3z0V4jiX0= X-Received: from pgonda1.kir.corp.google.com ([2620:15c:29:203:ff20:12b0:c79e:3e6b]) (user=pgonda job=sendgmr) by 2002:aa7:8886:0:b0:49f:fae6:c5f5 with SMTP id z6-20020aa78886000000b0049ffae6c5f5mr7353661pfe.8.1638991010447; Wed, 08 Dec 2021 11:16:50 -0800 (PST) Date: Wed, 8 Dec 2021 11:16:41 -0800 In-Reply-To: <20211208191642.3792819-1-pgonda@google.com> Message-Id: <20211208191642.3792819-3-pgonda@google.com> Mime-Version: 1.0 References: <20211208191642.3792819-1-pgonda@google.com> X-Mailer: git-send-email 2.34.1.400.ga245620fadb-goog Subject: [PATCH 2/3] selftests: sev_migrate_tests: Fix sev_ioctl() From: Peter Gonda To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: Peter Gonda , Paolo Bonzini , Sean Christopherson , Marc Orr Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org TEST_ASSERT in SEV ioctl was allowing errors because it checked return value was good OR the FW error code was OK. This TEST_ASSERT should require both (aka. AND) values are OK. Removes the LAUNCH_START from the mirror VM because this call correctly fails because mirror VMs cannot call this command. Currently issues with the PSP driver functions mean the firmware error is not always reset to SEV_RET_SUCCESS when a call is successful. Mainly sev_platform_init() doesn't correctly set the fw error if the platform has already been initialized. Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Marc Orr Signed-off-by: Peter Gonda --- tools/testing/selftests/kvm/x86_64/sev_migrate_tests.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/kvm/x86_64/sev_migrate_tests.c b/tools/testing/selftests/kvm/x86_64/sev_migrate_tests.c index fbc742b42145..4bb960ca6486 100644 --- a/tools/testing/selftests/kvm/x86_64/sev_migrate_tests.c +++ b/tools/testing/selftests/kvm/x86_64/sev_migrate_tests.c @@ -30,8 +30,9 @@ static void sev_ioctl(int vm_fd, int cmd_id, void *data) }; int ret; + ret = ioctl(vm_fd, KVM_MEMORY_ENCRYPT_OP, &cmd); - TEST_ASSERT((ret == 0 || cmd.error == SEV_RET_SUCCESS), + TEST_ASSERT(ret == 0 && cmd.error == SEV_RET_SUCCESS, "%d failed: return code: %d, errno: %d, fw error: %d", cmd_id, ret, errno, cmd.error); } From patchwork Wed Dec 8 19:16:42 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Gonda X-Patchwork-Id: 12665093 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 41708C433F5 for ; Wed, 8 Dec 2021 19:16:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234323AbhLHTU0 (ORCPT ); Wed, 8 Dec 2021 14:20:26 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53128 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234084AbhLHTUY (ORCPT ); Wed, 8 Dec 2021 14:20:24 -0500 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 99E3CC0617A1 for ; Wed, 8 Dec 2021 11:16:52 -0800 (PST) Received: by mail-pj1-x1049.google.com with SMTP id x18-20020a17090a789200b001a7317f995cso4258307pjk.4 for ; Wed, 08 Dec 2021 11:16:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=+rUb4EcNLHXprRGqicoOenA63+zorwY5WA3oAPDA1u8=; b=fwDpE7kawJMsXyteTfbEn8A3BclDGm4jhjcP0qfEWLJ61ICFBv7/rCgod5IaDpJXAb jeTB4HtI0CygoWMsq7BMbR7naWpCTFnlRzFsG/M/kk5TSzzQo5u+d5dKDLXUIOLKKxQC 566AnHZoV3fev/pLoGZwBtvQTJcXlolt74D3M9MqNHeXrEwaQ/n34Vmk2lXULruuYQak Dtw6eFHQjeSJwv40pulCVICe4pFev1wUQ0aiKn6BeRpvhHJFIc610xiIxWNOjLG7WWxs RN5f0ClQJZ5/DUlHFFVJFnrVhz0axJS951fcpkufW5wD5pk+X+jSwQCTvBviS4lr9X19 fOqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=+rUb4EcNLHXprRGqicoOenA63+zorwY5WA3oAPDA1u8=; b=DgV6O7qGDHOzCnp8tU5UEugsSCRCCkg7Nsk1WKo6SgclFGS4qQN3rxFLaNN1Vkh+PM zQEOS4r/TtAhvH044dJZB7k8CzE/g2cQ347dGt35qtWdG3LNuWDruqzyVRr0xWUD2cxv ZPiz8cDrQloB5KQpk8R4aIT9rOZOdyF4kNjUYpd/CxsEemrfsjDI+ShjK/BmlGAMVkFl qSy9pxpI3sxUuBW+zdwJo88u4LbCgbG8twWjEZ6g7jweOkw5gdumo/u32XQQ/3p4Pvzh 6lFLPGnRjn/icgB2DLzl+WMs2r3ATiY/MqGxeX2yc0kFK1Fo21giDDjV04DImJJnGmXh bRGA== X-Gm-Message-State: AOAM532pry5rkcdi9p1u+DmNl1C9pMnsaU9qJaiDgC98kJhl5pK2lYBj 2kiuPspfw37iVN/2Piqa4D3HriKlJnM= X-Google-Smtp-Source: ABdhPJyQ05g7P13b2YRufccjN8TF/Br/V30j4aaI/54yAgNMPP03l7wreqeDrWzZObJQbWGgl2jnInka1fM= X-Received: from pgonda1.kir.corp.google.com ([2620:15c:29:203:ff20:12b0:c79e:3e6b]) (user=pgonda job=sendgmr) by 2002:a17:90a:6f61:: with SMTP id d88mr9548836pjk.109.1638991012130; Wed, 08 Dec 2021 11:16:52 -0800 (PST) Date: Wed, 8 Dec 2021 11:16:42 -0800 In-Reply-To: <20211208191642.3792819-1-pgonda@google.com> Message-Id: <20211208191642.3792819-4-pgonda@google.com> Mime-Version: 1.0 References: <20211208191642.3792819-1-pgonda@google.com> X-Mailer: git-send-email 2.34.1.400.ga245620fadb-goog Subject: [PATCH 3/3] selftests: sev_migrate_tests: Add mirror command tests From: Peter Gonda To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: Peter Gonda , Paolo Bonzini , Sean Christopherson , Marc Orr Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Add tests to confirm mirror vms can only run correct subset of commands. Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Marc Orr Signed-off-by: Peter Gonda --- .../selftests/kvm/x86_64/sev_migrate_tests.c | 55 +++++++++++++++++-- 1 file changed, 51 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/kvm/x86_64/sev_migrate_tests.c b/tools/testing/selftests/kvm/x86_64/sev_migrate_tests.c index 4bb960ca6486..80056bbbb003 100644 --- a/tools/testing/selftests/kvm/x86_64/sev_migrate_tests.c +++ b/tools/testing/selftests/kvm/x86_64/sev_migrate_tests.c @@ -21,7 +21,7 @@ #define NR_LOCK_TESTING_THREADS 3 #define NR_LOCK_TESTING_ITERATIONS 10000 -static void sev_ioctl(int vm_fd, int cmd_id, void *data) +static int __sev_ioctl(int vm_fd, int cmd_id, void *data, __u32 *fw_error) { struct kvm_sev_cmd cmd = { .id = cmd_id, @@ -30,11 +30,20 @@ static void sev_ioctl(int vm_fd, int cmd_id, void *data) }; int ret; - ret = ioctl(vm_fd, KVM_MEMORY_ENCRYPT_OP, &cmd); - TEST_ASSERT(ret == 0 && cmd.error == SEV_RET_SUCCESS, + *fw_error = cmd.error; + return ret; +} + +static void sev_ioctl(int vm_fd, int cmd_id, void *data) +{ + int ret; + __u32 fw_error; + + ret = __sev_ioctl(vm_fd, cmd_id, data, &fw_error); + TEST_ASSERT(ret == 0 && fw_error == SEV_RET_SUCCESS, "%d failed: return code: %d, errno: %d, fw error: %d", - cmd_id, ret, errno, cmd.error); + cmd_id, ret, errno, fw_error); } static struct kvm_vm *sev_vm_create(bool es) @@ -226,6 +235,42 @@ static void sev_mirror_create(int dst_fd, int src_fd) TEST_ASSERT(!ret, "Copying context failed, ret: %d, errno: %d\n", ret, errno); } +static void verify_mirror_allowed_cmds(int vm_fd) +{ + struct kvm_sev_guest_status status; + + for (int cmd_id = KVM_SEV_INIT; cmd_id < KVM_SEV_NR_MAX; ++cmd_id) { + int ret; + __u32 fw_error; + + /* + * These commands are allowed for mirror VMs, all others are + * not. + */ + switch (cmd_id) { + case KVM_SEV_LAUNCH_UPDATE_VMSA: + case KVM_SEV_GUEST_STATUS: + case KVM_SEV_DBG_DECRYPT: + case KVM_SEV_DBG_ENCRYPT: + continue; + default: + break; + } + + /* + * These commands should be disallowed before the data + * parameter is examined so NULL is OK here. + */ + ret = __sev_ioctl(vm_fd, cmd_id, NULL, &fw_error); + TEST_ASSERT( + ret == -1 && errno == EINVAL, + "Should not be able call command: %d. ret: %d, errno: %d\n", + cmd_id, ret, errno); + } + + sev_ioctl(vm_fd, KVM_SEV_GUEST_STATUS, &status); +} + static void test_sev_mirror(bool es) { struct kvm_vm *src_vm, *dst_vm; @@ -243,6 +288,8 @@ static void test_sev_mirror(bool es) if (es) sev_ioctl(dst_vm->fd, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL); + verify_mirror_allowed_cmds(dst_vm->fd); + kvm_vm_free(src_vm); kvm_vm_free(dst_vm); }