From patchwork Tue Jan 10 17:03:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Gonda X-Patchwork-Id: 13095374 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8BF15C54EBC for ; Tue, 10 Jan 2023 17:04:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238799AbjAJRES (ORCPT ); Tue, 10 Jan 2023 12:04:18 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40796 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238662AbjAJREG (ORCPT ); Tue, 10 Jan 2023 12:04:06 -0500 Received: from mail-pj1-x104a.google.com (mail-pj1-x104a.google.com [IPv6:2607:f8b0:4864:20::104a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CD171485BE for ; Tue, 10 Jan 2023 09:04:03 -0800 (PST) Received: by mail-pj1-x104a.google.com with SMTP id pa16-20020a17090b265000b0020a71040b4cso5029119pjb.6 for ; Tue, 10 Jan 2023 09:04:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=W8e2eHCiIkXd8zz4xcerKzAeu3DXKJJykbXTSOUoDpY=; b=F1m0coJy7gqbwEQyQ6QJkHaTucQBCwh0O6OF2TXhVbztLjnViwpwIauj/8fy1Nt4/a b8vft6K/A5GnyZtltpWi4PUbEkiwRnjwONAQTxL6yskiQa4fzW9ovYT1bBwOAoaCpf0q swzWb821zh3wuSWc5DEBRB8hp2Et7lg6hjavwNL5PXb629uwBWZP37sxMHyt9XIrU06S Df1oeW/hetAuN8MRlqokxldnqZu6ITtZVUTZluJwcE/xOgSYqryp6Yvg4w9Bwhi+6x2s nfbqCE88s27rO2buYLXmHcYXTlmTW/CWPPi/RR6pAdhizGo7mmw/mn20LoKYsVLdNjxV U8cA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=W8e2eHCiIkXd8zz4xcerKzAeu3DXKJJykbXTSOUoDpY=; b=mgDst2Qcv+YVRcz4hB7aAaHXyOIW6GN/3yZb/qQLhHc2e6mJrBWxiHQC5wybziPjCp JwyeRzDE+WoIBwCx7D/RcqVJpXocZ892+oe7FhGepLiXtfHEqU8POsGKgtxxc5xc3nZi E4J23KE1+6ASZuRsUu2dkckB1pe6971tmjCO+P80n6jeMxwibN0c2XQ1hqp+ceGOZgnl fEqFXsJDLPK/D2F6xb2AUryZH30AQgXzPMpV2mIuhDzN14TTFK5EQGBEmNzUwE3CHPej kl8x5CGRk4e4C/fl1GGcNiSZnCGO34CTFL/wVdiCIGdkYx0mgU6DNXmwB3AhztHk5AWS mamA== X-Gm-Message-State: AFqh2krYdjqFT9od4boOUSFpKUg5GBgtpYj5mUwvMajYHWVIqKS2aYIm yYG6JGQdllNVYZpmmhSNXISKA19tNrlB6TO33HrMlPijcNxHm24SEgrolUgVo8gi2QJTqcDXi92 DJCga8kqa87DPPcbqatB+2ezEB56Jq56GDgaILCuLmkxfYYkzM7q9LegF8w== X-Google-Smtp-Source: AMrXdXvcrS1bdpPzezNRpEqWaBQ7uWRQt6wFQg0bMtqbh1itPcANGb7OeggdSA//IJuUYJTgSZeh4taoq24= X-Received: from pgonda1.kir.corp.google.com ([2620:0:1008:11:8358:4c2a:eae1:4752]) (user=pgonda job=sendgmr) by 2002:a17:902:7605:b0:189:e206:2223 with SMTP id k5-20020a170902760500b00189e2062223mr4605333pll.97.1673370243184; Tue, 10 Jan 2023 09:04:03 -0800 (PST) Date: Tue, 10 Jan 2023 09:03:52 -0800 In-Reply-To: <20230110170358.633793-1-pgonda@google.com> Message-Id: <20230110170358.633793-2-pgonda@google.com> Mime-Version: 1.0 References: <20230110170358.633793-1-pgonda@google.com> X-Mailer: git-send-email 2.39.0.314.g84b9a713c41-goog Subject: [PATCH V6 1/7] KVM: selftests: sparsebit: add const where appropriate From: Peter Gonda To: kvm@vger.kernel.org Cc: Michael Roth , Paolo Bonzini , Sean Christopherson , Vishal Annapurve , Ackerly Tng , Andrew Jones , Peter Gonda Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Michael Roth Subsequent patches will introduce an encryption bitmap in kvm_util that would be useful to allow tests to access in read-only fashion. This will be done via a const sparsebit*. To avoid warnings or the need to add casts everywhere, add const to the various sparsebit functions that are applicable for read-only usage of sparsebit. Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Vishal Annapurve Cc: Ackerly Tng cc: Andrew Jones Signed-off-by: Michael Roth Signed-off-by: Peter Gonda --- .../testing/selftests/kvm/include/sparsebit.h | 36 +++++++------- tools/testing/selftests/kvm/lib/sparsebit.c | 48 +++++++++---------- 2 files changed, 42 insertions(+), 42 deletions(-) diff --git a/tools/testing/selftests/kvm/include/sparsebit.h b/tools/testing/selftests/kvm/include/sparsebit.h index 12a9a4b9cead..fb5170d57fcb 100644 --- a/tools/testing/selftests/kvm/include/sparsebit.h +++ b/tools/testing/selftests/kvm/include/sparsebit.h @@ -30,26 +30,26 @@ typedef uint64_t sparsebit_num_t; struct sparsebit *sparsebit_alloc(void); void sparsebit_free(struct sparsebit **sbitp); -void sparsebit_copy(struct sparsebit *dstp, struct sparsebit *src); +void sparsebit_copy(struct sparsebit *dstp, const struct sparsebit *src); -bool sparsebit_is_set(struct sparsebit *sbit, sparsebit_idx_t idx); -bool sparsebit_is_set_num(struct sparsebit *sbit, +bool sparsebit_is_set(const struct sparsebit *sbit, sparsebit_idx_t idx); +bool sparsebit_is_set_num(const struct sparsebit *sbit, sparsebit_idx_t idx, sparsebit_num_t num); -bool sparsebit_is_clear(struct sparsebit *sbit, sparsebit_idx_t idx); -bool sparsebit_is_clear_num(struct sparsebit *sbit, +bool sparsebit_is_clear(const struct sparsebit *sbit, sparsebit_idx_t idx); +bool sparsebit_is_clear_num(const struct sparsebit *sbit, sparsebit_idx_t idx, sparsebit_num_t num); -sparsebit_num_t sparsebit_num_set(struct sparsebit *sbit); -bool sparsebit_any_set(struct sparsebit *sbit); -bool sparsebit_any_clear(struct sparsebit *sbit); -bool sparsebit_all_set(struct sparsebit *sbit); -bool sparsebit_all_clear(struct sparsebit *sbit); -sparsebit_idx_t sparsebit_first_set(struct sparsebit *sbit); -sparsebit_idx_t sparsebit_first_clear(struct sparsebit *sbit); -sparsebit_idx_t sparsebit_next_set(struct sparsebit *sbit, sparsebit_idx_t prev); -sparsebit_idx_t sparsebit_next_clear(struct sparsebit *sbit, sparsebit_idx_t prev); -sparsebit_idx_t sparsebit_next_set_num(struct sparsebit *sbit, +sparsebit_num_t sparsebit_num_set(const struct sparsebit *sbit); +bool sparsebit_any_set(const struct sparsebit *sbit); +bool sparsebit_any_clear(const struct sparsebit *sbit); +bool sparsebit_all_set(const struct sparsebit *sbit); +bool sparsebit_all_clear(const struct sparsebit *sbit); +sparsebit_idx_t sparsebit_first_set(const struct sparsebit *sbit); +sparsebit_idx_t sparsebit_first_clear(const struct sparsebit *sbit); +sparsebit_idx_t sparsebit_next_set(const struct sparsebit *sbit, sparsebit_idx_t prev); +sparsebit_idx_t sparsebit_next_clear(const struct sparsebit *sbit, sparsebit_idx_t prev); +sparsebit_idx_t sparsebit_next_set_num(const struct sparsebit *sbit, sparsebit_idx_t start, sparsebit_num_t num); -sparsebit_idx_t sparsebit_next_clear_num(struct sparsebit *sbit, +sparsebit_idx_t sparsebit_next_clear_num(const struct sparsebit *sbit, sparsebit_idx_t start, sparsebit_num_t num); void sparsebit_set(struct sparsebit *sbitp, sparsebit_idx_t idx); @@ -62,9 +62,9 @@ void sparsebit_clear_num(struct sparsebit *sbitp, sparsebit_idx_t start, sparsebit_num_t num); void sparsebit_clear_all(struct sparsebit *sbitp); -void sparsebit_dump(FILE *stream, struct sparsebit *sbit, +void sparsebit_dump(FILE *stream, const struct sparsebit *sbit, unsigned int indent); -void sparsebit_validate_internal(struct sparsebit *sbit); +void sparsebit_validate_internal(const struct sparsebit *sbit); #ifdef __cplusplus } diff --git a/tools/testing/selftests/kvm/lib/sparsebit.c b/tools/testing/selftests/kvm/lib/sparsebit.c index 50e0cf41a7dd..6777a5b1fbd2 100644 --- a/tools/testing/selftests/kvm/lib/sparsebit.c +++ b/tools/testing/selftests/kvm/lib/sparsebit.c @@ -202,7 +202,7 @@ static sparsebit_num_t node_num_set(struct node *nodep) /* Returns a pointer to the node that describes the * lowest bit index. */ -static struct node *node_first(struct sparsebit *s) +static struct node *node_first(const struct sparsebit *s) { struct node *nodep; @@ -216,7 +216,7 @@ static struct node *node_first(struct sparsebit *s) * lowest bit index > the index of the node pointed to by np. * Returns NULL if no node with a higher index exists. */ -static struct node *node_next(struct sparsebit *s, struct node *np) +static struct node *node_next(const struct sparsebit *s, struct node *np) { struct node *nodep = np; @@ -244,7 +244,7 @@ static struct node *node_next(struct sparsebit *s, struct node *np) * highest index < the index of the node pointed to by np. * Returns NULL if no node with a lower index exists. */ -static struct node *node_prev(struct sparsebit *s, struct node *np) +static struct node *node_prev(const struct sparsebit *s, struct node *np) { struct node *nodep = np; @@ -273,7 +273,7 @@ static struct node *node_prev(struct sparsebit *s, struct node *np) * subtree and duplicates the bit settings to the newly allocated nodes. * Returns the newly allocated copy of subtree. */ -static struct node *node_copy_subtree(struct node *subtree) +static struct node *node_copy_subtree(const struct node *subtree) { struct node *root; @@ -307,7 +307,7 @@ static struct node *node_copy_subtree(struct node *subtree) * index is within the bits described by the mask bits or the number of * contiguous bits set after the mask. Returns NULL if there is no such node. */ -static struct node *node_find(struct sparsebit *s, sparsebit_idx_t idx) +static struct node *node_find(const struct sparsebit *s, sparsebit_idx_t idx) { struct node *nodep; @@ -393,7 +393,7 @@ static struct node *node_add(struct sparsebit *s, sparsebit_idx_t idx) } /* Returns whether all the bits in the sparsebit array are set. */ -bool sparsebit_all_set(struct sparsebit *s) +bool sparsebit_all_set(const struct sparsebit *s) { /* * If any nodes there must be at least one bit set. Only case @@ -776,7 +776,7 @@ static void node_reduce(struct sparsebit *s, struct node *nodep) /* Returns whether the bit at the index given by idx, within the * sparsebit array is set or not. */ -bool sparsebit_is_set(struct sparsebit *s, sparsebit_idx_t idx) +bool sparsebit_is_set(const struct sparsebit *s, sparsebit_idx_t idx) { struct node *nodep; @@ -922,7 +922,7 @@ static inline sparsebit_idx_t node_first_clear(struct node *nodep, int start) * used by test cases after they detect an unexpected condition, as a means * to capture diagnostic information. */ -static void sparsebit_dump_internal(FILE *stream, struct sparsebit *s, +static void sparsebit_dump_internal(FILE *stream, const struct sparsebit *s, unsigned int indent) { /* Dump the contents of s */ @@ -970,7 +970,7 @@ void sparsebit_free(struct sparsebit **sbitp) * sparsebit_alloc(). It can though already have bits set, which * if different from src will be cleared. */ -void sparsebit_copy(struct sparsebit *d, struct sparsebit *s) +void sparsebit_copy(struct sparsebit *d, const struct sparsebit *s) { /* First clear any bits already set in the destination */ sparsebit_clear_all(d); @@ -982,7 +982,7 @@ void sparsebit_copy(struct sparsebit *d, struct sparsebit *s) } /* Returns whether num consecutive bits starting at idx are all set. */ -bool sparsebit_is_set_num(struct sparsebit *s, +bool sparsebit_is_set_num(const struct sparsebit *s, sparsebit_idx_t idx, sparsebit_num_t num) { sparsebit_idx_t next_cleared; @@ -1006,14 +1006,14 @@ bool sparsebit_is_set_num(struct sparsebit *s, } /* Returns whether the bit at the index given by idx. */ -bool sparsebit_is_clear(struct sparsebit *s, +bool sparsebit_is_clear(const struct sparsebit *s, sparsebit_idx_t idx) { return !sparsebit_is_set(s, idx); } /* Returns whether num consecutive bits starting at idx are all cleared. */ -bool sparsebit_is_clear_num(struct sparsebit *s, +bool sparsebit_is_clear_num(const struct sparsebit *s, sparsebit_idx_t idx, sparsebit_num_t num) { sparsebit_idx_t next_set; @@ -1042,13 +1042,13 @@ bool sparsebit_is_clear_num(struct sparsebit *s, * value. Use sparsebit_any_set(), instead of sparsebit_num_set() > 0, * to determine if the sparsebit array has any bits set. */ -sparsebit_num_t sparsebit_num_set(struct sparsebit *s) +sparsebit_num_t sparsebit_num_set(const struct sparsebit *s) { return s->num_set; } /* Returns whether any bit is set in the sparsebit array. */ -bool sparsebit_any_set(struct sparsebit *s) +bool sparsebit_any_set(const struct sparsebit *s) { /* * Nodes only describe set bits. If any nodes then there @@ -1071,20 +1071,20 @@ bool sparsebit_any_set(struct sparsebit *s) } /* Returns whether all the bits in the sparsebit array are cleared. */ -bool sparsebit_all_clear(struct sparsebit *s) +bool sparsebit_all_clear(const struct sparsebit *s) { return !sparsebit_any_set(s); } /* Returns whether all the bits in the sparsebit array are set. */ -bool sparsebit_any_clear(struct sparsebit *s) +bool sparsebit_any_clear(const struct sparsebit *s) { return !sparsebit_all_set(s); } /* Returns the index of the first set bit. Abort if no bits are set. */ -sparsebit_idx_t sparsebit_first_set(struct sparsebit *s) +sparsebit_idx_t sparsebit_first_set(const struct sparsebit *s) { struct node *nodep; @@ -1098,7 +1098,7 @@ sparsebit_idx_t sparsebit_first_set(struct sparsebit *s) /* Returns the index of the first cleared bit. Abort if * no bits are cleared. */ -sparsebit_idx_t sparsebit_first_clear(struct sparsebit *s) +sparsebit_idx_t sparsebit_first_clear(const struct sparsebit *s) { struct node *nodep1, *nodep2; @@ -1152,7 +1152,7 @@ sparsebit_idx_t sparsebit_first_clear(struct sparsebit *s) /* Returns index of next bit set within s after the index given by prev. * Returns 0 if there are no bits after prev that are set. */ -sparsebit_idx_t sparsebit_next_set(struct sparsebit *s, +sparsebit_idx_t sparsebit_next_set(const struct sparsebit *s, sparsebit_idx_t prev) { sparsebit_idx_t lowest_possible = prev + 1; @@ -1245,7 +1245,7 @@ sparsebit_idx_t sparsebit_next_set(struct sparsebit *s, /* Returns index of next bit cleared within s after the index given by prev. * Returns 0 if there are no bits after prev that are cleared. */ -sparsebit_idx_t sparsebit_next_clear(struct sparsebit *s, +sparsebit_idx_t sparsebit_next_clear(const struct sparsebit *s, sparsebit_idx_t prev) { sparsebit_idx_t lowest_possible = prev + 1; @@ -1301,7 +1301,7 @@ sparsebit_idx_t sparsebit_next_clear(struct sparsebit *s, * and returns the index of the first sequence of num consecutively set * bits. Returns a value of 0 of no such sequence exists. */ -sparsebit_idx_t sparsebit_next_set_num(struct sparsebit *s, +sparsebit_idx_t sparsebit_next_set_num(const struct sparsebit *s, sparsebit_idx_t start, sparsebit_num_t num) { sparsebit_idx_t idx; @@ -1336,7 +1336,7 @@ sparsebit_idx_t sparsebit_next_set_num(struct sparsebit *s, * and returns the index of the first sequence of num consecutively cleared * bits. Returns a value of 0 of no such sequence exists. */ -sparsebit_idx_t sparsebit_next_clear_num(struct sparsebit *s, +sparsebit_idx_t sparsebit_next_clear_num(const struct sparsebit *s, sparsebit_idx_t start, sparsebit_num_t num) { sparsebit_idx_t idx; @@ -1584,7 +1584,7 @@ static size_t display_range(FILE *stream, sparsebit_idx_t low, * contiguous bits. This is done because '-' is used to specify command-line * options, and sometimes ranges are specified as command-line arguments. */ -void sparsebit_dump(FILE *stream, struct sparsebit *s, +void sparsebit_dump(FILE *stream, const struct sparsebit *s, unsigned int indent) { size_t current_line_len = 0; @@ -1682,7 +1682,7 @@ void sparsebit_dump(FILE *stream, struct sparsebit *s, * s. On error, diagnostic information is printed to stderr and * abort is called. */ -void sparsebit_validate_internal(struct sparsebit *s) +void sparsebit_validate_internal(const struct sparsebit *s) { bool error_detected = false; struct node *nodep, *prev = NULL; From patchwork Tue Jan 10 17:03:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Gonda X-Patchwork-Id: 13095375 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 80D6AC46467 for ; Tue, 10 Jan 2023 17:04:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238160AbjAJREV (ORCPT ); Tue, 10 Jan 2023 12:04:21 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40896 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238731AbjAJREI (ORCPT ); Tue, 10 Jan 2023 12:04:08 -0500 Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com [IPv6:2607:f8b0:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7F27E479F9 for ; Tue, 10 Jan 2023 09:04:05 -0800 (PST) Received: by mail-pg1-x549.google.com with SMTP id w185-20020a6382c2000000b004b1fcf39c18so3339400pgd.13 for ; Tue, 10 Jan 2023 09:04:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=y8Ws5IUpXIyeNK/XDOwuvqUqUTKu8gu/OI2LdlzUr+E=; b=gZVxF/BfVlRdNYXvJyQ6RaZ7II5GGqwItg0GdnKWPUevuCVgZ/ywpOqZEqAAFHm4Hk OfVySUb20PeRm7NOIK/I+bP79UQh0VALmRZCKjEwkdO54WkeN2ZdRZN/lO3WYiPBZ7+Q uaiHd4zj8VWaHvnApQJRLuqwWvzVE7BfBaW3AgPvI7UD36ykM3bruVohqF6ECmymNNBW KmWESbetIQUGBAAZ2JE04V2CFWQVu3aRI4/SiRxxawxqZLf7SoduCXd0Lrx4vARkHWF/ FbU1WDw+j029R0MvUn6L2QEPPS9oFEKKyE0g38r+Lwv4ZZmIbk0mEqdZL67vYjVpC6Om PGWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=y8Ws5IUpXIyeNK/XDOwuvqUqUTKu8gu/OI2LdlzUr+E=; b=ZSQFK74JP9aswgsqzoIhL76z5Qa1bO4N0ctI+stWQMx0c7ZnW2Ayew1nK1qs/PZ8nt xgBCI5fdKRZ7wExpvO4c4nconRWzspLtQ2xI4mzfEOvFBkF+V+pH01JJUw93wVJJiChU uoDwPtGw2jjS1t+3vYhIZFRFq19esWGCI7wiuPVNKT+mNZmTlmKZWvsrE881oB2qA4S/ rqPtH/mtnu3wSbaSkOpeAUEyyfiIk3JmTz/nNyHmHmFxAreOG+vA39ektuys3LNeWy5V PnrpXcOX3prlA5SokumQ6kArDD8i+i2yWpFRUD2u4vRNhQM2Nkv8nm2ixgO1QX8rFtfW tNLg== X-Gm-Message-State: AFqh2krCX81TBCDnMJ21P64b92UoaO8g1Innh6LajmahoxDQdUJqq9yv G7IWCqG0zRiRlywuld4oSMZKW7n7ljcExbHxiYBOWbcH9JJ73wYlkqKFhfWrYdnvbY8Bh8cWV46 bJVhx0JuHmSNa/WW/s1vZUvTaSvA+yxPiAPoJ1xX3jSJ90doQxXlOcORyWw== X-Google-Smtp-Source: AMrXdXvlZhL3goSDj1HZohFk5h5owOCC5IfcErxsRF65ck1Qw/ngnjeT3pk3EYcQEglM12ywX+MaqQxBr40= X-Received: from pgonda1.kir.corp.google.com ([2620:0:1008:11:8358:4c2a:eae1:4752]) (user=pgonda job=sendgmr) by 2002:a17:902:704a:b0:189:f708:9b6e with SMTP id h10-20020a170902704a00b00189f7089b6emr4156140plt.20.1673370244904; Tue, 10 Jan 2023 09:04:04 -0800 (PST) Date: Tue, 10 Jan 2023 09:03:53 -0800 In-Reply-To: <20230110170358.633793-1-pgonda@google.com> Message-Id: <20230110170358.633793-3-pgonda@google.com> Mime-Version: 1.0 References: <20230110170358.633793-1-pgonda@google.com> X-Mailer: git-send-email 2.39.0.314.g84b9a713c41-goog Subject: [PATCH V6 2/7] KVM: selftests: add hooks for managing protected guest memory From: Peter Gonda To: kvm@vger.kernel.org Cc: Peter Gonda , Paolo Bonzini , Sean Christopherson , Vishal Annapurve , Ackerly Tng , Andrew Jones , Michael Roth Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Add kvm_vm.protected metadata. Protected VMs memory, potentially register and other state may not be accessible to KVM. This combined with a new protected_phy_pages bitmap will allow the selftests to check if a given pages is accessible. Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Vishal Annapurve Cc: Ackerly Tng cc: Andrew Jones Originally-by: Michael Roth Signed-off-by: Peter Gonda --- .../selftests/kvm/include/kvm_util_base.h | 14 ++++++++++++-- tools/testing/selftests/kvm/lib/kvm_util.c | 16 +++++++++++++--- 2 files changed, 25 insertions(+), 5 deletions(-) diff --git a/tools/testing/selftests/kvm/include/kvm_util_base.h b/tools/testing/selftests/kvm/include/kvm_util_base.h index fbc2a79369b8..015b59a0b80e 100644 --- a/tools/testing/selftests/kvm/include/kvm_util_base.h +++ b/tools/testing/selftests/kvm/include/kvm_util_base.h @@ -45,6 +45,7 @@ typedef uint64_t vm_vaddr_t; /* Virtual Machine (Guest) virtual address */ struct userspace_mem_region { struct kvm_userspace_memory_region region; struct sparsebit *unused_phy_pages; + struct sparsebit *protected_phy_pages; int fd; off_t offset; enum vm_mem_backing_src_type backing_src_type; @@ -111,6 +112,9 @@ struct kvm_vm { vm_vaddr_t handlers; uint32_t dirty_ring_size; + /* VM protection enabled: SEV, etc*/ + bool protected; + /* Cache of information for binary stats interface */ int stats_fd; struct kvm_stats_header stats_header; @@ -679,10 +683,16 @@ const char *exit_reason_str(unsigned int exit_reason); vm_paddr_t vm_phy_page_alloc(struct kvm_vm *vm, vm_paddr_t paddr_min, uint32_t memslot); -vm_paddr_t vm_phy_pages_alloc(struct kvm_vm *vm, size_t num, - vm_paddr_t paddr_min, uint32_t memslot); +vm_paddr_t _vm_phy_pages_alloc(struct kvm_vm *vm, size_t num, + vm_paddr_t paddr_min, uint32_t memslot, bool protected); vm_paddr_t vm_alloc_page_table(struct kvm_vm *vm); +static inline vm_paddr_t vm_phy_pages_alloc(struct kvm_vm *vm, size_t num, + vm_paddr_t paddr_min, uint32_t memslot) +{ + return _vm_phy_pages_alloc(vm, num, paddr_min, memslot, vm->protected); +} + /* * ____vm_create() does KVM_CREATE_VM and little else. __vm_create() also * loads the test binary into guest memory and creates an IRQ chip (x86 only). diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/selftests/kvm/lib/kvm_util.c index 56d5ea949cbb..63913b219b42 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -663,6 +663,7 @@ static void __vm_mem_region_delete(struct kvm_vm *vm, vm_ioctl(vm, KVM_SET_USER_MEMORY_REGION, ®ion->region); sparsebit_free(®ion->unused_phy_pages); + sparsebit_free(®ion->protected_phy_pages); ret = munmap(region->mmap_start, region->mmap_size); TEST_ASSERT(!ret, __KVM_SYSCALL_ERROR("munmap()", ret)); if (region->fd >= 0) { @@ -1010,6 +1011,7 @@ void vm_userspace_mem_region_add(struct kvm_vm *vm, region->backing_src_type = src_type; region->unused_phy_pages = sparsebit_alloc(); + region->protected_phy_pages = sparsebit_alloc(); sparsebit_set_num(region->unused_phy_pages, guest_paddr >> vm->page_shift, npages); region->region.slot = slot; @@ -1799,6 +1801,10 @@ void vm_dump(FILE *stream, struct kvm_vm *vm, uint8_t indent) region->host_mem); fprintf(stream, "%*sunused_phy_pages: ", indent + 2, ""); sparsebit_dump(stream, region->unused_phy_pages, 0); + if (vm->protected) { + fprintf(stream, "%*sprotected_phy_pages: ", indent + 2, ""); + sparsebit_dump(stream, region->protected_phy_pages, 0); + } } fprintf(stream, "%*sMapped Virtual Pages:\n", indent, ""); sparsebit_dump(stream, vm->vpages_mapped, indent + 2); @@ -1895,8 +1901,9 @@ const char *exit_reason_str(unsigned int exit_reason) * and their base address is returned. A TEST_ASSERT failure occurs if * not enough pages are available at or above paddr_min. */ -vm_paddr_t vm_phy_pages_alloc(struct kvm_vm *vm, size_t num, - vm_paddr_t paddr_min, uint32_t memslot) +vm_paddr_t _vm_phy_pages_alloc(struct kvm_vm *vm, size_t num, + vm_paddr_t paddr_min, uint32_t memslot, + bool protected) { struct userspace_mem_region *region; sparsebit_idx_t pg, base; @@ -1929,8 +1936,11 @@ vm_paddr_t vm_phy_pages_alloc(struct kvm_vm *vm, size_t num, abort(); } - for (pg = base; pg < base + num; ++pg) + for (pg = base; pg < base + num; ++pg) { sparsebit_clear(region->unused_phy_pages, pg); + if (protected) + sparsebit_set(region->protected_phy_pages, pg); + } return base * vm->page_size; } From patchwork Tue Jan 10 17:03:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Gonda X-Patchwork-Id: 13095376 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8B1E4C54EBC for ; Tue, 10 Jan 2023 17:04:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238840AbjAJREY (ORCPT ); Tue, 10 Jan 2023 12:04:24 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40812 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238163AbjAJREK (ORCPT ); Tue, 10 Jan 2023 12:04:10 -0500 Received: from mail-pg1-x54a.google.com (mail-pg1-x54a.google.com [IPv6:2607:f8b0:4864:20::54a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0735448818 for ; Tue, 10 Jan 2023 09:04:07 -0800 (PST) Received: by mail-pg1-x54a.google.com with SMTP id r126-20020a632b84000000b004393806c06eso5459610pgr.4 for ; Tue, 10 Jan 2023 09:04:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=zDFARFhQrpAenP30BalxIxt+DEVD8SrcDZuB3VTocFM=; b=RHVPby6d8YK0kNfyU4XbKbG9K0HrUPnMsx0zAVhYrwSEV1QvBOHDlns6vmL9HKJ0UX GTV1YXGFFi4qGGJzyDg70Bx23T/qk2m26IgQALGM9rhR0g1JyC0TbB4bIJ2Xw18fkNGl nOe59Ycux7gfu9Nmrbgz/R3/UuxVbrAk+IPG6nCPV99PZFoM0pXgOWGMXEgZm38uvpKf BBtJSb+cZOh9q9M9xGRmKPfF2dqWJWcjbhSQ7+/lvN18gTEm0VeYT2whIwJ0qMP5QdaY xG+z0S3/VWFyBnre6JlMVaycb/zTlF+EpxEJG1SUEa/ACow0BwLNJ1OBHer+Mgv9oE+1 bY6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=zDFARFhQrpAenP30BalxIxt+DEVD8SrcDZuB3VTocFM=; b=OaOUb7e6QDjg2jLrN4E9uISwt8JzHGJ7MQCdk1lyw1jBtsRbMam2gtWI7iUqWEMoqo WCydSK+7Y3BcC4ZeAP/F5vqzw/mZyXVCtyPHiedN7i0NmkEdzTPvFpis1kSzKtHEw+46 kOwDwCnOpGqeyZ5zeqT8kUL8mH1mcS+uhg6yYZeAroJGlYvNeaqPna8ske8BXKgWxIto s5kkRZoGQiOuV2UqnrF04j1opUv11EgzyOl/H6zdLJF70DvqSdlhobX4nOe8lzfzC4vJ kP8u3SjR8Q7xwEZyhGKseSNXfhyz6FfcT7vrt9r8wfIS/ARTmKyggITRWrYgmvWj3JKa vLgA== X-Gm-Message-State: AFqh2kpdHAb6T7hG2wBeAmgiMvGHdJZb01HddrK4MdhzCsp/HOfQbjRY f4OJFqLV3aH0oanBft5NE5lk740wNk+zuFT9oycBhZMriQvxQy+omtQoWLXi+U/wE5WM0qy6l1e ehP3y2SHBhoknlXbBni39TJtcB8F1FAAqY3eE9VCHqb6U71E4QTqZbUx1mg== X-Google-Smtp-Source: AMrXdXva5uhx3s+CWvKnDITDXLw6FXzMzy/SFM+KhQeIxW43fE2yM0tyQftMFsZ/tCmuuFkx7QZfCuLCIiY= X-Received: from pgonda1.kir.corp.google.com ([2620:0:1008:11:8358:4c2a:eae1:4752]) (user=pgonda job=sendgmr) by 2002:a17:902:c94d:b0:191:24d1:3b31 with SMTP id i13-20020a170902c94d00b0019124d13b31mr3005144pla.94.1673370246455; Tue, 10 Jan 2023 09:04:06 -0800 (PST) Date: Tue, 10 Jan 2023 09:03:54 -0800 In-Reply-To: <20230110170358.633793-1-pgonda@google.com> Message-Id: <20230110170358.633793-4-pgonda@google.com> Mime-Version: 1.0 References: <20230110170358.633793-1-pgonda@google.com> X-Mailer: git-send-email 2.39.0.314.g84b9a713c41-goog Subject: [PATCH V6 3/7] KVM: selftests: handle protected bits in page tables From: Peter Gonda To: kvm@vger.kernel.org Cc: Peter Gonda , Paolo Bonzini , Sean Christopherson , Vishal Annapurve , Ackerly Tng , Andrew Jones , Michael Roth Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org SEV guests rely on an encyption bit which resides within the range that current code treats as address bits. Guest code will expect these bits to be set appropriately in their page tables, whereas the rest of the kvm_util functions will generally expect these bits to not be present. Introduce pte_me_mask and struct kvm_vm_arch to allow for arch specific address tagging. Currently just adding x86 c_bit and s_bit support for SEV and TDX. Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Vishal Annapurve Cc: Ackerly Tng cc: Andrew Jones Originally-by: Michael Roth Signed-off-by: Peter Gonda --- tools/arch/arm64/include/asm/kvm_host.h | 7 +++++++ tools/arch/riscv/include/asm/kvm_host.h | 7 +++++++ tools/arch/s390/include/asm/kvm_host.h | 7 +++++++ tools/arch/x86/include/asm/kvm_host.h | 13 ++++++++++++ .../selftests/kvm/include/kvm_util_base.h | 19 +++++++++++++++++ tools/testing/selftests/kvm/lib/kvm_util.c | 21 ++++++++++++++++++- .../selftests/kvm/lib/x86_64/processor.c | 17 ++++++++++++--- 7 files changed, 87 insertions(+), 4 deletions(-) create mode 100644 tools/arch/arm64/include/asm/kvm_host.h create mode 100644 tools/arch/riscv/include/asm/kvm_host.h create mode 100644 tools/arch/s390/include/asm/kvm_host.h create mode 100644 tools/arch/x86/include/asm/kvm_host.h diff --git a/tools/arch/arm64/include/asm/kvm_host.h b/tools/arch/arm64/include/asm/kvm_host.h new file mode 100644 index 000000000000..218f5cdf0d86 --- /dev/null +++ b/tools/arch/arm64/include/asm/kvm_host.h @@ -0,0 +1,7 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +#ifndef _TOOLS_LINUX_ASM_ARM64_KVM_HOST_H +#define _TOOLS_LINUX_ASM_ARM64_KVM_HOST_H + +struct kvm_vm_arch {}; + +#endif // _TOOLS_LINUX_ASM_ARM64_KVM_HOST_H diff --git a/tools/arch/riscv/include/asm/kvm_host.h b/tools/arch/riscv/include/asm/kvm_host.h new file mode 100644 index 000000000000..c8280d5659ce --- /dev/null +++ b/tools/arch/riscv/include/asm/kvm_host.h @@ -0,0 +1,7 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +#ifndef _TOOLS_LINUX_ASM_RISCV_KVM_HOST_H +#define _TOOLS_LINUX_ASM_RISCV_KVM_HOST_H + +struct kvm_vm_arch {}; + +#endif // _TOOLS_LINUX_ASM_RISCV_KVM_HOST_H diff --git a/tools/arch/s390/include/asm/kvm_host.h b/tools/arch/s390/include/asm/kvm_host.h new file mode 100644 index 000000000000..4c4c1c1e4bf8 --- /dev/null +++ b/tools/arch/s390/include/asm/kvm_host.h @@ -0,0 +1,7 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +#ifndef _TOOLS_LINUX_ASM_S390_KVM_HOST_H +#define _TOOLS_LINUX_ASM_S390_KVM_HOST_H + +struct kvm_vm_arch {}; + +#endif // _TOOLS_LINUX_ASM_S390_KVM_HOST_H diff --git a/tools/arch/x86/include/asm/kvm_host.h b/tools/arch/x86/include/asm/kvm_host.h new file mode 100644 index 000000000000..d8f48fe835fb --- /dev/null +++ b/tools/arch/x86/include/asm/kvm_host.h @@ -0,0 +1,13 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +#ifndef _TOOLS_LINUX_ASM_X86_KVM_HOST_H +#define _TOOLS_LINUX_ASM_X86_KVM_HOST_H + +#include +#include + +struct kvm_vm_arch { + uint64_t c_bit; + uint64_t s_bit; +}; + +#endif // _TOOLS_LINUX_ASM_X86_KVM_HOST_H diff --git a/tools/testing/selftests/kvm/include/kvm_util_base.h b/tools/testing/selftests/kvm/include/kvm_util_base.h index 015b59a0b80e..f84d7777d5ca 100644 --- a/tools/testing/selftests/kvm/include/kvm_util_base.h +++ b/tools/testing/selftests/kvm/include/kvm_util_base.h @@ -17,6 +17,8 @@ #include "linux/rbtree.h" #include +#include +#include #include @@ -111,6 +113,9 @@ struct kvm_vm { vm_vaddr_t idt; vm_vaddr_t handlers; uint32_t dirty_ring_size; + uint64_t gpa_protected_mask; + + struct kvm_vm_arch arch; /* VM protection enabled: SEV, etc*/ bool protected; @@ -162,6 +167,7 @@ enum vm_guest_mode { VM_MODE_P40V48_16K, VM_MODE_P40V48_64K, VM_MODE_PXXV48_4K, /* For 48bits VA but ANY bits PA */ + VM_MODE_PXXV48_4K_SEV, /* For 48bits VA but ANY bits PA */ VM_MODE_P47V64_4K, VM_MODE_P44V64_4K, VM_MODE_P36V48_4K, @@ -441,6 +447,17 @@ void *addr_gva2hva(struct kvm_vm *vm, vm_vaddr_t gva); vm_paddr_t addr_hva2gpa(struct kvm_vm *vm, void *hva); void *addr_gpa2alias(struct kvm_vm *vm, vm_paddr_t gpa); + +static inline vm_paddr_t vm_untag_gpa(struct kvm_vm *vm, vm_paddr_t gpa) +{ + return gpa & ~vm->gpa_protected_mask; +} + +static inline vm_paddr_t vm_tag_gpa(struct kvm_vm *vm, vm_paddr_t gpa) +{ + return gpa | vm->gpa_protected_mask; +} + void vcpu_run(struct kvm_vcpu *vcpu); int _vcpu_run(struct kvm_vcpu *vcpu); @@ -917,4 +934,6 @@ void kvm_selftest_arch_init(void); void kvm_arch_vm_post_create(struct kvm_vm *vm); +bool vm_is_gpa_protected(struct kvm_vm *vm, vm_paddr_t paddr); + #endif /* SELFTEST_KVM_UTIL_BASE_H */ diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/selftests/kvm/lib/kvm_util.c index 63913b219b42..ba771c2d949d 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -1451,9 +1451,10 @@ void virt_map(struct kvm_vm *vm, uint64_t vaddr, uint64_t paddr, * address providing the memory to the vm physical address is returned. * A TEST_ASSERT failure occurs if no region containing gpa exists. */ -void *addr_gpa2hva(struct kvm_vm *vm, vm_paddr_t gpa) +void *addr_gpa2hva(struct kvm_vm *vm, vm_paddr_t gpa_tagged) { struct userspace_mem_region *region; + vm_paddr_t gpa = vm_untag_gpa(vm, gpa_tagged); region = userspace_mem_region_find(vm, gpa, gpa); if (!region) { @@ -2147,3 +2148,21 @@ void __attribute((constructor)) kvm_selftest_init(void) kvm_selftest_arch_init(); } + +bool vm_is_gpa_protected(struct kvm_vm *vm, vm_paddr_t paddr) +{ + sparsebit_idx_t pg = 0; + struct userspace_mem_region *region; + + if (!vm->protected) + return false; + + region = userspace_mem_region_find(vm, paddr, paddr); + if (!region) { + TEST_FAIL("No vm physical memory at 0x%lx", paddr); + return false; + } + + pg = paddr >> vm->page_shift; + return sparsebit_is_set(region->protected_phy_pages, pg); +} diff --git a/tools/testing/selftests/kvm/lib/x86_64/processor.c b/tools/testing/selftests/kvm/lib/x86_64/processor.c index acfa1d01e7df..d03cefd9f6cd 100644 --- a/tools/testing/selftests/kvm/lib/x86_64/processor.c +++ b/tools/testing/selftests/kvm/lib/x86_64/processor.c @@ -127,6 +127,7 @@ void virt_arch_pgd_alloc(struct kvm_vm *vm) /* If needed, create page map l4 table. */ if (!vm->pgd_created) { vm->pgd = vm_alloc_page_table(vm); + vm->pgd_created = true; } } @@ -153,13 +154,16 @@ static uint64_t *virt_create_upper_pte(struct kvm_vm *vm, int target_level) { uint64_t *pte = virt_get_pte(vm, parent_pte, vaddr, current_level); + uint64_t paddr_raw = vm_untag_gpa(vm, paddr); if (!(*pte & PTE_PRESENT_MASK)) { *pte = PTE_PRESENT_MASK | PTE_WRITABLE_MASK; if (current_level == target_level) - *pte |= PTE_LARGE_MASK | (paddr & PHYSICAL_PAGE_MASK); - else + *pte |= PTE_LARGE_MASK | (paddr_raw & PHYSICAL_PAGE_MASK); + else { *pte |= vm_alloc_page_table(vm) & PHYSICAL_PAGE_MASK; + } + } else { /* * Entry already present. Assert that the caller doesn't want @@ -197,6 +201,8 @@ void __virt_pg_map(struct kvm_vm *vm, uint64_t vaddr, uint64_t paddr, int level) "Physical address beyond maximum supported,\n" " paddr: 0x%lx vm->max_gfn: 0x%lx vm->page_size: 0x%x", paddr, vm->max_gfn, vm->page_size); + TEST_ASSERT(vm_untag_gpa(vm, paddr) == paddr, + "Unexpected bits in paddr: %lx", paddr); /* * Allocate upper level page tables, if not already present. Return @@ -219,6 +225,11 @@ void __virt_pg_map(struct kvm_vm *vm, uint64_t vaddr, uint64_t paddr, int level) TEST_ASSERT(!(*pte & PTE_PRESENT_MASK), "PTE already present for 4k page at vaddr: 0x%lx\n", vaddr); *pte = PTE_PRESENT_MASK | PTE_WRITABLE_MASK | (paddr & PHYSICAL_PAGE_MASK); + + if (vm_is_gpa_protected(vm, paddr)) + *pte |= vm->arch.c_bit; + else + *pte |= vm->arch.s_bit; } void virt_arch_pg_map(struct kvm_vm *vm, uint64_t vaddr, uint64_t paddr) @@ -493,7 +504,7 @@ vm_paddr_t addr_arch_gva2gpa(struct kvm_vm *vm, vm_vaddr_t gva) * No need for a hugepage mask on the PTE, x86-64 requires the "unused" * address bits to be zero. */ - return PTE_GET_PA(*pte) | (gva & ~HUGEPAGE_MASK(level)); + return vm_untag_gpa(vm, PTE_GET_PA(*pte)) | (gva & ~HUGEPAGE_MASK(level)); } static void kvm_setup_gdt(struct kvm_vm *vm, struct kvm_dtable *dt) From patchwork Tue Jan 10 17:03:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Gonda X-Patchwork-Id: 13095377 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 638BEC46467 for ; Tue, 10 Jan 2023 17:04:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238864AbjAJRE1 (ORCPT ); Tue, 10 Jan 2023 12:04:27 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40918 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238733AbjAJREL (ORCPT ); Tue, 10 Jan 2023 12:04:11 -0500 Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com [IPv6:2607:f8b0:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9E4CD479E6 for ; Tue, 10 Jan 2023 09:04:08 -0800 (PST) Received: by mail-pg1-x549.google.com with SMTP id g32-20020a635660000000b00478c21b8095so5478694pgm.10 for ; Tue, 10 Jan 2023 09:04:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=jOOIrnjUtMWZUpL0L9JKdfnGMbr4TWaLxXxQkwwyrwA=; b=UU9Kqjf62PjHXAjjUmx5GGGgEBCLwLFNh8oCagqBmVN4Gtimz225qy4zb571uiDfM3 WWVVb1/U3Z7DSGHoric/TMH/CtocLzrTSPsJUCPQ2iVzeiauDI66AOqidnNJ7qdMDoxa 9n71dxrh4KmnrycACSboUQuY5APm/r8FzZ4KUVPnwUWX4oA8Fqw1+dORLldbesrNuBcY /Rpxz0ICqRmRtRezDq+VK28q21H1W/ygeSF+C4LKDW6YisE24VowXqqFdNavgRCLaXjW wQN1CpnKrNeC0th5ivqBi9ECsqpNFDskmzuSVycdLJzn2a/yYey/bXReoVQlIL/Rf7Av PYeA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=jOOIrnjUtMWZUpL0L9JKdfnGMbr4TWaLxXxQkwwyrwA=; b=Nj+j43fd2ipsaHH9K0P4JV7YvWg0J/WO0zO7VdOVm9FfcvpA6C18UlV4miTfN+1b7X /TqfAnRG+T75f2iN8GhWfONHX1CckkvH8wJvlx8lkYtrFwCGya8vAN9aiMzV3GgJGQB+ CqINpRIIVmtXDzD3wMqtWW/Q3F3qvNaqJQyBrDOTTYmRK6ZPE93yhWr1NhSgCJdEkCbT D3kmhUGwSRuXiL2wQvoKV7/8q/epoXW+OuK6M9BYsRcZhSrOdTyNzyEZcj2L3eG2i2rO FUuotPx+qpEm/78Bi6hcz49TRc+o6uV1XG4bO4JNy0/8CCGUsZ9mJ0Ksh7FZMqZ0SAWz pfDQ== X-Gm-Message-State: AFqh2krfUeBvZSHnghQ4M70DS22cGMwAw5GnwN27wE1ounczD7ejXWww K90ta113PX3lplI6dEP4KsKH1w3zyH8J8ropoqVe4E5ZMsZLzPxJv0bVPOkCRKdSSiLguQ0Kr2j 7iwasYUyL4xHav/zv0gdNo/ny/82L/fpmvRPK1+MuFJCoPFS3p4QDjejhTQ== X-Google-Smtp-Source: AMrXdXtlTZ1hCS0jta1wB0FwopiNwOvlglAq474UPvN+IBSk3hkAsqthRVoNIdXgt/uvjGvSiGBB536oTNs= X-Received: from pgonda1.kir.corp.google.com ([2620:0:1008:11:8358:4c2a:eae1:4752]) (user=pgonda job=sendgmr) by 2002:a17:902:b7c1:b0:192:5838:afb3 with SMTP id v1-20020a170902b7c100b001925838afb3mr3664339plz.13.1673370248065; Tue, 10 Jan 2023 09:04:08 -0800 (PST) Date: Tue, 10 Jan 2023 09:03:55 -0800 In-Reply-To: <20230110170358.633793-1-pgonda@google.com> Message-Id: <20230110170358.633793-5-pgonda@google.com> Mime-Version: 1.0 References: <20230110170358.633793-1-pgonda@google.com> X-Mailer: git-send-email 2.39.0.314.g84b9a713c41-goog Subject: [PATCH V6 4/7] KVM: selftests: add support for protected vm_vaddr_* allocations From: Peter Gonda To: kvm@vger.kernel.org Cc: Michael Roth , Paolo Bonzini , Sean Christopherson , Vishal Annapurve , Ackerly Tng , Andrew Jones , Peter Gonda Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Michael Roth Test programs may wish to allocate shared vaddrs for things like sharing memory with the guest. Since protected vms will have their memory encrypted by default an interface is needed to explicitly request shared pages. Implement this by splitting the common code out from vm_vaddr_alloc() and introducing a new vm_vaddr_alloc_shared(). Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Vishal Annapurve Cc: Ackerly Tng cc: Andrew Jones Signed-off-by: Michael Roth Signed-off-by: Peter Gonda --- .../selftests/kvm/include/kvm_util_base.h | 1 + tools/testing/selftests/kvm/lib/kvm_util.c | 21 +++++++++++++++---- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/kvm/include/kvm_util_base.h b/tools/testing/selftests/kvm/include/kvm_util_base.h index f84d7777d5ca..5f3150ecfbbf 100644 --- a/tools/testing/selftests/kvm/include/kvm_util_base.h +++ b/tools/testing/selftests/kvm/include/kvm_util_base.h @@ -435,6 +435,7 @@ vm_vaddr_t vm_vaddr_unused_gap(struct kvm_vm *vm, size_t sz, vm_vaddr_t vaddr_mi vm_vaddr_t vm_vaddr_alloc(struct kvm_vm *vm, size_t sz, vm_vaddr_t vaddr_min); vm_vaddr_t __vm_vaddr_alloc(struct kvm_vm *vm, size_t sz, vm_vaddr_t vaddr_min, enum kvm_mem_region_type type); +vm_vaddr_t vm_vaddr_alloc_shared(struct kvm_vm *vm, size_t sz, vm_vaddr_t vaddr_min); vm_vaddr_t vm_vaddr_alloc_pages(struct kvm_vm *vm, int nr_pages); vm_vaddr_t __vm_vaddr_alloc_page(struct kvm_vm *vm, enum kvm_mem_region_type type); diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/selftests/kvm/lib/kvm_util.c index ba771c2d949d..0d0a7ad7632d 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -1305,15 +1305,17 @@ vm_vaddr_t vm_vaddr_unused_gap(struct kvm_vm *vm, size_t sz, return pgidx_start * vm->page_size; } -vm_vaddr_t __vm_vaddr_alloc(struct kvm_vm *vm, size_t sz, vm_vaddr_t vaddr_min, - enum kvm_mem_region_type type) +static vm_vaddr_t ____vm_vaddr_alloc(struct kvm_vm *vm, size_t sz, + vm_vaddr_t vaddr_min, + enum kvm_mem_region_type type, + bool encrypt) { uint64_t pages = (sz >> vm->page_shift) + ((sz % vm->page_size) != 0); virt_pgd_alloc(vm); - vm_paddr_t paddr = vm_phy_pages_alloc(vm, pages, + vm_paddr_t paddr = _vm_phy_pages_alloc(vm, pages, KVM_UTIL_MIN_PFN * vm->page_size, - vm->memslots[type]); + vm->memslots[type], encrypt); /* * Find an unused range of virtual page addresses of at least @@ -1333,6 +1335,17 @@ vm_vaddr_t __vm_vaddr_alloc(struct kvm_vm *vm, size_t sz, vm_vaddr_t vaddr_min, return vaddr_start; } +vm_vaddr_t __vm_vaddr_alloc(struct kvm_vm *vm, size_t sz, vm_vaddr_t vaddr_min, + enum kvm_mem_region_type type) +{ + return ____vm_vaddr_alloc(vm, sz, vaddr_min, type, vm->protected); +} + +vm_vaddr_t vm_vaddr_alloc_shared(struct kvm_vm *vm, size_t sz, vm_vaddr_t vaddr_min) +{ + return ____vm_vaddr_alloc(vm, sz, vaddr_min, MEM_REGION_TEST_DATA, false); +} + /* * VM Virtual Address Allocate * From patchwork Tue Jan 10 17:03:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Gonda X-Patchwork-Id: 13095378 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E7481C54EBC for ; Tue, 10 Jan 2023 17:04:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238741AbjAJRE3 (ORCPT ); Tue, 10 Jan 2023 12:04:29 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40824 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238780AbjAJREM (ORCPT ); Tue, 10 Jan 2023 12:04:12 -0500 Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com [IPv6:2607:f8b0:4864:20::64a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 82F44643C for ; Tue, 10 Jan 2023 09:04:10 -0800 (PST) Received: by mail-pl1-x64a.google.com with SMTP id f8-20020a170902ce8800b00190c6518e21so8738059plg.1 for ; Tue, 10 Jan 2023 09:04:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=1jfzYB3eSzo0uQ/eLCbHbqOq8jz9MEk1g6fqiugzfaQ=; b=Yg4We21sqhESU2d+UO/H2SDeDwShjaf45qTgc3dap9vLYnyVTVXFvMZYvgIGzkIStX eK7V6Srh7D642eNTWPL8msuulIP7YSzvaXzlWvSjek7S67PLRpcboESVL6k19+S+iVMO EyuQpgsP5w2aoYWKtvtBewWQt3JswTSVk4SBdUBd8MQVnmMUjC9D8VPgfBbyvfx9DkgP rREKzwxTM21lBgm6EFqNQefE/TO9Ja3mwvmI/JBtYwK041UwOj/N9Gx3SqGVbao3jjbj hSEjJIiP9hHfIE9CLyspJcmZmV+FlIhb66SqnO5m6fG1v3xuGpl8OJ/4F9uQTk/oNdP/ 6msg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=1jfzYB3eSzo0uQ/eLCbHbqOq8jz9MEk1g6fqiugzfaQ=; b=2bSnRQDotJJoJcdFUO818N/PXAL4iPhkO1ls779XOD9IKngv5hEmfxxdh7kEFWwfkP k5XkwApWRsyLTnWCSL7b4fu2NIkrMKbNDsXGffkz1mKMU40BGDIaNldf1SCFMNY+g82W NOU+lRWNcC2CMX5QWJNZWXcVm7on0X5rtBw2jjxp6cKgie+Bd/idCWE68Is569A8mYCj AUcOPpGU5d7I2ImBaWEOxgytYe0DepP3QR93HmSwhs68r9fGM5JhCVbkcEorZJqylVKh xaGKvLDjBfAuK2S5WLsNTWqBQD4xMH+OxiPyKSpaGHChmcSN4DrHVw9ZTxqfYyA4GdBF 7WSA== X-Gm-Message-State: AFqh2koHhLsmbIBcn2/mUGee83Bo0jzMi9ibpuzXTs6fAJ/AkiKVlIjM cdl3GNae0ZqARGNWYzZdV19j0PyjfR1mJIZcgk0rDHs0ZRgFkwPCZo+aKKXrtVc3m55kukxyIFJ ftXwYKh9lzqIA8EWyYwivaP7qPgJJZmKlDn/0tzlW3azNeJ9ygCoDWsO36w== X-Google-Smtp-Source: AMrXdXuNzLX+lC3L0QA8KtIU/Hv4hDDifJhYuLmSdlJ8QAXOqHBogiJ0NYEZgVTb1CVSNTNLUdz5RsZYj6A= X-Received: from pgonda1.kir.corp.google.com ([2620:0:1008:11:8358:4c2a:eae1:4752]) (user=pgonda job=sendgmr) by 2002:a17:902:9883:b0:193:1c8f:182f with SMTP id s3-20020a170902988300b001931c8f182fmr691912plp.14.1673370249981; Tue, 10 Jan 2023 09:04:09 -0800 (PST) Date: Tue, 10 Jan 2023 09:03:56 -0800 In-Reply-To: <20230110170358.633793-1-pgonda@google.com> Message-Id: <20230110170358.633793-6-pgonda@google.com> Mime-Version: 1.0 References: <20230110170358.633793-1-pgonda@google.com> X-Mailer: git-send-email 2.39.0.314.g84b9a713c41-goog Subject: [PATCH V6 5/7] KVM: selftests: add library for creating/interacting with SEV guests From: Peter Gonda To: kvm@vger.kernel.org Cc: Peter Gonda , Paolo Bonzini , Sean Christopherson , Vishal Annapurve , Ackerly Tng , Andrew Jones , Michael Roth Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Add interfaces to allow tests to create SEV guests. The additional requirements for SEV guests PTs and other state is encapsulated by the new vm_sev_create_with_one_vcpu() function. This can future be generalized for more vCPUs but the first set of SEV selftests in this series only uses a single vCPU. Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Vishal Annapurve Cc: Ackerly Tng cc: Andrew Jones Originally-by: Michael Roth Co-developed-by: Ackerly Tng Signed-off-by: Peter Gonda --- tools/arch/x86/include/asm/kvm_host.h | 1 + tools/testing/selftests/kvm/Makefile | 3 +- .../selftests/kvm/include/kvm_util_base.h | 15 +- .../selftests/kvm/include/x86_64/processor.h | 1 + .../selftests/kvm/include/x86_64/sev.h | 27 ++ tools/testing/selftests/kvm/lib/kvm_util.c | 8 +- .../selftests/kvm/lib/x86_64/processor.c | 45 +++- tools/testing/selftests/kvm/lib/x86_64/sev.c | 254 ++++++++++++++++++ 8 files changed, 343 insertions(+), 11 deletions(-) create mode 100644 tools/testing/selftests/kvm/include/x86_64/sev.h create mode 100644 tools/testing/selftests/kvm/lib/x86_64/sev.c diff --git a/tools/arch/x86/include/asm/kvm_host.h b/tools/arch/x86/include/asm/kvm_host.h index d8f48fe835fb..c95041e92fb5 100644 --- a/tools/arch/x86/include/asm/kvm_host.h +++ b/tools/arch/x86/include/asm/kvm_host.h @@ -8,6 +8,7 @@ struct kvm_vm_arch { uint64_t c_bit; uint64_t s_bit; + bool is_pt_protected; }; #endif // _TOOLS_LINUX_ASM_X86_KVM_HOST_H diff --git a/tools/testing/selftests/kvm/Makefile b/tools/testing/selftests/kvm/Makefile index 1750f91dd936..b7cfb15712d1 100644 --- a/tools/testing/selftests/kvm/Makefile +++ b/tools/testing/selftests/kvm/Makefile @@ -39,6 +39,7 @@ LIBKVM_x86_64 += lib/x86_64/processor.c LIBKVM_x86_64 += lib/x86_64/svm.c LIBKVM_x86_64 += lib/x86_64/ucall.c LIBKVM_x86_64 += lib/x86_64/vmx.c +LIBKVM_x86_64 += lib/x86_64/sev.c LIBKVM_aarch64 += lib/aarch64/gic.c LIBKVM_aarch64 += lib/aarch64/gic_v3.c @@ -199,7 +200,7 @@ CFLAGS += -Wall -Wstrict-prototypes -Wuninitialized -O2 -g -std=gnu99 \ -fno-stack-protector -fno-PIE -I$(LINUX_TOOL_INCLUDE) \ -I$(LINUX_TOOL_ARCH_INCLUDE) -I$(LINUX_HDR_PATH) -Iinclude \ -I$(protected); } +uint64_t vm_nr_pages_required(enum vm_guest_mode mode, + uint32_t nr_runnable_vcpus, + uint64_t extra_mem_pages); + /* * ____vm_create() does KVM_CREATE_VM and little else. __vm_create() also * loads the test binary into guest memory and creates an IRQ chip (x86 only). @@ -767,8 +778,8 @@ unsigned long vm_compute_max_gfn(struct kvm_vm *vm); unsigned int vm_calc_num_guest_pages(enum vm_guest_mode mode, size_t size); unsigned int vm_num_host_pages(enum vm_guest_mode mode, unsigned int num_guest_pages); unsigned int vm_num_guest_pages(enum vm_guest_mode mode, unsigned int num_host_pages); -static inline unsigned int -vm_adjust_num_guest_pages(enum vm_guest_mode mode, unsigned int num_guest_pages) +static inline unsigned int vm_adjust_num_guest_pages(enum vm_guest_mode mode, + unsigned int num_guest_pages) { unsigned int n; n = vm_num_guest_pages(mode, vm_num_host_pages(mode, num_guest_pages)); diff --git a/tools/testing/selftests/kvm/include/x86_64/processor.h b/tools/testing/selftests/kvm/include/x86_64/processor.h index 2a5f47d51388..1c72fb5672a9 100644 --- a/tools/testing/selftests/kvm/include/x86_64/processor.h +++ b/tools/testing/selftests/kvm/include/x86_64/processor.h @@ -916,6 +916,7 @@ static inline void vcpu_set_msr(struct kvm_vcpu *vcpu, uint64_t msr_index, void kvm_get_cpu_address_width(unsigned int *pa_bits, unsigned int *va_bits); +void kvm_init_vm_address_properties(struct kvm_vm *vm); bool vm_is_unrestricted_guest(struct kvm_vm *vm); struct ex_regs { diff --git a/tools/testing/selftests/kvm/include/x86_64/sev.h b/tools/testing/selftests/kvm/include/x86_64/sev.h new file mode 100644 index 000000000000..e212b032cd77 --- /dev/null +++ b/tools/testing/selftests/kvm/include/x86_64/sev.h @@ -0,0 +1,27 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Helpers used for SEV guests + * + */ +#ifndef SELFTEST_KVM_SEV_H +#define SELFTEST_KVM_SEV_H + +#include +#include + +#include "kvm_util.h" + +#define CPUID_MEM_ENC_LEAF 0x8000001f +#define CPUID_EBX_CBIT_MASK 0x3f + +#define SEV_POLICY_NO_DBG (1UL << 0) +#define SEV_POLICY_ES (1UL << 2) + +bool is_kvm_sev_supported(void); + +void sev_vm_init(struct kvm_vm *vm); + +struct kvm_vm *vm_sev_create_with_one_vcpu(uint32_t policy, void *guest_code, + struct kvm_vcpu **cpu); + +#endif /* SELFTEST_KVM_SEV_H */ diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/selftests/kvm/lib/kvm_util.c index 0d0a7ad7632d..99983a5c5558 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -151,6 +151,7 @@ const char *vm_guest_mode_string(uint32_t i) [VM_MODE_P40V48_16K] = "PA-bits:40, VA-bits:48, 16K pages", [VM_MODE_P40V48_64K] = "PA-bits:40, VA-bits:48, 64K pages", [VM_MODE_PXXV48_4K] = "PA-bits:ANY, VA-bits:48, 4K pages", + [VM_MODE_PXXV48_4K_SEV] = "PA-bits:ANY, VA-bits:48, 4K pages", [VM_MODE_P47V64_4K] = "PA-bits:47, VA-bits:64, 4K pages", [VM_MODE_P44V64_4K] = "PA-bits:44, VA-bits:64, 4K pages", [VM_MODE_P36V48_4K] = "PA-bits:36, VA-bits:48, 4K pages", @@ -176,6 +177,7 @@ const struct vm_guest_mode_params vm_guest_mode_params[] = { [VM_MODE_P40V48_16K] = { 40, 48, 0x4000, 14 }, [VM_MODE_P40V48_64K] = { 40, 48, 0x10000, 16 }, [VM_MODE_PXXV48_4K] = { 0, 0, 0x1000, 12 }, + [VM_MODE_PXXV48_4K_SEV] = { 0, 0, 0x1000, 12 }, [VM_MODE_P47V64_4K] = { 47, 64, 0x1000, 12 }, [VM_MODE_P44V64_4K] = { 44, 64, 0x1000, 12 }, [VM_MODE_P36V48_4K] = { 36, 48, 0x1000, 12 }, @@ -254,9 +256,11 @@ struct kvm_vm *____vm_create(enum vm_guest_mode mode) case VM_MODE_P36V47_16K: vm->pgtable_levels = 3; break; + case VM_MODE_PXXV48_4K_SEV: case VM_MODE_PXXV48_4K: #ifdef __x86_64__ kvm_get_cpu_address_width(&vm->pa_bits, &vm->va_bits); + kvm_init_vm_address_properties(vm); /* * Ignore KVM support for 5-level paging (vm->va_bits == 57), * it doesn't take effect unless a CR4.LA57 is set, which it @@ -270,7 +274,7 @@ struct kvm_vm *____vm_create(enum vm_guest_mode mode) vm->pgtable_levels = 4; vm->va_bits = 48; #else - TEST_FAIL("VM_MODE_PXXV48_4K not supported on non-x86 platforms"); + TEST_FAIL("VM_MODE_PXXV48_4K* not supported on non-x86 platforms"); #endif break; case VM_MODE_P47V64_4K: @@ -303,7 +307,7 @@ struct kvm_vm *____vm_create(enum vm_guest_mode mode) return vm; } -static uint64_t vm_nr_pages_required(enum vm_guest_mode mode, +uint64_t vm_nr_pages_required(enum vm_guest_mode mode, uint32_t nr_runnable_vcpus, uint64_t extra_mem_pages) { diff --git a/tools/testing/selftests/kvm/lib/x86_64/processor.c b/tools/testing/selftests/kvm/lib/x86_64/processor.c index d03cefd9f6cd..557146ba85a8 100644 --- a/tools/testing/selftests/kvm/lib/x86_64/processor.c +++ b/tools/testing/selftests/kvm/lib/x86_64/processor.c @@ -8,6 +8,7 @@ #include "test_util.h" #include "kvm_util.h" #include "processor.h" +#include "sev.h" #ifndef NUM_INTERRUPTS #define NUM_INTERRUPTS 256 @@ -119,10 +120,16 @@ bool kvm_is_tdp_enabled(void) return get_kvm_amd_param_bool("npt"); } +static void assert_supported_guest_mode(struct kvm_vm *vm) +{ + TEST_ASSERT(vm->mode == VM_MODE_PXXV48_4K || vm->mode == VM_MODE_PXXV48_4K_SEV, + "Attempt to use unknown or unsupported guest mode, mode: 0x%x", + vm->mode); +} + void virt_arch_pgd_alloc(struct kvm_vm *vm) { - TEST_ASSERT(vm->mode == VM_MODE_PXXV48_4K, "Attempt to use " - "unknown or unsupported guest mode, mode: 0x%x", vm->mode); + assert_supported_guest_mode(vm); /* If needed, create page map l4 table. */ if (!vm->pgd_created) { @@ -186,8 +193,7 @@ void __virt_pg_map(struct kvm_vm *vm, uint64_t vaddr, uint64_t paddr, int level) uint64_t *pml4e, *pdpe, *pde; uint64_t *pte; - TEST_ASSERT(vm->mode == VM_MODE_PXXV48_4K, - "Unknown or unsupported guest mode, mode: 0x%x", vm->mode); + assert_supported_guest_mode(vm); TEST_ASSERT((vaddr % pg_size) == 0, "Virtual address not aligned,\n" @@ -273,11 +279,14 @@ uint64_t *__vm_get_page_table_entry(struct kvm_vm *vm, uint64_t vaddr, { uint64_t *pml4e, *pdpe, *pde; + TEST_ASSERT( + !vm->arch.is_pt_protected, + "Protected guests have their page tables protected so gva2gpa conversions are not possible."); + TEST_ASSERT(*level >= PG_LEVEL_NONE && *level < PG_LEVEL_NUM, "Invalid PG_LEVEL_* '%d'", *level); - TEST_ASSERT(vm->mode == VM_MODE_PXXV48_4K, "Attempt to use " - "unknown or unsupported guest mode, mode: 0x%x", vm->mode); + assert_supported_guest_mode(vm); TEST_ASSERT(sparsebit_is_set(vm->vpages_valid, (vaddr >> vm->page_shift)), "Invalid virtual address, vaddr: 0x%lx", @@ -543,6 +552,7 @@ static void vcpu_setup(struct kvm_vm *vm, struct kvm_vcpu *vcpu) kvm_setup_gdt(vm, &sregs.gdt); switch (vm->mode) { + case VM_MODE_PXXV48_4K_SEV: case VM_MODE_PXXV48_4K: sregs.cr0 = X86_CR0_PE | X86_CR0_NE | X86_CR0_PG; sregs.cr4 |= X86_CR4_PAE | X86_CR4_OSFXSR; @@ -566,6 +576,10 @@ static void vcpu_setup(struct kvm_vm *vm, struct kvm_vcpu *vcpu) void kvm_arch_vm_post_create(struct kvm_vm *vm) { vm_create_irqchip(vm); + + if (vm->mode == VM_MODE_PXXV48_4K_SEV) { + sev_vm_init(vm); + } } struct kvm_vcpu *vm_arch_vcpu_add(struct kvm_vm *vm, uint32_t vcpu_id, @@ -1050,6 +1064,25 @@ void kvm_get_cpu_address_width(unsigned int *pa_bits, unsigned int *va_bits) } } +static void configure_sev_pte_masks(struct kvm_vm *vm) +{ + uint32_t eax, ebx, ecx, edx, enc_bit; + + cpuid(CPUID_MEM_ENC_LEAF, &eax, &ebx, &ecx, &edx); + enc_bit = ebx & CPUID_EBX_CBIT_MASK; + + vm->arch.c_bit = 1ULL << enc_bit; + vm->protected = true; + vm->gpa_protected_mask = vm->arch.c_bit; +} + +void kvm_init_vm_address_properties(struct kvm_vm *vm) +{ + if (vm->mode == VM_MODE_PXXV48_4K_SEV) { + configure_sev_pte_masks(vm); + } +} + static void set_idt_entry(struct kvm_vm *vm, int vector, unsigned long addr, int dpl, unsigned short selector) { diff --git a/tools/testing/selftests/kvm/lib/x86_64/sev.c b/tools/testing/selftests/kvm/lib/x86_64/sev.c new file mode 100644 index 000000000000..3e20f15dd098 --- /dev/null +++ b/tools/testing/selftests/kvm/lib/x86_64/sev.c @@ -0,0 +1,254 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Helpers used for SEV guests + * + */ + +#define _GNU_SOURCE /* for program_invocation_short_name */ +#include +#include + +#include "kvm_util.h" +#include "svm_util.h" +#include "linux/psp-sev.h" +#include "processor.h" +#include "sev.h" + +#define SEV_FW_REQ_VER_MAJOR 0 +#define SEV_FW_REQ_VER_MINOR 17 + +enum sev_guest_state { + SEV_GSTATE_UNINIT = 0, + SEV_GSTATE_LUPDATE, + SEV_GSTATE_LSECRET, + SEV_GSTATE_RUNNING, +}; + +static void sev_ioctl(int cmd, void *data) +{ + int ret; + struct sev_issue_cmd arg; + + arg.cmd = cmd; + arg.data = (unsigned long)data; + ret = ioctl(open_sev_dev_path_or_exit(), SEV_ISSUE_CMD, &arg); + TEST_ASSERT(ret == 0, "SEV ioctl %d failed, error: %d, fw_error: %d", + cmd, ret, arg.error); +} + +static void kvm_sev_ioctl(struct kvm_vm *vm, int cmd, void *data) +{ + struct kvm_sev_cmd arg = {0}; + int ret; + + arg.id = cmd; + arg.sev_fd = open_sev_dev_path_or_exit(); + arg.data = (__u64)data; + + ret = ioctl(vm->fd, KVM_MEMORY_ENCRYPT_OP, &arg); + TEST_ASSERT( + ret == 0, + "SEV KVM ioctl %d failed, rc: %i errno: %i (%s), fw_error: %d", + cmd, ret, errno, strerror(errno), arg.error); +} + +static void sev_register_user_region(struct kvm_vm *vm, struct userspace_mem_region *region) +{ + struct kvm_enc_region range = {0}; + int ret; + + range.addr = (__u64)region->region.userspace_addr; + ; + range.size = region->region.memory_size; + + ret = ioctl(vm->fd, KVM_MEMORY_ENCRYPT_REG_REGION, &range); + TEST_ASSERT(ret == 0, "failed to register user range, errno: %i\n", + errno); +} + +static void sev_launch_update_data(struct kvm_vm *vm, vm_paddr_t gpa, uint64_t size) +{ + struct kvm_sev_launch_update_data ksev_update_data = {0}; + + pr_debug("%s: addr: 0x%lx, size: %lu\n", __func__, gpa, size); + + ksev_update_data.uaddr = (__u64)addr_gpa2hva(vm, gpa); + ksev_update_data.len = size; + + kvm_sev_ioctl(vm, KVM_SEV_LAUNCH_UPDATE_DATA, &ksev_update_data); +} + + +/* + * Iterate over set ranges within sparsebit @s. In each iteration, + * @range_begin and @range_end will take the beginning and end of the set + * range, which are of type sparsebit_idx_t. + * + * For example, if the range [3, 7] (inclusive) is set, within the + * iteration,@range_begin will take the value 3 and @range_end will take + * the value 7. + * + * Ensure that there is at least one bit set before using this macro with + * sparsebit_any_set(), because sparsebit_first_set() will abort if none + * are set. + */ +#define sparsebit_for_each_set_range(s, range_begin, range_end) \ + for (range_begin = sparsebit_first_set(s), \ + range_end = \ + sparsebit_next_clear(s, range_begin) - 1; \ + range_begin && range_end; \ + range_begin = sparsebit_next_set(s, range_end), \ + range_end = \ + sparsebit_next_clear(s, range_begin) - 1) + +/* + * sparsebit_next_clear() can return 0 if [x, 2**64-1] are all set, and the + * -1 would then cause an underflow back to 2**64 - 1. This is expected and + * correct. + * + * If the last range in the sparsebit is [x, y] and we try to iterate, + * sparsebit_next_set() will return 0, and sparsebit_next_clear() will try + * and find the first range, but that's correct because the condition + * expression would cause us to quit the loop. + */ +static void encrypt_region(struct kvm_vm *vm, struct userspace_mem_region *region) +{ + const struct sparsebit *protected_phy_pages = + region->protected_phy_pages; + const vm_paddr_t gpa_base = region->region.guest_phys_addr; + const sparsebit_idx_t lowest_page_in_region = gpa_base >> vm->page_shift; + + sparsebit_idx_t i; + sparsebit_idx_t j; + + if (!sparsebit_any_set(protected_phy_pages)) + return; + + sev_register_user_region(vm, region); + + sparsebit_for_each_set_range(protected_phy_pages, i, j) { + const uint64_t size_to_load = (j - i + 1) * vm->page_size; + const uint64_t offset = (i - lowest_page_in_region) * vm->page_size; + const uint64_t gpa = gpa_base + offset; + + sev_launch_update_data(vm, gpa, size_to_load); + } +} + +static void sev_encrypt(struct kvm_vm *vm) +{ + int ctr; + struct userspace_mem_region *region; + + hash_for_each(vm->regions.slot_hash, ctr, region, slot_node) { + encrypt_region(vm, region); + } + + vm->arch.is_pt_protected = true; +} + +bool is_kvm_sev_supported(void) +{ + struct sev_user_data_status sev_status; + + sev_ioctl(SEV_PLATFORM_STATUS, &sev_status); + + if (!(sev_status.api_major > SEV_FW_REQ_VER_MAJOR || + (sev_status.api_major == SEV_FW_REQ_VER_MAJOR && + sev_status.api_minor >= SEV_FW_REQ_VER_MINOR))) { + pr_info("SEV FW version too old. Have API %d.%d (build: %d), need %d.%d, skipping test.\n", + sev_status.api_major, sev_status.api_minor, + sev_status.build, SEV_FW_REQ_VER_MAJOR, + SEV_FW_REQ_VER_MINOR); + return false; + } + + return true; +} + +static void sev_vm_launch(struct kvm_vm *vm, uint32_t policy) +{ + struct kvm_sev_launch_start ksev_launch_start = {0}; + struct kvm_sev_guest_status ksev_status; + + ksev_launch_start.policy = policy; + kvm_sev_ioctl(vm, KVM_SEV_LAUNCH_START, &ksev_launch_start); + kvm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &ksev_status); + TEST_ASSERT(ksev_status.policy == policy, "Incorrect guest policy."); + TEST_ASSERT(ksev_status.state == SEV_GSTATE_LUPDATE, + "Unexpected guest state: %d", ksev_status.state); + + ucall_init(vm, 0); + + sev_encrypt(vm); +} + +static void sev_vm_launch_measure(struct kvm_vm *vm, uint8_t *measurement) +{ + struct kvm_sev_launch_measure ksev_launch_measure; + struct kvm_sev_guest_status ksev_guest_status; + + ksev_launch_measure.len = 256; + ksev_launch_measure.uaddr = (__u64)measurement; + kvm_sev_ioctl(vm, KVM_SEV_LAUNCH_MEASURE, &ksev_launch_measure); + + kvm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &ksev_guest_status); + TEST_ASSERT(ksev_guest_status.state == SEV_GSTATE_LSECRET, + "Unexpected guest state: %d", ksev_guest_status.state); +} + +static void sev_vm_launch_finish(struct kvm_vm *vm) +{ + struct kvm_sev_guest_status ksev_status; + + kvm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &ksev_status); + TEST_ASSERT(ksev_status.state == SEV_GSTATE_LUPDATE || + ksev_status.state == SEV_GSTATE_LSECRET, + "Unexpected guest state: %d", ksev_status.state); + + kvm_sev_ioctl(vm, KVM_SEV_LAUNCH_FINISH, NULL); + + kvm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &ksev_status); + TEST_ASSERT(ksev_status.state == SEV_GSTATE_RUNNING, + "Unexpected guest state: %d", ksev_status.state); +} + +static void sev_vm_measure(struct kvm_vm *vm) +{ + uint8_t measurement[512]; + int i; + + sev_vm_launch_measure(vm, measurement); + + /* TODO: Validate the measurement is as expected. */ + pr_debug("guest measurement: "); + for (i = 0; i < 32; ++i) + pr_debug("%02x", measurement[i]); + pr_debug("\n"); +} + +void sev_vm_init(struct kvm_vm *vm) +{ + kvm_sev_ioctl(vm, KVM_SEV_INIT, NULL); +} + +struct kvm_vm *vm_sev_create_with_one_vcpu(uint32_t policy, void *guest_code, + struct kvm_vcpu **cpu) +{ + enum vm_guest_mode mode = VM_MODE_PXXV48_4K_SEV; + struct kvm_vm *vm; + struct kvm_vcpu *cpus[1]; + + vm = __vm_create_with_vcpus(mode, 1, 0, guest_code, cpus); + *cpu = cpus[0]; + + sev_vm_launch(vm, policy); + + sev_vm_measure(vm); + + sev_vm_launch_finish(vm); + + pr_info("SEV guest created, policy: 0x%x\n", policy); + + return vm; +} From patchwork Tue Jan 10 17:03:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Gonda X-Patchwork-Id: 13095379 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B2361C46467 for ; Tue, 10 Jan 2023 17:04:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238747AbjAJREb (ORCPT ); Tue, 10 Jan 2023 12:04:31 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40822 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238540AbjAJREM (ORCPT ); Tue, 10 Jan 2023 12:04:12 -0500 Received: from mail-pf1-x449.google.com (mail-pf1-x449.google.com [IPv6:2607:f8b0:4864:20::449]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 26B3E44C42 for ; Tue, 10 Jan 2023 09:04:12 -0800 (PST) Received: by mail-pf1-x449.google.com with SMTP id a18-20020a62bd12000000b0056e7b61ec78so5496907pff.17 for ; Tue, 10 Jan 2023 09:04:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Wd8IRDcm/I+X4nIj9mIHk75KksnNCPDW6vKldjVyscc=; b=sXj2PNkyoMv/M5+nsVqLWsJP641hr0cV8y9ddDpJOvUNXV1XuSoarlapj938jgSnhS 7rNRsSXpXqyhkaSWdzHRtCItCxinKVzUL1Jr1X2XUz/VU3KzXYASlQpsAGFOkCjC/8vm +eddG+vkUrudOO9iwYbhlgBEhcUgq5bqdYfWPPmLUFBBXflINQYNwrKNDdfkdHCjoXTX 84PKqSQ6IiMWLXX9QaOsjUuZzZpfKP+/yBlcRPZOUYMK6H4Fnv4fDdpDqUs4SEqBh9l9 IR2wCyk7YMUJQxWDCYE21/tnCf/pN3Bv7lV2XR8opOHl/r0GYPJGKrmX6e+s+8QzWWej h6Fg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Wd8IRDcm/I+X4nIj9mIHk75KksnNCPDW6vKldjVyscc=; b=O1KpFOOdMKrR/pj69vqxGaWJ2hGfp0+M9Ko7BUtW5Wgb+st7QLbZgJFGgbN5dUW5Fm KcJ2mCtV3mE5iHKKJreLuxb8edHmvt1abjU4XQvQqKUU58ByjIK0qgbgRIYEka7xKO3S CWWrZDvT2dNKcZghu/MVHVNlM5YDx4nosr6UReVVBpTDElbXi+reohtddBRbWqTERdwI VY0vd7g5HJbo+NuPpOTD5tS2H8V3VtXo2kMRfurRic7dNXL7KkCDFsC93CtVJEtm3eXM GlGlx/WUMQ4dZaBadLNOC4biykfa3tJUBIOZHgKj3k8h82Fi8qcvFaVqkF2WD+wvtPqi wJTQ== X-Gm-Message-State: AFqh2kpqtOSNtB3Hf5byBDKrgkEjBHsmO2yxBvlGh081ueNcd37yqQWx T8wvcquTssaR6IbbJ/kCswKZHoLBBwkXOktkrj/r0mvDLa/h7PvaXXH4E1COeB+oJtADg2l18Dd bz+N2b2n/3JKdyJkgzPuOuMd1ASuUcBxwjJ9zJvG6wHzRFIoOyYnZdr3b9w== X-Google-Smtp-Source: AMrXdXszK0rmsMkcBRtmXc4668zB9ryouhknfZXU3pTVF/td7AQOuETq73YFekoXrqc2NHF3PrMnIsCgsyw= X-Received: from pgonda1.kir.corp.google.com ([2620:0:1008:11:8358:4c2a:eae1:4752]) (user=pgonda job=sendgmr) by 2002:a63:5c54:0:b0:49d:7f4c:f695 with SMTP id n20-20020a635c54000000b0049d7f4cf695mr3213615pgm.311.1673370251512; Tue, 10 Jan 2023 09:04:11 -0800 (PST) Date: Tue, 10 Jan 2023 09:03:57 -0800 In-Reply-To: <20230110170358.633793-1-pgonda@google.com> Message-Id: <20230110170358.633793-7-pgonda@google.com> Mime-Version: 1.0 References: <20230110170358.633793-1-pgonda@google.com> X-Mailer: git-send-email 2.39.0.314.g84b9a713c41-goog Subject: [PATCH V6 6/7] KVM: selftests: Update ucall pool to allocate from shared memory From: Peter Gonda To: kvm@vger.kernel.org Cc: Peter Gonda , Paolo Bonzini , Sean Christopherson , Vishal Annapurve , Ackerly Tng , Andrew Jones Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Update the per VM ucall_header allocation from vm_vaddr_alloc() to vm_vaddr_alloc_shared(). This allows encrypted guests to use ucall pools by placing their shared ucall structures in unencrypted (shared) memory. No behavior change for non encrypted guests. Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Vishal Annapurve Cc: Ackerly Tng cc: Andrew Jones Signed-off-by: Peter Gonda --- tools/testing/selftests/kvm/lib/ucall_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/kvm/lib/ucall_common.c b/tools/testing/selftests/kvm/lib/ucall_common.c index 2f0e2ea941cc..99ef4866a001 100644 --- a/tools/testing/selftests/kvm/lib/ucall_common.c +++ b/tools/testing/selftests/kvm/lib/ucall_common.c @@ -24,7 +24,7 @@ void ucall_init(struct kvm_vm *vm, vm_paddr_t mmio_gpa) vm_vaddr_t vaddr; int i; - vaddr = __vm_vaddr_alloc(vm, sizeof(*hdr), KVM_UTIL_MIN_VADDR, MEM_REGION_DATA); + vaddr = vm_vaddr_alloc_shared(vm, sizeof(*hdr), KVM_UTIL_MIN_VADDR); hdr = (struct ucall_header *)addr_gva2hva(vm, vaddr); memset(hdr, 0, sizeof(*hdr)); From patchwork Tue Jan 10 17:03:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Gonda X-Patchwork-Id: 13095380 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D1AAAC54EBC for ; Tue, 10 Jan 2023 17:04:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238731AbjAJREd (ORCPT ); Tue, 10 Jan 2023 12:04:33 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40786 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238782AbjAJREP (ORCPT ); Tue, 10 Jan 2023 12:04:15 -0500 Received: from mail-pl1-x649.google.com (mail-pl1-x649.google.com [IPv6:2607:f8b0:4864:20::649]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A7EBE3FA1F for ; Tue, 10 Jan 2023 09:04:13 -0800 (PST) Received: by mail-pl1-x649.google.com with SMTP id w18-20020a170902e89200b00192e2fde1ceso8866145plg.20 for ; Tue, 10 Jan 2023 09:04:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=gvKL4k+XqEeisXjOR1hp0hVtRqo/3Kp5ZonU9eu80yA=; b=iIzKSXstbSiXpvxF6yKduBL27q8nJbT0Cs4TQGd0JKtIHbRHP8YnNRy78gdvaOtC6a aHHnN5TYEBAY711auQ28mUe3AxSqtLz5JbGH8P1yXFx8VEQO8AaNigEVsPJ1/9SGLPqI rvLhgHhEdwfAMPC25w5ixwYTVXpCc9qegq59oqTSRb7NHwljqAjPEoaHtIIby3VphxuP wcnz4xCNrXZl85aCf6iBZ1SdqO1c3NpgnBGVvrRDqoRAO5w+xPVbAWsw4MEZ1U/qzUI3 BmRHVcpVsZjVEjReTm9Vlclxzh4XQj6+WJ3+SznPAZc7b/zneOch8NPthSlGmcuQs3sf HvcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=gvKL4k+XqEeisXjOR1hp0hVtRqo/3Kp5ZonU9eu80yA=; b=EjyX8AYfrtC/lZxNf/seDGnXlA3bhHFhFN8Hh6/Pjm4W4QA7kLBWtK3GHERzTGnqCT L5/+AqIUbGtAtqR0GlVoVPyThSyVqUSh6DAtWJ4SCYYopbS7l5F/WZCd6xnDBzlILEES CtnWh3LFsfrz6gEiSr6hSY5kpruY75PJUh+9b7+yXWsJjw9HfgcLq9M7H149GE9umieg DaxMDIZD2Wck3jcieeaHHrZOa0FeUBAHU/Vq0yAJneIWVwZCKpGiVt40+Hz/NkzkXl8V ivpOHKj+aJ4pUtLmPa9K6bMUClb+HptRCsr+62lnpOWyD/5WswXoqwVSDEiZ+/cIsEpl 0oCg== X-Gm-Message-State: AFqh2kr51EpcXNOiqEK8ttQ13DpcCQMRGn9By9xGozadgMhATtWnyVUg M3PhiSx+bJl3CBjlbb6+lqmFNdbTSfNgNeP9RcIaGA1Qpt+rJICMqRLBRBwh5+nrKYeoRRGRwqd /PLyCD0z/rEze3pCrQcwNG8owg8J/B4QNGiqJb9jRel5VmXpt5DybVtqw1g== X-Google-Smtp-Source: AMrXdXt2w5EXn75AVqQHDDOHPGlIRoih9Q3KbyTCSxT6Ga8XjmqDeVOFukPqrYWe8H+canmOGL+Ehv5eU30= X-Received: from pgonda1.kir.corp.google.com ([2620:0:1008:11:8358:4c2a:eae1:4752]) (user=pgonda job=sendgmr) by 2002:a05:6a00:15cc:b0:582:5cc8:d854 with SMTP id o12-20020a056a0015cc00b005825cc8d854mr2885250pfu.16.1673370253071; Tue, 10 Jan 2023 09:04:13 -0800 (PST) Date: Tue, 10 Jan 2023 09:03:58 -0800 In-Reply-To: <20230110170358.633793-1-pgonda@google.com> Message-Id: <20230110170358.633793-8-pgonda@google.com> Mime-Version: 1.0 References: <20230110170358.633793-1-pgonda@google.com> X-Mailer: git-send-email 2.39.0.314.g84b9a713c41-goog Subject: [PATCH V6 7/7] KVM: selftests: Add simple sev vm testing From: Peter Gonda To: kvm@vger.kernel.org Cc: Peter Gonda , Paolo Bonzini , Sean Christopherson , Vishal Annapurve , Ackerly Tng , Andrew Jones , Michael Roth Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org A very simple of booting SEV guests that checks related CPUID bits. This is a stripped down version of "[PATCH v2 08/13] KVM: selftests: add SEV boot tests" from Michael but much simpler. Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Vishal Annapurve Cc: Ackerly Tng cc: Andrew Jones Suggested-by: Michael Roth Signed-off-by: Peter Gonda --- tools/testing/selftests/kvm/.gitignore | 84 +++++++++++++++++++ tools/testing/selftests/kvm/Makefile | 1 + .../selftests/kvm/x86_64/sev_all_boot_test.c | 84 +++++++++++++++++++ 3 files changed, 169 insertions(+) create mode 100644 tools/testing/selftests/kvm/x86_64/sev_all_boot_test.c diff --git a/tools/testing/selftests/kvm/.gitignore b/tools/testing/selftests/kvm/.gitignore index 6d9381d60172..6d826957c6ae 100644 --- a/tools/testing/selftests/kvm/.gitignore +++ b/tools/testing/selftests/kvm/.gitignore @@ -1,7 +1,91 @@ # SPDX-License-Identifier: GPL-2.0-only +<<<<<<< HEAD * !/**/ !*.c !*.h !*.S !*.sh +======= +/aarch64/aarch32_id_regs +/aarch64/arch_timer +/aarch64/debug-exceptions +/aarch64/get-reg-list +/aarch64/hypercalls +/aarch64/psci_test +/aarch64/vcpu_width_config +/aarch64/vgic_init +/aarch64/vgic_irq +/s390x/memop +/s390x/resets +/s390x/sync_regs_test +/s390x/tprot +/x86_64/amx_test +/x86_64/cpuid_test +/x86_64/cr4_cpuid_sync_test +/x86_64/debug_regs +/x86_64/evmcs_test +/x86_64/emulator_error_test +/x86_64/fix_hypercall_test +/x86_64/get_msr_index_features +/x86_64/kvm_clock_test +/x86_64/kvm_pv_test +/x86_64/hyperv_clock +/x86_64/hyperv_cpuid +/x86_64/hyperv_features +/x86_64/hyperv_svm_test +/x86_64/max_vcpuid_cap_test +/x86_64/mmio_warning_test +/x86_64/monitor_mwait_test +/x86_64/nested_exceptions_test +/x86_64/nx_huge_pages_test +/x86_64/platform_info_test +/x86_64/pmu_event_filter_test +/x86_64/set_boot_cpu_id +/x86_64/set_sregs_test +/x86_64/sev_all_boot_test +/x86_64/sev_migrate_tests +/x86_64/smm_test +/x86_64/state_test +/x86_64/svm_vmcall_test +/x86_64/svm_int_ctl_test +/x86_64/svm_nested_soft_inject_test +/x86_64/sync_regs_test +/x86_64/tsc_msrs_test +/x86_64/tsc_scaling_sync +/x86_64/ucna_injection_test +/x86_64/userspace_io_test +/x86_64/userspace_msr_exit_test +/x86_64/vmx_apic_access_test +/x86_64/vmx_close_while_nested_test +/x86_64/vmx_dirty_log_test +/x86_64/vmx_exception_with_invalid_guest_state +/x86_64/vmx_invalid_nested_guest_state +/x86_64/vmx_msrs_test +/x86_64/vmx_preemption_timer_test +/x86_64/vmx_set_nested_state_test +/x86_64/vmx_tsc_adjust_test +/x86_64/vmx_nested_tsc_scaling_test +/x86_64/xapic_ipi_test +/x86_64/xapic_state_test +/x86_64/xen_shinfo_test +/x86_64/xen_vmcall_test +/x86_64/xss_msr_test +/x86_64/vmx_pmu_caps_test +/x86_64/triple_fault_event_test +/access_tracking_perf_test +/demand_paging_test +/dirty_log_test +/dirty_log_perf_test +/hardware_disable_test +/kvm_create_max_vcpus +/kvm_page_table_test +/max_guest_memory_test +/memslot_modification_stress_test +/memslot_perf_test +/rseq_test +/set_memory_region_test +/steal_time +/kvm_binary_stats_test +/system_counter_offset_test +>>>>>>> KVM: selftests: Add simple sev vm testing diff --git a/tools/testing/selftests/kvm/Makefile b/tools/testing/selftests/kvm/Makefile index b7cfb15712d1..66d7ab3da990 100644 --- a/tools/testing/selftests/kvm/Makefile +++ b/tools/testing/selftests/kvm/Makefile @@ -111,6 +111,7 @@ TEST_GEN_PROGS_x86_64 += x86_64/tsc_msrs_test TEST_GEN_PROGS_x86_64 += x86_64/vmx_pmu_caps_test TEST_GEN_PROGS_x86_64 += x86_64/xen_shinfo_test TEST_GEN_PROGS_x86_64 += x86_64/xen_vmcall_test +TEST_GEN_PROGS_x86_64 += x86_64/sev_all_boot_test TEST_GEN_PROGS_x86_64 += x86_64/sev_migrate_tests TEST_GEN_PROGS_x86_64 += x86_64/amx_test TEST_GEN_PROGS_x86_64 += x86_64/max_vcpuid_cap_test diff --git a/tools/testing/selftests/kvm/x86_64/sev_all_boot_test.c b/tools/testing/selftests/kvm/x86_64/sev_all_boot_test.c new file mode 100644 index 000000000000..e9e4d7305bc1 --- /dev/null +++ b/tools/testing/selftests/kvm/x86_64/sev_all_boot_test.c @@ -0,0 +1,84 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Basic SEV boot tests. + * + */ +#include +#include +#include +#include +#include + +#include "test_util.h" +#include "kvm_util.h" +#include "processor.h" +#include "svm_util.h" +#include "linux/psp-sev.h" +#include "sev.h" + +#define NR_SYNCS 1 + +#define MSR_AMD64_SEV_BIT 1 + +static void guest_run_loop(struct kvm_vcpu *vcpu) +{ + struct ucall uc; + int i; + + for (i = 0; i <= NR_SYNCS; ++i) { + vcpu_run(vcpu); + switch (get_ucall(vcpu, &uc)) { + case UCALL_SYNC: + continue; + case UCALL_DONE: + return; + case UCALL_ABORT: + REPORT_GUEST_ASSERT(uc); + default: + TEST_FAIL("Unexpected exit: %s", + exit_reason_str(vcpu->run->exit_reason)); + } + } +} + +static void is_sev_enabled(void) +{ + uint64_t sev_status; + + GUEST_ASSERT(this_cpu_has(X86_FEATURE_SEV)); + + sev_status = rdmsr(MSR_AMD64_SEV); + GUEST_ASSERT(sev_status & 0x1); +} + +static void guest_sev_code(void) +{ + GUEST_SYNC(1); + + is_sev_enabled(); + + GUEST_DONE(); +} + +static void test_sev(void *guest_code, uint64_t policy) +{ + struct kvm_vm *vm; + struct kvm_vcpu *vcpu; + + vm = vm_sev_create_with_one_vcpu(policy, guest_code, &vcpu); + TEST_ASSERT(vm, "vm_sev_create_with_one_vcpu() failed to create VM\n"); + + guest_run_loop(vcpu); + + kvm_vm_free(vm); +} + +int main(int argc, char *argv[]) +{ + TEST_REQUIRE(is_kvm_sev_supported()); + + test_sev(guest_sev_code, SEV_POLICY_NO_DBG); + test_sev(guest_sev_code, 0); + + return 0; +}