From patchwork Thu Sep 5 12:40:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Pratik R. Sampat" X-Patchwork-Id: 13792301 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2056.outbound.protection.outlook.com [40.107.212.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 476AF83CC1; Thu, 5 Sep 2024 12:41:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.212.56 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725540095; cv=fail; b=iLcbg6IqarDhqxnBKbEdbi5A6EBzJptZ8OKaGZ5ZCuEXrRCT2yw1mvg8kDimB0hKHqZyym7+fiJT/AV25T51dFwEGrlO7rFW8m9e/sPUKQhp0niJh3f8oP+jAVwljPylvx3oHbJT2oTx7RbGApe6c3KVzAYR1euCK4rRlcv5T24= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725540095; c=relaxed/simple; bh=dC9tnz2IdAFGQInPzaxUu/I5kUmTyuAB+nlWbHbLoeg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=OqXRb+37MH5j3A9/VPTTXWhQ7eN1g7dpjRFxZ48UQsRhHv8417aGb6zhkAmZxBNXllGGt0sz8MKpxjDGKZwuXLfEanbY3+32AALQn4CQkWbEpsZYZM4PDwAx5fHQqG0aDJIOIK0sOxh2RohNiZhFkMNTdu+c2LvHtiQpkfwFndk= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=z8HMb3HE; arc=fail smtp.client-ip=40.107.212.56 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="z8HMb3HE" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=kxxmMx0/g8Xqqh1wyEg/uFZN/nE3pYOnZaJ9XXq/+/j6p6GaBNqFxiE/pGSokO5oGEJxFLIU7/mHeRFqDBFE8yPW0m96LDm5yez3SVE4ux4s3XcSxZeK0b371uFaqFgTsDQChzntyRo49jJK2GGKTnVhn2c4kezotIz8oPh4JBkaPM055kWCzsYC+0V2caevwYbeyW71EslH3aekB+MnzpDbdzD3FlbvVa/8+C8cSvvYVXFthBu+viU4ByQQs9iuD33ZOBXh7vsbSjYBnDd+v35LXTQUOxjZ3CqYKMTaIqnjcnJvszE2IGzxGjtp7rRTcOo/iJEhcqJi2/yXaTcTLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ADOqkBzoG4K6tOReSMxTsvfzlRSPxgSJ3xv1/w9nEiI=; b=KdRIYFx8dkc8/7eqlPnVTFfagd7u0OlRnA1CwceK+rvXlCDtKjijrmjKoqIqwxkl0OFS2cfigomaqKX93NE3s/dx754PqUdNpyzuBQ6E8Mv//hF9uYkCuvUvaUNwy6PaHudrbZFS94VuPANE/aULC/4KcGZBQEIqzA5BY0VC3n156GlAfewpk8V0tQ7Nf0pD6EDHymfDcCrwbjeztbD1CGKfYYDv9eAz9dJK9i5diNzCt+EfhV0lgtkIOMqt1VzXs9XV6w0QZgy0ffE9EgpDu5ikk+A3VQJDNiRDD4ito9HQ8xqsS0gSagCyZnppzBKntXEInzqkYbuuYLBvr0rFMQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ADOqkBzoG4K6tOReSMxTsvfzlRSPxgSJ3xv1/w9nEiI=; b=z8HMb3HEbk0JGWnJ3SG9PQxs0CBQJnhnDgsYFKT6Xzmt5LRi8YgpVYiNpmZy6wLyUcrNyRnvOqRTta3WS5wGmCrsQL8u7k9m2EnFfwa3oaNNf3hEoHxswNPvCQjHUxzcye88wqp6A4znrqo9KeTpmGQ1fCXm6elf5bYpfV+5dFc= Received: from CH2PR11CA0024.namprd11.prod.outlook.com (2603:10b6:610:54::34) by MW6PR12MB7088.namprd12.prod.outlook.com (2603:10b6:303:238::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.27; Thu, 5 Sep 2024 12:41:27 +0000 Received: from DS3PEPF000099DD.namprd04.prod.outlook.com (2603:10b6:610:54:cafe::fa) by CH2PR11CA0024.outlook.office365.com (2603:10b6:610:54::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.27 via Frontend Transport; Thu, 5 Sep 2024 12:41:26 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C Received: from SATLEXMB03.amd.com (165.204.84.17) by DS3PEPF000099DD.mail.protection.outlook.com (10.167.17.199) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 5 Sep 2024 12:41:25 +0000 Received: from AUSPRSAMPAT.amd.com (10.180.168.240) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 5 Sep 2024 07:41:24 -0500 From: "Pratik R. Sampat" To: CC: , , , , , , , Subject: [PATCH v3 1/9] KVM: selftests: Decouple SEV ioctls from asserts Date: Thu, 5 Sep 2024 07:40:59 -0500 Message-ID: <20240905124107.6954-2-pratikrajesh.sampat@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240905124107.6954-1-pratikrajesh.sampat@amd.com> References: <20240905124107.6954-1-pratikrajesh.sampat@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB03.amd.com (10.181.40.144) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DD:EE_|MW6PR12MB7088:EE_ X-MS-Office365-Filtering-Correlation-Id: aa0a5ae8-dbd9-49a8-82fd-08dccda80e69 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|1800799024|376014|36860700013; X-Microsoft-Antispam-Message-Info: we9isSSCIqXgpp1XP0pBl/4dWlmn2OxMOy/rhTtTSAhmmc+d0aGvkHQpKlt7ilusa1OgSwzCse95LdSNzIEQjSC2I1nMQ5wWX5a6KUXstt1gW2QZMw1KdCxoSTvs7rUcQSJ7dpkhqQ8wLf2T7uu3KJ8XopL7BQEgonPjA60RAWt4AcKueYKFc98DJO0kCz/b3dJcmFbT03U83DIqZpcaXCDLcQ9DzAodQxxYYCFqJ+812t7r3BuJkyChAAEaY70UyexevotntlGhg/L8gHUBtoYeehWZMJ7jd54wXPhslUbg8U6/SIEJNg7SbZnNUSl6KMCT/vLMlh156P23qMdnVgE63LztW4hlUu0XoZrwRRuqbCgLgSJt2HflRc89voDEJqBoMi8TAqrdJxJHQ7cRbtG4BY/dOmviEPdITK1XdSq3m2pFdklY0eJxieUdOT3NiYUzQ/06/Mlh+1+JeZWA811DOj7cd/hudnLBRtUeXtfTl2CyEIMxiN2kTZ7sMVJ4JZ5ixgkEjSzda+Okr0motXcasG95VFDGBOKw+FbrHax0jLIqU8E0ro4sDbVM6aVjh/vJuUE4CV3i4KIJ5aMmqWETc/MclvWF1DKMW8Bn7Qx5ZtrLdhvDo5JZ+QAKuSwaOAqx4QxPDrTtgwCagfR2tDVucDnP9JdEs/0utGl0qJB2EAN06V1dnyBnc0HzJIm23/lYhv1Y38N0VGeM9Pt6Cl9AQZY/gbf/7auUs8H3G3w9tCauTp2A9nl7B5rdjRvbi3DM9Msgsps8S78wO8cytPeSXIWJyL7ibYDhYWR7azkzD6MJRDqkK2JYSFTdfgwDGjzOM3bSIh+8p8gzUNppD3Q2sVsUfmCkmjYZUCfMyudJNdKV52+E1vXOycT3kOd18uM0ngPKB5zwiXrOrP6CMm7rui5I20sDnQ+7zf2hozZTbi3fiDnl3TYZxk/1Y/tAFefR2goXIMrhUO3rKu4XdfJB9WnUoyXGwaJFvRhbL5zzHdW6mObvnWJenf5oD7pwl9oNNI1mLAts/mKdY6HVVfUQIRPmAXrVpegeQ8JFpdwPaeluvpUTlGkT6LrzVWAvgvAvP2f29gj6hMgwjLkmcCxB0J1alt9dYrknZCQ/xdI+A5pH1x5HyVEm6GyonCyzzLn/XhENhkAd9IDnlUhnx0b5+TFYyTgzCrPDNppQeRlVQHhliDm5fTvLPHdLtAND/3vpv5SUQ4c+pwNqJqtnMRt4gMYxm3d95C99PYRhBCrShynE4nmgdiR5HBiOuq3It+uuu2xY/qVhjoGOxmRhRlwH600ZL3OD+GgtT3NMX+wDrMWxoebBkHH3t5mQOTbA4T2YzNr6kctF6KcG0ttSXjuXQjWY1DnfDq2TWpwYjl29Yvh9Nn+kuCd//Venyv0fSbiXyMqLK7KKXezV/WpuFudZmJ6MHlj7GbBpM422py8ocq+fz11hgHp3juNVXfA3 X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(1800799024)(376014)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Sep 2024 12:41:25.8669 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: aa0a5ae8-dbd9-49a8-82fd-08dccda80e69 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DD.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW6PR12MB7088 Add variants of sev, sev-es launch path that return the status of the ioctl call instead of asserting for success. This enables both positive and negative testing of the path. No functional impact intended. Signed-off-by: Pratik R. Sampat Tested-by: Peter Gonda Tested-by: Srikanth Aithal --- .../selftests/kvm/include/x86_64/sev.h | 22 +++++- tools/testing/selftests/kvm/lib/x86_64/sev.c | 78 +++++++++++++++---- 2 files changed, 80 insertions(+), 20 deletions(-) diff --git a/tools/testing/selftests/kvm/include/x86_64/sev.h b/tools/testing/selftests/kvm/include/x86_64/sev.h index 82c11c81a956..3998152cc081 100644 --- a/tools/testing/selftests/kvm/include/x86_64/sev.h +++ b/tools/testing/selftests/kvm/include/x86_64/sev.h @@ -27,6 +27,12 @@ enum sev_guest_state { #define GHCB_MSR_TERM_REQ 0x100 +/* Variants of the SEV launch path that do not assert the ioctl status */ +int __sev_vm_launch_start(struct kvm_vm *vm, uint32_t policy); +int __sev_vm_launch_update(struct kvm_vm *vm, uint32_t policy); +int __sev_vm_launch_measure(struct kvm_vm *vm, uint8_t *measurement); +int __sev_vm_launch_finish(struct kvm_vm *vm); + void sev_vm_launch(struct kvm_vm *vm, uint32_t policy); void sev_vm_launch_measure(struct kvm_vm *vm, uint8_t *measurement); void sev_vm_launch_finish(struct kvm_vm *vm); @@ -82,15 +88,23 @@ static inline void sev_register_encrypted_memory(struct kvm_vm *vm, vm_ioctl(vm, KVM_MEMORY_ENCRYPT_REG_REGION, &range); } -static inline void sev_launch_update_data(struct kvm_vm *vm, vm_paddr_t gpa, - uint64_t size) +static inline int __sev_launch_update_data(struct kvm_vm *vm, vm_paddr_t gpa, + uint64_t hva, uint64_t size) { struct kvm_sev_launch_update_data update_data = { - .uaddr = (unsigned long)addr_gpa2hva(vm, gpa), + .uaddr = hva, .len = size, }; - vm_sev_ioctl(vm, KVM_SEV_LAUNCH_UPDATE_DATA, &update_data); + return __vm_sev_ioctl(vm, KVM_SEV_LAUNCH_UPDATE_DATA, &update_data); +} + +static inline void sev_launch_update_data(struct kvm_vm *vm, vm_paddr_t gpa, + uint64_t hva, uint64_t size) +{ + int ret = __sev_launch_update_data(vm, gpa, hva, size); + + TEST_ASSERT_VM_VCPU_IOCTL(!ret, KVM_SEV_LAUNCH_UPDATE_DATA, ret, vm); } #endif /* SELFTEST_KVM_SEV_H */ diff --git a/tools/testing/selftests/kvm/lib/x86_64/sev.c b/tools/testing/selftests/kvm/lib/x86_64/sev.c index e9535ee20b7f..125a72246e09 100644 --- a/tools/testing/selftests/kvm/lib/x86_64/sev.c +++ b/tools/testing/selftests/kvm/lib/x86_64/sev.c @@ -14,15 +14,16 @@ * and find the first range, but that's correct because the condition * expression would cause us to quit the loop. */ -static void encrypt_region(struct kvm_vm *vm, struct userspace_mem_region *region) +static int encrypt_region(struct kvm_vm *vm, struct userspace_mem_region *region) { const struct sparsebit *protected_phy_pages = region->protected_phy_pages; const vm_paddr_t gpa_base = region->region.guest_phys_addr; const sparsebit_idx_t lowest_page_in_region = gpa_base >> vm->page_shift; sparsebit_idx_t i, j; + int ret; if (!sparsebit_any_set(protected_phy_pages)) - return; + return 0; sev_register_encrypted_memory(vm, region); @@ -30,8 +31,15 @@ static void encrypt_region(struct kvm_vm *vm, struct userspace_mem_region *regio const uint64_t size = (j - i + 1) * vm->page_size; const uint64_t offset = (i - lowest_page_in_region) * vm->page_size; - sev_launch_update_data(vm, gpa_base + offset, size); + ret = __sev_launch_update_data(vm, gpa_base + offset, + (uint64_t)addr_gpa2hva(vm, gpa_base + offset), + size); + if (ret) + return ret; + } + + return 0; } void sev_vm_init(struct kvm_vm *vm) @@ -60,38 +68,74 @@ void sev_es_vm_init(struct kvm_vm *vm) } } -void sev_vm_launch(struct kvm_vm *vm, uint32_t policy) +int __sev_vm_launch_start(struct kvm_vm *vm, uint32_t policy) { struct kvm_sev_launch_start launch_start = { .policy = policy, }; + + return __vm_sev_ioctl(vm, KVM_SEV_LAUNCH_START, &launch_start); +} + +int __sev_vm_launch_update(struct kvm_vm *vm, uint32_t policy) +{ struct userspace_mem_region *region; - struct kvm_sev_guest_status status; int ctr; - vm_sev_ioctl(vm, KVM_SEV_LAUNCH_START, &launch_start); - vm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &status); + hash_for_each(vm->regions.slot_hash, ctr, region, slot_node) { + int ret = encrypt_region(vm, region); - TEST_ASSERT_EQ(status.policy, policy); - TEST_ASSERT_EQ(status.state, SEV_GUEST_STATE_LAUNCH_UPDATE); - - hash_for_each(vm->regions.slot_hash, ctr, region, slot_node) - encrypt_region(vm, region); + if (ret) + return ret; + } if (policy & SEV_POLICY_ES) vm_sev_ioctl(vm, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL); vm->arch.is_pt_protected = true; + + return 0; } -void sev_vm_launch_measure(struct kvm_vm *vm, uint8_t *measurement) +int __sev_vm_launch_measure(struct kvm_vm *vm, uint8_t *measurement) { struct kvm_sev_launch_measure launch_measure; - struct kvm_sev_guest_status guest_status; launch_measure.len = 256; launch_measure.uaddr = (__u64)measurement; - vm_sev_ioctl(vm, KVM_SEV_LAUNCH_MEASURE, &launch_measure); + + return __vm_sev_ioctl(vm, KVM_SEV_LAUNCH_MEASURE, &launch_measure); +} + +int __sev_vm_launch_finish(struct kvm_vm *vm) +{ + return __vm_sev_ioctl(vm, KVM_SEV_LAUNCH_FINISH, NULL); +} + +void sev_vm_launch(struct kvm_vm *vm, uint32_t policy) +{ + struct kvm_sev_guest_status status; + int ret; + + ret = __sev_vm_launch_start(vm, policy); + TEST_ASSERT_VM_VCPU_IOCTL(!ret, KVM_SEV_LAUNCH_START, ret, vm); + + vm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &status); + + TEST_ASSERT_EQ(status.policy, policy); + TEST_ASSERT_EQ(status.state, SEV_GUEST_STATE_LAUNCH_UPDATE); + + ret = __sev_vm_launch_update(vm, policy); + TEST_ASSERT_VM_VCPU_IOCTL(!ret, KVM_SEV_LAUNCH_UPDATE_DATA, ret, vm); +} + +void sev_vm_launch_measure(struct kvm_vm *vm, uint8_t *measurement) +{ + struct kvm_sev_guest_status guest_status; + int ret; + + ret = __sev_vm_launch_measure(vm, measurement); + TEST_ASSERT_VM_VCPU_IOCTL(!ret, KVM_SEV_LAUNCH_MEASURE, ret, vm); vm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &guest_status); TEST_ASSERT_EQ(guest_status.state, SEV_GUEST_STATE_LAUNCH_SECRET); @@ -100,13 +144,15 @@ void sev_vm_launch_measure(struct kvm_vm *vm, uint8_t *measurement) void sev_vm_launch_finish(struct kvm_vm *vm) { struct kvm_sev_guest_status status; + int ret; vm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &status); TEST_ASSERT(status.state == SEV_GUEST_STATE_LAUNCH_UPDATE || status.state == SEV_GUEST_STATE_LAUNCH_SECRET, "Unexpected guest state: %d", status.state); - vm_sev_ioctl(vm, KVM_SEV_LAUNCH_FINISH, NULL); + ret = __sev_vm_launch_finish(vm); + TEST_ASSERT_VM_VCPU_IOCTL(!ret, KVM_SEV_LAUNCH_FINISH, ret, vm); vm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &status); TEST_ASSERT_EQ(status.state, SEV_GUEST_STATE_RUNNING); From patchwork Thu Sep 5 12:41:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Pratik R. Sampat" X-Patchwork-Id: 13792302 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2061.outbound.protection.outlook.com [40.107.220.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EB85783CC1; Thu, 5 Sep 2024 12:41:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.61 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725540110; cv=fail; b=ZhFogYkd2+J8e6iEFWEofmcGOJ03cpjvbcnDIU5trwpyDjvP47h63O1Ax0kyAX4GlbhdtYGSr3KTfYpPeD1LI7lAwLDYX8kP6OVQsnpS2Q+s3QlQSyH3Gr6dYTKu12gKM9n7aqYR58FeUPY/OcrNnQ8TRN0fmEvEG6vMEuKRyp0= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725540110; c=relaxed/simple; bh=lwKQJOS/wlPtuO4zvxF+tuuwuDLLNhd9UNBtZRJYly4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=pCVyRGTvQVZVMCqNtj/4AVQ6Ev8EIDvJo41WwC5s17Aw6JYQpxylovwP08ZKZapKfygJUgCS1ZLPXsMe9KmcXWCyv4mk7BzEmiPURfyx3zWshVMMc+DGkpL/lO+5YJs5Hv+uZ8AjKYJ5bTQLBqP/EbrFMs5yg3bmI8yPrk9YNWw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Zo5SWdz2; arc=fail smtp.client-ip=40.107.220.61 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Zo5SWdz2" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=wUKA3roVeZf8SiZraBa5jBvKNoYhEqJvU+zyl2fv3r8KdCWPvvTaWXAvFY1kt/epBAtK1+bAPCzFnDh8r90vNRDo/V1sqby45IIU5EEIw85J/8+uFdQBJPVf0IF2cOvZ03F2HQ+UjH//E1CBgbnrxYAanhZpnY33cNTLXwyMacBFH1R5PYPNfLcPiwbBdlBESNxSOFsWtQ3MEHZLeGDrtQg7Tc7b4/LKqvI1K8s2UFSsY4+P2vxhfcojsnNIYm7kdLbrzhxXC8pDDQfrYWIuIqnaDsitGEDadbo8wh+Vr4yl5HN7D1IxjmmzWrhQ0/aYaA/Nb5Gty935hvYisXLkLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dwDofsI0PAkgDYTQheZedWUPjGprRJqHrsyZYKmJEzM=; b=ZL1wAivLpBOaC6zNIjdTmbLqYka6PmjZZ8aWy1Y8BCLqOhdf2GB9jQbE7ie3BCGuF1QjF01swxA3hKuCgUwK2aI9D8uYYLbtD1xSo/690qc4iOd2bubNtTYrxKFnE+VpaGehMmC93mPrsTrh7cd8QpSguik4gxCJmPOj+P8syIdpxYov+YRrr3pARzqp6T7lnrC+Tk2Zlcss5DqX6R4y6huoSnG8sUnib8uvHBcche52drH6CKHB+frfp9OGvclxjJBn19gfx+qY7fE8+RpAs56ELAfHLfYaB9ZuaXmEImXrkvu2tdB7D5fOkfBaCXEf/BfXtX8kfY71wyuOjskvGg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dwDofsI0PAkgDYTQheZedWUPjGprRJqHrsyZYKmJEzM=; b=Zo5SWdz2AMsoMNQbFoVvdmbxYGqUDRWAoeQRT+5HKpudDjYsm0UBTnWOCAdeSYzU+bboabz8Hf7h72ypaWija3CSguvbX2DWQ5QvQ82o8hTJLnr2XsU0gpzog2cPlGtYYcRN/HCzeMyFNTRMraSGWEjYJk1OOA1F4Fr1XnEe47w= Received: from DM6PR01CA0013.prod.exchangelabs.com (2603:10b6:5:296::18) by SN7PR12MB6910.namprd12.prod.outlook.com (2603:10b6:806:262::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.25; Thu, 5 Sep 2024 12:41:44 +0000 Received: from DS3PEPF000099E0.namprd04.prod.outlook.com (2603:10b6:5:296:cafe::4c) by DM6PR01CA0013.outlook.office365.com (2603:10b6:5:296::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.27 via Frontend Transport; Thu, 5 Sep 2024 12:41:44 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C Received: from SATLEXMB03.amd.com (165.204.84.17) by DS3PEPF000099E0.mail.protection.outlook.com (10.167.17.203) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 5 Sep 2024 12:41:44 +0000 Received: from AUSPRSAMPAT.amd.com (10.180.168.240) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 5 Sep 2024 07:41:41 -0500 From: "Pratik R. Sampat" To: CC: , , , , , , , Subject: [PATCH v3 2/9] KVM: selftests: Add a basic SNP smoke test Date: Thu, 5 Sep 2024 07:41:00 -0500 Message-ID: <20240905124107.6954-3-pratikrajesh.sampat@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240905124107.6954-1-pratikrajesh.sampat@amd.com> References: <20240905124107.6954-1-pratikrajesh.sampat@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB03.amd.com (10.181.40.144) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099E0:EE_|SN7PR12MB6910:EE_ X-MS-Office365-Filtering-Correlation-Id: ff69540b-7b72-46f8-5ac1-08dccda81981 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|1800799024|36860700013|376014; X-Microsoft-Antispam-Message-Info: UIeuPrmiLVyOzBq8MqtEiFtpfpqaoOlDsoR40/4WojgX6bthmFrf3Ik6+IZ6bc+KRhaOu2n8RwjxvZhk0IVMQV+Tns5Dao/umQUJIfJ3vVePdDmrdmelVGuh4ogis5Bb3WEqSLn1IP7WKPPQEdwByeZL8+p6NlDVCAcE1sdnzSXeymuvqtNnQtST2h7UBVhOIZQd8gnk1SL6jllEmiHKPp9icR4ac5T53D9EX4gGXcaWBhOFjpV5RUKqRBhgixdbtQgD5gi91OJdKVR0gDWlS3MM+k5QmoCMnxSBa+dklLKb8XT5CXqj5trasgzclL8ETlNBCu6TALwWnqO/aHwko51HmOX4IXrDfaQAHZGzjISv9Hqj+Ss43eCfa6pNVfU5BrdD+IdMlNTSfgQeZOGVt2F2gfyDDm2SCQT4bAbZDtaX68B8dlQiCW7K8J3AgzFoAoqFKuHLUs1DIdiuxetXMDKOdCSeV1AKtNSV8gvxadZUQgUHz5voBEa5ibL7NmBLjGYt9COkTrNaTIHmReEIh+zhU13NvMHH9xBM68zZ7tW5WbvaNiy97qc3rIqfos9vDiHohuCYvjbUrTqnDEHG9Rj/vPl/Cf+rImHOdMo9zGvcwXtQoUauCuTizLmompBUVs6Lk8GJlR4Xso1eSPp5PgcePtx270z5Ztp1c125pKXRUl4U5NJD+b9ETBAvN2FapAvC85O53bZ59LXGVGr0ZYPFLM5F81RXroCDNR4xdL+EFXJ6eF/J1NXrLYCywJJ+RHKuYvSf+pFBvcV08B3nwvyv6Tt8B6ht5LvH1wyPL20f9RlGeCn+Cx4q0l/ixtnZGzgQrEF8nXW9x5P213vEqYjxPwKDAznFZ8pqzLHgGHpBikGXyF11KyZ5tRGz4wjoUAzz13D3H8jlJnrFtDrnVQeJUEA/6qX/Elk0V288anN42baZYhcMA9EhlLyEaHQ26I95fSJxI8NHXCljL+wr2Biyxks+eoHLpIDFm2S5Sbnms8kdz764h4EToEGqvIc1NjTYvMox4oEAtkZrtFKg1F0JnMp2uDqNQkDNe9Me5SAcI5F0p/NaPQWUwVGtc3km2Q1Y3HDAY9QyC5Ua1rGS/o6vqyoQ7Q5Y7n8gpFVYP00cAFeb/bb6kz2KV+oRSxuZpvK+rgRq2akdaZxD5dPzaodrCLGfCInzv/wzpXmg6uVhVfepTP/SDBMCc29gHydDJbrB8vOplnsvpm1B7okPHfh4aVEMKmZCXhYb+vhsZPNHOeARBC8Y/RNhcT/lq/Y9BzTHU2KEifkN8VrBMccYIqnKfhEDzRdPBSD9EqCjA8HZ+EHk7PYeNtbcFwZ0ERnI5zHU3Eg3BNI7HFujvLKdkdfPQA4GeqaYMNW36EdgHLT1vbMLUMzFrpWcxSSDUupukcTQTIs32Q90eO8krG4V8CJrNMWToTJ+PVDXw3QuW7xf7HBvEWeq31cFS9FXtVNX X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(1800799024)(36860700013)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Sep 2024 12:41:44.4937 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ff69540b-7b72-46f8-5ac1-08dccda81981 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099E0.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB6910 Extend sev_smoke_test to also run a minimal SEV-SNP smoke test that initializes and sets up private memory regions required to run a simple SEV-SNP guest. Similar to its SEV-ES smoke test counterpart, this also does not support GHCB and ucall yet and uses the GHCB MSR protocol to trigger an exit of the type KVM_EXIT_SYSTEM_EVENT. Also, decouple policy and type and require functions to provide both such that there is no assumption regarding the type using policy. Signed-off-by: Pratik R. Sampat Tested-by: Peter Gonda Tested-by: Srikanth Aithal --- .../selftests/kvm/include/x86_64/processor.h | 1 + .../selftests/kvm/include/x86_64/sev.h | 54 +++++++- tools/testing/selftests/kvm/lib/kvm_util.c | 8 +- .../selftests/kvm/lib/x86_64/processor.c | 6 +- tools/testing/selftests/kvm/lib/x86_64/sev.c | 116 +++++++++++++++++- .../selftests/kvm/x86_64/sev_smoke_test.c | 67 ++++++++-- 6 files changed, 230 insertions(+), 22 deletions(-) diff --git a/tools/testing/selftests/kvm/include/x86_64/processor.h b/tools/testing/selftests/kvm/include/x86_64/processor.h index e247f99e0473..1dfa2c03b40f 100644 --- a/tools/testing/selftests/kvm/include/x86_64/processor.h +++ b/tools/testing/selftests/kvm/include/x86_64/processor.h @@ -199,6 +199,7 @@ struct kvm_x86_cpu_feature { #define X86_FEATURE_VGIF KVM_X86_CPU_FEATURE(0x8000000A, 0, EDX, 16) #define X86_FEATURE_SEV KVM_X86_CPU_FEATURE(0x8000001F, 0, EAX, 1) #define X86_FEATURE_SEV_ES KVM_X86_CPU_FEATURE(0x8000001F, 0, EAX, 3) +#define X86_FEATURE_SNP KVM_X86_CPU_FEATURE(0x8000001F, 0, EAX, 4) /* * KVM defined paravirt features. diff --git a/tools/testing/selftests/kvm/include/x86_64/sev.h b/tools/testing/selftests/kvm/include/x86_64/sev.h index 3998152cc081..658c3cca208d 100644 --- a/tools/testing/selftests/kvm/include/x86_64/sev.h +++ b/tools/testing/selftests/kvm/include/x86_64/sev.h @@ -22,8 +22,21 @@ enum sev_guest_state { SEV_GUEST_STATE_RUNNING, }; +/* Minimum firmware version required for the SEV-SNP support */ +#define SNP_FW_REQ_VER_MAJOR 1 +#define SNP_FW_REQ_VER_MINOR 51 +#define SNP_POLICY_MINOR_BIT 0 +#define SNP_POLICY_MAJOR_BIT 8 + #define SEV_POLICY_NO_DBG (1UL << 0) #define SEV_POLICY_ES (1UL << 2) +#define SNP_POLICY_SMT (1ULL << 16) +#define SNP_POLICY_RSVD_MBO (1ULL << 17) +#define SNP_POLICY_DBG (1ULL << 19) +#define SNP_POLICY (SNP_POLICY_SMT | SNP_POLICY_RSVD_MBO) + +#define SNP_FW_VER_MAJOR(maj) ((uint8_t)(maj) << SNP_POLICY_MAJOR_BIT) +#define SNP_FW_VER_MINOR(min) ((uint8_t)(min) << SNP_POLICY_MINOR_BIT) #define GHCB_MSR_TERM_REQ 0x100 @@ -32,14 +45,22 @@ int __sev_vm_launch_start(struct kvm_vm *vm, uint32_t policy); int __sev_vm_launch_update(struct kvm_vm *vm, uint32_t policy); int __sev_vm_launch_measure(struct kvm_vm *vm, uint8_t *measurement); int __sev_vm_launch_finish(struct kvm_vm *vm); +int __snp_vm_launch_start(struct kvm_vm *vm, uint64_t policy, uint8_t flags); +int __snp_vm_launch_update(struct kvm_vm *vm, uint8_t page_type); +int __snp_vm_launch_finish(struct kvm_vm *vm, uint16_t flags); void sev_vm_launch(struct kvm_vm *vm, uint32_t policy); void sev_vm_launch_measure(struct kvm_vm *vm, uint8_t *measurement); void sev_vm_launch_finish(struct kvm_vm *vm); +void snp_vm_launch_start(struct kvm_vm *vm, uint64_t policy); +void snp_vm_launch_update(struct kvm_vm *vm); +void snp_vm_launch_finish(struct kvm_vm *vm); + +bool is_kvm_snp_supported(void); struct kvm_vm *vm_sev_create_with_one_vcpu(uint32_t type, void *guest_code, struct kvm_vcpu **cpu); -void vm_sev_launch(struct kvm_vm *vm, uint32_t policy, uint8_t *measurement); +void vm_sev_launch(struct kvm_vm *vm, uint64_t policy, uint8_t *measurement); kvm_static_assert(SEV_RET_SUCCESS == 0); @@ -74,8 +95,18 @@ kvm_static_assert(SEV_RET_SUCCESS == 0); __TEST_ASSERT_VM_VCPU_IOCTL(!ret, #cmd, ret, vm); \ }) +/* Ensure policy is within bounds for SEV, SEV-ES */ +#define ASSERT_SEV_POLICY(type, policy) \ +({ \ + if (type == KVM_X86_SEV_VM || type == KVM_X86_SEV_ES_VM) { \ + TEST_ASSERT(policy < ((uint32_t)~0U), \ + "Policy beyond bounds for SEV"); \ + } \ +}) \ + void sev_vm_init(struct kvm_vm *vm); void sev_es_vm_init(struct kvm_vm *vm); +void snp_vm_init(struct kvm_vm *vm); static inline void sev_register_encrypted_memory(struct kvm_vm *vm, struct userspace_mem_region *region) @@ -99,6 +130,19 @@ static inline int __sev_launch_update_data(struct kvm_vm *vm, vm_paddr_t gpa, return __vm_sev_ioctl(vm, KVM_SEV_LAUNCH_UPDATE_DATA, &update_data); } +static inline int __snp_launch_update_data(struct kvm_vm *vm, vm_paddr_t gpa, + uint64_t hva, uint64_t size, uint8_t type) +{ + struct kvm_sev_snp_launch_update update_data = { + .uaddr = hva, + .gfn_start = gpa >> PAGE_SHIFT, + .len = size, + .type = type, + }; + + return __vm_sev_ioctl(vm, KVM_SEV_SNP_LAUNCH_UPDATE, &update_data); +} + static inline void sev_launch_update_data(struct kvm_vm *vm, vm_paddr_t gpa, uint64_t hva, uint64_t size) { @@ -107,4 +151,12 @@ static inline void sev_launch_update_data(struct kvm_vm *vm, vm_paddr_t gpa, TEST_ASSERT_VM_VCPU_IOCTL(!ret, KVM_SEV_LAUNCH_UPDATE_DATA, ret, vm); } +static inline int snp_launch_update_data(struct kvm_vm *vm, vm_paddr_t gpa, + uint64_t hva, uint64_t size, uint8_t type) +{ + int ret = __snp_launch_update_data(vm, gpa, hva, size, type); + + TEST_ASSERT_VM_VCPU_IOCTL(!ret, KVM_SEV_SNP_LAUNCH_UPDATE, ret, vm); +} + #endif /* SELFTEST_KVM_SEV_H */ diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/selftests/kvm/lib/kvm_util.c index a2b7df5f1d39..bbf90ad224da 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -413,14 +413,18 @@ struct kvm_vm *__vm_create(struct vm_shape shape, uint32_t nr_runnable_vcpus, nr_extra_pages); struct userspace_mem_region *slot0; struct kvm_vm *vm; - int i; + int i, flags = 0; pr_debug("%s: mode='%s' type='%d', pages='%ld'\n", __func__, vm_guest_mode_string(shape.mode), shape.type, nr_pages); vm = ____vm_create(shape); - vm_userspace_mem_region_add(vm, VM_MEM_SRC_ANONYMOUS, 0, 0, nr_pages, 0); + if (shape.type == KVM_X86_SNP_VM) + flags |= KVM_MEM_GUEST_MEMFD; + + vm_userspace_mem_region_add(vm, VM_MEM_SRC_ANONYMOUS, 0, 0, nr_pages, flags); + for (i = 0; i < NR_MEM_REGIONS; i++) vm->memslots[i] = 0; diff --git a/tools/testing/selftests/kvm/lib/x86_64/processor.c b/tools/testing/selftests/kvm/lib/x86_64/processor.c index 974bcd2df6d7..981f3c9fd1cf 100644 --- a/tools/testing/selftests/kvm/lib/x86_64/processor.c +++ b/tools/testing/selftests/kvm/lib/x86_64/processor.c @@ -625,7 +625,8 @@ void kvm_arch_vm_post_create(struct kvm_vm *vm) sync_global_to_guest(vm, host_cpu_is_amd); sync_global_to_guest(vm, is_forced_emulation_enabled); - if (vm->type == KVM_X86_SEV_VM || vm->type == KVM_X86_SEV_ES_VM) { + if (vm->type == KVM_X86_SEV_VM || vm->type == KVM_X86_SEV_ES_VM || + vm->type == KVM_X86_SNP_VM) { struct kvm_sev_init init = { 0 }; vm_sev_ioctl(vm, KVM_SEV_INIT2, &init); @@ -1134,7 +1135,8 @@ void kvm_get_cpu_address_width(unsigned int *pa_bits, unsigned int *va_bits) void kvm_init_vm_address_properties(struct kvm_vm *vm) { - if (vm->type == KVM_X86_SEV_VM || vm->type == KVM_X86_SEV_ES_VM) { + if (vm->type == KVM_X86_SEV_VM || vm->type == KVM_X86_SEV_ES_VM || + vm->type == KVM_X86_SNP_VM) { vm->arch.sev_fd = open_sev_dev_path_or_exit(); vm->arch.c_bit = BIT_ULL(this_cpu_property(X86_PROPERTY_SEV_C_BIT)); vm->gpa_tag_mask = vm->arch.c_bit; diff --git a/tools/testing/selftests/kvm/lib/x86_64/sev.c b/tools/testing/selftests/kvm/lib/x86_64/sev.c index 125a72246e09..ff3824564854 100644 --- a/tools/testing/selftests/kvm/lib/x86_64/sev.c +++ b/tools/testing/selftests/kvm/lib/x86_64/sev.c @@ -14,7 +14,8 @@ * and find the first range, but that's correct because the condition * expression would cause us to quit the loop. */ -static int encrypt_region(struct kvm_vm *vm, struct userspace_mem_region *region) +static int encrypt_region(struct kvm_vm *vm, struct userspace_mem_region *region, + uint8_t page_type) { const struct sparsebit *protected_phy_pages = region->protected_phy_pages; const vm_paddr_t gpa_base = region->region.guest_phys_addr; @@ -25,12 +26,23 @@ static int encrypt_region(struct kvm_vm *vm, struct userspace_mem_region *region if (!sparsebit_any_set(protected_phy_pages)) return 0; - sev_register_encrypted_memory(vm, region); + if (vm->type == KVM_X86_SEV_VM || vm->type == KVM_X86_SEV_ES_VM) + sev_register_encrypted_memory(vm, region); sparsebit_for_each_set_range(protected_phy_pages, i, j) { const uint64_t size = (j - i + 1) * vm->page_size; const uint64_t offset = (i - lowest_page_in_region) * vm->page_size; + if (vm->type == KVM_X86_SNP_VM) { + vm_mem_set_private(vm, gpa_base + offset, size); + ret = __snp_launch_update_data(vm, gpa_base + offset, + (uint64_t)addr_gpa2hva(vm, gpa_base + offset), + size, page_type); + if (ret) + return ret; + continue; + } + ret = __sev_launch_update_data(vm, gpa_base + offset, (uint64_t)addr_gpa2hva(vm, gpa_base + offset), size); @@ -68,6 +80,14 @@ void sev_es_vm_init(struct kvm_vm *vm) } } +void snp_vm_init(struct kvm_vm *vm) +{ + struct kvm_sev_init init = { 0 }; + + assert(vm->type == KVM_X86_SNP_VM); + vm_sev_ioctl(vm, KVM_SEV_INIT2, &init); +} + int __sev_vm_launch_start(struct kvm_vm *vm, uint32_t policy) { struct kvm_sev_launch_start launch_start = { @@ -83,7 +103,7 @@ int __sev_vm_launch_update(struct kvm_vm *vm, uint32_t policy) int ctr; hash_for_each(vm->regions.slot_hash, ctr, region, slot_node) { - int ret = encrypt_region(vm, region); + int ret = encrypt_region(vm, region, 0); if (ret) return ret; @@ -112,6 +132,41 @@ int __sev_vm_launch_finish(struct kvm_vm *vm) return __vm_sev_ioctl(vm, KVM_SEV_LAUNCH_FINISH, NULL); } +int __snp_vm_launch_start(struct kvm_vm *vm, uint64_t policy, uint8_t flags) +{ + struct kvm_sev_snp_launch_start launch_start = { + .policy = policy, + .flags = flags, + }; + + return __vm_sev_ioctl(vm, KVM_SEV_SNP_LAUNCH_START, &launch_start); +} + +int __snp_vm_launch_update(struct kvm_vm *vm, uint8_t page_type) +{ + struct userspace_mem_region *region; + int ctr, ret; + + hash_for_each(vm->regions.slot_hash, ctr, region, slot_node) { + ret = encrypt_region(vm, region, page_type); + if (ret) + return ret; + } + + vm->arch.is_pt_protected = true; + + return 0; +} + +int __snp_vm_launch_finish(struct kvm_vm *vm, uint16_t flags) +{ + struct kvm_sev_snp_launch_finish launch_finish = { + .flags = flags, + }; + + return __vm_sev_ioctl(vm, KVM_SEV_SNP_LAUNCH_FINISH, &launch_finish); +} + void sev_vm_launch(struct kvm_vm *vm, uint32_t policy) { struct kvm_sev_guest_status status; @@ -158,6 +213,45 @@ void sev_vm_launch_finish(struct kvm_vm *vm) TEST_ASSERT_EQ(status.state, SEV_GUEST_STATE_RUNNING); } +void snp_vm_launch_start(struct kvm_vm *vm, uint64_t policy) +{ + int ret = __snp_vm_launch_start(vm, policy, 0); + + TEST_ASSERT_VM_VCPU_IOCTL(!ret, KVM_SEV_SNP_LAUNCH_START, ret, vm); +} + +void snp_vm_launch_update(struct kvm_vm *vm) +{ + int ret = __snp_vm_launch_update(vm, KVM_SEV_SNP_PAGE_TYPE_NORMAL); + + TEST_ASSERT_VM_VCPU_IOCTL(!ret, KVM_SEV_SNP_LAUNCH_UPDATE, ret, vm); +} + +void snp_vm_launch_finish(struct kvm_vm *vm) +{ + int ret = __snp_vm_launch_finish(vm, 0); + + TEST_ASSERT_VM_VCPU_IOCTL(!ret, KVM_SEV_SNP_LAUNCH_FINISH, ret, vm); +} + +bool is_kvm_snp_supported(void) +{ + int sev_fd = open_sev_dev_path_or_exit(); + struct sev_user_data_status sev_status; + + struct sev_issue_cmd arg = { + .cmd = SEV_PLATFORM_STATUS, + .data = (unsigned long)&sev_status, + }; + + kvm_ioctl(sev_fd, SEV_ISSUE_CMD, &arg); + close(sev_fd); + + return sev_status.api_major > SNP_FW_REQ_VER_MAJOR || + (sev_status.api_major == SNP_FW_REQ_VER_MAJOR && + sev_status.api_minor >= SNP_FW_REQ_VER_MINOR); +} + struct kvm_vm *vm_sev_create_with_one_vcpu(uint32_t type, void *guest_code, struct kvm_vcpu **cpu) { @@ -174,8 +268,22 @@ struct kvm_vm *vm_sev_create_with_one_vcpu(uint32_t type, void *guest_code, return vm; } -void vm_sev_launch(struct kvm_vm *vm, uint32_t policy, uint8_t *measurement) +void vm_sev_launch(struct kvm_vm *vm, uint64_t policy, uint8_t *measurement) { + if (vm->type == KVM_X86_SNP_VM) { + vm_enable_cap(vm, KVM_CAP_EXIT_HYPERCALL, (1 << KVM_HC_MAP_GPA_RANGE)); + + snp_vm_launch_start(vm, policy); + + snp_vm_launch_update(vm); + + snp_vm_launch_finish(vm); + + return; + } + + ASSERT_SEV_POLICY(vm->type, policy); + sev_vm_launch(vm, policy); if (!measurement) diff --git a/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c b/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c index 2e9197eb1652..12d466915074 100644 --- a/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c +++ b/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c @@ -16,6 +16,27 @@ #define XFEATURE_MASK_X87_AVX (XFEATURE_MASK_FP | XFEATURE_MASK_SSE | XFEATURE_MASK_YMM) +static bool is_smt_active(void) +{ + FILE *f; + + f = fopen("/sys/devices/system/cpu/smt/active", "r"); + if (!f) + return false; + + return fgetc(f) - '0'; +} + +static void guest_snp_code(void) +{ + GUEST_ASSERT(rdmsr(MSR_AMD64_SEV) & MSR_AMD64_SEV_ENABLED); + GUEST_ASSERT(rdmsr(MSR_AMD64_SEV) & MSR_AMD64_SEV_ES_ENABLED); + GUEST_ASSERT(rdmsr(MSR_AMD64_SEV) & MSR_AMD64_SEV_SNP_ENABLED); + + wrmsr(MSR_AMD64_SEV_ES_GHCB, GHCB_MSR_TERM_REQ); + __asm__ __volatile__("rep; vmmcall"); +} + static void guest_sev_es_code(void) { /* TODO: Check CPUID after GHCB-based hypercall support is added. */ @@ -61,7 +82,7 @@ static void compare_xsave(u8 *from_host, u8 *from_guest) abort(); } -static void test_sync_vmsa(uint32_t policy) +static void test_sync_vmsa(uint32_t type, uint64_t policy) { struct kvm_vcpu *vcpu; struct kvm_vm *vm; @@ -77,7 +98,10 @@ static void test_sync_vmsa(uint32_t policy) .xcrs[0].value = XFEATURE_MASK_X87_AVX, }; - vm = vm_sev_create_with_one_vcpu(KVM_X86_SEV_ES_VM, guest_code_xsave, &vcpu); + TEST_ASSERT(type != KVM_X86_SEV_VM, + "sync_vmsa only supported for SEV-ES and SNP VM types"); + + vm = vm_sev_create_with_one_vcpu(type, guest_code_xsave, &vcpu); gva = vm_vaddr_alloc_shared(vm, PAGE_SIZE, KVM_UTIL_MIN_VADDR, MEM_REGION_TEST_DATA); hva = addr_gva2hva(vm, gva); @@ -99,7 +123,7 @@ static void test_sync_vmsa(uint32_t policy) : "ymm4", "st", "st(1)", "st(2)", "st(3)", "st(4)", "st(5)", "st(6)", "st(7)"); vcpu_xsave_set(vcpu, &xsave); - vm_sev_launch(vm, SEV_POLICY_ES | policy, NULL); + vm_sev_launch(vm, policy, NULL); /* This page is shared, so make it decrypted. */ memset(hva, 0, 4096); @@ -118,14 +142,12 @@ static void test_sync_vmsa(uint32_t policy) kvm_vm_free(vm); } -static void test_sev(void *guest_code, uint64_t policy) +static void test_sev(void *guest_code, uint32_t type, uint64_t policy) { struct kvm_vcpu *vcpu; struct kvm_vm *vm; struct ucall uc; - uint32_t type = policy & SEV_POLICY_ES ? KVM_X86_SEV_ES_VM : KVM_X86_SEV_VM; - vm = vm_sev_create_with_one_vcpu(type, guest_code, &vcpu); /* TODO: Validate the measurement is as expected. */ @@ -134,7 +156,7 @@ static void test_sev(void *guest_code, uint64_t policy) for (;;) { vcpu_run(vcpu); - if (policy & SEV_POLICY_ES) { + if (vm->type == KVM_X86_SEV_ES_VM || vm->type == KVM_X86_SNP_VM) { TEST_ASSERT(vcpu->run->exit_reason == KVM_EXIT_SYSTEM_EVENT, "Wanted SYSTEM_EVENT, got %s", exit_reason_str(vcpu->run->exit_reason)); @@ -194,19 +216,38 @@ int main(int argc, char *argv[]) { TEST_REQUIRE(kvm_cpu_has(X86_FEATURE_SEV)); - test_sev(guest_sev_code, SEV_POLICY_NO_DBG); - test_sev(guest_sev_code, 0); + test_sev(guest_sev_code, KVM_X86_SEV_VM, SEV_POLICY_NO_DBG); + test_sev(guest_sev_code, KVM_X86_SEV_VM, 0); if (kvm_cpu_has(X86_FEATURE_SEV_ES)) { - test_sev(guest_sev_es_code, SEV_POLICY_ES | SEV_POLICY_NO_DBG); - test_sev(guest_sev_es_code, SEV_POLICY_ES); + test_sev(guest_sev_es_code, KVM_X86_SEV_ES_VM, SEV_POLICY_ES | SEV_POLICY_NO_DBG); + test_sev(guest_sev_es_code, KVM_X86_SEV_ES_VM, SEV_POLICY_ES); test_sev_es_shutdown(); if (kvm_has_cap(KVM_CAP_XCRS) && (xgetbv(0) & XFEATURE_MASK_X87_AVX) == XFEATURE_MASK_X87_AVX) { - test_sync_vmsa(0); - test_sync_vmsa(SEV_POLICY_NO_DBG); + test_sync_vmsa(KVM_X86_SEV_ES_VM, SEV_POLICY_ES); + test_sync_vmsa(KVM_X86_SEV_ES_VM, SEV_POLICY_ES | SEV_POLICY_NO_DBG); + } + } + + if (kvm_cpu_has(X86_FEATURE_SNP) && is_kvm_snp_supported()) { + unsigned long snp_policy = SNP_POLICY; + + if (unlikely(!is_smt_active())) + snp_policy &= ~SNP_POLICY_SMT; + + test_sev(guest_snp_code, KVM_X86_SNP_VM, snp_policy); + /* Test minimum firmware level */ + test_sev(guest_snp_code, KVM_X86_SNP_VM, + snp_policy | + SNP_FW_VER_MAJOR(SNP_FW_REQ_VER_MAJOR) | + SNP_FW_VER_MINOR(SNP_FW_REQ_VER_MINOR)); + + if (kvm_has_cap(KVM_CAP_XCRS) && + (xgetbv(0) & XFEATURE_MASK_X87_AVX) == XFEATURE_MASK_X87_AVX) { + test_sync_vmsa(KVM_X86_SNP_VM, snp_policy); } } From patchwork Thu Sep 5 12:41:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Pratik R. Sampat" X-Patchwork-Id: 13792303 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2062.outbound.protection.outlook.com [40.107.212.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2104719B59C; Thu, 5 Sep 2024 12:41:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.212.62 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725540120; cv=fail; b=Qn5NAEK4otZNx4CgxXyXfIdEOD2zDlNStTyW5DXJeiiRXQJvUdLqi5EDoarsm8ycFVBtidZr0U8qof/ifN9b8J4W+fwusT1rVbpYWNtiuiCykjcIydKdy6HMaIqAxMiiJnpzRPK7HVowJ0HLdCdYjlO05F7NiXpyAajc63dh/DQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725540120; c=relaxed/simple; bh=yZKlmJaLI71CfqWBzsJmh6YxT5C23b9q6NrbHu3OCxY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=bQtycPhGyt+JE18ST6CJ2qo2zxbeWGh3I+CR5/SA21uaDw9ymJ6OHemKld1VJqC9JY6lptAy6FjorE4fr5c3ATZrNcm3hH1ynxjaGBkLvk2alLzDz7PNDmCxEv4eN1o2pZJbQGR8eJA+mZCIlxYJU3TQZDwEvm30iK6MGzxMb5Q= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=YUdVJu8q; arc=fail smtp.client-ip=40.107.212.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="YUdVJu8q" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=p7gFIJBELUiMnFRnuc0z4uYIQOVoLAMUj4nhngHVVRyLWvsVjDPiLHxz0Hr5jhF6LGV3i5Qr14UsA9Gm+CmG0s7iZuvCj6jbpjiT3o2id1crNeF5MidTC8gOpw22zatQUOAGpUOx/wbMoqHw3diamWOJRhEURveOhtx00I+bqNURgOGXl92K4jd2JoAhdrzCq8r+mR0Z1k3RGqsw4F010zrd2R0m/RSA/ex+eMBSfxjHQxU1CpUWMbheII2zOB7DsEqjsL2P+I54bTujbXcSF2X5AiOXb0NXR4ZIh0eyUALbkAWdu5eXV0KMSP2PkeoS/s6STIYZiut2ESuY6DNL/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=m07Gc3GLSrqef5vkXDOpGgEiMpBzWIWFDwl7MHw7kEs=; b=yerG0q5wMYfnbkONGlgCVhrLDY4oRO0DOUtHq8sUrSpwMSQHm2kh0scadqZfXB/gUCla3rZDxLIJtJJbpupa8Mh5oA5VV+8kRU4qGd84FeYbjtUtHd7APbMvuBYQCgi4QGBhua8ntrh2Vr0Hnp6YVcYtLH1YbhHTyaZINqFgEmMjX+ZShesx7k+XQo7UIH+3TmrWmEwtzsqNJw2r1Mv6CQlCqoBXKYi3RMa0fxE7i4tx4hU32ucSLINz/gZTrzmijKC3OtY2gHc3tU1K3YiHgcD3nHbkOM90TwJp49XaTvU2d8hm/nWcpMWZTtHN58Mw/p/VehHzH9Rm28yaDrTBCw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=m07Gc3GLSrqef5vkXDOpGgEiMpBzWIWFDwl7MHw7kEs=; b=YUdVJu8qfA7+mL6Ajr/zJnen4QWrwBxi2IGqJzHb4AFBLThu88GShK6XS2p1mNxeunMZ9w9p3ABABae5HPbE9vIZedfjWbmpoJBjUdONNLigefmrxoCQjSf9vmHe39ojP3oszYQ9BbJ9RWQmZY/1kHjrAy5k6wh/hEavVU146f0= Received: from CH0PR03CA0115.namprd03.prod.outlook.com (2603:10b6:610:cd::30) by DM4PR12MB5913.namprd12.prod.outlook.com (2603:10b6:8:66::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.25; Thu, 5 Sep 2024 12:41:55 +0000 Received: from DS3PEPF000099DB.namprd04.prod.outlook.com (2603:10b6:610:cd:cafe::19) by CH0PR03CA0115.outlook.office365.com (2603:10b6:610:cd::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.16 via Frontend Transport; Thu, 5 Sep 2024 12:41:55 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C Received: from SATLEXMB03.amd.com (165.204.84.17) by DS3PEPF000099DB.mail.protection.outlook.com (10.167.17.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 5 Sep 2024 12:41:55 +0000 Received: from AUSPRSAMPAT.amd.com (10.180.168.240) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 5 Sep 2024 07:41:54 -0500 From: "Pratik R. Sampat" To: CC: , , , , , , , Subject: [PATCH v3 3/9] KVM: selftests: Add SNP to shutdown testing Date: Thu, 5 Sep 2024 07:41:01 -0500 Message-ID: <20240905124107.6954-4-pratikrajesh.sampat@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240905124107.6954-1-pratikrajesh.sampat@amd.com> References: <20240905124107.6954-1-pratikrajesh.sampat@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB03.amd.com (10.181.40.144) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DB:EE_|DM4PR12MB5913:EE_ X-MS-Office365-Filtering-Correlation-Id: c1e9f80d-de86-4567-cd86-08dccda82022 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|36860700013|376014|82310400026; X-Microsoft-Antispam-Message-Info: pnR4tadJdIN7DGM+NFe/OxgiGRfG51hSwqANZTyO6RtiYXGjZYqEMVlGLhAN8LvNqgtxxdpYjamfCmQgtiH85Or8oPPVEG0G0Efc+it2U6Dc17ZnVdhMSKy+WoceH6lMgNurbM5YY+b/aH0jsOkd+adATYI7yha4RgkxR6HySlpcbv4OUDXKIQep6JqlIFP9wBU64SJ5yZuHtzUsizp5tEy4pQvLbVZdF0HQW9+QU6umlnOSvmhbe/n3l08AvkggtGCiUDx9HWRYqxUGxxRqLB1lkf0OpaElpGAC30VktXJAbHmnwFjbl0JRDjaeVhn9IAmN7+c6lE9CrIU9K2xhoJNRmnlWEc4V4EVqvHz6TAgNsJlO1RdefGHRMvM03qZgwOfuJq6lzKfHQWRkQHtpIBoIUxwa4sqYm0HHhp1OtEaEr7UbiDdHbW8cGp6FMmlt66YPZrntyd4wbk4DSYEGUDz0QOSCxANWQNYRqReBsZ/2toT+Gv08TFyc/4kdj60RCzLZu6k+lrjYBeEmITPGnkj8Rpp8PQv/Jbdpy+ugXQMf6Lt5DxwKldfSq9Idhe2inwYwQ0BWuULzIRBj/eaUxS+OdTYuCeOLEGKvoUS/TdNuNaCohqDSLMi1bMvz3EsFEygdoAD+r6SODLUL8x+kOSNZeMM4j+qbpl05VmZc/ohWmKkNURerEZKkW/en5RQvCsEd/L0QX6Dls/IQv2l4XRjP+ZR+JNDWjUv1nLZ7hnzfwIFT8W2dPiOK7g9a3Y/0EoTtUwmRUsFOiBA1IKsLYExGpgobiAg3Vrlwe18qGhcf7d5Z/I7Qq2Tax1TVHUR32ghPo2NiE4xybbZvqwk7cb/nXSY05bvFebir7g6wErxFYtVQok2CMml2ReIfDVv4HJnATzd0J2X5UwtWY7KDtFOHen7hWWSPcTAHd5VMtk3ZyWj4xkGBMrECH/QXHQa64jZQr3hwJ1fT0qIETlY2l9ynWAU5J0dmJxINR2FW//fmXSjwIekkI9LZweecxnMEmZ+jFHvEyZHAHGL/8N8Xv5YhH8XvRqdQqemmnMCysmymovxHGqFg/vnHlITdORdeoS8Nq9eQ8xM7fsrorB+kMvEgYXP/21h+ABixJQ4KY1XHPdfwIaH8/ga1IFjNwFlX1yCYgPVq5/k2rhuHZ1asI6KB6YzGnFqpOpcsgGIqcdfh+bV42zO51Y8OIxvb0uJCXr0RcNN6wl+05Uo2W5ylXjWH3uG5IvDlUrCLb5G2ecerEj9t4kQQLQLNJyhR7CqfOUs+B3kXuElRcDXkAXRQ/yyBXBOvlEzsdWp+ZIvaQgxbqmdnWhpQ7JdrpV5pqexcipaN53gPdDJh3sAQimzhvFvr7bqN8/kKwFXbr+055BqvBAjmolVgr4ggtwcGGzVGCyyZ6Uslw30H3uZ+vA+/pmdW8CvJh9ZO3x2uiBCdocdlV3PLPkJlVFMJgxHFKWQb X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(36860700013)(376014)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Sep 2024 12:41:55.6025 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c1e9f80d-de86-4567-cd86-08dccda82022 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DB.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5913 Parameterize the shutdown test to include the SEV-SNP VM type Signed-off-by: Pratik R. Sampat Tested-by: Peter Gonda Tested-by: Srikanth Aithal --- tools/testing/selftests/kvm/x86_64/sev_smoke_test.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c b/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c index 12d466915074..8e798f5a2a53 100644 --- a/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c +++ b/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c @@ -193,16 +193,14 @@ static void guest_shutdown_code(void) __asm__ __volatile__("ud2"); } -static void test_sev_es_shutdown(void) +static void test_sev_shutdown(uint32_t type, uint64_t policy) { struct kvm_vcpu *vcpu; struct kvm_vm *vm; - uint32_t type = KVM_X86_SEV_ES_VM; - vm = vm_sev_create_with_one_vcpu(type, guest_shutdown_code, &vcpu); - vm_sev_launch(vm, SEV_POLICY_ES, NULL); + vm_sev_launch(vm, policy, NULL); vcpu_run(vcpu); TEST_ASSERT(vcpu->run->exit_reason == KVM_EXIT_SHUTDOWN, @@ -223,7 +221,7 @@ int main(int argc, char *argv[]) test_sev(guest_sev_es_code, KVM_X86_SEV_ES_VM, SEV_POLICY_ES | SEV_POLICY_NO_DBG); test_sev(guest_sev_es_code, KVM_X86_SEV_ES_VM, SEV_POLICY_ES); - test_sev_es_shutdown(); + test_sev_shutdown(KVM_X86_SEV_ES_VM, SEV_POLICY_ES); if (kvm_has_cap(KVM_CAP_XCRS) && (xgetbv(0) & XFEATURE_MASK_X87_AVX) == XFEATURE_MASK_X87_AVX) { @@ -245,6 +243,8 @@ int main(int argc, char *argv[]) SNP_FW_VER_MAJOR(SNP_FW_REQ_VER_MAJOR) | SNP_FW_VER_MINOR(SNP_FW_REQ_VER_MINOR)); + test_sev_shutdown(KVM_X86_SNP_VM, snp_policy); + if (kvm_has_cap(KVM_CAP_XCRS) && (xgetbv(0) & XFEATURE_MASK_X87_AVX) == XFEATURE_MASK_X87_AVX) { test_sync_vmsa(KVM_X86_SNP_VM, snp_policy); From patchwork Thu Sep 5 12:41:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Pratik R. Sampat" X-Patchwork-Id: 13792304 Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam04on2082.outbound.protection.outlook.com [40.107.101.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D9A8C1A01D3; Thu, 5 Sep 2024 12:42:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.101.82 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725540133; cv=fail; b=iyH1BrU90dAUmmG8D7KVYo+hhNWW+tmiREiW7DPEQFbq1nIn1Us2rqGUFTzmBXLXqzlKXQ46TMJCz6XliMYWyLaaTUQgMl/tr8IEOJXRB7SMSy1w4IXcgJjNCF5/f+lzhs1mlilJN9OsruychJGqpEWLP+9SVzILb16bpuCcxD8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725540133; c=relaxed/simple; bh=srOAcy/Fn9v5xu4u/RA3DjG1mfNTFVpTISMEILJuc4U=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=B3WURbXheiFDunDn6wNUgVd6uVna7Ho8bIF8nrlNJDS1Lpk8wzzECfCkkruGQO5NNGy09o2t5xFb5XItO4mhHHZFCCQIOke4OT6e7/ttuXE4jUsx/yyHa5lqYS81OGGUaSB48upsOxVtEUIVizbdxLgtfT64pA6oBXKgo93mXS4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Wg/g1OTN; arc=fail smtp.client-ip=40.107.101.82 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Wg/g1OTN" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ifBK+LACMQsJhr1m1sadP0PB/O3fZRYyFtgWrGNAessxUA1/EgJlgw4gMd8h1W/Js+7pTfAkZqhGE+YqUnHl3XabbiacUkd2VWhgyKPGM1pmnBsI90+rl2hB+eNJk1Izt9n9t+H45f9KGGe/VI+BAj2t2mazEb3ILEASeOpzXLTkzMIrLGi68nErNLpXHi75z/Vt9c56rCSf7f+R9+mrAHQLvhLjkbovJ48d/wEqW2Pv7MjLzpXhsRO9Etm6YkU91HSIoOkhSMC//DYyXay4BeHJURZgqxSiSlRVAA0SwoFs2hfBX4TA73BCW1+8XGo9LAAnTvTMf70G0ZtbIqqD5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=cI1XELw5Rf5M5zqREfMHQ6JMcc9KN9dkEpbr/aO2VHI=; b=P21fBiKT0KGEqrYOEVCmWIyVks9DFq1ZHqMkPu1XkMe2Ox1tI4rb5fdLjKg4H1hmBaKgK+ceWjpS9KuBB8SHAWbPT6M1kRrNZ/0Hnf1aJ7rzuR+GeHY8/1SNmIsHWkTAsK9WOAWGEKayg08ETCT16yfMlXjp+hD8lDZWN08P+qB0ZQjwQdJZR0lgcWIzgfWnWS+00Gy/f/vzRKEMuSO8vwKSaMiGiBIc+SCsEvTptLDdEBtmc00FbxWaARzfda+MJZelezFt/rqKU9hrGqW/6dEFU2lajKKgDUdfQ7nH8aBOLPKOfu8Q/AuTsYQXVm7gjeLYwXws1qU9V3I6Gb4+Wg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cI1XELw5Rf5M5zqREfMHQ6JMcc9KN9dkEpbr/aO2VHI=; b=Wg/g1OTNnQn9szkffyroXgvhcoN90MoCQdHRQiF3i4/shZ7VKUhF4W2/+4OGGfmy/48o4eqKSRBTr0/KMHn4FtRcp9+qlaPOmrKHgn21eOs76J0jPezouABN3ofAAly0cwnvynutRUG23vg1BIkahuWi5udTWRB7UC2xWHomjr4= Received: from BY3PR05CA0007.namprd05.prod.outlook.com (2603:10b6:a03:254::12) by PH8PR12MB7423.namprd12.prod.outlook.com (2603:10b6:510:229::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.25; Thu, 5 Sep 2024 12:42:07 +0000 Received: from CO1PEPF000042AD.namprd03.prod.outlook.com (2603:10b6:a03:254:cafe::22) by BY3PR05CA0007.outlook.office365.com (2603:10b6:a03:254::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.14 via Frontend Transport; Thu, 5 Sep 2024 12:42:07 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C Received: from SATLEXMB03.amd.com (165.204.84.17) by CO1PEPF000042AD.mail.protection.outlook.com (10.167.243.42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 5 Sep 2024 12:42:07 +0000 Received: from AUSPRSAMPAT.amd.com (10.180.168.240) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 5 Sep 2024 07:42:05 -0500 From: "Pratik R. Sampat" To: CC: , , , , , , , Subject: [PATCH v3 4/9] KVM: selftests: SEV IOCTL test Date: Thu, 5 Sep 2024 07:41:02 -0500 Message-ID: <20240905124107.6954-5-pratikrajesh.sampat@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240905124107.6954-1-pratikrajesh.sampat@amd.com> References: <20240905124107.6954-1-pratikrajesh.sampat@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB03.amd.com (10.181.40.144) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF000042AD:EE_|PH8PR12MB7423:EE_ X-MS-Office365-Filtering-Correlation-Id: acd33b14-c9f4-49f9-603f-08dccda8272d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|82310400026|36860700013|1800799024; X-Microsoft-Antispam-Message-Info: bQEJzZ4Ss8SXavonFJHyrWeOfyEhNJ6bLOX3VJMcJBBt45yG1pMnoxtFpJqUL0g67vQYIdXPLfvxNtYAXdlwQ/IIy0OkI3KFHVFcGCoHTQnh9MwMrYR0rAcQq6s9H/MrThS8UU3OP1n83JhsxOXA8I1nfFm/+ixe+9Haeo6x4oRO9kw7UYi8l0Dg4S3zHiKvLmBzmJM1DzMhOMTSm3oh0rfN0QuOJbeNd9KSyapoVPm7/0H7wmgAJePyNi/GhWh59QbYouHnmLArmAaJiJOPsQYQxSj1XpvQkrLC/rB0kVCYM77Fc9+meTd6mssdT/I+xcbEDNPBNmPs3RNL6u18KPPu+Dpv96onE7Y7i4FMHeA+CghXqLM+KAwQWZP3bZ2idY093x7E7WvbnbeH2KxFKZLCbcJuCcobVBqmQ4zBiA/VrdRxrIvZqWQGwvcVJew12DsswMSkWk96+T6CHxz55lSZHP56sg11KCFsnWjyyIH8hdBEwTpAWt82Da2q9iie3HbWuBslkP3LHinEaIdtuzJxqNsNI2f2hMjISgY4FJabyhrH5W3z7S1sJ21NN8SJwgSt2QIgAqNCIUbCp/ZaNhV/ikOCvhxWHV1Uf5gu/GfHrkhQjkXUrrXe2OHKmpzVBDfH9jDdTxsWs8vDlX3u24YpvN8g3GDe4hONSB4dDepD+GVipieph4QBleDmlIOj+656UgpP+2RJVaABLe1PAYJJN+ADWBn7U8Qmot1RivD2qDiydnriRL+fJoFwZn7EvSqpg95LyzvnDgrU0pWO+rOJIG7h0rxbdN/Vp309xPlVKuap0cKEQKr7Onn2KzVl91t4FXCpestyAnAXznswiS3txcC38qXCcmVPYq67hND8DtfYiLo/GaJXeMhRRxqZ5Q9OoDklnS4W1YKMWEQiT8ycu3i3+L/UVaOZgzRQY+V8n8vAYvvm9iuHukMKUaUokRj3EVxpB3ayr7D8CtsND1dDoJ2pHn9KhswQFvQUphPwvJvX5LxyPAlcU5cEjABfDXx8i4oa/Y/5ZGkhlRYpfWyw2vFdRpDPbbViAS04F3eSyPSMKvRaZco0oCApEdUHoOLI/TH20fFVMlBljq3jGdl/W4Exzk+ZWwFXzQf1HI+Hcvca8BdQAbQW5+XfFn3q0c5r+xZL9/tG17eu1xP/WVJMy7/T4L72S3YjWf2pqRjLBgNjc16LkABUFkv9nRSOs+ZrD/bsWjh4pDXJrUb0BKyte+1UFPTAinATsa/s9pUBQ9JrXYNblUA6CBs4gg61/W0OX0zwnB3xtqUouo0cUw9ILqADDC8LyXM5DGf/ea+O1T4khR3rkmA+6LoESaPNP6ydaIKCD7hW0oxV5wnYoOX24QEkqOrgZUCqYEW4LmdiQM1z5qhSN3zNaLy1FreGhT/HnPuk/nP+RTU1qrbm7JVo9bYI/DCisHd/oRP7c74m8plTe9ZOV5j3rY2VLdVE X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(82310400026)(36860700013)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Sep 2024 12:42:07.3690 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: acd33b14-c9f4-49f9-603f-08dccda8272d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000042AD.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR12MB7423 Introduce tests for sev and sev-es ioctl that exercises the boot path of launch, update and finish on an invalid policy. Signed-off-by: Pratik R. Sampat Tested-by: Peter Gonda Tested-by: Srikanth Aithal --- .../selftests/kvm/x86_64/sev_smoke_test.c | 84 +++++++++++++++++++ 1 file changed, 84 insertions(+) diff --git a/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c b/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c index 8e798f5a2a53..5fa4ee27609b 100644 --- a/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c +++ b/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c @@ -142,12 +142,96 @@ static void test_sync_vmsa(uint32_t type, uint64_t policy) kvm_vm_free(vm); } +static void sev_guest_neg_status_assert(struct kvm_vm *vm, uint32_t type) +{ + struct kvm_sev_guest_status status; + int ret; + + ret = __vm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &status); + TEST_ASSERT(ret, "KVM_SEV_GUEST_STATUS should fail, invalid VM Type."); +} + +static void vm_sev_es_launch_neg(struct kvm_vm *vm, uint32_t type, uint64_t policy) +{ + int ret; + + /* Launch start with policy SEV_POLICY_NO_DBG (0x0) */ + ret = __sev_vm_launch_start(vm, 0); + TEST_ASSERT(ret, + "KVM_SEV_LAUNCH_START should fail due to type (%d) - policy(0x0) mismatch", + type); + + ret = __sev_vm_launch_update(vm, policy); + TEST_ASSERT(ret, + "KVM_SEV_LAUNCH_UPDATE should fail due to LAUNCH_START. type: %d policy: 0x%lx", + type, policy); + sev_guest_neg_status_assert(vm, type); + + ret = __sev_vm_launch_measure(vm, alloca(256)); + TEST_ASSERT(ret, + "KVM_SEV_LAUNCH_UPDATE should fail due to LAUNCH_START. type: %d policy: 0x%lx", + type, policy); + sev_guest_neg_status_assert(vm, type); + + ret = __sev_vm_launch_finish(vm); + TEST_ASSERT(ret, + "KVM_SEV_LAUNCH_UPDATE should fail due to LAUNCH_START. type: %d policy: 0x%lx", + type, policy); + sev_guest_neg_status_assert(vm, type); +} + +/* + * Test for SEV ioctl launch path + * VMs of the type SEV and SEV-ES are created, however they are launched with + * an empty policy to observe the effect on the control flow of launching a VM. + * + * SEV - Expected to pass through the path of launch start, update, measure, + * and finish. vcpu_run expected to fail with error KVM_EXIT_IO. + * + * SEV-ES - Expected to fail the launch start as vm created with type + * KVM_X86_DEFAULT_VM but policy passed to launch start is KVM_X86_SEV_ES_VM. + * Post this, calls that pass the correct policy to update, measure, and finish + * are also expected to fail cascading. + */ +static void test_sev_launch(void *guest_code, uint32_t type, uint64_t policy) +{ + struct kvm_vcpu *vcpu; + int exp_exit_reason; + struct kvm_vm *vm; + struct ucall uc; + + vm = vm_sev_create_with_one_vcpu(type, guest_code, &vcpu); + + if (type == KVM_X86_SEV_VM) { + sev_vm_launch(vm, 0); + sev_vm_launch_measure(vm, alloca(256)); + sev_vm_launch_finish(vm); + } else { + vm_sev_es_launch_neg(vm, type, policy); + } + + vcpu_run(vcpu); + get_ucall(vcpu, &uc); + if (type == KVM_X86_SEV_VM) + exp_exit_reason = KVM_EXIT_IO; + else + exp_exit_reason = KVM_EXIT_FAIL_ENTRY; + + TEST_ASSERT(vcpu->run->exit_reason == exp_exit_reason, + "vcpu_run failed exit expected: %d, got: %d", + exp_exit_reason, vcpu->run->exit_reason); + + kvm_vm_free(vm); +} + static void test_sev(void *guest_code, uint32_t type, uint64_t policy) { struct kvm_vcpu *vcpu; struct kvm_vm *vm; struct ucall uc; + test_sev_launch(guest_code, type, policy); + vm = vm_sev_create_with_one_vcpu(type, guest_code, &vcpu); /* TODO: Validate the measurement is as expected. */ From patchwork Thu Sep 5 12:41:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Pratik R. Sampat" X-Patchwork-Id: 13792305 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2041.outbound.protection.outlook.com [40.107.92.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6A38519CC35; Thu, 5 Sep 2024 12:42:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.41 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725540145; cv=fail; b=jsGZbhTXN596RnJ4RZe/BbE3REUCCJsMxrHEHPLBAAmRnn3Gwu+KB+O/AwpTrvqiJTQzkr43EZcggRWnainVC6NkOR7NabVOIJ1+aZG7Bkr/kPGiiRDpr16k5BfqeLSGJMNXQFOSzjH9S4Zb4eIqHS7y42pkkDjnyUZ47OsJNFI= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725540145; c=relaxed/simple; bh=kj3rUdPlhXVSrtV4FHdsguqKCFisoovbXDZcGscdRU8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=U2UEkJHUprX+G6Dpr/mkV+6gsCVST+w7IuLDz5WhEHpAuXHmoWObv/5rFplLtZ1pbQ/LqUe/SSzH921Q+UgeTEkbcAUGagGUzWPuKp8JbeoYE/NnWSqV4Dv7dEaPSL6XFbmH6C460g9EJBa8qK9/DNzv4QDA9KO+tKrnYngtRkk= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=d5mgCwpC; arc=fail smtp.client-ip=40.107.92.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="d5mgCwpC" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=PNIBOCIyDWVIe7AAU1T8m89pT3HW3iVQ9kbFuww16KQ7AFX0V3UYyKadzhssi1TAMRdZg1bFV1VE/s2Z3mCqm2HSS+8CMyPnyyq/zl6vJwyGgb+uimDY4kqlHn9Vz8W9RAvSJEwxqiqhJIHSUbQa1TgHx9hLWdsktBQF66A1UYaF3naez38SQdh1c/aZ/ctJwWGdqVAgcFZceQDSjLMamQtYu3MAR2Yhoqf3yaSjNN1zZq8MTnmmDRMSNU6niHU6ouOc72yyufX1R7FySnFOVUk9L27S0jgH98t8F650HiqV+Bn9da5hs95o855Z9N3gPmzv8+jP6eExkclThaxZPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FqAZxxX/m8PMVrfiNDL2O56Y29MBfQlaq7YFFW52KcU=; b=JEYdiYNIJ4Xh3fIBl+XhkhIAQnuDW3a5oRJSJd3UsRjVptRV60jbnanfEEa4bQ/fB8tN0QbCtfLnEyLPiWFRo5FBUmfytADmPS+WRFWE/Ol+OEsT882v+COoB28cCO2Zm4lYLeDI+sGaPwQ4OLSWtKwv4HKSFnqbmaNoxUhgt5wxZwUJuSsRAgtWEx7vNvD0MWhrDkw8N8v1xLfdg5Zg4oasURfNUKt5/SJhgIu5ZBa9UYtVHMHs8slQGYx9UxrKSfb3EkkbsuA5iZJe8lXhtrPBk+uQXF5Jy/EUmdA3hGlPr6vo60fLK+m/NQwf1rYScj7dBTYILR0zbyY6CqGfUQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FqAZxxX/m8PMVrfiNDL2O56Y29MBfQlaq7YFFW52KcU=; b=d5mgCwpC33fbHR1VWA2hapWMovE+HrX90y6FOqTyqPtAdTUhQr4xQuN7nR7LigPKPXVuRtQXXzSZ8Ja4x/I1AfOmttpqN+7g5D+pYkioAmKHiTyjZy923N90X98hpda7F6y1Cff5nl+FfjF5ksn8nqXxcerRMr2KsyW9qP0IuZk= Received: from BYAPR03CA0021.namprd03.prod.outlook.com (2603:10b6:a02:a8::34) by SA1PR12MB7342.namprd12.prod.outlook.com (2603:10b6:806:2b3::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.25; Thu, 5 Sep 2024 12:42:19 +0000 Received: from CO1PEPF000042A7.namprd03.prod.outlook.com (2603:10b6:a02:a8:cafe::1c) by BYAPR03CA0021.outlook.office365.com (2603:10b6:a02:a8::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.14 via Frontend Transport; Thu, 5 Sep 2024 12:42:19 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C Received: from SATLEXMB03.amd.com (165.204.84.17) by CO1PEPF000042A7.mail.protection.outlook.com (10.167.243.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 5 Sep 2024 12:42:18 +0000 Received: from AUSPRSAMPAT.amd.com (10.180.168.240) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 5 Sep 2024 07:42:17 -0500 From: "Pratik R. Sampat" To: CC: , , , , , , , Subject: [PATCH v3 5/9] KVM: selftests: SNP IOCTL test Date: Thu, 5 Sep 2024 07:41:03 -0500 Message-ID: <20240905124107.6954-6-pratikrajesh.sampat@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240905124107.6954-1-pratikrajesh.sampat@amd.com> References: <20240905124107.6954-1-pratikrajesh.sampat@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB03.amd.com (10.181.40.144) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF000042A7:EE_|SA1PR12MB7342:EE_ X-MS-Office365-Filtering-Correlation-Id: 34e22a20-0b50-4bc2-a35a-08dccda82e0c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|1800799024|36860700013|376014; X-Microsoft-Antispam-Message-Info: Qbho2PkvUd+4mIR21zJaVn+pw2k0lVd09Vfl0iUBzZErwS5zMc7mtxJgCzdPnivdA6HW4Tm8IwG8/dGH+Dz8PozZm3VBtmx78WK+WO7tdApDAEmbwFnT4AXJNLKdl/az3dn3gCdwEwcY5V6KWEWPJLpJ25fCUv+1NOolhkfpY5aX/Fcm+gYO5olCxHvK/DJcMKIOiCX9mp5Q5fW4X93/9LnAAj/22DaGyK1ugebQjeb9FrhNaLZe4er9jtMDSO2TQ5CbJU6GtfmNu3md9vLyTYNc8/L9PVX2hdeXB8jhseyNAXcne0w+8/vYgYbZGG9LwBqHrx25eg2d8iFMbJgZwrsAcea9u0AWngTAdGgW2t1qD+tUJb7jAlwsd27Q2D2ZRbx4D7mwjpJUpR34SV2Xn4vK3n32N3fdptrUOs9htRIJcppiNR/l6AkDmArsPRbNn+2eNxBeZKZePMHtjfASxAUzghpFpPFwF/03SbUSjnFeFYs5XbxoUcCVZ+t0NNFEAe2d8fh10cM8idHbB0d5tNrSfaiAVqYsPNsamV5/qjrN3HMR2iUpfiEw7FbtCEwJSnWKu68hC08SZs5ixiQOyEDRux7ia4EGNo/Z+TCIJ/0fVCqze5kO7VAC+uQTAQ4k0rYKfxirSjMstx+dg8ctZIhpcZTqXoz0f/XxO8GMei7v3ibkQycl1zL79aLYvrnglKinmR2erXgafiDrlIhvzfWOMHtkLiJamrxsvOKQ418mgX89eGnh0tLTUbnJ3XeKkkm0BachhWdioydqDPhG5l8ted4/56dgbhZjH/siTYaiHbwUwyarhYb2UXVpzd49uR08uUlBQKs0HevLpVDZoVBNOIByTsf6Lcxqd/O9tjP64ygEGvrJnhY8g+J3s3150QS/FYmlputXzDHnpD0RdzXObqCC47OS2c0cwBEZzrRTDPl3YOTJ4tMD78A22Wy9Za7RW8b41R2MbIIbZt9p/Ny6Kh/RQABbK3IIxESbSQNNinhb+NWfm/jeSBhXJ4Xt/qw2yZ+sLyDmqUbFM3N00UqPsaNkh9X9NemyvEzyKgskhMaeE9WqpRXfL8gtmXwtj0aC5AucbGTMlVV+Pzd4LfXAWzTtu+yKL98UtE83wqIndx8WyNZciRcwg4mW3bxrcV6RnAUgbz3DoJSLSrvD2nOTVacJF5DeDO4kXmwwSX/J8rLKq0N60MhZjHLR/IJZ2nVsTJWrb1ABheAh2AHOen15awtihcs/Rydm2EP4/IiazR90GpjSivFHk/+zbYyY0lqmW/n2GQP9ArGjrihSgZkTJq+eexnxtLoP9NkE4q0C/1JUE72utWWTUjEIJ4F5XnD1DUfCkz3+y4Y/+Oc7xhslpmo8X+v9TkY4N3cXByj35smeubNk+8p7BHFjNDUNNOm9D9a32ViF5LpqxKqwAd2qakEBiZ2Bc5nPy/YRpbEXTiSBhVFcFDuh+a80Kkas X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(1800799024)(36860700013)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Sep 2024 12:42:18.8829 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 34e22a20-0b50-4bc2-a35a-08dccda82e0c X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000042A7.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB7342 Introduce testing of SNP ioctl calls. Tests attributes such as flags, page types, and policies in various combinations along the SNP launch path. Signed-off-by: Pratik R. Sampat Tested-by: Peter Gonda Tested-by: Srikanth Aithal --- .../testing/selftests/kvm/include/kvm_util.h | 11 ++ .../selftests/kvm/x86_64/sev_smoke_test.c | 140 +++++++++++++++++- 2 files changed, 150 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/kvm/include/kvm_util.h b/tools/testing/selftests/kvm/include/kvm_util.h index bc7c242480d6..ab213708b551 100644 --- a/tools/testing/selftests/kvm/include/kvm_util.h +++ b/tools/testing/selftests/kvm/include/kvm_util.h @@ -912,6 +912,17 @@ static inline struct kvm_vm *vm_create(uint32_t nr_runnable_vcpus) return __vm_create(VM_SHAPE_DEFAULT, nr_runnable_vcpus, 0); } +static inline struct kvm_vm *vm_create_type(unsigned long type, + uint32_t nr_runnable_vcpus) +{ + const struct vm_shape shape = { + .mode = VM_MODE_DEFAULT, + .type = type, + }; + + return __vm_create(shape, nr_runnable_vcpus, 0); +} + struct kvm_vm *__vm_create_with_vcpus(struct vm_shape shape, uint32_t nr_vcpus, uint64_t extra_mem_pages, void *guest_code, struct kvm_vcpu *vcpus[]); diff --git a/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c b/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c index 5fa4ee27609b..9a7efbe214ce 100644 --- a/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c +++ b/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c @@ -224,13 +224,151 @@ static void test_sev_launch(void *guest_code, uint32_t type, uint64_t policy) kvm_vm_free(vm); } +static int __test_snp_launch_start(uint32_t type, uint64_t policy, + uint8_t flags, bool assert) +{ + struct kvm_vm *vm; + int ret = 0; + + vm = vm_create_type(type, 1); + ret = __snp_vm_launch_start(vm, policy, flags); + if (assert) + TEST_ASSERT_VM_VCPU_IOCTL(!ret, KVM_SEV_SNP_LAUNCH_START, ret, vm); + kvm_vm_free(vm); + + return ret; +} + +static void test_snp_launch_start(uint32_t type, uint64_t policy) +{ + uint8_t i; + int ret; + + /* Flags must be zero for success */ + __test_snp_launch_start(type, policy, 0, true); + + for (i = 1; i < 8; i++) { + ret = __test_snp_launch_start(type, policy, BIT(i), false); + TEST_ASSERT(ret && errno == EINVAL, + "KVM_SEV_SNP_LAUNCH_START should fail, invalid flag\n" + "(type: %d policy: 0x%lx, flag: 0x%lx)", + type, policy, BIT(i)); + } + + ret = __test_snp_launch_start(type, SNP_POLICY_SMT, 0, false); + TEST_ASSERT(ret && errno == EINVAL, + "KVM_SEV_SNP_LAUNCH_START should fail, SNP_POLICY_RSVD_MBO policy bit not set\n" + "(type: %d policy: 0x%llx, flags: 0x0)", + type, SNP_POLICY_SMT); + + ret = __test_snp_launch_start(type, SNP_POLICY_RSVD_MBO, 0, false); + if (unlikely(!is_smt_active())) { + TEST_ASSERT(!ret, + "KVM_SEV_SNP_LAUNCH_START should succeed, SNP_POLICY_SMT not required on non-SMT systems\n" + "(type: %d policy: 0x%llx, flags: 0x0)", + type, SNP_POLICY_RSVD_MBO); + } else { + TEST_ASSERT(ret && errno == EINVAL, + "KVM_SEV_SNP_LAUNCH_START should fail, SNP_POLICY_SMT is not set on a SMT system\n" + "(type: %d policy: 0x%llx, flags: 0x0)", + type, SNP_POLICY_RSVD_MBO); + } + + ret = __test_snp_launch_start(type, SNP_POLICY | + SNP_FW_VER_MAJOR(UINT8_MAX) | + SNP_FW_VER_MINOR(UINT8_MAX), 0, false); + TEST_ASSERT(ret && errno == EIO, + "KVM_SEV_SNP_LAUNCH_START should fail, invalid version\n" + "expected: %d.%d got: %d.%d (type: %d policy: 0x%llx, flags: 0x0)", + SNP_FW_REQ_VER_MAJOR, SNP_FW_REQ_VER_MINOR, + UINT8_MAX, UINT8_MAX, type, + SNP_POLICY | SNP_FW_VER_MAJOR(UINT8_MAX) | SNP_FW_VER_MINOR(UINT8_MAX)); +} + +static void test_snp_launch_update(uint32_t type, uint64_t policy) +{ + struct kvm_vm *vm; + int ret; + + for (int pgtype = 0; pgtype <= KVM_SEV_SNP_PAGE_TYPE_CPUID + 1; pgtype++) { + vm = vm_create_type(type, 1); + snp_vm_launch_start(vm, policy); + ret = __snp_vm_launch_update(vm, pgtype); + + switch (pgtype) { + case KVM_SEV_SNP_PAGE_TYPE_NORMAL: + case KVM_SEV_SNP_PAGE_TYPE_ZERO: + case KVM_SEV_SNP_PAGE_TYPE_UNMEASURED: + case KVM_SEV_SNP_PAGE_TYPE_SECRETS: + TEST_ASSERT(!ret, + "KVM_SEV_SNP_LAUNCH_UPDATE should succeed, invalid Page type %d", + pgtype); + break; + case KVM_SEV_SNP_PAGE_TYPE_CPUID: + /* + * Expect failure if performed on random pages of + * guest memory rather than properly formatted CPUID Page + */ + TEST_ASSERT(ret && errno == EIO, + "KVM_SEV_SNP_LAUNCH_UPDATE should fail,\n" + "CPUID page type only valid for CPUID pages"); + break; + default: + TEST_ASSERT(ret && errno == EINVAL, + "KVM_SEV_SNP_LAUNCH_UPDATE should fail, invalid Page type"); + } + + kvm_vm_free(vm); + } +} + +void test_snp_launch_finish(uint32_t type, uint64_t policy) +{ + struct kvm_vm *vm; + int ret; + + vm = vm_create_type(type, 1); + snp_vm_launch_start(vm, policy); + snp_vm_launch_update(vm); + /* Flags must be zero for success */ + snp_vm_launch_finish(vm); + kvm_vm_free(vm); + + for (int i = 1; i < 16; i++) { + vm = vm_create_type(type, 1); + snp_vm_launch_start(vm, policy); + snp_vm_launch_update(vm); + ret = __snp_vm_launch_finish(vm, BIT(i)); + TEST_ASSERT(ret && errno == EINVAL, + "KVM_SEV_SNP_LAUNCH_FINISH should fail, invalid flag\n" + "(type: %d policy: 0x%lx, flag: 0x%lx)", + type, policy, BIT(i)); + kvm_vm_free(vm); + } +} + +static void test_snp_ioctl(void *guest_code, uint32_t type, uint64_t policy) +{ + test_snp_launch_start(type, policy); + test_snp_launch_update(type, policy); + test_snp_launch_finish(type, policy); +} + +static void test_sev_ioctl(void *guest_code, uint32_t type, uint64_t policy) +{ + test_sev_launch(guest_code, type, policy); +} + static void test_sev(void *guest_code, uint32_t type, uint64_t policy) { struct kvm_vcpu *vcpu; struct kvm_vm *vm; struct ucall uc; - test_sev_launch(guest_code, type, policy); + if (type == KVM_X86_SNP_VM) + test_snp_ioctl(guest_code, type, policy); + else + test_sev_ioctl(guest_code, type, policy); vm = vm_sev_create_with_one_vcpu(type, guest_code, &vcpu); From patchwork Thu Sep 5 12:41:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Pratik R. Sampat" X-Patchwork-Id: 13792306 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2083.outbound.protection.outlook.com [40.107.236.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DD81A19D067; Thu, 5 Sep 2024 12:42:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.83 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725540156; cv=fail; b=SoqxvggWNACgOWimO4IbNrXskt12InHewY0CxT8GOrmYuv9+NNLCghyM7NUbzzAnSsVCqEnDUI3q5Q0AGIykgU/7CwitWHPmj2snLNJ6OWz3BBIOJvwYpAhH+fsfiuom+1S7AGzxVefcX7kXiER26V05lKAMhUuBggWEXEG04bI= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725540156; c=relaxed/simple; bh=SsmhtrOFjcfRHu5vjZUqOMBnu6HhoSCRy3KffPR9dHs=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=U6cHmIHD9b80nE2UdEuZY9kO3fx6ZBajzKtP8ezAWGXmDpSzkbbyojgFNwDBzX7i5UTBzGMT/bfWcKnfn4lGNFoyvdSEynsRrskdt0yuq91xVbv6JMBdYZkZnMgX4O6+XS3IGt5CCiEY941KJxz9OqZpwZABz1eyBdJ7Hd3MAt8= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=u1PBGZV0; arc=fail smtp.client-ip=40.107.236.83 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="u1PBGZV0" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=YmzqmSW22xG2RozI75RPe8lmHym2YQxerSH0792coJrbq6uwK7R32MFt4kYd1WvHLZ1b2XkV4LbXlC/zV0/8dEoDyHc3mx/Hp2x3HqrHpkIF0R8HZgyMPTUPE9q7awAVdQ/agsuJ+T2fa5P5sO9OtBgEJ9gI/MND0GWu1SnlTTLm2w58doOVh36Lkeudm81OYN1XFS63sdhYxh0zRQ5MG2TjC99RypW28gg3qebFkkFr3xz2sORXerJCiE6/iRGo6J/jXubvKjAUPLGUoX9XBEeakfJaKKiHUKi6oZbsJrq1JJifFQdF2aC8z9RtBhC4Z4yD3S0dlUmdC+zwWpV5uQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5KN0Tg9GmVh0C1FLK27wr+GLwqAvReHFx4uSQtoZgK4=; b=l3mImXChSdEgq7vs32gtINtQWMME7qteRrWw65orUwuWj2CcFhRUWEyyiy0HUW1H3HubH3dkKlrcHmKP5gKKPMXYsLRn5p0yHvKi5vcmsR2B2AUuyhEB45sV9ZlmHWi1zjepVzgfpgLrrTMFvP6Bb6OgsAvQrhYK/EVZlK1AY6tJJTKp7LoK4kBx8XwmYt7CCN3CMw3q+DAth0dY5Y9EZmy5j9rDc8Y0pAxjv8IdSV0ai0z37DMyLLI+THjp1B1dT8d9yUmFKXC+Goj2YDhr+QZatTTanFO2bWTNcmemUuWgHmfqBl54y9kug/SBq3BMPYITnUcSIK9bLz6wVNr80A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5KN0Tg9GmVh0C1FLK27wr+GLwqAvReHFx4uSQtoZgK4=; b=u1PBGZV0iFxYl/62VFe1RaWCIgBd+Smldv2UFhKUuKbCKaK26T1kZqLZRllTh98fExTcSHCtIfxb24qmYwV9e/QWmot+zPbNN3qA2FvBAcjk5R1A9hYU5IKI0ConkE8Wpwvj8u0O8f3J8KjiWmeDDaXhoRWU5JqBVZ+mBE4WHYQ= Received: from SJ0PR13CA0190.namprd13.prod.outlook.com (2603:10b6:a03:2c3::15) by LV2PR12MB5944.namprd12.prod.outlook.com (2603:10b6:408:14f::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.28; Thu, 5 Sep 2024 12:42:31 +0000 Received: from CO1PEPF000042AB.namprd03.prod.outlook.com (2603:10b6:a03:2c3:cafe::8e) by SJ0PR13CA0190.outlook.office365.com (2603:10b6:a03:2c3::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.17 via Frontend Transport; Thu, 5 Sep 2024 12:42:30 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C Received: from SATLEXMB03.amd.com (165.204.84.17) by CO1PEPF000042AB.mail.protection.outlook.com (10.167.243.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 5 Sep 2024 12:42:30 +0000 Received: from AUSPRSAMPAT.amd.com (10.180.168.240) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 5 Sep 2024 07:42:28 -0500 From: "Pratik R. Sampat" To: CC: , , , , , , , Subject: [PATCH v3 6/9] KVM: selftests: SEV-SNP test for KVM_SEV_INIT2 Date: Thu, 5 Sep 2024 07:41:04 -0500 Message-ID: <20240905124107.6954-7-pratikrajesh.sampat@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240905124107.6954-1-pratikrajesh.sampat@amd.com> References: <20240905124107.6954-1-pratikrajesh.sampat@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB03.amd.com (10.181.40.144) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF000042AB:EE_|LV2PR12MB5944:EE_ X-MS-Office365-Filtering-Correlation-Id: fb9e5107-053a-42d2-7380-08dccda834e4 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|36860700013|82310400026; X-Microsoft-Antispam-Message-Info: Hq1Ak/1KHVBHKrCE4aBHowFkdM58EXxBsojWWPfzqvL09ZuL6Ek/01xIWR3IjrktEN/EXQx0WLdCA6ncZ43Pqxr1Ts6sYA+V6UO6u4NLxkqXu7y5+ZZjUBFw8fmik6aPfStwQddgqcxoeOicmg1l6Q7/pOJiqb/AkQRfy32661Qd672rlHm7+/nzdbgYADQ/23SO2wYQFO2eUYKWZWG7vzB699ztmpLrArP0eaKHbNmapV/VpSRRtfw4C30z6/Xoq0g80z94x4KgQ6iO9IAZ64UxfJhocvSF6iE7EA+OdGopyUP0IoKUo/bQxNxsZagp69MogN9ZNgL5TrXD6ZVfhECeTlPDhfsS9foJx5yFc9euMUXGBVhgVm8YVYbn5IrlEsR/3xzy3F0O0+5258uPsf0i17b6mi/jvkEOdSNJodN/JmNFZQA54u6RO/VsypB1l+yRgtH9wklNuzjx5/BnRXDdMUMYA872UaDk3NnXytvijBX8AZ4/Ofma9ppsj+gRWjRM09dz2WCpFzSwzssoNRN8fuutOR8W6xzHwyZ45EBJDiFGPLvfEbkYUSBwrHg7sUPOI14zabHsWfRA0WzXwpEleuyphauXOxwcaeNVgEfvQq8SXt1M8/VrGIpzx3kbE2jUxroUOz96hxdOVbbJp38UYQnjiHafy4aGeRBfet4mBgKlOABARP9cylrURXgVP+C01q2+o9x+yGzLASgExNniUbnv6UH721ZwpEE5NezI9vTRrOjTJAH6PDnOULl2OqfJv3YQrrFSY6OMZ48UnuRBUocnLB/bCqFHilMFU4KVR9xtMGsdM+n5DBKP/XOTAKQx03zEmwWyBniOYNwl9bIYXXNmjnvQZ5eY37GH+Kig0BLIhIyVnohNi3TFgo/K0HCSaO/B6bTGsAH8JbQa5x15/pc9b+LHxgJKmBJ8CFKOJloVHuAl3gbo5zh5v6yy2izhgLEsimBhCq0CakdZPcrG3nhkcOL6ZePUy8vOX49iGYLsdd5a2thSiqUfRn+LcpRe1NM3QyZH03RSGP1F5DL4Dq5sjT2XpkKuJSdTXqc3L8dcXS1BsOxiQCEi4J0DIin9HZK1VUMf/iL2LgH1r/z52rP228Ls9jIUMfsmXaKPL/6bqLHMyo95S/fdgJ/U+Sy3acC60OwE5K1wFUjNajiPuYmEdi05KMhCnuYI7xoBafINS94S/NVUnY3qiyk4uNAjIzuwQZBOxo8AwUPdgr1TB5jkOe3i9FijIM/80ytl3tUxTyLjRWWSbXQnuLOp+fjHr1HZY1iJQ71n//j5NUrAxlOh6BoyU83PClC4opWU6KuCkmIov68iCLveYoOk61eqj5s+f/egdJuxka+Q357gKHwRC+8dKGjCpf/MenQ0G6XnotvAsAMAffMiV2fbty5cH7e0NlQk2+cYqFGOBKqYI95/pcx1I5Ll+TeZV1JwXMoUj3nYrsWtQycUuw9Z X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(376014)(36860700013)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Sep 2024 12:42:30.3792 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: fb9e5107-053a-42d2-7380-08dccda834e4 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000042AB.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV2PR12MB5944 Add SEV-SNP VM type to exercise the KVM_SEV_INIT2 call. Also ensure that SNP case is skipped for scenarios where CPUID supports it but KVM does not so that a failure is not reported for such cases. Signed-off-by: Pratik R. Sampat Tested-by: Peter Gonda Tested-by: Srikanth Aithal --- .../testing/selftests/kvm/x86_64/sev_init2_tests.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tools/testing/selftests/kvm/x86_64/sev_init2_tests.c b/tools/testing/selftests/kvm/x86_64/sev_init2_tests.c index 3fb967f40c6a..3f8fb2cc3431 100644 --- a/tools/testing/selftests/kvm/x86_64/sev_init2_tests.c +++ b/tools/testing/selftests/kvm/x86_64/sev_init2_tests.c @@ -28,6 +28,7 @@ int kvm_fd; u64 supported_vmsa_features; bool have_sev_es; +bool have_snp; static int __sev_ioctl(int vm_fd, int cmd_id, void *data) { @@ -83,6 +84,9 @@ void test_vm_types(void) if (have_sev_es) test_init2(KVM_X86_SEV_ES_VM, &(struct kvm_sev_init){}); + if (have_snp) + test_init2(KVM_X86_SNP_VM, &(struct kvm_sev_init){}); + test_init2_invalid(0, &(struct kvm_sev_init){}, "VM type is KVM_X86_DEFAULT_VM"); if (kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SW_PROTECTED_VM)) @@ -138,15 +142,24 @@ int main(int argc, char *argv[]) "sev-es: KVM_CAP_VM_TYPES (%x) does not match cpuid (checking %x)", kvm_check_cap(KVM_CAP_VM_TYPES), 1 << KVM_X86_SEV_ES_VM); + have_snp = kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SNP_VM); + TEST_ASSERT(!have_snp || kvm_cpu_has(X86_FEATURE_SNP), + "sev-snp: KVM_CAP_VM_TYPES (%x) indicates SNP support (bit %d), but CPUID does not", + kvm_check_cap(KVM_CAP_VM_TYPES), KVM_X86_SNP_VM); + test_vm_types(); test_flags(KVM_X86_SEV_VM); if (have_sev_es) test_flags(KVM_X86_SEV_ES_VM); + if (have_snp) + test_flags(KVM_X86_SNP_VM); test_features(KVM_X86_SEV_VM, 0); if (have_sev_es) test_features(KVM_X86_SEV_ES_VM, supported_vmsa_features); + if (have_snp) + test_features(KVM_X86_SNP_VM, supported_vmsa_features); return 0; } From patchwork Thu Sep 5 12:41:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Pratik R. Sampat" X-Patchwork-Id: 13792307 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2048.outbound.protection.outlook.com [40.107.244.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CBB6C19D07A; Thu, 5 Sep 2024 12:42:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.48 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725540168; cv=fail; b=b8j2H7P2bxe3wUqqs284sam9jw1UPIG/6hohg9cKyjfYiRdh1ZqZUosoYGjZs71qAIxvEnyhgsMI13YrO6Qsa4CIolgA74YawOXMB8Ws5T3tJX4xlLmk9JVeMBf/aeS5vlz1cXPIly98pINh0875A+3M01UC7F+oSToapuxEkKE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725540168; c=relaxed/simple; bh=6Q8nFEfhg7GYe38zHJNDFOGXjmVYMg2itul2gaHO0UM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=QsweRJmcAtqiX2OB8Wc8v1pPBCLCRDhgaZKPciDEyHGG8yb+t+Ey+fzf6GMtnQR77WTdhLjmxRfzNqE+KwnojC00x61Nyyjep5+B1d+bTk+INsgrsGxGx6upu6BtUGX4cWDQghdgCxUcf0ObrI2Ni5uj3WzKLzM3vXyMyKMjFyo= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=hRLblNbJ; arc=fail smtp.client-ip=40.107.244.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="hRLblNbJ" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=VJxT6SB80gsMsNfwwDoAaLAFp3QdItCD9qpDlnV+zGZnmJI6uickmVCyZ7Kk04nt3qTTRpbBnDs3acM5tKJYN7ZYqsXbvd1JPAMWJVOkhCZASZUm2DFYuSp7hKBEuyHIS7cNHdIbgBAimuJ7LxAX4BM5FLu3OCcbTh64pfjhGzQIdk2Nbaveo0cMvgU9j+JhRbKqGnlBKfZr//jzKB3Unxohcy6QGCpXQPgH/uQKeHF8O79SWJGvgt/vktEmaUwsIullJK+L+iraX9lzf+d+AFAL+0RhDGv32k9i1oJHxQJ3+kaMjjgwkyXrSvc8FuY9VZG8zuHsCeghjFUVylItOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dfQa0IIqqU8PfejFY7pva44xiRK02ZPRmUiIdSOkRoI=; b=sfjkHknEnrJQeVeR0div2EzkZYk2DVpDqQ2WneT3+yK/QB7gY9nL8FFl5wezX9EQvAZ3CH5BKXVz4/aNZnR4INjzCaSkBIwgvDKTsVGdH86URewEtjjMrHygme6lHeRz7iDPcr8+WFdrMsYlG6hXIiFTfwGGHgzRyY1rlU4uTT8tt6wN1WPfE+iJHn9qiaGY/q23z+LTILBpj/cAl7QO5gvoL/yDSfGuAVSY0tQjfrC63y+VvlJ753Rzh4vmLsG37cHpKkl5cAGK1KMRX/DGEVvXXtmgmjAvhZTsOgubrZHeEk3DtWz3+JPDYZAwJU1S8LSs6tvuvOF3YY7wurQsLQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dfQa0IIqqU8PfejFY7pva44xiRK02ZPRmUiIdSOkRoI=; b=hRLblNbJ5NKwODariyDGqkd1c7fdWXowTbjTt1NWOiUg6bVskEAcabyxpVS189ONXHgAxIhNa4hzpt7wurqb7PEA4alnTfbJYLzEmd8oTbuiorh29HZSQqSEWlI2ogJehBBH5YObj+h3Kjl6dOL8Lx6lD0oCsZVlVuSOqG8g7rY= Received: from BYAPR03CA0003.namprd03.prod.outlook.com (2603:10b6:a02:a8::16) by MW3PR12MB4443.namprd12.prod.outlook.com (2603:10b6:303:2d::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.27; Thu, 5 Sep 2024 12:42:42 +0000 Received: from CO1PEPF000042A7.namprd03.prod.outlook.com (2603:10b6:a02:a8:cafe::34) by BYAPR03CA0003.outlook.office365.com (2603:10b6:a02:a8::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.14 via Frontend Transport; Thu, 5 Sep 2024 12:42:42 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C Received: from SATLEXMB03.amd.com (165.204.84.17) by CO1PEPF000042A7.mail.protection.outlook.com (10.167.243.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 5 Sep 2024 12:42:41 +0000 Received: from AUSPRSAMPAT.amd.com (10.180.168.240) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 5 Sep 2024 07:42:39 -0500 From: "Pratik R. Sampat" To: CC: , , , , , , , Subject: [PATCH v3 7/9] KVM: selftests: Add interface to manually flag protected/encrypted ranges Date: Thu, 5 Sep 2024 07:41:05 -0500 Message-ID: <20240905124107.6954-8-pratikrajesh.sampat@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240905124107.6954-1-pratikrajesh.sampat@amd.com> References: <20240905124107.6954-1-pratikrajesh.sampat@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB03.amd.com (10.181.40.144) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF000042A7:EE_|MW3PR12MB4443:EE_ X-MS-Office365-Filtering-Correlation-Id: 06dd68cf-ea5c-4d8b-0666-08dccda83bbb X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|1800799024|376014|36860700013; X-Microsoft-Antispam-Message-Info: bpRfCk5CyerC8JbJK4Su0v4HxszxRDmg+C1LoyAKD5RgtoPFbdao1S2QSFl41cI2nBdpPzGSVb6blLxQHhuSe8Mlm+69ayikJGOeQFLfq2gAv67ypNAjDMPyFgy0EA/NzCGpyMQuMj2NtH2elXvT+kmNH2EE+Dzihxkx5EYgXSp3XBNRHJUpGOkgCWcRUWEV/UxShrb7kXAULw9hvlUSa0h4mGOFoXZfwvUe5FU4hE7WXoLuUIXhqj54hwFkVvPGmYZ2JD8rzWIukxiY8aPQKgYdU3h/FpLwooK8QY7xP3hai9KMd2wOy0j7cfYlISMBmmd8Q4xXmJiAGcXSYmd9hK4tG3eFHN8tfe18RmbzJr6HJN/ws7+0qZwvWRKr/q0N9JCFPitlfRx30wlc/P++5RbD1pKlMoOtZdNgWYTWDAWtCcMPKx5SII6gKybpZNfh7fzegv30quFXYcpwFOXRjp0QlmwZH1t/D7IzgRq6aipFn2t9p1NIPtajV13PIctKcDKDUujUehfBbBwOXLE0RbxpU41lDqfmEGdHoCMJGWu1+kuWyRSpeD3TTSY1mHXJ7uLlh33DAzpr4nqsSPn7f43EJ9EQdHvBvwTgik4/Ek611HPtMrbBRdvKWK16RUTRV7BAntGdtAiPGS1HDK3efMWtrnD9BG+zPcbI3OEq3X0yPaEqdzi0Ze/8rVFaDGVH6kGBkefGJMNvvOENPdzf4M4QwVr95KzQfRrORQ1hySFu9nITfYcbqChGjLz1NUQG4kT4I+OfnwGxpT4kq41ef4XF47+6IoY0nOrrZxre6l1YDrM84nCLMI5j23VoJ43k3B/UmgED+XK0e4I4ew6ohDwaYFuC0FUdK4xnSWmVnWHzipaJ+KYbjUdqRoypI5yirmd4SHHgVeM2TNJVtX+EyHNcJLLIEw4pDEMG7idjP7TjNmyKlrdA4vhxhKvTdBsH1Pcvo6ZsFBBjv0SmPKBfvgh/cQOZ1dp3YZqVVhX6DBMXZEIEii8syAVmyVpy+kuj3Cg1HdGjpERV1I/RChdYcfLkhRzs/LwrzTQa+25DHvOUYkWfEIQQEWUcnwUu9WCtebu8VC9W1auw8wAh9BrH00drTuqvebOlJKl3C+/Aae/EGVcCCs349ygGL+FW2nNLD1LshU8+gyCgiM6Cof98tf5jn/pqLmzf3jvTphhFmDKhxfla8EnhisKOtcaDjnB7ZnvycnqZH0XhyEN3YGEOvixI5/JI7WBGkULPaIXhq5I+I7GrLIZO9AtU7l5wSNkm/oRyCGUmLVV6R+TBHhWNLOWUp2FjX6Yw+EOz/k2p8CrZMVmUxiVEULUPuwL7FuuCfoLA1ZMZKEZPBN2Qxs41HElj36aktPWDxel/qq6d6Tb4zjEfhY4xvKCbk1H5M19xZuckgIeGksAYcnnwIodFVsNTwj0IcYeNB2dkvZhG0QubBR+HPyrEA8k15q4oAZQ2 X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(1800799024)(376014)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Sep 2024 12:42:41.8205 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 06dd68cf-ea5c-4d8b-0666-08dccda83bbb X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000042A7.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR12MB4443 From: Michael Roth For SEV and SNP, currently __vm_phy_pages_alloc() handles setting the region->protected_phy_pages bitmap to mark that the region needs to be encrypted/measured into the initial guest state prior to finalizing/starting the guest. It also marks what GPAs need to be mapped as encrypted in the initial guest page table. This works when using virtual/physical allocators to manage memory, but if the test manages allocations/mapping directly then an alternative is needed to set region->protected_phy_pages directly. Add an interface to handle that. Signed-off-by: Michael Roth Signed-off-by: Pratik R. Sampat Tested-by: Peter Gonda Tested-by: Srikanth Aithal --- .../testing/selftests/kvm/include/kvm_util.h | 2 + tools/testing/selftests/kvm/lib/kvm_util.c | 45 +++++++++++++++++-- 2 files changed, 43 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/kvm/include/kvm_util.h b/tools/testing/selftests/kvm/include/kvm_util.h index ab213708b551..642740fe1c59 100644 --- a/tools/testing/selftests/kvm/include/kvm_util.h +++ b/tools/testing/selftests/kvm/include/kvm_util.h @@ -394,6 +394,8 @@ static inline void vm_set_memory_attributes(struct kvm_vm *vm, uint64_t gpa, vm_ioctl(vm, KVM_SET_MEMORY_ATTRIBUTES, &attr); } +void vm_mem_set_protected(struct kvm_vm *vm, uint32_t memslot, + vm_paddr_t paddr, size_t num); static inline void vm_mem_set_private(struct kvm_vm *vm, uint64_t gpa, uint64_t size) diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/selftests/kvm/lib/kvm_util.c index bbf90ad224da..d44a37aebcec 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -1991,6 +1991,43 @@ const char *exit_reason_str(unsigned int exit_reason) return "Unknown"; } +/* + * Set what guest GFNs need to be encrypted prior to finalizing a CoCo VM. + * + * Input Args: + * vm - Virtual Machine + * memslot - Memory region to allocate page from + * paddr - Start of physical address to mark as encrypted + * num - number of pages + * + * Output Args: None + * + * Return: None + * + * Generally __vm_phy_pages_alloc() will handle this automatically, but + * for cases where the test handles managing the physical allocation and + * mapping directly this interface should be used to mark physical pages + * that are intended to be encrypted as part of the initial guest state. + * This will also affect whether virt_map()/virt_pg_map() will map the + * page as encrypted or not in the initial guest page table. + * + * If the initial guest state has already been finalized, then setting + * it as encrypted will essentially be a noop since nothing more can be + * encrypted into the initial guest state at that point. + */ +void vm_mem_set_protected(struct kvm_vm *vm, uint32_t memslot, + vm_paddr_t paddr, size_t num) +{ + struct userspace_mem_region *region; + sparsebit_idx_t pg, base; + + base = paddr >> vm->page_shift; + region = memslot2region(vm, memslot); + + for (pg = base; pg < base + num; ++pg) + sparsebit_set(region->protected_phy_pages, pg); +} + /* * Physical Contiguous Page Allocator * @@ -2048,11 +2085,11 @@ vm_paddr_t __vm_phy_pages_alloc(struct kvm_vm *vm, size_t num, abort(); } - for (pg = base; pg < base + num; ++pg) { + for (pg = base; pg < base + num; ++pg) sparsebit_clear(region->unused_phy_pages, pg); - if (protected) - sparsebit_set(region->protected_phy_pages, pg); - } + + if (protected) + vm_mem_set_protected(vm, memslot, base << vm->page_shift, num); return base * vm->page_size; } From patchwork Thu Sep 5 12:41:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Pratik R. Sampat" X-Patchwork-Id: 13792308 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam02on2067.outbound.protection.outlook.com [40.107.95.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 933EC19D89E; Thu, 5 Sep 2024 12:43:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.95.67 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725540185; cv=fail; b=TQmXtXVPvpGolDwoMZBqik0HwjxLih1V87Cw7Z4NZQHTo+chGpbJxn/AX0hPVVFlmJyue21UmiOcXDOqxl06WCvx9tcYdKfps3omhmIgjmAZjusWr8QhzLnHUeeqad+ZSH9J+o4it38JJ7b6oKYpvAH8gLZNVj7bN61fV7Lynlo= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725540185; c=relaxed/simple; bh=0rZPkZx30jAyRkEDzMpbVO7FsjkprAEIi00IGIH24cE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=M9n/UvNsJ2KuHlBDR2eP6AJCMhFQd/CoF6ZtZnB4ac5ok8WZVLK/bKQc3YCzyRlke++DBsIv8sPKzVVu5WY31eZpqpzZiZr3uCttCzJdj2pNQC6x6n4Q2FVn+r5XO5IE7hTC5bjlS3axO/gdpTRLk0bqSTaymzrrwFwn9CnRJQ4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Z+AjESgN; arc=fail smtp.client-ip=40.107.95.67 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Z+AjESgN" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=bih+6GKOXUcuu59TdWgR2eU+NhetfDIALJyvCLcHu+2KwYQeg6kora71mYKUdQd0TgDOavEmWQ6OgQZao1a3U2OJ1T5/TD7gIXHUokCiGLcBc9Ix4K4dqLqmWBAUFtWlvtZd8PD2XozdsEArXuV7nT49zcSzdwpBUw+74pYbh2pfXnFIHkmTbto7Rjo6G2UfqKC58Ah/xwjz6ZhCB2BdakaRPlxnfW2tpNlgaeo8pPDxYmGxVPuSSWvlIaz2WItt0Klzu8dJ0M3PzxHWLp+AeJPpTT08dgqFl1GmITn7ZGlY1EQF4C4iCOuiIuN5V8Ar8+IqnmEt/sCD7/+ghWSCLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LOzKCQfh92zoz0vcEXQeFj8+WcbH+82YnlNWafnVLGs=; b=LuvwBG0zXmnu7CoBjniLbAX35d506XjoyrpnsQyT2DRl6qFVjzGg0+Ea7t0ttd0atp1sOc7MA1VRCEHdJpTYScrrCGTdjHtPeZLoSj+rQAKISS4iry29iKiKn3Se1PGoI5UehINHrRy7z+VPSvU2+iSQ1lWw5c2mMzmb5KGigWGbrSEEg3iQGzOpewTHWUzDh+Y+VTPDMmYwusF6dJxDAhzwgLSLQqLqslQnly3MhwXH3s6q/vdaynbSJHKNI5vGDhthUee6msVfQwpiGcUSlTeG/uMOIECbWROPi7cIT1toXDpv3SY++s8ORzRjfz8tjQSvJduySBowM240zzk90A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LOzKCQfh92zoz0vcEXQeFj8+WcbH+82YnlNWafnVLGs=; b=Z+AjESgNfZQQU61rT1ei3EjZ3ikBsPfVQ7s2y0m8Izsw6V2XlY6oDEKX1syEkOdf/v1BFTqVyBF1ABiCVMiTZx8WUMAvNfoN6PTsVlw7hA4DRKcUrFp8++JKBQnbdjtHJgfni1FElRwkIVT9NrxJwl2t8jL+Srmgh91eKIzcmwE= Received: from BY5PR17CA0030.namprd17.prod.outlook.com (2603:10b6:a03:1b8::43) by PH7PR12MB7259.namprd12.prod.outlook.com (2603:10b6:510:207::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.25; Thu, 5 Sep 2024 12:42:58 +0000 Received: from CO1PEPF000042A8.namprd03.prod.outlook.com (2603:10b6:a03:1b8:cafe::68) by BY5PR17CA0030.outlook.office365.com (2603:10b6:a03:1b8::43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.27 via Frontend Transport; Thu, 5 Sep 2024 12:42:58 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C Received: from SATLEXMB03.amd.com (165.204.84.17) by CO1PEPF000042A8.mail.protection.outlook.com (10.167.243.37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 5 Sep 2024 12:42:58 +0000 Received: from AUSPRSAMPAT.amd.com (10.180.168.240) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 5 Sep 2024 07:42:56 -0500 From: "Pratik R. Sampat" To: CC: , , , , , , , Subject: [PATCH v3 8/9] KVM: selftests: Add a CoCo-specific test for KVM_PRE_FAULT_MEMORY Date: Thu, 5 Sep 2024 07:41:06 -0500 Message-ID: <20240905124107.6954-9-pratikrajesh.sampat@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240905124107.6954-1-pratikrajesh.sampat@amd.com> References: <20240905124107.6954-1-pratikrajesh.sampat@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB03.amd.com (10.181.40.144) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF000042A8:EE_|PH7PR12MB7259:EE_ X-MS-Office365-Filtering-Correlation-Id: c0bfe983-c9db-4890-e064-08dccda84597 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|82310400026|36860700013; X-Microsoft-Antispam-Message-Info: dpCOl8zcns5kKhm6Swx8nMZCyEJOZ0BB7XiLKYIbhbXyZWVHXbnW5QSeARTvLlVGIB0zNwFjv8NFJXHh82rZ95IopRi7Y7XZ3V6HHBFjAYdTtc9PeGLj+sNwQmypTCGs/aFMPJi65awgMNh3mNLhWysosr+wmlaVSFuRDDUUaCMPL0fLfthhALGFYsy1V1pXIj4XLy7IJ73D7xSVhrpOyXKlWPZla/tDRcVrZiqLQtjqVYEh8XRGOYMVZcgnkW5X7m/bicI0uwD+NWaWOnVnvxh+Ow6y2QRTarF3h/fI2BydxR0PX4KLyXjuNdiHGHoleh4zespHcfb46NU6/qxDQgQ4WO+hEskbr2sRHFTpeXw9F3ziJhJ+eJXyXIiRdDEvI07h6YdRNiLOgEBvGD5ZPyBtKwT8ctOqEHmVuTI03R1savAq5FKpfUsiBDVk9JSLfOqKnjjAz2F7n0seZNlbdD3mTNclP53n1JBHDFXcFdWA6XHS+2yDuYBk0h8AdNERkdyJLzE0nCie1o6A5np2mL7i00pI+5wjR+dlitklGVy+c/TSEcFspUSG0e9rYQt18Prai4tGBhHol6iq8Y+Rq75pEWnTgLf877jf41N6W/lDdnon6+dTcN2Re8NJucBPQ0kQEy+so4lN8FtCADlySjD+xACfl32+Atbhk/866LCXhXmFHalpD0cWHI3yzfvY/ZCSqazJT9dftN+cIJKa46VLp5ReX+THRYvBbjEL6HxviidBInuvNjgAnx4Zu1HNxf+A+vxi4LU7NtUewCHk3cgiDkjkJL+cnqC3PTz2I4clVW5JSSmE3/YXc0otW4A9bTYUovmvH6KgX+7p+XIRSkugoSLmvCbT+r727PQT35lQ29Y23fM8v8xBk7Zy0YBSsprYctS3bvHlf34m/8y/mMtb3i72g1xBiGgBAlW03/eNEJlofkmegTqsyZvecLW94uBgMKuZD1Foeg6SoOk5I17T8LSfwjxgEsnKt34KCddApdG+5hrrtAUJpCeqWxzBL+FonDZFrXyNU+lA+FApBE82RWVCRxsc7bY0C3c6acr2KIVHB/KmhxfAjIMUm+0SWr+0Dr/5FcCCfGis4mrmocC8/Yg+H1oxdgbq6EtHA8O0n5dPRFehLFEAEH3aR6wSR9S8eBGlEIovimjydG/1fOUsqAHCNwaEE1VVHTbPKtLFx2CwiVLXLcpMabjrA35kDM8esS5WRLeChWqe3BvMG+fFq50GIRGgej058CCUNXqP43C3/qnmq3wPWZzZk2Iw6Yl4kbck+uICT3ddwjXbweWLk7PSnmfzxhn2ZZebtIplz+l+N0+afCbVQ28FVLGMdVFrP+2qlXZxIJZYic3b9IhrbN1OR0DGFS94MiLuA6D2eCK7dB1za6N8OgAaikk20HoHcaEHhe6X5wWRmyzFBb0y2bF1IpUq9ESaFt20GvkDeO3jg6+8iDF8zdmlq1DD X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(376014)(82310400026)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Sep 2024 12:42:58.3986 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c0bfe983-c9db-4890-e064-08dccda84597 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000042A8.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB7259 From: Michael Roth SEV, SEV-ES, and SNP have a few corner cases where there is potential for KVM_PRE_FAULT_MEMORY to behave differently depending on when it is issued during initial guest setup. Exercising these various paths requires a bit more fine-grained control over when the KVM_PRE_FAULT_MEMORY requests are issued while setting up the guests. Since these CoCo-specific events are likely to be architecture-specific KST helpers, take the existing generic test in pre_fault_memory_test.c as a starting template, and then introduce an x86-specific version of it with expanded coverage for SEV, SEV-ES, and SNP. Since there's a reasonable chance that TDX could extend this for similar testing of TDX, give it a "coco-" prefix rather than an SEV-specific one. Signed-off-by: Michael Roth Co-developed-by: Pratik R. Sampat Signed-off-by: Pratik R. Sampat Tested-by: Peter Gonda Tested-by: Srikanth Aithal --- tools/testing/selftests/kvm/Makefile | 1 + .../kvm/x86_64/coco_pre_fault_memory_test.c | 314 ++++++++++++++++++ 2 files changed, 315 insertions(+) create mode 100644 tools/testing/selftests/kvm/x86_64/coco_pre_fault_memory_test.c diff --git a/tools/testing/selftests/kvm/Makefile b/tools/testing/selftests/kvm/Makefile index 45cb70c048bb..7b97750a7d71 100644 --- a/tools/testing/selftests/kvm/Makefile +++ b/tools/testing/selftests/kvm/Makefile @@ -129,6 +129,7 @@ TEST_GEN_PROGS_x86_64 += x86_64/amx_test TEST_GEN_PROGS_x86_64 += x86_64/max_vcpuid_cap_test TEST_GEN_PROGS_x86_64 += x86_64/triple_fault_event_test TEST_GEN_PROGS_x86_64 += x86_64/recalc_apic_map_test +TEST_GEN_PROGS_x86_64 += x86_64/coco_pre_fault_memory_test TEST_GEN_PROGS_x86_64 += access_tracking_perf_test TEST_GEN_PROGS_x86_64 += coalesced_io_test TEST_GEN_PROGS_x86_64 += demand_paging_test diff --git a/tools/testing/selftests/kvm/x86_64/coco_pre_fault_memory_test.c b/tools/testing/selftests/kvm/x86_64/coco_pre_fault_memory_test.c new file mode 100644 index 000000000000..c31a5f9e18f4 --- /dev/null +++ b/tools/testing/selftests/kvm/x86_64/coco_pre_fault_memory_test.c @@ -0,0 +1,314 @@ +// SPDX-License-Identifier: GPL-2.0 +#include + +#include +#include +#include +#include "sev.h" + +/* Arbitrarily chosen values */ +#define TEST_SIZE (SZ_2M + PAGE_SIZE) +#define TEST_NPAGES (TEST_SIZE / PAGE_SIZE) +#define TEST_SLOT 10 +#define TEST_GPA 0x100000000ul +#define TEST_GVA 0x100000000ul + +enum prefault_snp_test_type { + /* Skip pre-faulting tests. */ + NO_PREFAULT_TYPE, + /* + * Issue KVM_PRE_FAULT_MEMORY for GFNs mapping non-private memory + * before finalizing the initial guest contents (e.g. via + * KVM_SEV_SNP_LAUNCH_FINISH for SNP guests). + * + * This should result in failure since KVM explicitly disallows + * KVM_PRE_FAULT_MEMORY from being issued prior to finalizing the + * initial guest contents. + */ + PREFAULT_SHARED_BEFORE_FINALIZING, + /* + * Issue KVM_PRE_FAULT_MEMORY for GFNs mapping private memory + * before finalizing the initial guest contents (e.g. via + * KVM_SEV_SNP_LAUNCH_FINISH for SNP guests). + * + * This should result in failure since KVM explicitly disallows + * KVM_PRE_FAULT_MEMORY from being issued prior to finalizing the + * initial guest contents. + */ + PREFAULT_PRIVATE_BEFORE_FINALIZING, + /* + * Issue KVM_PRE_FAULT_MEMORY for GFNs mapping shared/private + * memory after finalizing the initial guest contents + * (e.g. via * KVM_SEV_SNP_LAUNCH_FINISH for SNP guests). + * + * This should succeed since pre-faulting is supported for both + * non-private/private memory once the guest contents are finalized. + */ + PREFAULT_PRIVATE_SHARED_AFTER_FINALIZING +}; + +static void guest_code_sev(void) +{ + int i; + + GUEST_ASSERT(rdmsr(MSR_AMD64_SEV) & MSR_AMD64_SEV_ENABLED); + + for (i = 0; i < TEST_NPAGES; i++) { + uint64_t *src = (uint64_t *)(TEST_GVA + i * PAGE_SIZE); + uint64_t val = *src; + + /* Validate the data stored in the pages */ + if ((i < TEST_NPAGES / 2 && val != i + 1) || + (i >= TEST_NPAGES / 2 && val != 0)) { + GUEST_FAIL("Inconsistent view of memory values in guest"); + } + } + + if (rdmsr(MSR_AMD64_SEV) & MSR_AMD64_SEV_ES_ENABLED) { + wrmsr(MSR_AMD64_SEV_ES_GHCB, GHCB_MSR_TERM_REQ); + __asm__ __volatile__("rep; vmmcall"); + GUEST_FAIL("This should be unreachable."); + } + + GUEST_DONE(); +} + +static void __pre_fault_memory(struct kvm_vcpu *vcpu, u64 gpa, u64 size, + u64 left, bool expect_fail) +{ + struct kvm_pre_fault_memory range = { + .gpa = gpa, + .size = size, + .flags = 0, + }; + int ret, save_errno; + u64 prev; + + do { + prev = range.size; + ret = __vcpu_ioctl(vcpu, KVM_PRE_FAULT_MEMORY, &range); + save_errno = errno; + TEST_ASSERT((range.size < prev) ^ (ret < 0), + "%sexpecting range.size to change on %s", + ret < 0 ? "not " : "", + ret < 0 ? "failure" : "success"); + } while (ret >= 0 ? range.size : save_errno == EINTR); + + TEST_ASSERT(expect_fail ? !(range.size == left) : (range.size == left), + "[EXPECT %s] completed with %lld bytes left, expected %" PRId64, + expect_fail ? "FAIL" : "PASS", + range.size, left); + + if (left == 0) { + TEST_ASSERT(expect_fail ? ret : !ret, + "[EXPECT %s] KVM_PRE_FAULT_MEMORY", + expect_fail ? "FAIL" : "PASS"); + } else { + /* + * For shared memory, no memory slot causes RET_PF_EMULATE. It + * results in -ENOENT. + * + * For private memory, no memory slot is an error case returning + * -EFAULT. However, it is also possible that only the GPA + * ranges backed by a slot are marked as private, in which case + * the noslot range will also result in -ENOENT. + * + * So allow both errors for now, but in the future it would be + * good to distinguish between these cases to tighten up the + * error-checking. + */ + TEST_ASSERT(expect_fail ? !ret : + (ret && (save_errno == EFAULT || save_errno == ENOENT)), + "[EXPECT %s] KVM_PRE_FAULT_MEMORY", + expect_fail ? "FAIL" : "PASS"); + } +} + +static void pre_fault_memory(struct kvm_vcpu *vcpu, u64 gpa, + u64 size, u64 left) +{ + __pre_fault_memory(vcpu, gpa, size, left, false); +} + +static void pre_fault_memory_negative(struct kvm_vcpu *vcpu, u64 gpa, + u64 size, u64 left) +{ + __pre_fault_memory(vcpu, gpa, size, left, true); +} + +static void pre_fault_memory_snp(struct kvm_vcpu *vcpu, struct kvm_vm *vm, + bool private, enum prefault_snp_test_type p_type) +{ + if (p_type == PREFAULT_SHARED_BEFORE_FINALIZING) + pre_fault_memory_negative(vcpu, TEST_GPA, SZ_2M, 0); + + snp_vm_launch_start(vm, SNP_POLICY); + + if (p_type == PREFAULT_SHARED_BEFORE_FINALIZING) + pre_fault_memory_negative(vcpu, TEST_GPA, SZ_2M, 0); + + if (private) { + /* + * Make sure when pages are pre-faulted later after + * finalization they are treated the same as a private + * access by the guest so that the expected gmem + * backing pages are used. + */ + vm_mem_set_private(vm, TEST_GPA, TEST_SIZE); + if (p_type == PREFAULT_PRIVATE_BEFORE_FINALIZING) + pre_fault_memory_negative(vcpu, TEST_GPA, SZ_2M, 0); + } else { + if (p_type == PREFAULT_SHARED_BEFORE_FINALIZING) + pre_fault_memory_negative(vcpu, TEST_GPA, SZ_2M, 0); + } + + snp_vm_launch_update(vm); + + if (p_type == PREFAULT_SHARED_BEFORE_FINALIZING) + pre_fault_memory_negative(vcpu, TEST_GPA, SZ_2M, 0); + + snp_vm_launch_finish(vm); + + /* + * After finalization, pre-faulting either private or shared + * ranges should work regardless of whether the pages were + * encrypted as part of setting up initial guest state. + */ + if (p_type == PREFAULT_PRIVATE_SHARED_AFTER_FINALIZING) { + pre_fault_memory(vcpu, TEST_GPA, SZ_2M, 0); + pre_fault_memory(vcpu, TEST_GPA + SZ_2M, PAGE_SIZE * 2, PAGE_SIZE); + pre_fault_memory(vcpu, TEST_GPA + TEST_SIZE, PAGE_SIZE, PAGE_SIZE); + } +} + +static void pre_fault_memory_sev(unsigned long vm_type, struct kvm_vcpu *vcpu, + struct kvm_vm *vm) +{ + uint32_t policy = (vm_type == KVM_X86_SEV_ES_VM) ? SEV_POLICY_ES : 0; + + pre_fault_memory(vcpu, TEST_GPA, SZ_2M, 0); + pre_fault_memory(vcpu, TEST_GPA + SZ_2M, PAGE_SIZE * 2, PAGE_SIZE); + pre_fault_memory(vcpu, TEST_GPA + TEST_SIZE, PAGE_SIZE, PAGE_SIZE); + + sev_vm_launch(vm, policy); + + pre_fault_memory(vcpu, TEST_GPA, SZ_2M, 0); + pre_fault_memory(vcpu, TEST_GPA + SZ_2M, PAGE_SIZE * 2, PAGE_SIZE); + pre_fault_memory(vcpu, TEST_GPA + TEST_SIZE, PAGE_SIZE, PAGE_SIZE); + + sev_vm_launch_measure(vm, alloca(256)); + + pre_fault_memory(vcpu, TEST_GPA, SZ_2M, 0); + pre_fault_memory(vcpu, TEST_GPA + SZ_2M, PAGE_SIZE * 2, PAGE_SIZE); + pre_fault_memory(vcpu, TEST_GPA + TEST_SIZE, PAGE_SIZE, PAGE_SIZE); + + sev_vm_launch_finish(vm); + + pre_fault_memory(vcpu, TEST_GPA, SZ_2M, 0); + pre_fault_memory(vcpu, TEST_GPA + SZ_2M, PAGE_SIZE * 2, PAGE_SIZE); + pre_fault_memory(vcpu, TEST_GPA + TEST_SIZE, PAGE_SIZE, PAGE_SIZE); +} + +static void test_pre_fault_memory_sev(unsigned long vm_type, bool private, + enum prefault_snp_test_type p_type) +{ + struct kvm_vcpu *vcpu; + struct kvm_vm *vm; + struct ucall uc; + int i; + + vm = vm_sev_create_with_one_vcpu(vm_type, guest_code_sev, &vcpu); + + vm_userspace_mem_region_add(vm, VM_MEM_SRC_ANONYMOUS, + TEST_GPA, TEST_SLOT, TEST_NPAGES, + (vm_type == KVM_X86_SNP_VM) ? KVM_MEM_GUEST_MEMFD : 0); + + /* + * Make sure guest page table is in agreement with what pages will be + * initially encrypted by the ASP. + */ + if (private) + vm_mem_set_protected(vm, TEST_SLOT, TEST_GPA, TEST_NPAGES); + + virt_map(vm, TEST_GVA, TEST_GPA, TEST_NPAGES); + + /* + * Populate the pages to compare data consistency in the guest + * Fill the first half with data and second half with zeros + */ + for (i = 0; i < TEST_NPAGES; i++) { + uint64_t *hva = addr_gva2hva(vm, TEST_GVA + i * PAGE_SIZE); + + if (i < TEST_NPAGES / 2) + *hva = i + 1; + else + *hva = 0; + } + + if (vm_type == KVM_X86_SNP_VM) + pre_fault_memory_snp(vcpu, vm, private, p_type); + else + pre_fault_memory_sev(vm_type, vcpu, vm); + + vcpu_run(vcpu); + + if (vm->type == KVM_X86_SEV_ES_VM || vm->type == KVM_X86_SNP_VM) { + TEST_ASSERT(vcpu->run->exit_reason == KVM_EXIT_SYSTEM_EVENT, + "Wanted SYSTEM_EVENT, got %s", + exit_reason_str(vcpu->run->exit_reason)); + TEST_ASSERT_EQ(vcpu->run->system_event.type, KVM_SYSTEM_EVENT_SEV_TERM); + TEST_ASSERT_EQ(vcpu->run->system_event.ndata, 1); + TEST_ASSERT_EQ(vcpu->run->system_event.data[0], GHCB_MSR_TERM_REQ); + goto out; + } + + switch (get_ucall(vcpu, &uc)) { + case UCALL_DONE: + break; + case UCALL_ABORT: + REPORT_GUEST_ASSERT(uc); + default: + TEST_FAIL("Unexpected exit: %s", + exit_reason_str(vcpu->run->exit_reason)); + } + +out: + kvm_vm_free(vm); +} + +static void test_pre_fault_memory(unsigned long vm_type, bool private) +{ + int pt; + + if (vm_type && !(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(vm_type))) { + pr_info("Skipping tests for vm_type 0x%lx\n", vm_type); + return; + } + + switch (vm_type) { + case KVM_X86_SEV_VM: + case KVM_X86_SEV_ES_VM: + test_pre_fault_memory_sev(vm_type, private, NO_PREFAULT_TYPE); + break; + case KVM_X86_SNP_VM: + for (pt = 0; pt <= PREFAULT_PRIVATE_SHARED_AFTER_FINALIZING; pt++) + test_pre_fault_memory_sev(vm_type, private, pt); + break; + default: + abort(); + } +} + +int main(int argc, char *argv[]) +{ + TEST_REQUIRE(kvm_check_cap(KVM_CAP_PRE_FAULT_MEMORY)); + + test_pre_fault_memory(KVM_X86_SEV_VM, false); + test_pre_fault_memory(KVM_X86_SEV_VM, true); + test_pre_fault_memory(KVM_X86_SEV_ES_VM, false); + test_pre_fault_memory(KVM_X86_SEV_ES_VM, true); + test_pre_fault_memory(KVM_X86_SNP_VM, false); + test_pre_fault_memory(KVM_X86_SNP_VM, true); + + return 0; +} From patchwork Thu Sep 5 12:41:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Pratik R. Sampat" X-Patchwork-Id: 13792309 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2062.outbound.protection.outlook.com [40.107.223.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 903E719D8A6; Thu, 5 Sep 2024 12:43:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.62 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725540195; cv=fail; b=HFzEIUZRkLMJhArBnrpXO4cdM0vAIk7c2/I0JfxpS3Ct/+rdm7GHwSlS3J3ErD3yEyLFAXNevCCwj73hKyWVCjieGeoVUnHD4P013IaO56EZMtFFPer4YuG0ah7d32Ne76IkfQmaU4Gu44XwvB1ogtRasjokrHs96lxXrEATzMM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725540195; c=relaxed/simple; bh=XyLdegXjDFmKsgQeOEVbSRFofBL4xHb035QdY05IH8Q=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=CnuV8VEzwsholt4xlLIDUdm2oD++J0VjI42mFi4Cr889x6qLQ8M/2Z449UsjXBMCcECZwx2fKI6FI26aUGlAXuchjhusvZLlojB2Yzx2Tf1Kr8YcDkXtbgzBfMPICK7wKb7a9My7R9yJVHCEuLBkx9HQhp6lywxTsR1GS9/0THY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=BElAJpG9; arc=fail smtp.client-ip=40.107.223.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="BElAJpG9" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=T4k1/LFaTSadD9MgDmiueWrKn1v6xaVQ/4OxfzocTs/6R7BunRCOuIRcIFkS3h3MKbXfmSGdMnLvSW6pHpC4aKIhUdFAQfnXj9vw/Q9R1ExhJr36d7UTWluf4CQMKSapskto1bYpXf48+jaNObwblUfdrU7Ot9xihzJ5FGsjG8wyGhOWaIEQprBnp7P2A/R/QIifPizoJ0vH7QT0uUW0DZZLNfxMonEgO6sPcPVKApfMoKMBpFQDD0HD9sHaCK+s2etjxqqXGt5jLgcb7iO6XBSDWP067C0zTtioC+jkMAXUQFoka5qGRUtrWUjygrUYwKSSKU+9e1nfhjE8Ois4sg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DoIgTE7HGNF3oV0V7W/GTL+EeDnGn5BEnENEzLIluBo=; b=t0nHM/No74cLddvas1/XaU3RViQ2HQ0eZRtN0ZjJx0aDBuQ4zTH9wdSleX752oTG/mKcz6aGjy0+tkLL2+/AMxKZCzzUILiOVPfkiVSod7ilripZvLePGY+rPnxHDBkmk/VWnDYwcnli89WpHq+8m2N5wBkh4v7TKvfOxW9kM16cvFLfkaTbuJFihMms4ciEHtK1H5Lttwu2UD0TXNmPIqZxsApP+iyskLf7xu/9HW1WR12M+/RQMDp5cwjS6lpIvAOsOTP3srzhHyIsHzeLcmQ8+sb5bi6IpgNwuNQjtSTBQ/tJ67Ls7r+NgnW+AKb60USOV94qn+WsKhaMhRQeOg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DoIgTE7HGNF3oV0V7W/GTL+EeDnGn5BEnENEzLIluBo=; b=BElAJpG9IV/xI6XGjJwM7SlJ2DBWzvyKLZyvyBJ43VNIVZVxpDuC98kHj9gvyQnB5kMohGiD18Nh/yunes/g4u92L1ciiKr+t/dNCSw22cC7AYcdmH0GV2diquinOz+mhZgh0nGxZwksWr7OjYVkgRnQL6dqpzmXbsU+hwgzI1o= Received: from BY5PR17CA0029.namprd17.prod.outlook.com (2603:10b6:a03:1b8::42) by IA0PR12MB7508.namprd12.prod.outlook.com (2603:10b6:208:440::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.25; Thu, 5 Sep 2024 12:43:10 +0000 Received: from CO1PEPF000042A8.namprd03.prod.outlook.com (2603:10b6:a03:1b8:cafe::23) by BY5PR17CA0029.outlook.office365.com (2603:10b6:a03:1b8::42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.27 via Frontend Transport; Thu, 5 Sep 2024 12:43:10 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C Received: from SATLEXMB03.amd.com (165.204.84.17) by CO1PEPF000042A8.mail.protection.outlook.com (10.167.243.37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 5 Sep 2024 12:43:09 +0000 Received: from AUSPRSAMPAT.amd.com (10.180.168.240) by SATLEXMB03.amd.com (10.181.40.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 5 Sep 2024 07:43:07 -0500 From: "Pratik R. Sampat" To: CC: , , , , , , , Subject: [PATCH v3 9/9] KVM: selftests: Interleave fallocate for KVM_PRE_FAULT_MEMORY Date: Thu, 5 Sep 2024 07:41:07 -0500 Message-ID: <20240905124107.6954-10-pratikrajesh.sampat@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240905124107.6954-1-pratikrajesh.sampat@amd.com> References: <20240905124107.6954-1-pratikrajesh.sampat@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB03.amd.com (10.181.40.144) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF000042A8:EE_|IA0PR12MB7508:EE_ X-MS-Office365-Filtering-Correlation-Id: df9a7700-a83e-4fba-43d6-08dccda84c70 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|36860700013|82310400026|1800799024; X-Microsoft-Antispam-Message-Info: eIyvd06dJHfw4gS5mXAvZ/sf8UBEluPKFgHaB56VWUPwupYP7Vs+135p4kdXvFbxd1oJCootznV0m3Xb5pEJx9N16RQG6iaPqvWBI5dhYjoiuIEIpB8iih/+rtfRlSODpaKNahjajdW5uLSAYoGUcGD0Xng39I9zYWPDcgJv8OLZPB8ww3pm8mf+C+8VHcGgk8pPI5bsU5hqTpoasIgp1bvUBhenHIllHlYj5nOjvgmdinGI0mNNlOdkCmj2tPQ3rSNSuEjjpXb6PWvZ+ATSV/4lRzYhi2cAqBEVpa3v8UYWNGZegxHvlJQ6h/YaE9UEIHQfizmkQiiMVlEDq9LgM4yTIasb6o+rR7A+zKlrnTKh3DtUk7tQMP0NxTySV0qD1wiFkfUzov3YYBYqyyXyQbRWodeL8hZhXxpuiO1ywbVQqBbVwzXp3uW8HIXvj1sSA7LQfd4aWRvo2SzXUX2Osus3VeBXVxAIoL9km45PLTdFLdVIUFohJ0EP/OEmhWDJFT6/GlJwwkzzdQX5CqaG9u/TaZII/E+U3gByvJd08+OxcVYnKagKV/Mm9uv5jcGFlj5eTOytEQ6y49gucXUhC0Qo40jaPoH6kZJbad3MoqfHl9Mv/XrB056g+qTL2hIlL6Rs74aIlvmOqvCnXLeRySvl5KsGjNEwQEXKHUBJ2CvEOkc5Xh4k1Po07lwxaBxdi5TUqMjaAam3JDoKlfpc49ZzwPaPKwUwl5VhzUPT2W4zoawo6rYbV6MXbvygJBmftME2Bu8pUWrrAanjwXmtmX9ZcsBQUQX1ITFZtGQnpTxaEZDIjSvvIaH5dVNWoDw4tNVIy/YPzcpr9plnZvLH1THPtSnhTbRmkm1heJ6xHLpJqUA+TizJhzdPpgVvD/xtbM+byloUnxY6r9iGFUTPd9KFgUfp0iIVaQh5fv9Wev7KOhebVu8XvWSo0hOhbcCN2DJntsPS15yYujmOJEQITjm1RXb8YWzSnEdO4TprO+uaMoBX45Qw88nJc2ikpnqNOJR/bAsHlEiYVT+7tYnzkwIWVhrg8Ey7RIdLZZkf0IYAczbVFaZHplJLKdd5D1RkxUHIAP3zfbDhY/sT1405qvvgYjR1vpHp3OYfrtj1LOu4yH3UWxI/BpLB1IYXo2HIhwS4v82fKXHD6YcYUxE2j8GLIwy3bG7SjlnrxU+xAdP5Jl9VqdG8aMuPlmp1ca10IDZhnSTZbKJ8vb30/tfoImoyhJbW7R7/PLXFixWz1UExfNlE0/uZGVlVPcPioztPuKRX+QAnTLQIlcoFEsdEsiAJEydAe+9mLiscJvIzkTF8cFTDYAC44uWzxDXOHx/g7VHARpcJHbEcle9ls+KoI8FpWSi5M0xnMVmmh9xMO086AVDZUjw5dhcJISKkMig7ATX7q85Uua3CjBrVXq4M6C/wwvR7ka4joxLWEk1sDRXC1VocDR5gZN3GLgaO+tyZ X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB03.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(36860700013)(82310400026)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Sep 2024 12:43:09.8830 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: df9a7700-a83e-4fba-43d6-08dccda84c70 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000042A8.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR12MB7508 fallocate triggers gmem_prepare(), and KVM_PRE_FAULT_MEMORY can cause guest page faults at unexpected points. Therefore, introduce several test cases to interleave fallocate, hole punching through various parts of the SNP launch lifecycle, and observe both positive and negative vcpcu_run exit statuses. Signed-off-by: Pratik R. Sampat Tested-by: Peter Gonda Tested-by: Srikanth Aithal --- .../kvm/x86_64/coco_pre_fault_memory_test.c | 121 +++++++++++++++++- 1 file changed, 114 insertions(+), 7 deletions(-) diff --git a/tools/testing/selftests/kvm/x86_64/coco_pre_fault_memory_test.c b/tools/testing/selftests/kvm/x86_64/coco_pre_fault_memory_test.c index c31a5f9e18f4..e9757ba3234c 100644 --- a/tools/testing/selftests/kvm/x86_64/coco_pre_fault_memory_test.c +++ b/tools/testing/selftests/kvm/x86_64/coco_pre_fault_memory_test.c @@ -47,6 +47,31 @@ enum prefault_snp_test_type { PREFAULT_PRIVATE_SHARED_AFTER_FINALIZING }; +enum falloc_snp_test_type { + /* Skip alloc tests. */ + NO_ALLOC_TYPE, + /* + * Allocate and/or deallocate a region of guest memfd before + * memory regions are updated to be protected and encrypted + * + * This should succeed since allocation and deallocation is + * supported before the memory is finalized. + */ + ALLOC_BEFORE_UPDATE, + ALLOC_AFTER_UPDATE, + DEALLOC_BEFORE_UPDATE, + ALLOC_DEALLOC_BEFORE_UPDATE, + /* + * Allocate and/or deallocate a region of guest memfd after + * memory regions are updated to be protected and encrypted + * + * This should fail since dealloc will nuke the pages that + * contain the initial code that the guest will run. + */ + DEALLOC_AFTER_UPDATE, + ALLOC_DEALLOC_AFTER_UPDATE +}; + static void guest_code_sev(void) { int i; @@ -73,6 +98,29 @@ static void guest_code_sev(void) GUEST_DONE(); } +static void __falloc_region(struct kvm_vm *vm, bool punch_hole) +{ + int ctr, ret, flags = FALLOC_FL_KEEP_SIZE; + struct userspace_mem_region *region; + + hash_for_each(vm->regions.slot_hash, ctr, region, slot_node) { + if (punch_hole) + flags |= FALLOC_FL_PUNCH_HOLE; + ret = fallocate(region->region.guest_memfd, flags, 0, PAGE_SIZE * TEST_NPAGES); + TEST_ASSERT(!ret, "fallocate should succeed."); + } +} + +static void gmemfd_alloc(struct kvm_vm *vm) +{ + __falloc_region(vm, false); +} + +static void gmemfd_dealloc(struct kvm_vm *vm) +{ + __falloc_region(vm, true); +} + static void __pre_fault_memory(struct kvm_vcpu *vcpu, u64 gpa, u64 size, u64 left, bool expect_fail) { @@ -137,13 +185,34 @@ static void pre_fault_memory_negative(struct kvm_vcpu *vcpu, u64 gpa, } static void pre_fault_memory_snp(struct kvm_vcpu *vcpu, struct kvm_vm *vm, - bool private, enum prefault_snp_test_type p_type) + bool private, enum prefault_snp_test_type p_type, + enum falloc_snp_test_type f_type) { + if (f_type == ALLOC_BEFORE_UPDATE || + f_type == ALLOC_DEALLOC_BEFORE_UPDATE) { + gmemfd_alloc(vm); + } + + if (f_type == DEALLOC_BEFORE_UPDATE || + f_type == ALLOC_DEALLOC_BEFORE_UPDATE) { + gmemfd_dealloc(vm); + } + if (p_type == PREFAULT_SHARED_BEFORE_FINALIZING) pre_fault_memory_negative(vcpu, TEST_GPA, SZ_2M, 0); snp_vm_launch_start(vm, SNP_POLICY); + if (f_type == ALLOC_BEFORE_UPDATE || + f_type == ALLOC_DEALLOC_BEFORE_UPDATE) { + gmemfd_alloc(vm); + } + + if (f_type == DEALLOC_BEFORE_UPDATE || + f_type == ALLOC_DEALLOC_BEFORE_UPDATE) { + gmemfd_dealloc(vm); + } + if (p_type == PREFAULT_SHARED_BEFORE_FINALIZING) pre_fault_memory_negative(vcpu, TEST_GPA, SZ_2M, 0); @@ -164,11 +233,36 @@ static void pre_fault_memory_snp(struct kvm_vcpu *vcpu, struct kvm_vm *vm, snp_vm_launch_update(vm); + if (f_type == ALLOC_AFTER_UPDATE || + f_type == ALLOC_DEALLOC_AFTER_UPDATE) { + gmemfd_alloc(vm); + } + + /* + * Hole-punch after SNP LAUNCH UPDATE is not expected to fail + * immediately, rather its affects are observed on vcpu_run() + * as the pages that contain the initial code is nuked. + */ + if (f_type == DEALLOC_AFTER_UPDATE || + f_type == ALLOC_DEALLOC_AFTER_UPDATE) { + gmemfd_dealloc(vm); + } + if (p_type == PREFAULT_SHARED_BEFORE_FINALIZING) pre_fault_memory_negative(vcpu, TEST_GPA, SZ_2M, 0); snp_vm_launch_finish(vm); + if (f_type == ALLOC_AFTER_UPDATE || + f_type == ALLOC_DEALLOC_AFTER_UPDATE) { + gmemfd_alloc(vm); + } + + if (f_type == DEALLOC_AFTER_UPDATE || + f_type == ALLOC_DEALLOC_AFTER_UPDATE) { + gmemfd_dealloc(vm); + } + /* * After finalization, pre-faulting either private or shared * ranges should work regardless of whether the pages were @@ -210,7 +304,8 @@ static void pre_fault_memory_sev(unsigned long vm_type, struct kvm_vcpu *vcpu, } static void test_pre_fault_memory_sev(unsigned long vm_type, bool private, - enum prefault_snp_test_type p_type) + enum prefault_snp_test_type p_type, + enum falloc_snp_test_type f_type) { struct kvm_vcpu *vcpu; struct kvm_vm *vm; @@ -246,12 +341,22 @@ static void test_pre_fault_memory_sev(unsigned long vm_type, bool private, } if (vm_type == KVM_X86_SNP_VM) - pre_fault_memory_snp(vcpu, vm, private, p_type); + pre_fault_memory_snp(vcpu, vm, private, p_type, f_type); else pre_fault_memory_sev(vm_type, vcpu, vm); vcpu_run(vcpu); + /* Expect SHUTDOWN when we falloc using PUNCH_HOLE after SNP_UPDATE */ + if (vm->type == KVM_X86_SNP_VM && + (f_type == DEALLOC_AFTER_UPDATE || + f_type == ALLOC_DEALLOC_AFTER_UPDATE)) { + TEST_ASSERT(vcpu->run->exit_reason == KVM_EXIT_SHUTDOWN, + "Wanted SYSTEM_EVENT, got %s", + exit_reason_str(vcpu->run->exit_reason)); + goto out; + } + if (vm->type == KVM_X86_SEV_ES_VM || vm->type == KVM_X86_SNP_VM) { TEST_ASSERT(vcpu->run->exit_reason == KVM_EXIT_SYSTEM_EVENT, "Wanted SYSTEM_EVENT, got %s", @@ -278,7 +383,7 @@ static void test_pre_fault_memory_sev(unsigned long vm_type, bool private, static void test_pre_fault_memory(unsigned long vm_type, bool private) { - int pt; + int pt, ft; if (vm_type && !(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(vm_type))) { pr_info("Skipping tests for vm_type 0x%lx\n", vm_type); @@ -288,11 +393,13 @@ static void test_pre_fault_memory(unsigned long vm_type, bool private) switch (vm_type) { case KVM_X86_SEV_VM: case KVM_X86_SEV_ES_VM: - test_pre_fault_memory_sev(vm_type, private, NO_PREFAULT_TYPE); + test_pre_fault_memory_sev(vm_type, private, NO_PREFAULT_TYPE, NO_ALLOC_TYPE); break; case KVM_X86_SNP_VM: - for (pt = 0; pt <= PREFAULT_PRIVATE_SHARED_AFTER_FINALIZING; pt++) - test_pre_fault_memory_sev(vm_type, private, pt); + for (pt = 0; pt <= PREFAULT_PRIVATE_SHARED_AFTER_FINALIZING; pt++) { + for (ft = 0; ft <= ALLOC_DEALLOC_AFTER_UPDATE; ft++) + test_pre_fault_memory_sev(vm_type, private, pt, ft); + } break; default: abort();