Message ID | 20231212204647.2170650-7-sagis@google.com (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | TDX KVM selftests | expand |
On 12/13/2023 4:46 AM, Sagi Shahar wrote: > From: Ackerley Tng <ackerleytng@google.com> > > This also exercises the KVM_TDX_CAPABILITIES ioctl. > > Suggested-by: Isaku Yamahata <isaku.yamahata@intel.com> > Signed-off-by: Ackerley Tng <ackerleytng@google.com> > Signed-off-by: Ryan Afranji <afranji@google.com> > Signed-off-by: Sagi Shahar <sagis@google.com> > --- > .../selftests/kvm/lib/x86_64/tdx/tdx_util.c | 69 ++++++++++++++++++- > 1 file changed, 66 insertions(+), 3 deletions(-) Nit: Can also dump 'supported_gpaw' in tdx_read_capabilities(). Reviewed-by: Binbin Wu <binbin.wu@linux.intel.com> > > diff --git a/tools/testing/selftests/kvm/lib/x86_64/tdx/tdx_util.c b/tools/testing/selftests/kvm/lib/x86_64/tdx/tdx_util.c > index 9b69c733ce01..6b995c3f6153 100644 > --- a/tools/testing/selftests/kvm/lib/x86_64/tdx/tdx_util.c > +++ b/tools/testing/selftests/kvm/lib/x86_64/tdx/tdx_util.c > @@ -27,10 +27,9 @@ static char *tdx_cmd_str[] = { > }; > #define TDX_MAX_CMD_STR (ARRAY_SIZE(tdx_cmd_str)) > > -static void tdx_ioctl(int fd, int ioctl_no, uint32_t flags, void *data) > +static int _tdx_ioctl(int fd, int ioctl_no, uint32_t flags, void *data) > { > struct kvm_tdx_cmd tdx_cmd; > - int r; > > TEST_ASSERT(ioctl_no < TDX_MAX_CMD_STR, "Unknown TDX CMD : %d\n", > ioctl_no); > @@ -40,11 +39,58 @@ static void tdx_ioctl(int fd, int ioctl_no, uint32_t flags, void *data) > tdx_cmd.flags = flags; > tdx_cmd.data = (uint64_t)data; > > - r = ioctl(fd, KVM_MEMORY_ENCRYPT_OP, &tdx_cmd); > + return ioctl(fd, KVM_MEMORY_ENCRYPT_OP, &tdx_cmd); > +} > + > +static void tdx_ioctl(int fd, int ioctl_no, uint32_t flags, void *data) > +{ > + int r; > + > + r = _tdx_ioctl(fd, ioctl_no, flags, data); > TEST_ASSERT(r == 0, "%s failed: %d %d", tdx_cmd_str[ioctl_no], r, > errno); > } > > +static struct kvm_tdx_capabilities *tdx_read_capabilities(struct kvm_vm *vm) > +{ > + int i; > + int rc = -1; > + int nr_cpuid_configs = 4; > + struct kvm_tdx_capabilities *tdx_cap = NULL; > + > + do { > + nr_cpuid_configs *= 2; > + > + tdx_cap = realloc( > + tdx_cap, sizeof(*tdx_cap) + > + nr_cpuid_configs * sizeof(*tdx_cap->cpuid_configs)); > + TEST_ASSERT(tdx_cap != NULL, > + "Could not allocate memory for tdx capability nr_cpuid_configs %d\n", > + nr_cpuid_configs); > + > + tdx_cap->nr_cpuid_configs = nr_cpuid_configs; > + rc = _tdx_ioctl(vm->fd, KVM_TDX_CAPABILITIES, 0, tdx_cap); > + } while (rc < 0 && errno == E2BIG); > + > + TEST_ASSERT(rc == 0, "KVM_TDX_CAPABILITIES failed: %d %d", > + rc, errno); > + > + pr_debug("tdx_cap: attrs: fixed0 0x%016llx fixed1 0x%016llx\n" > + "tdx_cap: xfam fixed0 0x%016llx fixed1 0x%016llx\n", > + tdx_cap->attrs_fixed0, tdx_cap->attrs_fixed1, > + tdx_cap->xfam_fixed0, tdx_cap->xfam_fixed1); > + > + for (i = 0; i < tdx_cap->nr_cpuid_configs; i++) { > + const struct kvm_tdx_cpuid_config *config = > + &tdx_cap->cpuid_configs[i]; > + pr_debug("cpuid config[%d]: leaf 0x%x sub_leaf 0x%x eax 0x%08x ebx 0x%08x ecx 0x%08x edx 0x%08x\n", > + i, config->leaf, config->sub_leaf, > + config->eax, config->ebx, config->ecx, config->edx); > + } > + > + return tdx_cap; > +} > + > #define XFEATURE_MASK_CET (XFEATURE_MASK_CET_USER | XFEATURE_MASK_CET_KERNEL) > > static void tdx_apply_cpuid_restrictions(struct kvm_cpuid2 *cpuid_data) > @@ -78,6 +124,21 @@ static void tdx_apply_cpuid_restrictions(struct kvm_cpuid2 *cpuid_data) > } > } > > +static void tdx_check_attributes(struct kvm_vm *vm, uint64_t attributes) > +{ > + struct kvm_tdx_capabilities *tdx_cap; > + > + tdx_cap = tdx_read_capabilities(vm); > + > + /* TDX spec: any bits 0 in attrs_fixed0 must be 0 in attributes */ > + TEST_ASSERT_EQ(attributes & ~tdx_cap->attrs_fixed0, 0); > + > + /* TDX spec: any bits 1 in attrs_fixed1 must be 1 in attributes */ > + TEST_ASSERT_EQ(attributes & tdx_cap->attrs_fixed1, tdx_cap->attrs_fixed1); > + > + free(tdx_cap); > +} > + > static void tdx_td_init(struct kvm_vm *vm, uint64_t attributes) > { > const struct kvm_cpuid2 *cpuid; > @@ -91,6 +152,8 @@ static void tdx_td_init(struct kvm_vm *vm, uint64_t attributes) > memset(init_vm, 0, sizeof(*init_vm)); > memcpy(&init_vm->cpuid, cpuid, kvm_cpuid2_size(cpuid->nent)); > > + tdx_check_attributes(vm, attributes); > + > init_vm->attributes = attributes; > > tdx_apply_cpuid_restrictions(&init_vm->cpuid);
diff --git a/tools/testing/selftests/kvm/lib/x86_64/tdx/tdx_util.c b/tools/testing/selftests/kvm/lib/x86_64/tdx/tdx_util.c index 9b69c733ce01..6b995c3f6153 100644 --- a/tools/testing/selftests/kvm/lib/x86_64/tdx/tdx_util.c +++ b/tools/testing/selftests/kvm/lib/x86_64/tdx/tdx_util.c @@ -27,10 +27,9 @@ static char *tdx_cmd_str[] = { }; #define TDX_MAX_CMD_STR (ARRAY_SIZE(tdx_cmd_str)) -static void tdx_ioctl(int fd, int ioctl_no, uint32_t flags, void *data) +static int _tdx_ioctl(int fd, int ioctl_no, uint32_t flags, void *data) { struct kvm_tdx_cmd tdx_cmd; - int r; TEST_ASSERT(ioctl_no < TDX_MAX_CMD_STR, "Unknown TDX CMD : %d\n", ioctl_no); @@ -40,11 +39,58 @@ static void tdx_ioctl(int fd, int ioctl_no, uint32_t flags, void *data) tdx_cmd.flags = flags; tdx_cmd.data = (uint64_t)data; - r = ioctl(fd, KVM_MEMORY_ENCRYPT_OP, &tdx_cmd); + return ioctl(fd, KVM_MEMORY_ENCRYPT_OP, &tdx_cmd); +} + +static void tdx_ioctl(int fd, int ioctl_no, uint32_t flags, void *data) +{ + int r; + + r = _tdx_ioctl(fd, ioctl_no, flags, data); TEST_ASSERT(r == 0, "%s failed: %d %d", tdx_cmd_str[ioctl_no], r, errno); } +static struct kvm_tdx_capabilities *tdx_read_capabilities(struct kvm_vm *vm) +{ + int i; + int rc = -1; + int nr_cpuid_configs = 4; + struct kvm_tdx_capabilities *tdx_cap = NULL; + + do { + nr_cpuid_configs *= 2; + + tdx_cap = realloc( + tdx_cap, sizeof(*tdx_cap) + + nr_cpuid_configs * sizeof(*tdx_cap->cpuid_configs)); + TEST_ASSERT(tdx_cap != NULL, + "Could not allocate memory for tdx capability nr_cpuid_configs %d\n", + nr_cpuid_configs); + + tdx_cap->nr_cpuid_configs = nr_cpuid_configs; + rc = _tdx_ioctl(vm->fd, KVM_TDX_CAPABILITIES, 0, tdx_cap); + } while (rc < 0 && errno == E2BIG); + + TEST_ASSERT(rc == 0, "KVM_TDX_CAPABILITIES failed: %d %d", + rc, errno); + + pr_debug("tdx_cap: attrs: fixed0 0x%016llx fixed1 0x%016llx\n" + "tdx_cap: xfam fixed0 0x%016llx fixed1 0x%016llx\n", + tdx_cap->attrs_fixed0, tdx_cap->attrs_fixed1, + tdx_cap->xfam_fixed0, tdx_cap->xfam_fixed1); + + for (i = 0; i < tdx_cap->nr_cpuid_configs; i++) { + const struct kvm_tdx_cpuid_config *config = + &tdx_cap->cpuid_configs[i]; + pr_debug("cpuid config[%d]: leaf 0x%x sub_leaf 0x%x eax 0x%08x ebx 0x%08x ecx 0x%08x edx 0x%08x\n", + i, config->leaf, config->sub_leaf, + config->eax, config->ebx, config->ecx, config->edx); + } + + return tdx_cap; +} + #define XFEATURE_MASK_CET (XFEATURE_MASK_CET_USER | XFEATURE_MASK_CET_KERNEL) static void tdx_apply_cpuid_restrictions(struct kvm_cpuid2 *cpuid_data) @@ -78,6 +124,21 @@ static void tdx_apply_cpuid_restrictions(struct kvm_cpuid2 *cpuid_data) } } +static void tdx_check_attributes(struct kvm_vm *vm, uint64_t attributes) +{ + struct kvm_tdx_capabilities *tdx_cap; + + tdx_cap = tdx_read_capabilities(vm); + + /* TDX spec: any bits 0 in attrs_fixed0 must be 0 in attributes */ + TEST_ASSERT_EQ(attributes & ~tdx_cap->attrs_fixed0, 0); + + /* TDX spec: any bits 1 in attrs_fixed1 must be 1 in attributes */ + TEST_ASSERT_EQ(attributes & tdx_cap->attrs_fixed1, tdx_cap->attrs_fixed1); + + free(tdx_cap); +} + static void tdx_td_init(struct kvm_vm *vm, uint64_t attributes) { const struct kvm_cpuid2 *cpuid; @@ -91,6 +152,8 @@ static void tdx_td_init(struct kvm_vm *vm, uint64_t attributes) memset(init_vm, 0, sizeof(*init_vm)); memcpy(&init_vm->cpuid, cpuid, kvm_cpuid2_size(cpuid->nent)); + tdx_check_attributes(vm, attributes); + init_vm->attributes = attributes; tdx_apply_cpuid_restrictions(&init_vm->cpuid);