From patchwork Wed Jul 10 22:05:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Pratik R. Sampat" X-Patchwork-Id: 13729748 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2069.outbound.protection.outlook.com [40.107.92.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F3626127E18; Wed, 10 Jul 2024 22:06:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.69 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720649171; cv=fail; b=LU7zWgFtXbl4FNlq4gmeFnJWTWE5iBDNdvkMXbdIRhwnQdOOV4i7eapC0OQERTw4osIr6rxCiT532Aqh9oiD/0dEvAnRyQw4UbeDAPguyTOzPqqLQDGbk0FpCrN5aShhb7qcSwhjHOJRPwRAgwTY8v3Erk1GYX42vHJ15tEm3y0= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720649171; c=relaxed/simple; bh=26qztKqeOuRmGJ53tZ53SadDDNnkqYnk5QiTb6H0wWE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=nyc0HnNjH4ljrNXVFVADorb18/ntNS3fJQGIbFVqvU0yo7Tb581w6KdlEzHwoIKmwLYT15MfEiqqAAmk0cGkxED21yHT0bhg1x7sSKHVufRq4TUkGahs1vCSdwd9ERJky7BRHWAFeEF9hLbcVZ6uBeL/Q1NN6TGqwdldXQqmXZg= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=KBGm5n+R; arc=fail smtp.client-ip=40.107.92.69 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="KBGm5n+R" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=W8sZ1eRsTaObEBHDgrNvQZu4mMA4wQWx11WuIIRHL1ADjbhGNAeHXQqQ1+0mGuUaezH1xtxVYbEsS6vlzdqiuN6Haoq7tBYrWWTu605zqqm0V5e+Q/FWZsdK+TCBwlUW21X/mk8jkHfvrXhcoGt0DmfO3tziG+q6x7InQXl7qXg1hKVwyqOThGd71mBCWmp+B3vtk1FErTozxUJ6llep2B85JI8tbdZbPIs2YLdeKyUQTvTGRxmJ8wgAr8XhwKpvO88I/BAyAITiuGLYzV92A9kGnfUB03PdHUYkK3Nq/KcYQj6JavmGM7v5j+0GYv9+NTPAWgh6MCCgDwB9f/GQ0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=H2aR+9j2Vgbi/ow8TksJUGzvT9sJHq1KTRdu06EH2UY=; b=YjiJhfKhjoWMQw1GNWqqz86HYFc1ToOaeBZXW+uixFRpEeNhed18bzDr1lLhg/0oKXn+DiXn5DIbAHPhRxaHNX6Jr8xa9r7zqwJYtMJ6MnKr3N/bfSAuySMWNRM8WtFgc4eOW2vxZbVQhGg+ELVCEkzwZmY7iavxCZ7DTwdxkzxxFmyQZms3xm1T39g5Hq5BuCZey60TMIiKqJ2MEyoQI87wmndJfkhZ7H1EpaKwDYIcL/ok4x03XG2LdfQynRCarEDxK95FhbN82+PsVeUgOUvOEjm4gNGLiHo8i3bzGMxkZn3QHXFkEL/No5j2u/cyNQylYOinncN7jt4Z080+BQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=H2aR+9j2Vgbi/ow8TksJUGzvT9sJHq1KTRdu06EH2UY=; b=KBGm5n+RPEETMAqK7fQmemJHENS8CxiCgSe74zj5q3SBbg1RzgKT9Rk2lzfD72/CiERYYuAlqKQzHCUr/kNL9BQyG68cAfcvA/fiC33kdyPVd3Ud7zBTwGu32M7O/Vt0iIKsasLdUoGf2/Zop8j0PObp04rPRleIulXEZwKrrFo= Received: from MN2PR15CA0016.namprd15.prod.outlook.com (2603:10b6:208:1b4::29) by SN7PR12MB6887.namprd12.prod.outlook.com (2603:10b6:806:261::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.36; Wed, 10 Jul 2024 22:06:05 +0000 Received: from BL02EPF00021F69.namprd02.prod.outlook.com (2603:10b6:208:1b4:cafe::4e) by MN2PR15CA0016.outlook.office365.com (2603:10b6:208:1b4::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.36 via Frontend Transport; Wed, 10 Jul 2024 22:06:05 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL02EPF00021F69.mail.protection.outlook.com (10.167.249.5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7762.17 via Frontend Transport; Wed, 10 Jul 2024 22:06:04 +0000 Received: from AUSPRSAMPAT.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 10 Jul 2024 17:06:01 -0500 From: "Pratik R. Sampat" To: CC: , , , , , , , Subject: [RFC 1/5] selftests: KVM: Add a basic SNP smoke test Date: Wed, 10 Jul 2024 17:05:36 -0500 Message-ID: <20240710220540.188239-2-pratikrajesh.sampat@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240710220540.188239-1-pratikrajesh.sampat@amd.com> References: <20240710220540.188239-1-pratikrajesh.sampat@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL02EPF00021F69:EE_|SN7PR12MB6887:EE_ X-MS-Office365-Filtering-Correlation-Id: f2c39ec3-e3e8-4ca1-69f3-08dca12c7e69 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|1800799024|36860700013|376014; X-Microsoft-Antispam-Message-Info: rtwzP9K0WYs0f/mQs3xTtqcyw5CsTEH/i/Sp6R5LdftAlLdhgQAj0thZYjsSiRRRWv83ym/fvadmsWmmXTzZZiAI6Bg53MSBZ200djKoIjOXDi3HDRWnWa+VZFfO/I3ejxKVB/+Q5yoyxTy/6vXVunHXDU53cp46vvHLLERlhGMJPmhn/ei0QrcvwHjSthaE/Nc3Yug0AuMHYDZ7P6FCJ5p9OZXbu07qXH8F8Vml8k1Q8xvorXoGLMNS7bazpfGgx6eTkJyz2sDsYcwwiPqRLSrfUPkT3VMvh3LeokWN3BRnWP6NmZfbaY8URHL9AE7CqAFvKvr2/u1IlaRvXTMMAdDNhzgcCJJ4jd5D47LwAxeJsK6Ii6ylSRggDVXMtUPen2MZVANmV0kvP7FYDBxnPzKDcZv9yNUh2d/59s9qTVcczyyHuypzHfHC2KhnCRPfztW9gPEiAJsAlHt0nj8NVaxpdtGnqRM1nJtst58hYBvpeUndk9gxEDHeSwM6SccZ48yiDTPAhCl6D5+z9u/39d/fCEkWobsgRiZvWGmG6OBQjYfZVXCDk3FtFhn//R9ye48F0Zz9g5/4eCY31wB0yeAy6OFZK6A1ImST1TnDcvvm0LVA3gyGV9DdPoVevdyx1/SwvXcuzZUTKKSjcD/GMnld40Hm9eBRcqel4Z2NbQiG95f0ZVVd5SEkACEk2eBOte7tdy3aihbYVAPvk6pZz0SlX/XzLlkvslkkojP7TdMq6FLIPG8gfO7GPC7q4cTbsG32nkcPJol7eQsMu+UTpbz0jST5RvCyG8rKntwCIenPrIsV4tHB2wOHStSjDJIMH6uZka0Gv/lIHNfjzaHrltWrw3bXOMJP6jYqxiWp1ovcjEeslysvdE8o9Kgk/fckwCyS+3nygqED232xbEjOWw/JC3jCh17lREPWaSghxPxSBiFRLgNkYo0wgEMjNcrJhWN7UUNpVACQ/WvgkAmrTGXM2Zn/8IJKohktwW9cu5+ChToo1ebMtO5PCXp2xUieSeL78wCn8LoeGCwWesGNoIbnMRgIiRWRF/1jw1+bZ1WAc9UkfvAJZjRDOw64sRanuEy47f2dEQ46Ovuz+AdzUUnv1VzIBgFLgTt0I/YjrQgt2NjtzSiAgoOQBNTL62xLkcg95XYNBv4oyb5ukqHGnFKpXlgpdVy6OnQEAgSUJxID5/C4shjZBCsLCn0llWecnhZGxfYC1n0HnaGFarmAHnze2EjO+r/npjH8dCnkwND1L2lw2tRT+HW3rOgTK0J9tVFOL+cf0TMmfHNJzROOSz/atBpAFyOfm/5r91rkzBIAxvb+AB2puOxNe2f9inR8eDLtXIPzhjdG3+v/1uVXzW3WT59pcL7RR1HAzmdIwd8B7QijBhrVhQQNlNKfsI1iGrCaFjTaco+hwPL/vsY7/stAh2QRMAhPUGnR3er7o2wAMI7wRkGopx2AUOFCJTF9 X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(1800799024)(36860700013)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jul 2024 22:06:04.8738 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f2c39ec3-e3e8-4ca1-69f3-08dca12c7e69 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL02EPF00021F69.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB6887 Extend sev_smoke_test to also run a minimal SEV-SNP smoke test that initializes and sets up private memory regions required to run a simple SEV-SNP guest. Similar to it's SEV-ES smoke test counterpart, this also does not support GHCB and ucall yet and uses the GHCB MSR protocol to trigger an exit of the type KVM_EXIT_SYSTEM_EVENT. Also, decouple policy and type and require functions to provide both such that there is no assumption regarding the type using policy. Signed-off-by: Pratik R. Sampat Tested-by: Peter Gonda --- .../selftests/kvm/include/x86_64/processor.h | 1 + .../selftests/kvm/include/x86_64/sev.h | 29 ++++++++ tools/testing/selftests/kvm/lib/kvm_util.c | 7 +- .../selftests/kvm/lib/x86_64/processor.c | 6 +- tools/testing/selftests/kvm/lib/x86_64/sev.c | 70 ++++++++++++++++++- .../selftests/kvm/x86_64/sev_smoke_test.c | 51 ++++++++++---- 6 files changed, 146 insertions(+), 18 deletions(-) diff --git a/tools/testing/selftests/kvm/include/x86_64/processor.h b/tools/testing/selftests/kvm/include/x86_64/processor.h index 8eb57de0b587..5683fc9794e4 100644 --- a/tools/testing/selftests/kvm/include/x86_64/processor.h +++ b/tools/testing/selftests/kvm/include/x86_64/processor.h @@ -194,6 +194,7 @@ struct kvm_x86_cpu_feature { #define X86_FEATURE_VGIF KVM_X86_CPU_FEATURE(0x8000000A, 0, EDX, 16) #define X86_FEATURE_SEV KVM_X86_CPU_FEATURE(0x8000001F, 0, EAX, 1) #define X86_FEATURE_SEV_ES KVM_X86_CPU_FEATURE(0x8000001F, 0, EAX, 3) +#define X86_FEATURE_SNP KVM_X86_CPU_FEATURE(0x8000001F, 0, EAX, 4) /* * KVM defined paravirt features. diff --git a/tools/testing/selftests/kvm/include/x86_64/sev.h b/tools/testing/selftests/kvm/include/x86_64/sev.h index 82c11c81a956..43b6c52831b2 100644 --- a/tools/testing/selftests/kvm/include/x86_64/sev.h +++ b/tools/testing/selftests/kvm/include/x86_64/sev.h @@ -22,8 +22,17 @@ enum sev_guest_state { SEV_GUEST_STATE_RUNNING, }; +/* Minimum firmware version required for the SEV-SNP support */ +#define SNP_FW_REQ_VER_MAJOR 1 +#define SNP_FW_REQ_VER_MINOR 51 + #define SEV_POLICY_NO_DBG (1UL << 0) #define SEV_POLICY_ES (1UL << 2) +#define SNP_POLICY_ABI_MINOR (1ULL << 0) +#define SNP_POLICY_ABI_MAJOR (1ULL << 8) +#define SNP_POLICY_SMT (1ULL << 16) +#define SNP_POLICY_RSVD_MBO (1ULL << 17) +#define SNP_POLICY_DBG (1ULL << 19) #define GHCB_MSR_TERM_REQ 0x100 @@ -31,6 +40,12 @@ void sev_vm_launch(struct kvm_vm *vm, uint32_t policy); void sev_vm_launch_measure(struct kvm_vm *vm, uint8_t *measurement); void sev_vm_launch_finish(struct kvm_vm *vm); +bool is_kvm_snp_supported(void); + +void snp_vm_launch(struct kvm_vm *vm, uint32_t policy); +void snp_vm_launch_update(struct kvm_vm *vm); +void snp_vm_launch_finish(struct kvm_vm *vm); + struct kvm_vm *vm_sev_create_with_one_vcpu(uint32_t type, void *guest_code, struct kvm_vcpu **cpu); void vm_sev_launch(struct kvm_vm *vm, uint32_t policy, uint8_t *measurement); @@ -70,6 +85,7 @@ kvm_static_assert(SEV_RET_SUCCESS == 0); void sev_vm_init(struct kvm_vm *vm); void sev_es_vm_init(struct kvm_vm *vm); +void snp_vm_init(struct kvm_vm *vm); static inline void sev_register_encrypted_memory(struct kvm_vm *vm, struct userspace_mem_region *region) @@ -82,6 +98,19 @@ static inline void sev_register_encrypted_memory(struct kvm_vm *vm, vm_ioctl(vm, KVM_MEMORY_ENCRYPT_REG_REGION, &range); } +static inline void snp_launch_update_data(struct kvm_vm *vm, vm_paddr_t gpa, + uint64_t size, uint8_t type) +{ + struct kvm_sev_snp_launch_update update_data = { + .uaddr = (unsigned long)addr_gpa2hva(vm, gpa), + .gfn_start = gpa >> PAGE_SHIFT, + .len = size, + .type = type, + }; + + vm_sev_ioctl(vm, KVM_SEV_SNP_LAUNCH_UPDATE, &update_data); +} + static inline void sev_launch_update_data(struct kvm_vm *vm, vm_paddr_t gpa, uint64_t size) { diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/selftests/kvm/lib/kvm_util.c index ad00e4761886..4c00a96f9b80 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -412,14 +412,17 @@ struct kvm_vm *__vm_create(struct vm_shape shape, uint32_t nr_runnable_vcpus, nr_extra_pages); struct userspace_mem_region *slot0; struct kvm_vm *vm; - int i; + int i, flags = 0; pr_debug("%s: mode='%s' type='%d', pages='%ld'\n", __func__, vm_guest_mode_string(shape.mode), shape.type, nr_pages); vm = ____vm_create(shape); - vm_userspace_mem_region_add(vm, VM_MEM_SRC_ANONYMOUS, 0, 0, nr_pages, 0); + if (shape.type == KVM_X86_SNP_VM) + flags |= KVM_MEM_GUEST_MEMFD; + + vm_userspace_mem_region_add(vm, VM_MEM_SRC_ANONYMOUS, 0, 0, nr_pages, flags); for (i = 0; i < NR_MEM_REGIONS; i++) vm->memslots[i] = 0; diff --git a/tools/testing/selftests/kvm/lib/x86_64/processor.c b/tools/testing/selftests/kvm/lib/x86_64/processor.c index c664e446136b..d1ea030f6be0 100644 --- a/tools/testing/selftests/kvm/lib/x86_64/processor.c +++ b/tools/testing/selftests/kvm/lib/x86_64/processor.c @@ -623,7 +623,8 @@ void kvm_arch_vm_post_create(struct kvm_vm *vm) sync_global_to_guest(vm, host_cpu_is_amd); sync_global_to_guest(vm, is_forced_emulation_enabled); - if (vm->type == KVM_X86_SEV_VM || vm->type == KVM_X86_SEV_ES_VM) { + if (vm->type == KVM_X86_SEV_VM || vm->type == KVM_X86_SEV_ES_VM || + vm->type == KVM_X86_SNP_VM) { struct kvm_sev_init init = { 0 }; vm_sev_ioctl(vm, KVM_SEV_INIT2, &init); @@ -1127,7 +1128,8 @@ void kvm_get_cpu_address_width(unsigned int *pa_bits, unsigned int *va_bits) void kvm_init_vm_address_properties(struct kvm_vm *vm) { - if (vm->type == KVM_X86_SEV_VM || vm->type == KVM_X86_SEV_ES_VM) { + if (vm->type == KVM_X86_SEV_VM || vm->type == KVM_X86_SEV_ES_VM || + vm->type == KVM_X86_SNP_VM) { vm->arch.sev_fd = open_sev_dev_path_or_exit(); vm->arch.c_bit = BIT_ULL(this_cpu_property(X86_PROPERTY_SEV_C_BIT)); vm->gpa_tag_mask = vm->arch.c_bit; diff --git a/tools/testing/selftests/kvm/lib/x86_64/sev.c b/tools/testing/selftests/kvm/lib/x86_64/sev.c index e9535ee20b7f..90231c578aca 100644 --- a/tools/testing/selftests/kvm/lib/x86_64/sev.c +++ b/tools/testing/selftests/kvm/lib/x86_64/sev.c @@ -24,12 +24,19 @@ static void encrypt_region(struct kvm_vm *vm, struct userspace_mem_region *regio if (!sparsebit_any_set(protected_phy_pages)) return; - sev_register_encrypted_memory(vm, region); + if (vm->type == KVM_X86_SEV_VM || vm->type == KVM_X86_SEV_ES_VM) + sev_register_encrypted_memory(vm, region); sparsebit_for_each_set_range(protected_phy_pages, i, j) { const uint64_t size = (j - i + 1) * vm->page_size; const uint64_t offset = (i - lowest_page_in_region) * vm->page_size; + if (vm->type == KVM_X86_SNP_VM) { + vm_mem_set_private(vm, gpa_base + offset, size); + snp_launch_update_data(vm, gpa_base + offset, size, + KVM_SEV_SNP_PAGE_TYPE_NORMAL); + continue; + } sev_launch_update_data(vm, gpa_base + offset, size); } } @@ -60,6 +67,14 @@ void sev_es_vm_init(struct kvm_vm *vm) } } +void snp_vm_init(struct kvm_vm *vm) +{ + struct kvm_sev_init init = { 0 }; + + assert(vm->type == KVM_X86_SNP_VM); + vm_sev_ioctl(vm, KVM_SEV_INIT2, &init); +} + void sev_vm_launch(struct kvm_vm *vm, uint32_t policy) { struct kvm_sev_launch_start launch_start = { @@ -112,6 +127,51 @@ void sev_vm_launch_finish(struct kvm_vm *vm) TEST_ASSERT_EQ(status.state, SEV_GUEST_STATE_RUNNING); } +void snp_vm_launch(struct kvm_vm *vm, uint32_t policy) +{ + struct kvm_sev_snp_launch_start launch_start = { + .policy = policy, + }; + + vm_sev_ioctl(vm, KVM_SEV_SNP_LAUNCH_START, &launch_start); +} + +void snp_vm_launch_update(struct kvm_vm *vm) +{ + struct userspace_mem_region *region; + int ctr; + + hash_for_each(vm->regions.slot_hash, ctr, region, slot_node) + encrypt_region(vm, region); + + vm->arch.is_pt_protected = true; +} + +void snp_vm_launch_finish(struct kvm_vm *vm) +{ + struct kvm_sev_snp_launch_finish launch_finish = { 0 }; + + vm_sev_ioctl(vm, KVM_SEV_SNP_LAUNCH_FINISH, &launch_finish); +} + +bool is_kvm_snp_supported(void) +{ + int sev_fd = open_sev_dev_path_or_exit(); + struct sev_user_data_status sev_status; + + struct sev_issue_cmd arg = { + .cmd = SEV_PLATFORM_STATUS, + .data = (unsigned long)&sev_status, + }; + + kvm_ioctl(sev_fd, SEV_ISSUE_CMD, &arg); + close(sev_fd); + + return sev_status.api_major > SNP_FW_REQ_VER_MAJOR || + (sev_status.api_major == SNP_FW_REQ_VER_MAJOR && + sev_status.api_minor >= SNP_FW_REQ_VER_MINOR); +} + struct kvm_vm *vm_sev_create_with_one_vcpu(uint32_t type, void *guest_code, struct kvm_vcpu **cpu) { @@ -130,6 +190,14 @@ struct kvm_vm *vm_sev_create_with_one_vcpu(uint32_t type, void *guest_code, void vm_sev_launch(struct kvm_vm *vm, uint32_t policy, uint8_t *measurement) { + if (vm->type == KVM_X86_SNP_VM) { + vm_enable_cap(vm, KVM_CAP_EXIT_HYPERCALL, (1 << KVM_HC_MAP_GPA_RANGE)); + snp_vm_launch(vm, policy); + snp_vm_launch_update(vm); + snp_vm_launch_finish(vm); + return; + } + sev_vm_launch(vm, policy); if (!measurement) diff --git a/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c b/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c index 7c70c0da4fb7..1a50a280173c 100644 --- a/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c +++ b/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c @@ -16,6 +16,16 @@ #define XFEATURE_MASK_X87_AVX (XFEATURE_MASK_FP | XFEATURE_MASK_SSE | XFEATURE_MASK_YMM) +static void guest_snp_code(void) +{ + GUEST_ASSERT(rdmsr(MSR_AMD64_SEV) & MSR_AMD64_SEV_ENABLED); + GUEST_ASSERT(rdmsr(MSR_AMD64_SEV) & MSR_AMD64_SEV_ES_ENABLED); + GUEST_ASSERT(rdmsr(MSR_AMD64_SEV) & MSR_AMD64_SEV_SNP_ENABLED); + + wrmsr(MSR_AMD64_SEV_ES_GHCB, GHCB_MSR_TERM_REQ); + __asm__ __volatile__("rep; vmmcall"); +} + static void guest_sev_es_code(void) { /* TODO: Check CPUID after GHCB-based hypercall support is added. */ @@ -61,7 +71,7 @@ static void compare_xsave(u8 *from_host, u8 *from_guest) abort(); } -static void test_sync_vmsa(uint32_t policy) +static void test_sync_vmsa(uint32_t type, uint32_t policy) { struct kvm_vcpu *vcpu; struct kvm_vm *vm; @@ -77,7 +87,10 @@ static void test_sync_vmsa(uint32_t policy) .xcrs[0].value = XFEATURE_MASK_X87_AVX, }; - vm = vm_sev_create_with_one_vcpu(KVM_X86_SEV_ES_VM, guest_code_xsave, &vcpu); + TEST_ASSERT(type != KVM_X86_SEV_VM, + "sync_vmsa only supported for SEV-ES and SNP VM types"); + + vm = vm_sev_create_with_one_vcpu(type, guest_code_xsave, &vcpu); gva = vm_vaddr_alloc_shared(vm, PAGE_SIZE, KVM_UTIL_MIN_VADDR, MEM_REGION_TEST_DATA); hva = addr_gva2hva(vm, gva); @@ -99,7 +112,7 @@ static void test_sync_vmsa(uint32_t policy) : "ymm4", "st", "st(1)", "st(2)", "st(3)", "st(4)", "st(5)", "st(6)", "st(7)"); vcpu_xsave_set(vcpu, &xsave); - vm_sev_launch(vm, SEV_POLICY_ES | policy, NULL); + vm_sev_launch(vm, policy, NULL); /* This page is shared, so make it decrypted. */ memset(hva, 0, 4096); @@ -118,14 +131,12 @@ static void test_sync_vmsa(uint32_t policy) kvm_vm_free(vm); } -static void test_sev(void *guest_code, uint64_t policy) +static void test_sev(void *guest_code, uint32_t type, uint64_t policy) { struct kvm_vcpu *vcpu; struct kvm_vm *vm; struct ucall uc; - uint32_t type = policy & SEV_POLICY_ES ? KVM_X86_SEV_ES_VM : KVM_X86_SEV_VM; - vm = vm_sev_create_with_one_vcpu(type, guest_code, &vcpu); /* TODO: Validate the measurement is as expected. */ @@ -134,7 +145,7 @@ static void test_sev(void *guest_code, uint64_t policy) for (;;) { vcpu_run(vcpu); - if (policy & SEV_POLICY_ES) { + if (vm->type == KVM_X86_SEV_ES_VM || vm->type == KVM_X86_SNP_VM) { TEST_ASSERT(vcpu->run->exit_reason == KVM_EXIT_SYSTEM_EVENT, "Wanted SYSTEM_EVENT, got %s", exit_reason_str(vcpu->run->exit_reason)); @@ -164,17 +175,31 @@ int main(int argc, char *argv[]) { TEST_REQUIRE(kvm_cpu_has(X86_FEATURE_SEV)); - test_sev(guest_sev_code, SEV_POLICY_NO_DBG); - test_sev(guest_sev_code, 0); + test_sev(guest_sev_code, KVM_X86_SEV_VM, SEV_POLICY_NO_DBG); + test_sev(guest_sev_code, KVM_X86_SEV_VM, 0); if (kvm_cpu_has(X86_FEATURE_SEV_ES)) { - test_sev(guest_sev_es_code, SEV_POLICY_ES | SEV_POLICY_NO_DBG); - test_sev(guest_sev_es_code, SEV_POLICY_ES); + test_sev(guest_sev_es_code, KVM_X86_SEV_ES_VM, SEV_POLICY_ES | SEV_POLICY_NO_DBG); + test_sev(guest_sev_es_code, KVM_X86_SEV_ES_VM, SEV_POLICY_ES); + + if (kvm_has_cap(KVM_CAP_XCRS) && + (xgetbv(0) & XFEATURE_MASK_X87_AVX) == XFEATURE_MASK_X87_AVX) { + test_sync_vmsa(KVM_X86_SEV_ES_VM, SEV_POLICY_ES); + test_sync_vmsa(KVM_X86_SEV_ES_VM, SEV_POLICY_ES | SEV_POLICY_NO_DBG); + } + } + + if (kvm_cpu_has(X86_FEATURE_SNP) && is_kvm_snp_supported()) { + test_sev(guest_snp_code, KVM_X86_SNP_VM, SNP_POLICY_SMT | SNP_POLICY_RSVD_MBO); + /* Test minimum firmware level */ + test_sev(guest_snp_code, KVM_X86_SNP_VM, + SNP_POLICY_SMT | SNP_POLICY_RSVD_MBO | + (SNP_FW_REQ_VER_MAJOR * SNP_POLICY_ABI_MAJOR) | + (SNP_FW_REQ_VER_MINOR * SNP_POLICY_ABI_MINOR)); if (kvm_has_cap(KVM_CAP_XCRS) && (xgetbv(0) & XFEATURE_MASK_X87_AVX) == XFEATURE_MASK_X87_AVX) { - test_sync_vmsa(0); - test_sync_vmsa(SEV_POLICY_NO_DBG); + test_sync_vmsa(KVM_X86_SNP_VM, SNP_POLICY_SMT | SNP_POLICY_RSVD_MBO); } } From patchwork Wed Jul 10 22:05:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Pratik R. Sampat" X-Patchwork-Id: 13729749 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2078.outbound.protection.outlook.com [40.107.236.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D8EF91494B9; Wed, 10 Jul 2024 22:06:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.78 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720649183; cv=fail; b=NiBPTOUDGx4HQagweqYcnnhniQFgGqGoCYIV8Sj/0FasZ+mfoU7vkVkD2Efl92cqdCm8creMQ0J9dNVHCT/yZx1FZxTm6LlsOuaFIoU95bh2dSjQw3NSeCypIwL7ywM3sL/a5/GOdSlHhohbkj/UFsgd5SznJETDs2zgLWuAZvA= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720649183; c=relaxed/simple; bh=eYW9oWp7xlAp3Fbw8UhmH2VJH/koBhf74Lg98FpK2hM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=m+AF9/C7u4vtwLLIuuTL0OpIwIw7ut5K/gqcUJ1iMOFrEO/rSDUX1PxR5sYB/jKPgxAmsAfB0zwtFJTBvfvISAcKA18SDTxZnv4N7OOhj/ASBy+1yxcZVwoja0HOXub9zulUuBQKtBrWK8AFMWo4LwZbfOSBYiePEFU/QL4zpFc= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=bnTrxLu+; arc=fail smtp.client-ip=40.107.236.78 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="bnTrxLu+" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F+gsHM04jQCSyJkhOfiX6sG2c0D3zn0peon9EUBh49kz643ZezMEsiKkTeO7qa+hsJMxcM70U3bAhfNR4uLqEdY4K8J74Ri0Sr9QJ3w2JK9ar7GmAcl2PmccDPUWXqwk/fQpP5lnyDnk2INH5ZfQ8tpnYRg3Ch4wBJdOQiCuohlMeUgUurUkyRLac40WbPANfilvBby19wHBf9aWJy+tztO0ryLZSJvhht/Rx8pmQN4EIdoVLMsOgs4Iuhkm1lzIbWcZC9iyKrUQYTI/gN6deRZNw/1dBeXFyHCaANDnd6CozfHNVud5pUrPviROPtgGqMzujaGu/tEYqP5/QZ+wAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+oc0bjhKzn8c1pi+aPWN2txh2+UfjYsqqFj9QNubWo4=; b=U4o7Z6Ir0aChdg5Pyq6H6zJr+y6RouopBp1HR2kspRJ15SO+UiFumdF8zyiklgZlfYDWWlcxPVJU1re/O6hl++3izxousKs3f6MPn08MYxZArNx3pZsPsjF9/3T4KUN49ugYYtLj9PYkzFZYlZl5vrlkIBunE7M2QmGO74CaQL2jIzkA8AifyLG+sdMHu+tL+Mhwot2tMUnFGI9yIV3Ynxty122Q1dmaz2/GtoN/sUkcyQglhK/rSb+D6sQn1nG8ULqgXZVFtOtFfk2UaK+/S+ifzVjskP8wvlyEbRttvc3Qjh2A1K/chI3/ixw3rNk13FsXjuYE7MO51K5v9FynHg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+oc0bjhKzn8c1pi+aPWN2txh2+UfjYsqqFj9QNubWo4=; b=bnTrxLu+LtE75jqVrzm+kQx6K8mc/ORllRcjg/7PGiVU/RMSAT4w8QjzJJrkE5Lqa46UaDdYL8Blo+JyWttnE+y7WB6n2Y+/QSjRf6MMT09I5wEdd03ynZ/2OwP0rErQx5bSXhQLhqCf65Uf81cvXwr8/q7MNNlIIuoQqOvRGJY= Received: from BL1PR13CA0072.namprd13.prod.outlook.com (2603:10b6:208:2b8::17) by PH7PR12MB7914.namprd12.prod.outlook.com (2603:10b6:510:27d::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.34; Wed, 10 Jul 2024 22:06:18 +0000 Received: from BL6PEPF0001AB4E.namprd04.prod.outlook.com (2603:10b6:208:2b8:cafe::ba) by BL1PR13CA0072.outlook.office365.com (2603:10b6:208:2b8::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7762.19 via Frontend Transport; Wed, 10 Jul 2024 22:06:18 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF0001AB4E.mail.protection.outlook.com (10.167.242.72) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7762.17 via Frontend Transport; Wed, 10 Jul 2024 22:06:18 +0000 Received: from AUSPRSAMPAT.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 10 Jul 2024 17:06:12 -0500 From: "Pratik R. Sampat" To: CC: , , , , , , , Subject: [RFC 2/5] selftests: KVM: Decouple SEV ioctls from asserts Date: Wed, 10 Jul 2024 17:05:37 -0500 Message-ID: <20240710220540.188239-3-pratikrajesh.sampat@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240710220540.188239-1-pratikrajesh.sampat@amd.com> References: <20240710220540.188239-1-pratikrajesh.sampat@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB4E:EE_|PH7PR12MB7914:EE_ X-MS-Office365-Filtering-Correlation-Id: f3e43660-5dc3-4769-ee22-08dca12c8640 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|36860700013|376014|82310400026; X-Microsoft-Antispam-Message-Info: 3WpyamhSFmaQ7EyedjceSuaeWjYShtIPbG82xWHEzA3AxnmQ0CXv7HSZoIkHqbZgSfqZ7HtFi9yRTJMXzlO3KxnRol7armvGtpkxWihcqhtcSRz6SkedeCQcAXtKtb3zdP+lAEF9s4YRsknJXrOcs0RqOI04a7uZNwNBqmpjO12R13WOS+zt5qbYD0daSTLtat1eHT0ExbxDkrM6n5uJfaKZ6ky+ww9I0gftVTr0bngO2m21hPgIsZsyXAdSuG1T50rkgxLsENoMkFeW0bSb5aYZLXGl2/bHz9Y+9PtLfmyw/dcqlZVhDsPrZxw3skh2kjWTgH70Aa0Tfrft6cIqcvjEiN7hoOdBwAhThXVQGUPfNNq4eQtHZE1Lo8pv8RoFhthxbt28luXVVr61KwbUN5zQhnMX6SUMctqxX4ex4Jmxrun40QkkJWtBgyg9UaNiHMuAVtxCR9wxTbgsMGAoHvlHmohKeX/y72qz8qe8AFcG+B8xP2Ld0fnPCyDLxWJPkPGoO76/F/jZK2Oa45Z/vvweAL329tqhGcqL8KYGZwtGQlXN+zKFOP6mYoI2/XRbTbNfDlfLOxbBECWHznB5jKTScsB9Qa9T4lXTljgJm7GPkUGfhCgDTtiKbu9P4ajIomhDL4TMBt3RgAbWUp4RQP4FSw9NhUshjq9frquoKqkazf7mrDgIhRUoiq/V5QoKI0NEBzshpA37RHfcgeCthjb/o0hO83fB8Hu8RmJ7iEAtPU4meNQqZaGAnKVBfiOHEjXSC/AsQ1IAo/tUVPF0QWALHH8UJ4FFfDv4HebUmgFeq6X0/x8HJiBPDL1hljuw07EtiHQTsuDZFl5uN+ToQFfPW2zyZ8H+ABDXEvQlDoH+x7lD31y2UO1D3bR4Dwhi7meQRoJKeZ63FAZO6PpUaCjZWtRkR9/zNv56+dScK8UV7u/In178LgNeZP9QTqHUCHGJdO6EppwtGZWGhvuVHDKZ8moWiMC2Y1CHsaBAL8J1UL7pc+yY4GLZhbY82BuHICzkay7vGV5pcd+7r/OHf4+7HJ2iv8uyjc5BLxpdFXDbRhKoRzH7rDggMqmhYbp0SIjmHv6b2onpBDi8DTc7aA3szgKq4RLVFzYEDFl7BJ6FM5FC7Zf8mdNvOU9ugPTYylBene2Zfv/51Jb0e5mMPiaeQLTRXEHvE0Aj+5fMp2Vnuz/XUvsEKBLRFwDHLZoVRYdl1yQfvEcgbk1Z9eQCpW5i6fWCsPte2YtvD7zDlssfS1m6nq0KztXFdFrcLPxYcRmFxo8IdkpDT6ZtEzSEuUiDWt0/3WZCeqa2S9LviWqgEaPPIhxz6SsMz3kqDGQtZrl9HFYPXUaEz0hBAmN7jjNXb/3Oipv7ugQHBUAWeuYKSNGNY6uETdYg+OknDcexR4MjQ94pB55Z/aPw1cGHaLtwPUTXDsJEIJCLqxWlw7kqTMAi4mTh2f7CWDNcDAgp X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(36860700013)(376014)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jul 2024 22:06:18.0615 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f3e43660-5dc3-4769-ee22-08dca12c8640 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB4E.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB7914 This commit separates the SEV, SEV-ES, SEV-SNP ioctl calls from its positive test asserts. This is done so that negative tests can be introduced and both kinds of testing can be performed independently using the same base helpers of the ioctl. This commit also adds additional parameters such as flags to improve testing coverage for the ioctls. Cleanups performed with no functional change intended. Signed-off-by: Pratik R. Sampat Tested-by: Peter Gonda --- .../selftests/kvm/include/x86_64/sev.h | 20 +-- tools/testing/selftests/kvm/lib/x86_64/sev.c | 145 ++++++++++++------ 2 files changed, 108 insertions(+), 57 deletions(-) diff --git a/tools/testing/selftests/kvm/include/x86_64/sev.h b/tools/testing/selftests/kvm/include/x86_64/sev.h index 43b6c52831b2..ef99151e13a7 100644 --- a/tools/testing/selftests/kvm/include/x86_64/sev.h +++ b/tools/testing/selftests/kvm/include/x86_64/sev.h @@ -37,14 +37,16 @@ enum sev_guest_state { #define GHCB_MSR_TERM_REQ 0x100 void sev_vm_launch(struct kvm_vm *vm, uint32_t policy); -void sev_vm_launch_measure(struct kvm_vm *vm, uint8_t *measurement); -void sev_vm_launch_finish(struct kvm_vm *vm); +int sev_vm_launch_start(struct kvm_vm *vm, uint32_t policy); +int sev_vm_launch_update(struct kvm_vm *vm, uint32_t policy); +int sev_vm_launch_measure(struct kvm_vm *vm, uint8_t *measurement); +int sev_vm_launch_finish(struct kvm_vm *vm); bool is_kvm_snp_supported(void); -void snp_vm_launch(struct kvm_vm *vm, uint32_t policy); -void snp_vm_launch_update(struct kvm_vm *vm); -void snp_vm_launch_finish(struct kvm_vm *vm); +int snp_vm_launch(struct kvm_vm *vm, uint32_t policy, uint8_t flags); +int snp_vm_launch_update(struct kvm_vm *vm, uint8_t page_type); +int snp_vm_launch_finish(struct kvm_vm *vm, uint16_t flags); struct kvm_vm *vm_sev_create_with_one_vcpu(uint32_t type, void *guest_code, struct kvm_vcpu **cpu); @@ -98,7 +100,7 @@ static inline void sev_register_encrypted_memory(struct kvm_vm *vm, vm_ioctl(vm, KVM_MEMORY_ENCRYPT_REG_REGION, &range); } -static inline void snp_launch_update_data(struct kvm_vm *vm, vm_paddr_t gpa, +static inline int snp_launch_update_data(struct kvm_vm *vm, vm_paddr_t gpa, uint64_t size, uint8_t type) { struct kvm_sev_snp_launch_update update_data = { @@ -108,10 +110,10 @@ static inline void snp_launch_update_data(struct kvm_vm *vm, vm_paddr_t gpa, .type = type, }; - vm_sev_ioctl(vm, KVM_SEV_SNP_LAUNCH_UPDATE, &update_data); + return __vm_sev_ioctl(vm, KVM_SEV_SNP_LAUNCH_UPDATE, &update_data); } -static inline void sev_launch_update_data(struct kvm_vm *vm, vm_paddr_t gpa, +static inline int sev_launch_update_data(struct kvm_vm *vm, vm_paddr_t gpa, uint64_t size) { struct kvm_sev_launch_update_data update_data = { @@ -119,7 +121,7 @@ static inline void sev_launch_update_data(struct kvm_vm *vm, vm_paddr_t gpa, .len = size, }; - vm_sev_ioctl(vm, KVM_SEV_LAUNCH_UPDATE_DATA, &update_data); + return __vm_sev_ioctl(vm, KVM_SEV_LAUNCH_UPDATE_DATA, &update_data); } #endif /* SELFTEST_KVM_SEV_H */ diff --git a/tools/testing/selftests/kvm/lib/x86_64/sev.c b/tools/testing/selftests/kvm/lib/x86_64/sev.c index 90231c578aca..a931a321968f 100644 --- a/tools/testing/selftests/kvm/lib/x86_64/sev.c +++ b/tools/testing/selftests/kvm/lib/x86_64/sev.c @@ -14,15 +14,18 @@ * and find the first range, but that's correct because the condition * expression would cause us to quit the loop. */ -static void encrypt_region(struct kvm_vm *vm, struct userspace_mem_region *region) +static int encrypt_region(struct kvm_vm *vm, + struct userspace_mem_region *region, + uint8_t page_type) { const struct sparsebit *protected_phy_pages = region->protected_phy_pages; const vm_paddr_t gpa_base = region->region.guest_phys_addr; const sparsebit_idx_t lowest_page_in_region = gpa_base >> vm->page_shift; sparsebit_idx_t i, j; + int ret; if (!sparsebit_any_set(protected_phy_pages)) - return; + return 0; if (vm->type == KVM_X86_SEV_VM || vm->type == KVM_X86_SEV_ES_VM) sev_register_encrypted_memory(vm, region); @@ -33,12 +36,18 @@ static void encrypt_region(struct kvm_vm *vm, struct userspace_mem_region *regio if (vm->type == KVM_X86_SNP_VM) { vm_mem_set_private(vm, gpa_base + offset, size); - snp_launch_update_data(vm, gpa_base + offset, size, - KVM_SEV_SNP_PAGE_TYPE_NORMAL); + ret = snp_launch_update_data(vm, gpa_base + offset, size, + page_type); + if (ret) + return ret; continue; } - sev_launch_update_data(vm, gpa_base + offset, size); + ret = sev_launch_update_data(vm, gpa_base + offset, size); + if (ret) + return ret; } + + return 0; } void sev_vm_init(struct kvm_vm *vm) @@ -75,83 +84,97 @@ void snp_vm_init(struct kvm_vm *vm) vm_sev_ioctl(vm, KVM_SEV_INIT2, &init); } -void sev_vm_launch(struct kvm_vm *vm, uint32_t policy) +int sev_vm_launch_start(struct kvm_vm *vm, uint32_t policy) { struct kvm_sev_launch_start launch_start = { .policy = policy, }; - struct userspace_mem_region *region; - struct kvm_sev_guest_status status; - int ctr; - - vm_sev_ioctl(vm, KVM_SEV_LAUNCH_START, &launch_start); - vm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &status); - TEST_ASSERT_EQ(status.policy, policy); - TEST_ASSERT_EQ(status.state, SEV_GUEST_STATE_LAUNCH_UPDATE); + return __vm_sev_ioctl(vm, KVM_SEV_LAUNCH_START, &launch_start); +} - hash_for_each(vm->regions.slot_hash, ctr, region, slot_node) - encrypt_region(vm, region); +int sev_vm_launch_update(struct kvm_vm *vm, uint32_t policy) +{ + struct userspace_mem_region *region; + int ctr, ret; + hash_for_each(vm->regions.slot_hash, ctr, region, slot_node) { + ret = encrypt_region(vm, region, 0); + if (ret) + return ret; + } if (policy & SEV_POLICY_ES) vm_sev_ioctl(vm, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL); vm->arch.is_pt_protected = true; + + return 0; } -void sev_vm_launch_measure(struct kvm_vm *vm, uint8_t *measurement) +void sev_vm_launch(struct kvm_vm *vm, uint32_t policy) { - struct kvm_sev_launch_measure launch_measure; - struct kvm_sev_guest_status guest_status; + struct kvm_sev_guest_status status; + int ret; - launch_measure.len = 256; - launch_measure.uaddr = (__u64)measurement; - vm_sev_ioctl(vm, KVM_SEV_LAUNCH_MEASURE, &launch_measure); + ret = sev_vm_launch_start(vm, policy); + TEST_ASSERT(!ret, KVM_IOCTL_ERROR(KVM_SEV_SNP_LAUNCH_START, ret)); + + vm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &status); + TEST_ASSERT_EQ(status.policy, policy); + TEST_ASSERT_EQ(status.state, SEV_GUEST_STATE_LAUNCH_UPDATE); - vm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &guest_status); - TEST_ASSERT_EQ(guest_status.state, SEV_GUEST_STATE_LAUNCH_SECRET); + ret = sev_vm_launch_update(vm, policy); + TEST_ASSERT(!ret, KVM_IOCTL_ERROR(KVM_SEV_LAUNCH_UPDATE_DATA, ret)); } -void sev_vm_launch_finish(struct kvm_vm *vm) +int sev_vm_launch_measure(struct kvm_vm *vm, uint8_t *measurement) { - struct kvm_sev_guest_status status; + struct kvm_sev_launch_measure launch_measure; - vm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &status); - TEST_ASSERT(status.state == SEV_GUEST_STATE_LAUNCH_UPDATE || - status.state == SEV_GUEST_STATE_LAUNCH_SECRET, - "Unexpected guest state: %d", status.state); + launch_measure.len = 256; + launch_measure.uaddr = (__u64)measurement; - vm_sev_ioctl(vm, KVM_SEV_LAUNCH_FINISH, NULL); + return __vm_sev_ioctl(vm, KVM_SEV_LAUNCH_MEASURE, &launch_measure); +} - vm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &status); - TEST_ASSERT_EQ(status.state, SEV_GUEST_STATE_RUNNING); +int sev_vm_launch_finish(struct kvm_vm *vm) +{ + return __vm_sev_ioctl(vm, KVM_SEV_LAUNCH_FINISH, NULL); } -void snp_vm_launch(struct kvm_vm *vm, uint32_t policy) +int snp_vm_launch(struct kvm_vm *vm, uint32_t policy, uint8_t flags) { struct kvm_sev_snp_launch_start launch_start = { .policy = policy, + .flags = flags, }; - vm_sev_ioctl(vm, KVM_SEV_SNP_LAUNCH_START, &launch_start); + return __vm_sev_ioctl(vm, KVM_SEV_SNP_LAUNCH_START, &launch_start); } -void snp_vm_launch_update(struct kvm_vm *vm) +int snp_vm_launch_update(struct kvm_vm *vm, uint8_t page_type) { struct userspace_mem_region *region; - int ctr; + int ctr, ret; - hash_for_each(vm->regions.slot_hash, ctr, region, slot_node) - encrypt_region(vm, region); + hash_for_each(vm->regions.slot_hash, ctr, region, slot_node) { + ret = encrypt_region(vm, region, page_type); + if (ret) + return ret; + } vm->arch.is_pt_protected = true; + + return 0; } -void snp_vm_launch_finish(struct kvm_vm *vm) +int snp_vm_launch_finish(struct kvm_vm *vm, uint16_t flags) { - struct kvm_sev_snp_launch_finish launch_finish = { 0 }; + struct kvm_sev_snp_launch_finish launch_finish = { + .flags = flags, + }; - vm_sev_ioctl(vm, KVM_SEV_SNP_LAUNCH_FINISH, &launch_finish); + return __vm_sev_ioctl(vm, KVM_SEV_SNP_LAUNCH_FINISH, &launch_finish); } bool is_kvm_snp_supported(void) @@ -190,20 +213,46 @@ struct kvm_vm *vm_sev_create_with_one_vcpu(uint32_t type, void *guest_code, void vm_sev_launch(struct kvm_vm *vm, uint32_t policy, uint8_t *measurement) { + struct kvm_sev_guest_status status; + int ret; + if (vm->type == KVM_X86_SNP_VM) { vm_enable_cap(vm, KVM_CAP_EXIT_HYPERCALL, (1 << KVM_HC_MAP_GPA_RANGE)); - snp_vm_launch(vm, policy); - snp_vm_launch_update(vm); - snp_vm_launch_finish(vm); + ret = snp_vm_launch(vm, policy, 0); + TEST_ASSERT(!ret, KVM_IOCTL_ERROR(KVM_SEV_SNP_LAUNCH_START, ret)); + + ret = snp_vm_launch_update(vm, KVM_SEV_SNP_PAGE_TYPE_NORMAL); + TEST_ASSERT(!ret, KVM_IOCTL_ERROR(KVM_SEV_SNP_LAUNCH_UPDATE, ret)); + + ret = snp_vm_launch_finish(vm, 0); + TEST_ASSERT(!ret, KVM_IOCTL_ERROR(KVM_SEV_SNP_LAUNCH_FINISH, ret)); return; } - sev_vm_launch(vm, policy); + ret = sev_vm_launch_start(vm, policy); + TEST_ASSERT(!ret, KVM_IOCTL_ERROR(KVM_SEV_LAUNCH_START, ret)); + + vm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &status); + TEST_ASSERT_EQ(status.policy, policy); + TEST_ASSERT_EQ(status.state, SEV_GUEST_STATE_LAUNCH_UPDATE); + + ret = sev_vm_launch_update(vm, policy); + TEST_ASSERT(!ret, KVM_IOCTL_ERROR(KVM_SEV_LAUNCH_UPDATE_DATA, ret)); if (!measurement) measurement = alloca(256); - sev_vm_launch_measure(vm, measurement); + ret = sev_vm_launch_measure(vm, measurement); + TEST_ASSERT(!ret, KVM_IOCTL_ERROR(KVM_SEV_LAUNCH_MEASURE, ret)); - sev_vm_launch_finish(vm); + vm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &status); + TEST_ASSERT(status.state == SEV_GUEST_STATE_LAUNCH_UPDATE || + status.state == SEV_GUEST_STATE_LAUNCH_SECRET, + "Unexpected guest state: %d", status.state); + + ret = sev_vm_launch_finish(vm); + TEST_ASSERT(!ret, KVM_IOCTL_ERROR(KVM_SEV_LAUNCH_FINISH, ret)); + + vm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &status); + TEST_ASSERT_EQ(status.state, SEV_GUEST_STATE_RUNNING); } From patchwork Wed Jul 10 22:05:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Pratik R. Sampat" X-Patchwork-Id: 13729750 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2049.outbound.protection.outlook.com [40.107.243.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B888D14D6EE; Wed, 10 Jul 2024 22:06:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.49 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720649191; cv=fail; b=CsVjXPI2fgQIIjXVFwx6MgRiFjX08fW8q8449sC+rFqJKXsiqXmxQ56oEy7A/4mq7lJahR5+wlfQUN1GU9N0zvqxcZmZNBkToKvl+z+GVxAss/e90yVOZr6UvQaLxOXABin0S6HuPvVeqh4vsnz+sKTo/2pjcv5D4a+UFy331BU= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720649191; c=relaxed/simple; bh=7Vxn1SmbIv4BPoSvtLIYYMiCQgQmE2FMPJJrNspSehE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=qzLXaF/iWR77ksTuhHtknm4viNM/el5OJAWL0x1NBaOrWY0D9QE8Qna0KNWZtLKbuy3RJ33E+4ShgqMUuQlITSMVFuAycCH7yQJI6TuCjSGHSjKBAOnROoTRtNydEYi4pA4sJF/W8GwOSQZIJEj2qWumgsGcPfQQ09Lc1LNXUlU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=j/uZXfHf; arc=fail smtp.client-ip=40.107.243.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="j/uZXfHf" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ho8J/E6QNkHoc9icR2F6PUn25Yue6NHiR/Nto9YZa+qE85dThnbFAkOUYUcr05PY+SIad4aiRHiqagVluPU1BsKjmDL/LX3zPmG2pJaJtfOYj6P7bvHDV7DWdXqbxF7AsFhYsX5hEe3Hx38B8bzoTCFKeeS6kJuL0AKcdwYOyqS/G0a+lLXsZRVyTwfUvePOWhiUpwTeng8qMzSFAe9X1XGHCq9dA3yruqLNnVLNkcxQNtYGNQmIkA/UpTAArkd9Z5fjG8UgOK+Zk9kaCYlm9McqzjFCH7WNjx9HfXgrKqOzNpeCfbg2OWRjThiO8dTzFtYrxOqwZD56B09MVuRrjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lp+k1rdDLFvLVftIV3kfo1K7DQqs0zfla0Di57gRrWM=; b=oDTXbD43LMwshrtJVVlSShj74nJTJZGaqF3/tdrlpeXDnTDD2LWrg8Ys6kAXSBvosLTF7HSp7mBEls2S8OINfzh1YblOhcOpPJlL3xx52rOjps+bEkFFVFppf7RIEcl5nEP2PcJVFNQfh6jGNxUml4wcwmi7q7W43LVGV9qS/E8bvLDLG2gmuaY5ZW5do42QUKlLT97yd6hYCUB9mY5G4It3berYdLz7PILRx4GXWwFOf58zlOZWHIF9kBF6xvE0PxYNqSVf/9tFYO6AZhaaP+XgH3/7RdZ0iPDAy6S4d+PQGLfaj/HANR6WqbNDVbq0WadcWE5Qc0jIFHm3hrJ2vg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lp+k1rdDLFvLVftIV3kfo1K7DQqs0zfla0Di57gRrWM=; b=j/uZXfHfy9GgnvaZbIIDCjidcbXdyNNrCy/eD4CrsduJxs/GL6fwh+1jVwvb0mBzu/gIQwRrxvT0xjAWkZxj/pI3o69pIEQBZyjWJA4yf8DHmsrCET6e42QmLjifEa3MIn4s2XORFLYrpXu2VcxO27UOXh7cPpEXAQSq4mAT8Sk= Received: from BL1PR13CA0344.namprd13.prod.outlook.com (2603:10b6:208:2c6::19) by DS0PR12MB8562.namprd12.prod.outlook.com (2603:10b6:8:164::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7762.21; Wed, 10 Jul 2024 22:06:26 +0000 Received: from BL6PEPF0001AB4D.namprd04.prod.outlook.com (2603:10b6:208:2c6:cafe::e5) by BL1PR13CA0344.outlook.office365.com (2603:10b6:208:2c6::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7762.21 via Frontend Transport; Wed, 10 Jul 2024 22:06:25 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF0001AB4D.mail.protection.outlook.com (10.167.242.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7762.17 via Frontend Transport; Wed, 10 Jul 2024 22:06:25 +0000 Received: from AUSPRSAMPAT.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 10 Jul 2024 17:06:24 -0500 From: "Pratik R. Sampat" To: CC: , , , , , , , Subject: [RFC 3/5] selftests: KVM: SEV IOCTL test Date: Wed, 10 Jul 2024 17:05:38 -0500 Message-ID: <20240710220540.188239-4-pratikrajesh.sampat@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240710220540.188239-1-pratikrajesh.sampat@amd.com> References: <20240710220540.188239-1-pratikrajesh.sampat@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB4D:EE_|DS0PR12MB8562:EE_ X-MS-Office365-Filtering-Correlation-Id: dcee6cfe-8739-46a9-3900-08dca12c8abb X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|82310400026|36860700013|376014; X-Microsoft-Antispam-Message-Info: 8AoOM+6Qre4pbeM2nwMk6QDCzib33mcc/2j4TNQ8NJKpaxvkTU+6UWfmwLOUhQawqzC2FsIeYsmZR0QusQq6YtoUfcUnO9Z7PVzMkh4wezqe2eWWhebbZHzlo48MoJIMuDAYf163QasUDzJpobXLszQrGdL0ASMNCSVR1Q8pAnuRUkZr1mmDJ+dpZPnhePR7RDGk9xBALys/Lx4twg3lfcLG6Dcz0OzABSUzgjo4xYo/zctpokEPQMRur2qoqiI0YHnJMNOVFHOtOwDzg9i4kCUr3opAvf3Ohr6QuBqMQ+qTmZM3DqTrxhorzwQKV/nRHBEiirufTMg9fyWSIpwJQ61quu4TNrbsA6sUm7zwJ7hYwHz2Q6vS+0l9Nr/MgPJXvM4tF4w/PbU5xfgsnbkHZvBPzPmhMt3mUOnqP0xUo6Oj0sFEWltZ58AnEnZysC42WahW0WEYRK6bwOrX3EQKxsem7hB0vi85uoQyQlYoC4J2c0ph1ZzcceHnYZnnA2t82nrBzkF8flu0c/QwT/BZRclASzA3vZkYzYTexcA+plzsjtSzLmMRVvymX9trpIb78LuwSInt7BbhwOaqDUinZOu596+crOBDbeGC5v6h+jiIdDDxuhPW+nc4Ip5zJKT8Ez410pm/x5Q4m1anZESC7hk3Zzyo3ZVWB1xhryyxCV9WmgwV56/BeFILdKFRUcG57/S2h1oKxaAu8JJOl747GGjBVGzgN6Rk638IBApuPP71MqUwRrSi1R6yRxdht4fgwQhtu4JvOhtG3sx41nXAPR4U7SKNDuZhVTmqLeu/neAjHpsvsI7a3ciSpYtX8IbT+jtpW0BPlV+xLByAxt8NGN7IXKff/EgpsNLndtYD9TLj5UUcnSmUniLS6hp1WX8iJLoS/ppSELD1DjQsIm9riPmK/OppX54VJJyHSj19WEMfrLGKyeScPBUGeeIKBB1Z5t3hjmXT+XSqFhPAkqFkE/6Egec4NjuPPPLcWFt3vghknsWkj3LYgDkax1+t8gfpqdWgSdVj0m0JVhxq4tKNsdRIgbSFVh5IsvjPxZxrO596sz+q3lCW4nINmDLwdHLc45yGuMaKQkcZ1mgwtaFHo99pZKEBioxWq0TyOPgD2vxYxncu2emHncp3nKXSNeMQhTz89hMwyXGVZ3Sre/Rg4geJ/Oruf5zVDdC9O4Y79evkvCleFYRBEuDRo01zz6qWx1MTqrmXoeyw5d4ZWqVC3t501qlCpL6yGrs2yjaXNrsYRRTnpsjavNf9+JQnwP8HpYRGkuAQ2X2pIQM2vfivsCGNQEhyOTuxQw3uloM05NIrHteeL/o77+hXn4h51naJhntJlszOigGL4WVR34wg0ey/W+9NmxTyaPy/iTQssdrMmbePh3oJDcQiqrDwAEKHtm6b+y4ZfMrcJ4+D92isIKcbaOGOWnH/0ZiHUge99DqVv69qacorUBiFBKh9720n X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(82310400026)(36860700013)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jul 2024 22:06:25.5582 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: dcee6cfe-8739-46a9-3900-08dca12c8abb X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB4D.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB8562 Introduce tests for sev and sev-es ioctl that exercises the boot path of launch, update and finish on an invalid policy. Signed-off-by: Pratik R. Sampat --- .../selftests/kvm/x86_64/sev_smoke_test.c | 57 +++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c b/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c index 1a50a280173c..500c67b3793b 100644 --- a/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c +++ b/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c @@ -131,12 +131,69 @@ static void test_sync_vmsa(uint32_t type, uint32_t policy) kvm_vm_free(vm); } +static void sev_guest_status_assert(struct kvm_vm *vm, uint32_t type) +{ + struct kvm_sev_guest_status status; + bool cond; + int ret; + + ret = __vm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &status); + cond = type == KVM_X86_SEV_VM ? !ret : ret; + TEST_ASSERT(cond, + "KVM_SEV_GUEST_STATUS should fail, invalid VM Type."); +} + +static void test_sev_launch(void *guest_code, uint32_t type, uint64_t policy) +{ + struct kvm_vcpu *vcpu; + struct kvm_vm *vm; + struct ucall uc; + bool cond; + int ret; + + vm = vm_sev_create_with_one_vcpu(type, guest_code, &vcpu); + ret = sev_vm_launch_start(vm, 0); + cond = type == KVM_X86_SEV_VM ? !ret : ret; + TEST_ASSERT(cond, + "KVM_SEV_LAUNCH_START should fail, invalid policy."); + + ret = sev_vm_launch_update(vm, policy); + cond = type == KVM_X86_SEV_VM ? !ret : ret; + TEST_ASSERT(cond, + "KVM_SEV_LAUNCH_UPDATE should fail, invalid policy."); + sev_guest_status_assert(vm, type); + + ret = sev_vm_launch_measure(vm, alloca(256)); + cond = type == KVM_X86_SEV_VM ? !ret : ret; + TEST_ASSERT(cond, + "KVM_SEV_LAUNCH_MEASURE should fail, invalid policy."); + sev_guest_status_assert(vm, type); + + ret = sev_vm_launch_finish(vm); + cond = type == KVM_X86_SEV_VM ? !ret : ret; + TEST_ASSERT(cond, + "KVM_SEV_LAUNCH_FINISH should fail, invalid policy."); + sev_guest_status_assert(vm, type); + + vcpu_run(vcpu); + get_ucall(vcpu, &uc); + cond = type == KVM_X86_SEV_VM ? + vcpu->run->exit_reason == KVM_EXIT_IO : + vcpu->run->exit_reason == KVM_EXIT_FAIL_ENTRY; + TEST_ASSERT(cond, + "vcpu_run should fail, invalid policy."); + + kvm_vm_free(vm); +} + static void test_sev(void *guest_code, uint32_t type, uint64_t policy) { struct kvm_vcpu *vcpu; struct kvm_vm *vm; struct ucall uc; + test_sev_launch(guest_code, type, policy); + vm = vm_sev_create_with_one_vcpu(type, guest_code, &vcpu); /* TODO: Validate the measurement is as expected. */ From patchwork Wed Jul 10 22:05:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Pratik R. Sampat" X-Patchwork-Id: 13729751 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2077.outbound.protection.outlook.com [40.107.243.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 62AD113D2A2; Wed, 10 Jul 2024 22:06:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.77 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720649204; cv=fail; b=NEEwdLSJfDUWPIrE9vMyitzkoUqCOxxrWYuI3+NemuTFqqz3AWuWexZaxd8wTIq9FSPlwzaxrbDBPAahWntXuIw9efg9FB2LFaUSVtPbeCqFPS23KHa9ZOijqwnrzzM1aax/DUQET0IhbECqkvJKbGoyBO52sVCIUKP9TH444Cw= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720649204; c=relaxed/simple; bh=8Z2xgmdt23qq5LiddQPlGGZ+0D3tXUdQ8P0evJu1uhI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=L3bLfVEba/STG0NwqXmDuawLnSWdGfwJOUqLqvHiGgn/2KVVzbwvcxTUHUrs07gX0nxgctkLamRhQCTXPyNhD2yNRZbVm//E2YdPXkMgEAc9rI8Gx54WqFYsyem3mYqucou9s4N/amPECDhPdNQ92lrhIaZ2IFP6YfR9aJ4R8ZM= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=uXvufqp2; arc=fail smtp.client-ip=40.107.243.77 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="uXvufqp2" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=U3XrRBCopprTS3gnSP2wN35kVN2DPLAUxO913LOw5rIofeFmL7Hx18jg+uDFDDvrZfNbtpZnuojRQ/oTJviYCxYyrwcvoMV33fDNrtD2PEPp2svgFD2+85qntWH5kiQuZiP8CSussB/iU5FjM4kG9upMIQoAdmbyvXop9f6LGtmbp4KMR9HqYuPH5dsKELACLGpTv80zAYJQVLR5vh//pNtElI2Cd9oGorygYWfXpCAgubxy0x75H7geX6V34Rs4pzCtrXHT+o0SjBJRWEpakJ/Z6IyvsN2cF6DtMmOhu76KzXavxfsXSiWEM13WbxXr4S9NtYRxE9Haf1CUmpySXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xrK4KskF60Txi8Z387BhdEIyAqva9WBu/dv4UO9DQ4s=; b=TjSMA6W+bbumW3RnWcOfW2KB+1W5IR7+16oNgeB/BoEbSbakCrbhpjsNq5UBgS4/2H0zw9TJEgT6komYBky5dejSntl3WQO6J5jt3jOQyDzoeqkEZOC8PB9GqeN5g71KKioE3kIt1Qi+25veSPC+DwQGZGH5VI1Nz9O81nmy1cSURPnzUW7YDb8n4F2bhRFzzZaYXK/KHtpCyPnDo1RvOtV/eBchyEYgbDyiFt/KptFmQZoXu5MJ8ndSJeX64OnyZ/DYgVxrgnOiMtDoook9ysJGEf4dseOTCSNru5eSCJpk9Q8pO88/h4BgvMiRZb3BnO454ivwE7jHqkOF7Kiw2A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xrK4KskF60Txi8Z387BhdEIyAqva9WBu/dv4UO9DQ4s=; b=uXvufqp20JNJWrvV3U9tZkIJK4Wq6910B3cyPsDGe4BZn1GWqu22gwZAybsyPUDXdUFhF8bVLnEW+d8eBqy5DXs/SQIjbPLKuPIjJ32SXBPieYMl7TiyA42jRdFuZfaySXwuhJvCXVWHDboqIbvztij/oFEHKDHoZaZHgFN6nE8= Received: from BN9PR03CA0716.namprd03.prod.outlook.com (2603:10b6:408:ef::31) by SJ1PR12MB6242.namprd12.prod.outlook.com (2603:10b6:a03:457::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.36; Wed, 10 Jul 2024 22:06:37 +0000 Received: from BL6PEPF0001AB51.namprd04.prod.outlook.com (2603:10b6:408:ef:cafe::c6) by BN9PR03CA0716.outlook.office365.com (2603:10b6:408:ef::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.36 via Frontend Transport; Wed, 10 Jul 2024 22:06:37 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF0001AB51.mail.protection.outlook.com (10.167.242.75) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7762.17 via Frontend Transport; Wed, 10 Jul 2024 22:06:37 +0000 Received: from AUSPRSAMPAT.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 10 Jul 2024 17:06:35 -0500 From: "Pratik R. Sampat" To: CC: , , , , , , , Subject: [RFC 4/5] selftests: KVM: SNP IOCTL test Date: Wed, 10 Jul 2024 17:05:39 -0500 Message-ID: <20240710220540.188239-5-pratikrajesh.sampat@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240710220540.188239-1-pratikrajesh.sampat@amd.com> References: <20240710220540.188239-1-pratikrajesh.sampat@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB51:EE_|SJ1PR12MB6242:EE_ X-MS-Office365-Filtering-Correlation-Id: cbe86555-8677-4e27-28d0-08dca12c91a8 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|36860700013|376014|1800799024; X-Microsoft-Antispam-Message-Info: 8r6o7Ru6VKzFiFp23xTWOkSUzS40Da+JtCp92jKIvlrmcvTHuH1454MbP1pMfv8yDqfFNumbRzwN1svhA29yM7rmfngRCevp6OwHhGtsqD1YZZwDs46kY97QnJKI5MwAERCAgDJ7TgS/EQmcYM5jtUkk9yDkrcy2kxOlDdmkqM6HdLdGOFwBSZtI9Sqf5Kbxna7lYFt/o3LMqI9b2Mv+7tAI2NjnYy/y+hHyZmhxANWORz9ydaCvef60wKeapYQlECRq6nihH7ZO3mDi6MtoMCu+hITgERmNxvxdLz4m0DeRx7UP4oPYlefCRKXtAXYOgEPSFFOPKjMbWlLU5EH1ieixhWL3CGf0ksaTUB1YZGKonH+xILo4H40Mi5Bjwg01h7wjp7u+eqC4hNPxhznrBP2Ym04WIqDQq0rt+KALku+0NH4QqPbXkRu4deffRixeaNM+KEin1K2LRXQb9T0GJSZJ8NbvUM4634GuQxG4jyQmMSVZct4yIMX41FPI5MbSdBrauwBE9aTR63Qnyrd2GPAFuzRs9EzJF9cxAIpCLsXD9wQZJJtVRxTlzdu4nCoupf5kL1d5asLbwdeWNd0O6Mib9y9zQLBuFyYykjlQRveA0L4xqhDEnJtvcrAERzD0dKU8n7QGAGzvrtzRvbZRaFnDsgyusuPRBm3NCQeDImnjPvkE0G3HNfUFB6xucGqBBezuFe6Nw3lRM3oi1KsCFNA+KZdU8cCItb9WDMJmcZzmlpoXylbBksQ5ZVCyVXr4JiPHQgmowL6ElbUAA2qCri1UPLLAHuDmjLIHmf9pEMlOOQgQlwDTFlLLtj3wCoTy7fjtxapLETB5v5N0MCY4ij1DifHD7xN0kbDZAuYNiGdVIguR+tx+hzxnxcRVoAlSnD3x9vnoWycA+T6WNYlNfqU/v3X3jeYo3Osl9WTdJHxtAykLeebegAUiooTLvAGR0h+MiXY/ZXddopxspsd1uixHABHiQeOkLRvu6nebga/LaMRGdfmKb73jKkgXQUJ9nx2owqOoEGvejEzv+rbgudSv3La6/UZYyfeoAOWGBuBL8eBrv8jC4vJ4fZWrcnIFm3F/QSmEzDA0DvbcptpTzWYtrJhfW7EAnpWX5cTWF9UIGKJuy5He2s90ceumyFk9P9W5F05A7/GpI/+wh0A9ZE41Bs6E74QKcUsVZV1zey3/WYXDX0OD12csTmNzT24mWHRZSUNbBJwN7kl533ixva5UTGB550LlwtUqcowaavqbwEhGBmJfSjcyWUk20Ay/IfiSQL64+wrFqe5KomoUtounimn6vX2Q5tDZhq3TaA+QBAZDTCwIf6Hgblw+Fm86Pb9n6p79y1y49LOsvnqD8gRnBivG7pjHEkrMclV1PDm7AiHrGGnuDXeN3Z2awzEEMx3oOdUh/8813mIsYAQ8YM4dMJDYMDooq48eapZSOxv7TyYjtgCKA+bC+Tewtzrw X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(36860700013)(376014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jul 2024 22:06:37.1930 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: cbe86555-8677-4e27-28d0-08dca12c91a8 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB51.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR12MB6242 Introduce testing of SNP ioctl calls. This patch includes both positive and negative tests of various parameters such as flags, page types and policies. Signed-off-by: Pratik R. Sampat Tested-by: Peter Gonda --- .../selftests/kvm/x86_64/sev_smoke_test.c | 119 +++++++++++++++++- 1 file changed, 118 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c b/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c index 500c67b3793b..1d5c275c11b3 100644 --- a/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c +++ b/tools/testing/selftests/kvm/x86_64/sev_smoke_test.c @@ -186,13 +186,130 @@ static void test_sev_launch(void *guest_code, uint32_t type, uint64_t policy) kvm_vm_free(vm); } +static int spawn_snp_launch_start(uint32_t type, uint64_t policy, uint8_t flags) +{ + struct kvm_vcpu *vcpu; + struct kvm_vm *vm; + int ret; + + vm = vm_sev_create_with_one_vcpu(type, NULL, &vcpu); + ret = snp_vm_launch(vm, policy, flags); + kvm_vm_free(vm); + + return ret; +} + +static void test_snp_launch_start(uint32_t type, uint64_t policy) +{ + uint8_t i; + int ret; + + ret = spawn_snp_launch_start(type, policy, 0); + TEST_ASSERT(!ret, + "KVM_SEV_SNP_LAUNCH_START should not fail, invalid flag."); + + for (i = 1; i < 8; i++) { + ret = spawn_snp_launch_start(type, policy, BIT(i)); + TEST_ASSERT(ret && errno == EINVAL, + "KVM_SEV_SNP_LAUNCH_START should fail, invalid flag."); + } + + ret = spawn_snp_launch_start(type, 0, 0); + TEST_ASSERT(ret && errno == EINVAL, + "KVM_SEV_SNP_LAUNCH_START should fail, invalid policy."); + + ret = spawn_snp_launch_start(type, SNP_POLICY_SMT, 0); + TEST_ASSERT(ret && errno == EINVAL, + "KVM_SEV_SNP_LAUNCH_START should fail, invalid policy."); + + ret = spawn_snp_launch_start(type, SNP_POLICY_RSVD_MBO, 0); + TEST_ASSERT(ret && errno == EINVAL, + "KVM_SEV_SNP_LAUNCH_START should fail, invalid policy."); + + ret = spawn_snp_launch_start(type, SNP_POLICY_SMT | SNP_POLICY_RSVD_MBO | + (255 * SNP_POLICY_ABI_MAJOR) | + (255 * SNP_POLICY_ABI_MINOR), 0); + TEST_ASSERT(ret && errno == EIO, + "KVM_SEV_SNP_LAUNCH_START should fail, invalid version."); +} + +static void test_snp_launch_update(uint32_t type, uint64_t policy) +{ + struct kvm_vcpu *vcpu; + struct kvm_vm *vm; + int ret; + + for (int pgtype = 0; pgtype <= KVM_SEV_SNP_PAGE_TYPE_CPUID; pgtype++) { + vm = vm_sev_create_with_one_vcpu(type, NULL, &vcpu); + snp_vm_launch(vm, policy, 0); + ret = snp_vm_launch_update(vm, pgtype); + + switch (pgtype) { + case KVM_SEV_SNP_PAGE_TYPE_NORMAL: + case KVM_SEV_SNP_PAGE_TYPE_ZERO: + case KVM_SEV_SNP_PAGE_TYPE_UNMEASURED: + case KVM_SEV_SNP_PAGE_TYPE_SECRETS: + TEST_ASSERT(!ret, + "KVM_SEV_SNP_LAUNCH_UPDATE should not fail, invalid Page type."); + break; + case KVM_SEV_SNP_PAGE_TYPE_CPUID: + TEST_ASSERT(ret && errno == EIO, + "KVM_SEV_SNP_LAUNCH_UPDATE should fail, invalid Page type."); + break; + default: + TEST_ASSERT(ret && errno == EINVAL, + "KVM_SEV_SNP_LAUNCH_UPDATE should fail, invalid Page type."); + } + + kvm_vm_free(vm); + } +} + +void test_snp_launch_finish(uint32_t type, uint64_t policy) +{ + struct kvm_vcpu *vcpu; + struct kvm_vm *vm; + int ret; + + vm = vm_sev_create_with_one_vcpu(type, NULL, &vcpu); + snp_vm_launch(vm, policy, 0); + snp_vm_launch_update(vm, KVM_SEV_SNP_PAGE_TYPE_NORMAL); + ret = snp_vm_launch_finish(vm, 0); + TEST_ASSERT(!ret, + "KVM_SEV_SNP_LAUNCH_FINISH should not fail, invalid flag."); + kvm_vm_free(vm); + + for (int i = 1; i < 16; i++) { + vm = vm_sev_create_with_one_vcpu(type, NULL, &vcpu); + snp_vm_launch(vm, policy, 0); + snp_vm_launch_update(vm, KVM_SEV_SNP_PAGE_TYPE_NORMAL); + ret = snp_vm_launch_finish(vm, BIT(i)); + TEST_ASSERT(ret && errno == EINVAL, + "KVM_SEV_SNP_LAUNCH_FINISH should fail, invalid flag."); + kvm_vm_free(vm); + } +} + +static void test_sev_ioctl(void *guest_code, uint32_t type, uint64_t policy) +{ + if (type == KVM_X86_SNP_VM) { + test_snp_launch_start(type, policy); + test_snp_launch_update(type, policy); + test_snp_launch_finish(type, policy); + + return; + } + + test_sev_launch(guest_code, type, policy); +} + static void test_sev(void *guest_code, uint32_t type, uint64_t policy) { struct kvm_vcpu *vcpu; struct kvm_vm *vm; struct ucall uc; - test_sev_launch(guest_code, type, policy); + test_sev_ioctl(guest_code, type, policy); vm = vm_sev_create_with_one_vcpu(type, guest_code, &vcpu); From patchwork Wed Jul 10 22:05:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Pratik R. Sampat" X-Patchwork-Id: 13729752 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2058.outbound.protection.outlook.com [40.107.244.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 99FF61487C1; Wed, 10 Jul 2024 22:06:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.58 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720649213; cv=fail; b=tHLDUGGKwGdPQpvW4tnhOIaFc5TXqTwCm2oXLShMrkU0IdijN3dXdUf9LLQZYSWg2HEKQgEA490I4Mj0/Ep4xheYcV4o//oYrP/qvNA/I0B2vVjP31Dp47QiMVYe2UgJVhoWBAxAntEMKqAG9dn7acmlk9wvPV1o5ff7j4WQY20= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720649213; c=relaxed/simple; bh=gtU3qBaKPv6wF4qhoj2ugfNotsBVcQOyA6Q12B94lb4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=fiENKdHpSmbELqZsaaq1bQejRJNQMe4pXAQvmQsuXeNY+S3k25T35kxMEleNPQw6Kee22IMRwQRAdKCA0IYbwtdU8T+D+Vua6vgBMVs+joTKgj0Y3HYTrwvcOxw2gbpORX1gEOH6x+pFGyw+FGx/TgPLh3nGfQrBJZrQi12oYzA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=5sSJaeGI; arc=fail smtp.client-ip=40.107.244.58 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="5sSJaeGI" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=B073m3GaT45BVrvqJyJ4i5BrNxCbjq0x/0ax9BwQ06n9Pn8XNnlAMxPByZrRe7s0WP0onkEIk/JOW3GqA58qObsaWYwXXIoTQeVNLoKiJ5348zPyTM5cxSpofcVvjMRY42Tss9UOkfDTgSramUQ8E5U2Q1afILzEk88lgRo/k8zU7tHFpj04nQDBv0Q4g0XTXc+EVpc1tYFr9PVg8rEPfWoL/NUDyNRXXk7/lpu/Q+lgI2bBG4NDsgEgylQ67CGyV6PXrcn/vydZHJZgaqo1lJmusjaayZm8UlcZGM12UDjU3d67pq6E5/oHmBJY5R8khVK7LPSIbsgJ5jamakHJvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZDImZNTo8FDvD6FNJzBeJ6/QJZ0FGLwssETrXbipEDY=; b=mUH+Q4cHqp13ssyMkANYPwRwRma8A0zTM55X080m3+cZ6GngP4OM1L6ZmySLPK6vKzpQK4aD3pmj2smnYgPCeJPKYAWPjdmkJX9X/ycKYfIfu077l3oXxrvN0Wo6y7bh4Kdiv5C8cxSuIH1wkDcl3kQpx9T+f15OA/pTzFmi9+Uy//xq8IFvi7HH9DjP6cu6bJd3LyliR6d4adM7rl1/6tU97ntrwS4+/FHgoTSxT2PCr5Xql9bYq3MMSR5iXNyW+rshPnAGYahpXCZzryXoipn8Iy1/ROLE07wZsLObVwmCWqKzF9rF6KMdxPufaVmwMVASYTYyAQaO0f3DSEXuig== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZDImZNTo8FDvD6FNJzBeJ6/QJZ0FGLwssETrXbipEDY=; b=5sSJaeGIheyk2NkGNtlBeVM+MkvrMC0l+JIES3k1mCCFe9SHWsSayBGc9XrUZdglTlP7dbxPiPep7LLLIgi6IGmJHwoTu0L6yd5vNWRSLgf3jWLc+CSf5Xs0ecy348e/feZUE2r6oUAPF7AYE4MgltpVaHN726NMJNM9CfgWYNc= Received: from MN2PR05CA0021.namprd05.prod.outlook.com (2603:10b6:208:c0::34) by SN7PR12MB7935.namprd12.prod.outlook.com (2603:10b6:806:349::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.35; Wed, 10 Jul 2024 22:06:49 +0000 Received: from BL6PEPF0001AB4A.namprd04.prod.outlook.com (2603:10b6:208:c0:cafe::b0) by MN2PR05CA0021.outlook.office365.com (2603:10b6:208:c0::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7762.20 via Frontend Transport; Wed, 10 Jul 2024 22:06:48 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF0001AB4A.mail.protection.outlook.com (10.167.242.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7762.17 via Frontend Transport; Wed, 10 Jul 2024 22:06:48 +0000 Received: from AUSPRSAMPAT.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 10 Jul 2024 17:06:46 -0500 From: "Pratik R. Sampat" To: CC: , , , , , , , Subject: [RFC 5/5] selftests: KVM: SEV-SNP test for KVM_SEV_INIT2 Date: Wed, 10 Jul 2024 17:05:40 -0500 Message-ID: <20240710220540.188239-6-pratikrajesh.sampat@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240710220540.188239-1-pratikrajesh.sampat@amd.com> References: <20240710220540.188239-1-pratikrajesh.sampat@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB4A:EE_|SN7PR12MB7935:EE_ X-MS-Office365-Filtering-Correlation-Id: 86c4b485-eb53-4f86-a22a-08dca12c9872 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|82310400026|1800799024|36860700013; X-Microsoft-Antispam-Message-Info: r4hWDWniwoGwCec+oA8VHNSwx4zjmNXud34RXMmpp1rqwVbeJ6eCKjxmhwR4tKyIC27YQD8N4+NnDA+267qkqkv80dlw6yI22l/AdXiZor8yfKAd3v0Ds/90MYe5lGqNxNSRcJ+KfJjbMXC6aOYUsydlOiDURR6APYdiSZj6ylC6CVa7MT8lEq4AoPrRGMGLRpZaRFQz1bS+V0/LN90SLDOsQYY9cyW58FNj5ENWtXLtU4iTIFPQ0dgNtS7y2t6zyVzV+VhfEoDJhyUMnXZHdX0DSsAWNPCkIHg4QOrktAkxEKm8BAHnpiNujFSiQPH5fMXHKuwedFa9X9dhHiq88spp5q2t8RWz766Os03rSEa+/w25GI51Im9XP6fTmo5QRjK4G6IZtuD4Rx1gtP33mWRW49c69yoUCFDHcnkKGYOsNKbypCeshKU3KJi48+/xwCVBiG19b3iWRaKjiLrzxFNNYW3TdiC4DkDfGVTiNu4+A7BxmHOnPDAQukZaAM7i8TpdMW9thrTy9XOMQdXny1CghKlwdv/yTAaQKn4kHplDaRMz5xFQdsPdI7hpRxlFATsq4PU0myZsYJOaGCb+e1mMaCsxdIn+BwzCfaMkx0sXWI/svl9z+WU90iP+mqjcRs/uKPgX/CUzQMB59GY8wLHwvh5BNJYHTBjKG37PMrvOsLoxp8KH/nHQ5FuNUO13NQfk2SX2OHA0akpDi17YCakCDwTRFTZgv5qogU6ouUUdm8fSFE+4JUjJkI8te2thq/UEicctlx0vCINqBaKhZMOo5ZL/BziEjcZLb+g1cdItMJ2YtBuv4HFVMlt3DWE9hW7ZgPmn6YRAwK1VQaA+k4k4mqu9HxNitRFcpiZdptEvj7GOMouc0P3t7j55rxHaQMDi1OojSZ6coOQH/3ouW8FLZ+DmqJCt3JLdeBrCAQsifhnJNzZk3m9iAQtasWKCaiuYTrmdpeyhH5OlFI1o4tqSUYCi5/EW9C+irRmBVcfk4ChgDiYoUKi9bLBF9rgu3LbCPFZhyfxXCV5XeUDLdGhdml+FWItSma9d5AtYdEvTrQPVRRlmSZMl59agTpj7Z+ewO8FG0MIjJbBdD64+mGbQAprhBPbOE4lt44lKuFM6iN/XKPkZp01gxTu/puY00xukGSpMqcyvaW1qizo1Rh/EYPTAqEHFwtDTEN7YEJuSqSxB4Q64Nj+TrkHqtjlPGnRunpA+QhpLukiS2imxxmOLtsDmQhIBOvZdCOQEf/oORG1h9hg7EP7T20nVRwidCKqzofwThTiChAF1baJRFJUoFjOrCeVBS0LXu2b0NAdBpVLg8u77vR8WXAMgxhkUCOLycFmjSmrjx1+762tPWwi95RTGJeoLQr6VHjOHhqP3QKrbZTLcKaSokML+SatjHb50+SKT7h9EG2M6UhcnNrYcA0KsV8Yk72FScAwRayavnEbUeklfSlfnOycXmIFa X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(82310400026)(1800799024)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jul 2024 22:06:48.4456 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 86c4b485-eb53-4f86-a22a-08dca12c9872 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB4A.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB7935 Add SEV-SNP VM type to exercise the KVM_SEV_INIT2 call. Signed-off-by: Pratik R. Sampat Tested-by: Peter Gonda --- .../testing/selftests/kvm/x86_64/sev_init2_tests.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tools/testing/selftests/kvm/x86_64/sev_init2_tests.c b/tools/testing/selftests/kvm/x86_64/sev_init2_tests.c index 7a4a61be119b..68f7edaa5526 100644 --- a/tools/testing/selftests/kvm/x86_64/sev_init2_tests.c +++ b/tools/testing/selftests/kvm/x86_64/sev_init2_tests.c @@ -28,6 +28,7 @@ int kvm_fd; u64 supported_vmsa_features; bool have_sev_es; +bool have_snp; static int __sev_ioctl(int vm_fd, int cmd_id, void *data) { @@ -83,6 +84,9 @@ void test_vm_types(void) if (have_sev_es) test_init2(KVM_X86_SEV_ES_VM, &(struct kvm_sev_init){}); + if (have_snp) + test_init2(KVM_X86_SNP_VM, &(struct kvm_sev_init){}); + test_init2_invalid(0, &(struct kvm_sev_init){}, "VM type is KVM_X86_DEFAULT_VM"); if (kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SW_PROTECTED_VM)) @@ -138,15 +142,24 @@ int main(int argc, char *argv[]) "sev-es: KVM_CAP_VM_TYPES (%x) does not match cpuid (checking %x)", kvm_check_cap(KVM_CAP_VM_TYPES), 1 << KVM_X86_SEV_ES_VM); + have_snp = kvm_cpu_has(X86_FEATURE_SNP); + TEST_ASSERT(have_snp == !!(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SNP_VM)), + "sev-snp: KVM_CAP_VM_TYPES (%x) does not match cpuid (checking %x)", + kvm_check_cap(KVM_CAP_VM_TYPES), 1 << KVM_X86_SNP_VM); + test_vm_types(); test_flags(KVM_X86_SEV_VM); if (have_sev_es) test_flags(KVM_X86_SEV_ES_VM); + if (have_snp) + test_flags(KVM_X86_SNP_VM); test_features(KVM_X86_SEV_VM, 0); if (have_sev_es) test_features(KVM_X86_SEV_ES_VM, supported_vmsa_features); + if (have_snp) + test_features(KVM_X86_SNP_VM, supported_vmsa_features); return 0; }