iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

selftests: kvm: add tests for KVM_SEV_INIT2

Browse Source 
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <20240404121327.3107131-15-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
Paolo Bonzini 2024-04-04 08:13:24 -04:00
parent 4dd5ecacb9
commit dfc083a181
4 changed files with 159 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
tools/testing/selftests/kvm/Makefile
View File

@ -120,6 +120,7 @@ TEST_GEN_PROGS_x86_64 += x86_64/tsc_msrs_test
TEST_GEN_PROGS_x86_64 += x86_64/vmx_pmu_caps_test TEST_GEN_PROGS_x86_64 += x86_64/vmx_pmu_caps_test
TEST_GEN_PROGS_x86_64 += x86_64/xen_shinfo_test TEST_GEN_PROGS_x86_64 += x86_64/xen_shinfo_test
TEST_GEN_PROGS_x86_64 += x86_64/xen_vmcall_test TEST_GEN_PROGS_x86_64 += x86_64/xen_vmcall_test
TEST_GEN_PROGS_x86_64 += x86_64/sev_init2_tests
TEST_GEN_PROGS_x86_64 += x86_64/sev_migrate_tests TEST_GEN_PROGS_x86_64 += x86_64/sev_migrate_tests
TEST_GEN_PROGS_x86_64 += x86_64/sev_smoke_test TEST_GEN_PROGS_x86_64 += x86_64/sev_smoke_test
TEST_GEN_PROGS_x86_64 += x86_64/amx_test TEST_GEN_PROGS_x86_64 += x86_64/amx_test

6
tools/testing/selftests/kvm/include/kvm_util_base.h
View File

@ -890,17 +890,15 @@ static inline struct kvm_vm *vm_create_barebones(void)
return ____vm_create(VM_SHAPE_DEFAULT); return ____vm_create(VM_SHAPE_DEFAULT);
} }
#ifdef __x86_64__ static inline struct kvm_vm *vm_create_barebones_type(unsigned long type)
static inline struct kvm_vm *vm_create_barebones_protected_vm(void)
{ {
const struct vm_shape shape = { const struct vm_shape shape = {
.mode = VM_MODE_DEFAULT, .mode = VM_MODE_DEFAULT,
.type = KVM_X86_SW_PROTECTED_VM, .type = type,
}; };
return ____vm_create(shape); return ____vm_create(shape);
} }
#endif
static inline struct kvm_vm *vm_create(uint32_t nr_runnable_vcpus) static inline struct kvm_vm *vm_create(uint32_t nr_runnable_vcpus)
{ {

8
tools/testing/selftests/kvm/set_memory_region_test.c
View File

@ -339,7 +339,7 @@ static void test_invalid_memory_region_flags(void)
#ifdef __x86_64__ #ifdef __x86_64__
if (kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SW_PROTECTED_VM)) if (kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SW_PROTECTED_VM))
vm = vm_create_barebones_protected_vm(); vm = vm_create_barebones_type(KVM_X86_SW_PROTECTED_VM);
else else
#endif #endif
vm = vm_create_barebones(); vm = vm_create_barebones();
@ -462,7 +462,7 @@ static void test_add_private_memory_region(void)
pr_info("Testing ADD of KVM_MEM_GUEST_MEMFD memory regions\n"); pr_info("Testing ADD of KVM_MEM_GUEST_MEMFD memory regions\n");
vm = vm_create_barebones_protected_vm(); vm = vm_create_barebones_type(KVM_X86_SW_PROTECTED_VM);
test_invalid_guest_memfd(vm, vm->kvm_fd, 0, "KVM fd should fail"); test_invalid_guest_memfd(vm, vm->kvm_fd, 0, "KVM fd should fail");
test_invalid_guest_memfd(vm, vm->fd, 0, "VM's fd should fail"); test_invalid_guest_memfd(vm, vm->fd, 0, "VM's fd should fail");
@ -471,7 +471,7 @@ static void test_add_private_memory_region(void)
test_invalid_guest_memfd(vm, memfd, 0, "Regular memfd() should fail"); test_invalid_guest_memfd(vm, memfd, 0, "Regular memfd() should fail");
close(memfd); close(memfd);
vm2 = vm_create_barebones_protected_vm(); vm2 = vm_create_barebones_type(KVM_X86_SW_PROTECTED_VM);
memfd = vm_create_guest_memfd(vm2, MEM_REGION_SIZE, 0); memfd = vm_create_guest_memfd(vm2, MEM_REGION_SIZE, 0);
test_invalid_guest_memfd(vm, memfd, 0, "Other VM's guest_memfd() should fail"); test_invalid_guest_memfd(vm, memfd, 0, "Other VM's guest_memfd() should fail");
@ -499,7 +499,7 @@ static void test_add_overlapping_private_memory_regions(void)
pr_info("Testing ADD of overlapping KVM_MEM_GUEST_MEMFD memory regions\n"); pr_info("Testing ADD of overlapping KVM_MEM_GUEST_MEMFD memory regions\n");
vm = vm_create_barebones_protected_vm(); vm = vm_create_barebones_type(KVM_X86_SW_PROTECTED_VM);
memfd = vm_create_guest_memfd(vm, MEM_REGION_SIZE * 4, 0); memfd = vm_create_guest_memfd(vm, MEM_REGION_SIZE * 4, 0);

152
tools/testing/selftests/kvm/x86_64/sev_init2_tests.c Normal file
View File

@ -0,0 +1,152 @@
// SPDX-License-Identifier: GPL-2.0-only
#include <linux/kvm.h>
#include <linux/psp-sev.h>
#include <stdio.h>
#include <sys/ioctl.h>
#include <stdlib.h>
#include <errno.h>
#include <pthread.h>
#include "test_util.h"
#include "kvm_util.h"
#include "processor.h"
#include "svm_util.h"
#include "kselftest.h"
#define SVM_SEV_FEAT_DEBUG_SWAP 32u
/*
* Some features may have hidden dependencies, or may only work
* for certain VM types. Err on the side of safety and don't
* expect that all supported features can be passed one by one
* to KVM_SEV_INIT2.
*
* (Well, right now there's only one...)
*/
#define KNOWN_FEATURES SVM_SEV_FEAT_DEBUG_SWAP
int kvm_fd;
u64 supported_vmsa_features;
bool have_sev_es;
static int __sev_ioctl(int vm_fd, int cmd_id, void *data)
{
struct kvm_sev_cmd cmd = {
.id = cmd_id,
.data = (uint64_t)data,
.sev_fd = open_sev_dev_path_or_exit(),
};
int ret;
ret = ioctl(vm_fd, KVM_MEMORY_ENCRYPT_OP, &cmd);
TEST_ASSERT(ret < 0 || cmd.error == SEV_RET_SUCCESS,
"%d failed: fw error: %d\n",
cmd_id, cmd.error);
return ret;
}
static void test_init2(unsigned long vm_type, struct kvm_sev_init *init)
{
struct kvm_vm *vm;
int ret;
vm = vm_create_barebones_type(vm_type);
ret = __sev_ioctl(vm->fd, KVM_SEV_INIT2, init);
TEST_ASSERT(ret == 0,
"KVM_SEV_INIT2 return code is %d (expected 0), errno: %d",
ret, errno);
kvm_vm_free(vm);
}
static void test_init2_invalid(unsigned long vm_type, struct kvm_sev_init *init, const char *msg)
{
struct kvm_vm *vm;
int ret;
vm = vm_create_barebones_type(vm_type);
ret = __sev_ioctl(vm->fd, KVM_SEV_INIT2, init);
TEST_ASSERT(ret == -1 && errno == EINVAL,
"KVM_SEV_INIT2 should fail, %s.",
msg);
kvm_vm_free(vm);
}
void test_vm_types(void)
{
test_init2(KVM_X86_SEV_VM, &(struct kvm_sev_init){});
/*
* TODO: check that unsupported types cannot be created. Probably
* a separate selftest.
*/
if (have_sev_es)
test_init2(KVM_X86_SEV_ES_VM, &(struct kvm_sev_init){});
test_init2_invalid(0, &(struct kvm_sev_init){},
"VM type is KVM_X86_DEFAULT_VM");
if (kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SW_PROTECTED_VM))
test_init2_invalid(KVM_X86_SW_PROTECTED_VM, &(struct kvm_sev_init){},
"VM type is KVM_X86_SW_PROTECTED_VM");
}
void test_flags(uint32_t vm_type)
{
int i;
for (i = 0; i < 32; i++)
test_init2_invalid(vm_type,
&(struct kvm_sev_init){ .flags = BIT(i) },
"invalid flag");
}
void test_features(uint32_t vm_type, uint64_t supported_features)
{
int i;
for (i = 0; i < 64; i++) {
if (!(supported_features & (1u << i)))
test_init2_invalid(vm_type,
&(struct kvm_sev_init){ .vmsa_features = BIT_ULL(i) },
"unknown feature");
else if (KNOWN_FEATURES & (1u << i))
test_init2(vm_type,
&(struct kvm_sev_init){ .vmsa_features = BIT_ULL(i) });
}
}
int main(int argc, char *argv[])
{
int kvm_fd = open_kvm_dev_path_or_exit();
bool have_sev;
TEST_REQUIRE(__kvm_has_device_attr(kvm_fd, KVM_X86_GRP_SEV,
KVM_X86_SEV_VMSA_FEATURES) == 0);
kvm_device_attr_get(kvm_fd, KVM_X86_GRP_SEV,
KVM_X86_SEV_VMSA_FEATURES,
&supported_vmsa_features);
have_sev = kvm_cpu_has(X86_FEATURE_SEV);
TEST_ASSERT(have_sev == !!(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SEV_VM)),
"sev: KVM_CAP_VM_TYPES (%x) does not match cpuid (checking %x)",
kvm_check_cap(KVM_CAP_VM_TYPES), 1 << KVM_X86_SEV_VM);
TEST_REQUIRE(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SEV_VM));
have_sev_es = kvm_cpu_has(X86_FEATURE_SEV_ES);
TEST_ASSERT(have_sev_es == !!(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SEV_ES_VM)),
"sev-es: KVM_CAP_VM_TYPES (%x) does not match cpuid (checking %x)",
kvm_check_cap(KVM_CAP_VM_TYPES), 1 << KVM_X86_SEV_ES_VM);
test_vm_types();
test_flags(KVM_X86_SEV_VM);
if (have_sev_es)
test_flags(KVM_X86_SEV_ES_VM);
test_features(KVM_X86_SEV_VM, 0);
if (have_sev_es)
test_features(KVM_X86_SEV_ES_VM, supported_vmsa_features);
return 0;
}