From: Joerg Roedel <jroedel@suse.de>
To: Varad Gautam <varadgautam@gmail.com>
Cc: linux-kernel@vger.kernel.org,
Varad Gautam <varad.gautam@suse.com>,
kvm@vger.kernel.org, x86@kernel.org,
Borislav Petkov <bp@alien8.de>,
Tom Lendacky <thomas.lendacky@amd.com>
Subject: Re: [PATCH v3] x86: Add a test for AMD SEV-ES guest #VC handling
Date: Wed, 9 Jun 2021 16:50:28 +0200 [thread overview]
Message-ID: <YMDVNHh9KHsha4a+@suse.de> (raw)
In-Reply-To: <20210602141447.18629-1-varadgautam@gmail.com>
On Wed, Jun 02, 2021 at 04:14:47PM +0200, Varad Gautam wrote:
> From: Varad Gautam <varad.gautam@suse.com>
>
> Some vmexits on a SEV-ES guest need special handling within the guest
> before exiting to the hypervisor. This must happen within the guest's
> \#VC exception handler, triggered on every non automatic exit.
>
> Add a KUnit based test to validate Linux's VC handling. The test:
> 1. installs a kretprobe on the #VC handler (sev_es_ghcb_hv_call, to
> access GHCB before/after the resulting VMGEXIT).
> 2. tiggers an NAE.
> 3. checks that the kretprobe was hit with the right exit_code available
> in GHCB.
>
> Since relying on kprobes, the test does not cover NMI contexts.
>
> Signed-off-by: Varad Gautam <varad.gautam@suse.com>
> ---
> arch/x86/Kconfig | 9 ++
> arch/x86/kernel/Makefile | 8 ++
> arch/x86/kernel/sev-es-test-vc.c | 155 +++++++++++++++++++++++++++++++
This looks good to me except for the small comment below, thanks Varad.
I ran it in an SEV-ES guest and I am seeing the test results in dmesg.
Only thing I am missing is a 'rep movs' test for MMIO, but that can be
added later, so
Tested-by: Joerg Roedel <jroedel@suse.de>
Btw, should we create a separate directory for such tests like
/arch/x86/tests/ or something along those lines?
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index 0045e1b441902..85b8ac450ba56 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1543,6 +1543,15 @@ config AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT
> If set to N, then the encryption of system memory can be
> activated with the mem_encrypt=on command line option.
>
> +config AMD_SEV_ES_TEST_VC
> + bool "Test for AMD SEV-ES VC exception handling."
> + depends on AMD_MEM_ENCRYPT
> + select FUNCTION_TRACER
> + select KPROBES
> + select KUNIT
> + help
> + Enable KUnit-based testing for AMD SEV-ES #VC exception handling.
> +
I think this should be in arch/x86/Kconfig.debug.
next prev parent reply other threads:[~2021-06-09 14:50 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-31 12:50 [PATCH] x86: Add a test for AMD SEV-ES #VC handling Varad Gautam
2021-05-31 17:27 ` [PATCH v2] " Varad Gautam
2021-06-01 16:41 ` Tom Lendacky
2021-06-01 17:02 ` Borislav Petkov
2021-06-02 10:24 ` Varad Gautam
2021-06-02 10:23 ` [PATCH v3] x86: Add a test for AMD SEV-ES guest " Varad Gautam
2021-06-02 14:14 ` Varad Gautam
2021-06-09 14:50 ` Joerg Roedel [this message]
2021-06-16 9:16 ` Varad Gautam
2021-06-16 9:15 ` [PATCH v4] x86: Add a test for AMD SEV-ES " Varad Gautam
2021-06-24 10:36 ` Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YMDVNHh9KHsha4a+@suse.de \
--to=jroedel@suse.de \
--cc=bp@alien8.de \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=thomas.lendacky@amd.com \
--cc=varad.gautam@suse.com \
--cc=varadgautam@gmail.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.