From: Michael Roth <michael.roth@amd.com>
To: linux-kselftest@vger.kernel.org
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
x86@kernel.org, Nathan Tempelman <natet@google.com>,
Marc Orr <marcorr@google.com>,
Steve Rutherford <srutherford@google.com>,
Sean Christopherson <seanjc@google.com>,
Mingwei Zhang <mizhang@google.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Varad Gautam <varad.gautam@suse.com>,
Shuah Khan <shuah@kernel.org>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
David Woodhouse <dwmw@amazon.co.uk>,
Ricardo Koller <ricarkol@google.com>,
Jim Mattson <jmattson@google.com>,
Wanpeng Li <wanpengli@tencent.com>,
Joerg Roedel <joro@8bytes.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
"H . Peter Anvin" <hpa@zytor.com>
Subject: [RFC 13/16] KVM: selftests: add support for creating SEV-SNP guests
Date: Tue, 5 Oct 2021 18:44:56 -0500 [thread overview]
Message-ID: <20211005234459.430873-14-michael.roth@amd.com> (raw)
In-Reply-To: <20211005234459.430873-1-michael.roth@amd.com>
SEV-SNP uses an entirely different set of KVM_SEV_* ioctls to manage
guests. The needed vm_memcrypt callbacks are different as well. Address
these differences by extending the SEV library with a new set of
interfaces specific to creating/managing SEV-SNP guests.
These guests will still use a struct sev_vm under the covers, so some
existing sev_*() helpers are still applicable.
Signed-off-by: Michael Roth <michael.roth@amd.com>
---
.../selftests/kvm/include/x86_64/sev.h | 8 ++
tools/testing/selftests/kvm/lib/x86_64/sev.c | 77 ++++++++++++++++++-
2 files changed, 82 insertions(+), 3 deletions(-)
diff --git a/tools/testing/selftests/kvm/include/x86_64/sev.h b/tools/testing/selftests/kvm/include/x86_64/sev.h
index d2f41b131ecc..f3e088c03bdd 100644
--- a/tools/testing/selftests/kvm/include/x86_64/sev.h
+++ b/tools/testing/selftests/kvm/include/x86_64/sev.h
@@ -18,6 +18,10 @@
#define SEV_POLICY_NO_DBG (1UL << 0)
#define SEV_POLICY_ES (1UL << 2)
+#define SNP_POLICY_SMT (1ULL << 16)
+#define SNP_POLICY_RSVD (1ULL << 17)
+#define SNP_POLICY_DBG (1ULL << 19)
+
#define SEV_GUEST_ASSERT(sync, token, _cond) do { \
if (!(_cond)) \
sev_guest_abort(sync, token, 0); \
@@ -59,4 +63,8 @@ void sev_vm_launch(struct sev_vm *sev);
void sev_vm_measure(struct sev_vm *sev, uint8_t *measurement);
void sev_vm_launch_finish(struct sev_vm *sev);
+struct sev_vm *sev_snp_vm_create(uint64_t policy, uint64_t npages);
+void sev_snp_vm_free(struct sev_vm *sev);
+void sev_snp_vm_launch(struct sev_vm *sev);
+
#endif /* SELFTEST_KVM_SEV_H */
diff --git a/tools/testing/selftests/kvm/lib/x86_64/sev.c b/tools/testing/selftests/kvm/lib/x86_64/sev.c
index d01b0f637ced..939d7d5dff41 100644
--- a/tools/testing/selftests/kvm/lib/x86_64/sev.c
+++ b/tools/testing/selftests/kvm/lib/x86_64/sev.c
@@ -20,6 +20,7 @@ struct sev_vm {
int fd;
int enc_bit;
uint32_t sev_policy;
+ uint64_t snp_policy;
};
/* Helpers for coordinating between guests and test harness. */
@@ -119,6 +120,12 @@ void kvm_sev_ioctl(struct sev_vm *sev, int cmd, void *data)
/* Local helpers. */
+static bool sev_snp_enabled(struct sev_vm *sev)
+{
+ /* RSVD is always 1 for SNP guests. */
+ return sev->snp_policy & SNP_POLICY_RSVD;
+}
+
static void
sev_register_user_range(struct sev_vm *sev, void *hva, uint64_t size)
{
@@ -147,6 +154,21 @@ sev_encrypt_phy_range(struct sev_vm *sev, vm_paddr_t gpa, uint64_t size)
kvm_sev_ioctl(sev, KVM_SEV_LAUNCH_UPDATE_DATA, &ksev_update_data);
}
+static void
+sev_snp_encrypt_phy_range(struct sev_vm *sev, vm_paddr_t gpa, uint64_t size)
+{
+ struct kvm_sev_snp_launch_update update_data = {0};
+
+ pr_debug("encrypt_phy_range: addr: 0x%lx, size: %lu\n", gpa, size);
+
+ update_data.uaddr = (__u64)addr_gpa2hva(sev->vm, gpa);
+ update_data.start_gfn = gpa >> PAGE_SHIFT;
+ update_data.len = size;
+ update_data.page_type = KVM_SEV_SNP_PAGE_TYPE_NORMAL;
+
+ kvm_sev_ioctl(sev, KVM_SEV_SNP_LAUNCH_UPDATE, &update_data);
+}
+
static void sev_encrypt(struct sev_vm *sev)
{
struct sparsebit *enc_phy_pages;
@@ -171,9 +193,14 @@ static void sev_encrypt(struct sev_vm *sev)
if (pg_cnt <= 0)
pg_cnt = 1;
- sev_encrypt_phy_range(sev,
- gpa_start + pg * vm_get_page_size(vm),
- pg_cnt * vm_get_page_size(vm));
+ if (sev_snp_enabled(sev))
+ sev_snp_encrypt_phy_range(sev,
+ gpa_start + pg * vm_get_page_size(vm),
+ pg_cnt * vm_get_page_size(vm));
+ else
+ sev_encrypt_phy_range(sev,
+ gpa_start + pg * vm_get_page_size(vm),
+ pg_cnt * vm_get_page_size(vm));
pg += pg_cnt;
}
@@ -308,3 +335,47 @@ void sev_vm_launch_finish(struct sev_vm *sev)
TEST_ASSERT(ksev_status.state == SEV_GSTATE_RUNNING,
"Unexpected guest state: %d", ksev_status.state);
}
+
+/* SEV-SNP VM implementation. */
+
+struct sev_vm *sev_snp_vm_create(uint64_t policy, uint64_t npages)
+{
+ struct kvm_snp_init init = {0};
+ struct sev_vm *sev;
+ struct kvm_vm *vm;
+
+ vm = vm_create(VM_MODE_DEFAULT, 0, O_RDWR);
+ sev = sev_common_create(vm);
+ if (!sev)
+ return NULL;
+ sev->snp_policy = policy | SNP_POLICY_RSVD;
+
+ kvm_sev_ioctl(sev, KVM_SEV_SNP_INIT, &init);
+ vm_set_memory_encryption(vm, true, true, sev->enc_bit);
+ vm_userspace_mem_region_add(vm, VM_MEM_SRC_ANONYMOUS, 0, 0, npages, 0);
+ sev_register_user_range(sev, addr_gpa2hva(vm, 0), npages * vm_get_page_size(vm));
+
+ pr_info("SEV-SNP guest created, policy: 0x%lx, size: %lu KB\n",
+ sev->snp_policy, npages * vm_get_page_size(vm) / 1024);
+
+ return sev;
+}
+
+void sev_snp_vm_free(struct sev_vm *sev)
+{
+ kvm_vm_free(sev->vm);
+ sev_common_free(sev);
+}
+
+void sev_snp_vm_launch(struct sev_vm *sev)
+{
+ struct kvm_sev_snp_launch_start launch_start = {0};
+ struct kvm_sev_snp_launch_update launch_finish = {0};
+
+ launch_start.policy = sev->snp_policy;
+ kvm_sev_ioctl(sev, KVM_SEV_SNP_LAUNCH_START, &launch_start);
+
+ sev_encrypt(sev);
+
+ kvm_sev_ioctl(sev, KVM_SEV_SNP_LAUNCH_FINISH, &launch_finish);
+}
--
2.25.1
next prev parent reply other threads:[~2021-10-05 23:46 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-05 23:44 [RFC 00/16] KVM: selftests: Add tests for SEV, SEV-ES, and SEV-SNP guests Michael Roth
2021-10-05 23:44 ` [RFC 01/16] KVM: selftests: move vm_phy_pages_alloc() earlier in file Michael Roth
2021-10-18 15:00 ` Mingwei Zhang
2021-10-21 3:45 ` Michael Roth
2021-10-21 15:20 ` Paolo Bonzini
2021-10-26 15:52 ` Mingwei Zhang
2021-11-01 17:43 ` Mingwei Zhang
2021-10-05 23:44 ` [RFC 02/16] KVM: selftests: add hooks for managing encrypted guest memory Michael Roth
2021-10-13 2:20 ` Krish Sadhukhan
2021-10-13 15:07 ` Michael Roth
2021-10-21 15:22 ` Paolo Bonzini
2021-10-18 15:00 ` Mingwei Zhang
2021-10-21 3:37 ` Michael Roth
2021-10-21 15:22 ` Paolo Bonzini
2021-10-26 15:48 ` Mingwei Zhang
2021-11-01 17:44 ` Mingwei Zhang
2021-10-05 23:44 ` [RFC 03/16] KVM: selftests: handle encryption bits in page tables Michael Roth
2021-10-21 15:26 ` Paolo Bonzini
2021-10-24 16:49 ` Michael Roth
2021-10-25 7:34 ` Paolo Bonzini
2021-10-25 14:14 ` Michael Roth
2021-10-05 23:44 ` [RFC 09/16] KVM: selftests: account for error code in #VC exception frame Michael Roth
2021-10-05 23:44 ` [RFC 10/16] KVM: selftests: add support for creating SEV-ES guests Michael Roth
2021-10-05 23:44 ` [RFC 11/16] KVM: selftests: add library for handling SEV-ES-related exits Michael Roth
2021-10-05 23:44 ` [RFC 12/16] KVM: selftests: add SEV-ES boot tests Michael Roth
2021-10-05 23:44 ` Michael Roth [this message]
2021-10-05 23:44 ` [RFC 14/16] KVM: selftests: add helpers for SEV-SNP-related instructions/exits Michael Roth
2021-10-05 23:44 ` [RFC 15/16] KVM: selftests: add SEV-SNP boot tests Michael Roth
2021-10-05 23:44 ` [RFC 16/16] KVM: selftests: add SEV-SNP tests for page-state changes Michael Roth
2021-10-06 20:28 ` [RFC 04/16] KVM: selftests: add library for creating/interacting with SEV guests Michael Roth
2021-10-06 20:59 ` Michael Roth
2021-10-06 20:36 ` [RFC 04/16] KVM: selftests: set CPUID before setting sregs in vcpu creation Michael Roth
2021-10-08 19:03 ` Nathan Tempelman
2021-10-13 1:45 ` Krish Sadhukhan
2021-10-13 15:05 ` Michael Roth
2021-10-21 15:29 ` Paolo Bonzini
2021-10-06 20:36 ` [RFC 05/16] KVM: selftests: add support for encrypted vm_vaddr_* allocations Michael Roth
2021-10-06 20:37 ` [RFC 06/16] KVM: selftests: add library for creating/interacting with SEV guests Michael Roth
2021-10-11 3:17 ` Marc Orr
2021-10-12 1:15 ` Michael Roth
2021-10-12 12:55 ` Michael Roth
2021-10-21 15:43 ` Paolo Bonzini
2021-11-04 5:25 ` Mingwei Zhang
2021-11-04 13:44 ` Tom Lendacky
2021-10-14 1:26 ` Krish Sadhukhan
2021-10-16 2:56 ` Krish Sadhukhan
2021-10-21 15:39 ` Paolo Bonzini
2021-10-25 3:58 ` Michael Roth
2021-10-06 20:37 ` [RFC 07/16] KVM: selftests: add SEV boot tests Michael Roth
2021-10-16 2:55 ` Krish Sadhukhan
2021-10-21 3:35 ` Michael Roth
2021-10-06 20:37 ` [RFC 08/16] KVM: SVM: include CR3 in initial VMSA state for SEV-ES guests Michael Roth
2021-10-21 16:43 ` Paolo Bonzini
2021-10-25 3:59 ` Michael Roth
2021-10-21 16:48 ` [RFC 00/16] KVM: selftests: Add tests for SEV, SEV-ES, and SEV-SNP guests Paolo Bonzini
2021-10-25 4:27 ` Michael Roth
2021-10-25 7:35 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211005234459.430873-14-michael.roth@amd.com \
--to=michael.roth@amd.com \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=dwmw@amazon.co.uk \
--cc=hpa@zytor.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=marcorr@google.com \
--cc=mingo@redhat.com \
--cc=mizhang@google.com \
--cc=natet@google.com \
--cc=ricarkol@google.com \
--cc=seanjc@google.com \
--cc=shuah@kernel.org \
--cc=srutherford@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=varad.gautam@suse.com \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.