From: Peter Gonda <pgonda@google.com>
To: kvm@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, marcorr@google.com,
seanjc@google.com, michael.roth@amd.com, thomas.lendacky@amd.com,
joro@8bytes.org, mizhang@google.com, pbonzini@redhat.com
Subject: [PATCH V2] KVM: selftests: Add simple sev vm testing
Date: Fri, 15 Jul 2022 12:29:46 -0700 [thread overview]
Message-ID: <20220715192956.1873315-2-pgonda@google.com> (raw)
In-Reply-To: <20220715192956.1873315-1-pgonda@google.com>
From: Michael Roth <michael.roth@amd.com>
A very simple of booting SEV guests that checks related CPUID bits. This
is a stripped down version of "[PATCH v2 08/13] KVM: selftests: add SEV
boot tests" from Michael but much simpler.
Signed-off-by: Michael Roth <michael.roth@amd.com>
---
tools/testing/selftests/kvm/.gitignore | 1 +
tools/testing/selftests/kvm/Makefile | 1 +
.../selftests/kvm/x86_64/sev_all_boot_test.c | 134 ++++++++++++++++++
3 files changed, 136 insertions(+)
create mode 100644 tools/testing/selftests/kvm/x86_64/sev_all_boot_test.c
diff --git a/tools/testing/selftests/kvm/.gitignore b/tools/testing/selftests/kvm/.gitignore
index f44ebf401310..ec084a61a819 100644
--- a/tools/testing/selftests/kvm/.gitignore
+++ b/tools/testing/selftests/kvm/.gitignore
@@ -34,6 +34,7 @@
/x86_64/pmu_event_filter_test
/x86_64/set_boot_cpu_id
/x86_64/set_sregs_test
+/x86_64/sev_all_boot_test
/x86_64/sev_migrate_tests
/x86_64/smm_test
/x86_64/state_test
diff --git a/tools/testing/selftests/kvm/Makefile b/tools/testing/selftests/kvm/Makefile
index f3f29a64e4b2..2b89e6bcb5b0 100644
--- a/tools/testing/selftests/kvm/Makefile
+++ b/tools/testing/selftests/kvm/Makefile
@@ -123,6 +123,7 @@ TEST_GEN_PROGS_x86_64 += x86_64/tsc_msrs_test
TEST_GEN_PROGS_x86_64 += x86_64/vmx_pmu_caps_test
TEST_GEN_PROGS_x86_64 += x86_64/xen_shinfo_test
TEST_GEN_PROGS_x86_64 += x86_64/xen_vmcall_test
+TEST_GEN_PROGS_x86_64 += x86_64/sev_all_boot_test
TEST_GEN_PROGS_x86_64 += x86_64/sev_migrate_tests
TEST_GEN_PROGS_x86_64 += x86_64/amx_test
TEST_GEN_PROGS_x86_64 += x86_64/max_vcpuid_cap_test
diff --git a/tools/testing/selftests/kvm/x86_64/sev_all_boot_test.c b/tools/testing/selftests/kvm/x86_64/sev_all_boot_test.c
new file mode 100644
index 000000000000..222ce41d6f68
--- /dev/null
+++ b/tools/testing/selftests/kvm/x86_64/sev_all_boot_test.c
@@ -0,0 +1,134 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Basic SEV boot tests.
+ *
+ * Copyright (C) 2021 Advanced Micro Devices
+ */
+#define _GNU_SOURCE /* for program_invocation_short_name */
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/ioctl.h>
+
+#include "test_util.h"
+
+#include "kvm_util.h"
+#include "processor.h"
+#include "svm_util.h"
+#include "linux/psp-sev.h"
+#include "sev.h"
+
+#define VCPU_ID 2
+#define PAGE_STRIDE 32
+
+#define SHARED_PAGES 8192
+#define SHARED_VADDR_MIN 0x1000000
+
+#define PRIVATE_PAGES 2048
+#define PRIVATE_VADDR_MIN (SHARED_VADDR_MIN + SHARED_PAGES * PAGE_SIZE)
+
+#define TOTAL_PAGES (512 + SHARED_PAGES + PRIVATE_PAGES)
+
+#define NR_SYNCS 1
+
+static void guest_run_loop(struct kvm_vcpu *vcpu)
+{
+ struct ucall uc;
+ int i;
+
+ for (i = 0; i <= NR_SYNCS; ++i) {
+ vcpu_run(vcpu);
+ switch (get_ucall(vcpu, &uc)) {
+ case UCALL_SYNC:
+ continue;
+ case UCALL_DONE:
+ return;
+ case UCALL_ABORT:
+ TEST_ASSERT(false, "%s at %s:%ld\n\tvalues: %#lx, %#lx",
+ (const char *)uc.args[0], __FILE__,
+ uc.args[1], uc.args[2], uc.args[3]);
+ default:
+ TEST_ASSERT(
+ false, "Unexpected exit: %s",
+ exit_reason_str(vcpu->run->exit_reason));
+ }
+ }
+}
+
+static void __attribute__((__flatten__))
+guest_sev_code(void)
+{
+ uint32_t eax, ebx, ecx, edx;
+ uint64_t sev_status;
+
+ GUEST_SYNC(1);
+
+ eax = 0x8000001f;
+ ecx = 0;
+ cpuid(&eax, &ebx, &ecx, &edx);
+ GUEST_ASSERT(eax & (1 << 1));
+
+ sev_status = rdmsr(MSR_AMD64_SEV);
+ GUEST_ASSERT((sev_status & 0x1) == 1);
+
+ GUEST_DONE();
+}
+
+static struct sev_vm *
+setup_test_common(void *guest_code, uint64_t policy, struct kvm_vcpu **vcpu)
+{
+ uint8_t measurement[512];
+ struct sev_vm *sev;
+ struct kvm_vm *vm;
+ int i;
+
+ sev = sev_vm_create(policy, TOTAL_PAGES);
+ if (!sev)
+ return NULL;
+ vm = sev_get_vm(sev);
+
+ /* Set up VCPU and initial guest kernel. */
+ *vcpu = vm_vcpu_add(vm, VCPU_ID, guest_code);
+ kvm_vm_elf_load(vm, program_invocation_name);
+
+ /* Allocations/setup done. Encrypt initial guest payload. */
+ sev_vm_launch(sev);
+
+ /* Dump the initial measurement. A test to actually verify it would be nice. */
+ sev_vm_launch_measure(sev, measurement);
+ pr_info("guest measurement: ");
+ for (i = 0; i < 32; ++i)
+ pr_info("%02x", measurement[i]);
+ pr_info("\n");
+
+ sev_vm_launch_finish(sev);
+
+ return sev;
+}
+
+static void test_sev(void *guest_code, uint64_t policy)
+{
+ struct sev_vm *sev;
+ struct kvm_vcpu *vcpu;
+
+ sev = setup_test_common(guest_code, policy, &vcpu);
+ if (!sev)
+ return;
+
+ /* Guest is ready to run. Do the tests. */
+ guest_run_loop(vcpu);
+
+ pr_info("guest ran successfully\n");
+
+ sev_vm_free(sev);
+}
+
+int main(int argc, char *argv[])
+{
+ /* SEV tests */
+ test_sev(guest_sev_code, SEV_POLICY_NO_DBG);
+ test_sev(guest_sev_code, 0);
+
+ return 0;
+}
--
2.37.0.170.g444d1eabd0-goog
next prev parent reply other threads:[~2022-07-15 19:30 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-15 19:29 [RFC V1 00/10] *** KVM: selftests: Add simple SEV test Peter Gonda
2022-07-15 19:29 ` Peter Gonda [this message]
2022-07-15 19:29 ` [RFC V1 01/10] KVM: selftests: move vm_phy_pages_alloc() earlier in file Peter Gonda
2022-07-15 19:29 ` [RFC V1 02/10] KVM: selftests: sparsebit: add const where appropriate Peter Gonda
2022-07-15 19:29 ` [RFC V1 03/10] KVM: selftests: add hooks for managing encrypted guest memory Peter Gonda
2022-07-15 19:29 ` [RFC V1 04/10] KVM: selftests: handle encryption bits in page tables Peter Gonda
2022-07-15 19:29 ` [RFC V1 05/10] KVM: selftests: add support for encrypted vm_vaddr_* allocations Peter Gonda
2022-07-15 19:29 ` [RFC V1 06/10] KVM: selftests: Consolidate boilerplate code in get_ucall() Peter Gonda
2022-07-19 14:42 ` Andrew Jones
2022-07-15 19:29 ` [RFC V1 07/10] tools: Add atomic_test_and_set_bit() Peter Gonda
2022-07-15 19:29 ` [RFC V1 08/10] KVM: selftests: Make ucall work with encrypted guests Peter Gonda
2022-07-19 15:43 ` Andrew Jones
2022-07-27 13:38 ` Peter Gonda
2022-07-27 13:56 ` Andrew Jones
2022-07-27 14:07 ` Peter Gonda
2022-07-15 19:29 ` [RFC V1 09/10] KVM: selftests: add library for creating/interacting with SEV guests Peter Gonda
2022-07-15 19:29 ` [RFC V1 10/10] KVM: selftests: Add simple sev vm testing Peter Gonda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220715192956.1873315-2-pgonda@google.com \
--to=pgonda@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marcorr@google.com \
--cc=michael.roth@amd.com \
--cc=mizhang@google.com \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.