From: Michael Roth <michael.roth@amd.com>
To: Vishal Annapurve <vannapurve@google.com>
Cc: <x86@kernel.org>, <kvm@vger.kernel.org>,
<linux-kernel@vger.kernel.org>, <linux-kselftest@vger.kernel.org>,
<pbonzini@redhat.com>, <vkuznets@redhat.com>,
<wanpengli@tencent.com>, <jmattson@google.com>, <joro@8bytes.org>,
<tglx@linutronix.de>, <mingo@redhat.com>, <bp@alien8.de>,
<dave.hansen@linux.intel.com>, <hpa@zytor.com>,
<shuah@kernel.org>, <yang.zhong@intel.com>, <drjones@redhat.com>,
<ricarkol@google.com>, <aaronlewis@google.com>,
<wei.w.wang@intel.com>, <kirill.shutemov@linux.intel.com>,
<corbet@lwn.net>, <hughd@google.com>, <jlayton@kernel.org>,
<bfields@fieldses.org>, <akpm@linux-foundation.org>,
<chao.p.peng@linux.intel.com>, <yu.c.zhang@linux.intel.com>,
<jun.nakajima@intel.com>, <dave.hansen@intel.com>,
<qperret@google.com>, <steven.price@arm.com>,
<ak@linux.intel.com>, <david@redhat.com>, <luto@kernel.org>,
<vbabka@suse.cz>, <marcorr@google.com>, <erdemaktas@google.com>,
<pgonda@google.com>, <nikunj@amd.com>, <seanjc@google.com>,
<diviness@google.com>, <maz@kernel.org>, <dmatlack@google.com>,
<axelrasmussen@google.com>, <maciej.szmigiero@oracle.com>,
<mizhang@google.com>, <bgardon@google.com>
Subject: Re: [RFC V1 PATCH 0/3] selftests: KVM: sev: selftests for fd-based approach of supporting private memory
Date: Thu, 9 Jun 2022 20:05:10 -0500 [thread overview]
Message-ID: <20220610010510.vlxax4g3sgvsmoly@amd.com> (raw)
In-Reply-To: <20220524205646.1798325-1-vannapurve@google.com>
On Tue, May 24, 2022 at 08:56:43PM +0000, Vishal Annapurve wrote:
> This series implements selftests targeting the feature floated by Chao
> via:
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flore.kernel.org%2Flinux-mm%2F20220519153713.819591-1-chao.p.peng%40linux.intel.com%2F&data=05%7C01%7Cmichael.roth%40amd.com%7Cbe9cc77fc6ff4da6707808da3dc7f39c%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637890226337327131%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=81aPsc4zGLgPZh5A4IwKuN7AB0LLc7sNH8LYrhNMgNM%3D&reserved=0
>
> Below changes aim to test the fd based approach for guest private memory
> in context of SEV/SEV-ES VMs executing on AMD SEV/SEV-ES compatible
> platforms.
Hi Vishal,
Thanks for posting this!
Nikunj and I have been working on a test tree with UPM support for SEV and
SEV-SNP. I hit some issues getting your selftests to work against our tree
since some of the HC_MAP_GPA_RANGE handling for SEV was stepping on the kernel
handling you'd added for the UPM selftests.
I ended up adding a KVM_CAP_UNMAPPED_PRIVATE_MEM to distinguish between the
2 modes. With UPM-mode enabled it basically means KVM can/should enforce that
all private guest pages are backed by private memslots, and enable a couple
platform-specific hooks to handle MAP_GPA_RANGE, and queries from MMU on
whether or not an NPT fault is for a private page or not. SEV uses these hooks
to manage its encryption bitmap, and uses that bitmap as the authority on
whether or not a page is encrypted. SNP uses GHCB page-state-change requests
so MAP_GPA_RANGE is a no-op there, but uses the MMU hook to indicate whether a
fault is private based on the page fault flags.
When UPM-mode isn't enabled, MAP_GPA_RANGE just gets passed on to userspace
as before, and platform-specific hooks above are no-ops. That's the mode
your SEV self-tests ran in initially. I added a test that runs the
PrivateMemoryPrivateAccess in UPM-mode, where the guest's OS memory is also
backed by private memslot and the platform hooks are enabled, and things seem
to still work okay there. I only added a UPM-mode test for the
PrivateMemoryPrivateAccess one though so far. I suppose we'd want to make
sure it works exactly as it did with UPM-mode disabled, but I don't see why
it wouldn't.
But probably worth having some discussion on how exactly we should define this
mode, and whether that meshes with what TDX folks are planning.
I've pushed my UPM-mode selftest additions here:
https://github.com/mdroth/linux/commits/sev_upm_selftests_rfc_v1_upmmode
And the UPM SEV/SEV-SNP tree I'm running them against (DISCLAIMER: EXPERIMENTAL):
https://github.com/mdroth/linux/commits/pfdv6-on-snpv6-upm1
Thanks!
-Mike
next prev parent reply other threads:[~2022-06-10 1:05 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-24 20:56 [RFC V1 PATCH 0/3] selftests: KVM: sev: selftests for fd-based approach of supporting private memory Vishal Annapurve
2022-05-24 20:56 ` [RFC V1 PATCH 1/3] selftests: kvm: x86_64: Add support for pagetable tracking Vishal Annapurve
2022-05-24 20:56 ` [RFC V1 PATCH 2/3] selftests: kvm: sev: Handle hypercall exit Vishal Annapurve
2022-05-24 20:56 ` [RFC V1 PATCH 3/3] selftests: kvm: sev: Port UPM selftests onto SEV/SEV-ES VMs Vishal Annapurve
2022-06-10 1:05 ` Michael Roth [this message]
2022-06-10 21:01 ` [RFC V1 PATCH 0/3] selftests: KVM: sev: selftests for fd-based approach of supporting private memory Vishal Annapurve
2022-06-13 17:49 ` Michael Roth
2022-06-13 19:35 ` Michael Roth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220610010510.vlxax4g3sgvsmoly@amd.com \
--to=michael.roth@amd.com \
--cc=aaronlewis@google.com \
--cc=ak@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=axelrasmussen@google.com \
--cc=bfields@fieldses.org \
--cc=bgardon@google.com \
--cc=bp@alien8.de \
--cc=chao.p.peng@linux.intel.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=david@redhat.com \
--cc=diviness@google.com \
--cc=dmatlack@google.com \
--cc=drjones@redhat.com \
--cc=erdemaktas@google.com \
--cc=hpa@zytor.com \
--cc=hughd@google.com \
--cc=jlayton@kernel.org \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=jun.nakajima@intel.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=luto@kernel.org \
--cc=maciej.szmigiero@oracle.com \
--cc=marcorr@google.com \
--cc=maz@kernel.org \
--cc=mingo@redhat.com \
--cc=mizhang@google.com \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=pgonda@google.com \
--cc=qperret@google.com \
--cc=ricarkol@google.com \
--cc=seanjc@google.com \
--cc=shuah@kernel.org \
--cc=steven.price@arm.com \
--cc=tglx@linutronix.de \
--cc=vannapurve@google.com \
--cc=vbabka@suse.cz \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=wei.w.wang@intel.com \
--cc=x86@kernel.org \
--cc=yang.zhong@intel.com \
--cc=yu.c.zhang@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).