* [PATCH] selftests: KVM: add sev_migrate_tests on machines without SEV-ES
@ 2022-02-18 10:09 Paolo Bonzini
2022-02-18 19:44 ` Peter Gonda
0 siblings, 1 reply; 3+ messages in thread
From: Paolo Bonzini @ 2022-02-18 10:09 UTC (permalink / raw)
To: linux-kernel, kvm; +Cc: pgonda
I managed to get hold of a machine that has SEV but not SEV-ES, and
sev_migrate_tests fails because sev_vm_create(true) returns ENOTTY.
Fix this, and while at it also return KSFT_SKIP on machines that do
not have SEV at all, instead of returning 0.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
.../selftests/kvm/x86_64/sev_migrate_tests.c | 78 ++++++++++++++-----
1 file changed, 57 insertions(+), 21 deletions(-)
diff --git a/tools/testing/selftests/kvm/x86_64/sev_migrate_tests.c b/tools/testing/selftests/kvm/x86_64/sev_migrate_tests.c
index 2e5a42cb470b..d1dc1acf997c 100644
--- a/tools/testing/selftests/kvm/x86_64/sev_migrate_tests.c
+++ b/tools/testing/selftests/kvm/x86_64/sev_migrate_tests.c
@@ -21,6 +21,8 @@
#define NR_LOCK_TESTING_THREADS 3
#define NR_LOCK_TESTING_ITERATIONS 10000
+bool have_sev_es;
+
static int __sev_ioctl(int vm_fd, int cmd_id, void *data, __u32 *fw_error)
{
struct kvm_sev_cmd cmd = {
@@ -172,10 +174,18 @@ static void test_sev_migrate_parameters(void)
*sev_es_vm_no_vmsa;
int ret;
- sev_vm = sev_vm_create(/* es= */ false);
- sev_es_vm = sev_vm_create(/* es= */ true);
vm_no_vcpu = vm_create(VM_MODE_DEFAULT, 0, O_RDWR);
vm_no_sev = aux_vm_create(true);
+ ret = __sev_migrate_from(vm_no_vcpu->fd, vm_no_sev->fd);
+ TEST_ASSERT(ret == -1 && errno == EINVAL,
+ "Migrations require SEV enabled. ret %d, errno: %d\n", ret,
+ errno);
+
+ if (!have_sev_es)
+ goto out;
+
+ sev_vm = sev_vm_create(/* es= */ false);
+ sev_es_vm = sev_vm_create(/* es= */ true);
sev_es_vm_no_vmsa = vm_create(VM_MODE_DEFAULT, 0, O_RDWR);
sev_ioctl(sev_es_vm_no_vmsa->fd, KVM_SEV_ES_INIT, NULL);
vm_vcpu_add(sev_es_vm_no_vmsa, 1);
@@ -204,14 +214,10 @@ static void test_sev_migrate_parameters(void)
"SEV-ES migrations require UPDATE_VMSA. ret %d, errno: %d\n",
ret, errno);
- ret = __sev_migrate_from(vm_no_vcpu->fd, vm_no_sev->fd);
- TEST_ASSERT(ret == -1 && errno == EINVAL,
- "Migrations require SEV enabled. ret %d, errno: %d\n", ret,
- errno);
-
kvm_vm_free(sev_vm);
kvm_vm_free(sev_es_vm);
kvm_vm_free(sev_es_vm_no_vmsa);
+out:
kvm_vm_free(vm_no_vcpu);
kvm_vm_free(vm_no_sev);
}
@@ -300,7 +306,6 @@ static void test_sev_mirror_parameters(void)
int ret;
sev_vm = sev_vm_create(/* es= */ false);
- sev_es_vm = sev_vm_create(/* es= */ true);
vm_with_vcpu = aux_vm_create(true);
vm_no_vcpu = aux_vm_create(false);
@@ -310,6 +315,21 @@ static void test_sev_mirror_parameters(void)
"Should not be able copy context to self. ret: %d, errno: %d\n",
ret, errno);
+ ret = __sev_mirror_create(vm_no_vcpu->fd, vm_with_vcpu->fd);
+ TEST_ASSERT(ret == -1 && errno == EINVAL,
+ "Copy context requires SEV enabled. ret %d, errno: %d\n", ret,
+ errno);
+
+ ret = __sev_mirror_create(vm_with_vcpu->fd, sev_vm->fd);
+ TEST_ASSERT(
+ ret == -1 && errno == EINVAL,
+ "SEV copy context requires no vCPUS on the destination. ret: %d, errno: %d\n",
+ ret, errno);
+
+ if (!have_sev_es)
+ goto out;
+
+ sev_es_vm = sev_vm_create(/* es= */ true);
ret = __sev_mirror_create(sev_vm->fd, sev_es_vm->fd);
TEST_ASSERT(
ret == -1 && errno == EINVAL,
@@ -322,19 +342,10 @@ static void test_sev_mirror_parameters(void)
"Should not be able copy context to SEV-ES enabled VM. ret: %d, errno: %d\n",
ret, errno);
- ret = __sev_mirror_create(vm_no_vcpu->fd, vm_with_vcpu->fd);
- TEST_ASSERT(ret == -1 && errno == EINVAL,
- "Copy context requires SEV enabled. ret %d, errno: %d\n", ret,
- errno);
-
- ret = __sev_mirror_create(vm_with_vcpu->fd, sev_vm->fd);
- TEST_ASSERT(
- ret == -1 && errno == EINVAL,
- "SEV copy context requires no vCPUS on the destination. ret: %d, errno: %d\n",
- ret, errno);
+ kvm_vm_free(sev_es_vm);
+out:
kvm_vm_free(sev_vm);
- kvm_vm_free(sev_es_vm);
kvm_vm_free(vm_with_vcpu);
kvm_vm_free(vm_no_vcpu);
}
@@ -393,11 +404,35 @@ static void test_sev_move_copy(void)
kvm_vm_free(sev_vm);
}
+#define X86_FEATURE_SEV (1 << 1)
+#define X86_FEATURE_SEV_ES (1 << 3)
+
int main(int argc, char *argv[])
{
+ struct kvm_cpuid_entry2 *cpuid;
+
+ if (!kvm_check_cap(KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM) &&
+ !kvm_check_cap(KVM_CAP_VM_COPY_ENC_CONTEXT_FROM)) {
+ print_skip("Capabilities not available");
+ exit(KSFT_SKIP);
+ }
+
+ cpuid = kvm_get_supported_cpuid_entry(0x80000000);
+ if (cpuid->eax < 0x8000001f) {
+ print_skip("AMD memory encryption not available");
+ exit(KSFT_SKIP);
+ }
+ cpuid = kvm_get_supported_cpuid_entry(0x8000001f);
+ if (!(cpuid->eax & X86_FEATURE_SEV)) {
+ print_skip("AMD SEV not available");
+ exit(KSFT_SKIP);
+ }
+ have_sev_es = !!(cpuid->eax & X86_FEATURE_SEV_ES);
+
if (kvm_check_cap(KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM)) {
test_sev_migrate_from(/* es= */ false);
- test_sev_migrate_from(/* es= */ true);
+ if (have_sev_es)
+ test_sev_migrate_from(/* es= */ true);
test_sev_migrate_locking();
test_sev_migrate_parameters();
if (kvm_check_cap(KVM_CAP_VM_COPY_ENC_CONTEXT_FROM))
@@ -405,7 +440,8 @@ int main(int argc, char *argv[])
}
if (kvm_check_cap(KVM_CAP_VM_COPY_ENC_CONTEXT_FROM)) {
test_sev_mirror(/* es= */ false);
- test_sev_mirror(/* es= */ true);
+ if (have_sev_es)
+ test_sev_mirror(/* es= */ true);
test_sev_mirror_parameters();
}
return 0;
--
2.31.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] selftests: KVM: add sev_migrate_tests on machines without SEV-ES
2022-02-18 10:09 [PATCH] selftests: KVM: add sev_migrate_tests on machines without SEV-ES Paolo Bonzini
@ 2022-02-18 19:44 ` Peter Gonda
2022-02-22 16:12 ` Sean Christopherson
0 siblings, 1 reply; 3+ messages in thread
From: Peter Gonda @ 2022-02-18 19:44 UTC (permalink / raw)
To: Paolo Bonzini; +Cc: LKML, kvm list
On Fri, Feb 18, 2022 at 3:09 AM Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> I managed to get hold of a machine that has SEV but not SEV-ES, and
> sev_migrate_tests fails because sev_vm_create(true) returns ENOTTY.
> Fix this, and while at it also return KSFT_SKIP on machines that do
> not have SEV at all, instead of returning 0.
>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Peter Gonda <pgonda@google.com>
>
> +#define X86_FEATURE_SEV (1 << 1)
> +#define X86_FEATURE_SEV_ES (1 << 3)
These conflict with these names but have different values:
https://elixir.bootlin.com/linux/latest/source/arch/x86/include/asm/cpufeatures.h#L402.
Is that normal in selftests or should we go with another name?
> +
> int main(int argc, char *argv[])
> {
> + struct kvm_cpuid_entry2 *cpuid;
> +
> + if (!kvm_check_cap(KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM) &&
> + !kvm_check_cap(KVM_CAP_VM_COPY_ENC_CONTEXT_FROM)) {
> + print_skip("Capabilities not available");
> + exit(KSFT_SKIP);
> + }
> +
> + cpuid = kvm_get_supported_cpuid_entry(0x80000000);
> + if (cpuid->eax < 0x8000001f) {
> + print_skip("AMD memory encryption not available");
> + exit(KSFT_SKIP);
> + }
> + cpuid = kvm_get_supported_cpuid_entry(0x8000001f);
> + if (!(cpuid->eax & X86_FEATURE_SEV)) {
> + print_skip("AMD SEV not available");
> + exit(KSFT_SKIP);
> + }
> + have_sev_es = !!(cpuid->eax & X86_FEATURE_SEV_ES);
> +
> if (kvm_check_cap(KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM)) {
> test_sev_migrate_from(/* es= */ false);
> - test_sev_migrate_from(/* es= */ true);
> + if (have_sev_es)
> + test_sev_migrate_from(/* es= */ true);
> test_sev_migrate_locking();
> test_sev_migrate_parameters();
> if (kvm_check_cap(KVM_CAP_VM_COPY_ENC_CONTEXT_FROM))
> @@ -405,7 +440,8 @@ int main(int argc, char *argv[])
> }
> if (kvm_check_cap(KVM_CAP_VM_COPY_ENC_CONTEXT_FROM)) {
> test_sev_mirror(/* es= */ false);
> - test_sev_mirror(/* es= */ true);
> + if (have_sev_es)
> + test_sev_mirror(/* es= */ true);
> test_sev_mirror_parameters();
> }
> return 0;
> --
> 2.31.1
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] selftests: KVM: add sev_migrate_tests on machines without SEV-ES
2022-02-18 19:44 ` Peter Gonda
@ 2022-02-22 16:12 ` Sean Christopherson
0 siblings, 0 replies; 3+ messages in thread
From: Sean Christopherson @ 2022-02-22 16:12 UTC (permalink / raw)
To: Peter Gonda; +Cc: Paolo Bonzini, LKML, kvm list
On Fri, Feb 18, 2022, Peter Gonda wrote:
> On Fri, Feb 18, 2022 at 3:09 AM Paolo Bonzini <pbonzini@redhat.com> wrote:
> > +#define X86_FEATURE_SEV (1 << 1)
> > +#define X86_FEATURE_SEV_ES (1 << 3)
>
> These conflict with these names but have different values:
> https://elixir.bootlin.com/linux/latest/source/arch/x86/include/asm/cpufeatures.h#L402.
> Is that normal in selftests or should we go with another name?
It's normal. The kernel uses semi-arbitrary values that don't map directly to
CPUID. I like Paolo's suggestion of pulling in KVM-Unit-Tests' approach for
dealing with CPUID features[*]; if/when that happens these definitions will become
less ad hoc.
[*] https://lore.kernel.org/all/16823e91-5caf-f52e-e0dc-28ebb9a87b47@redhat.com
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-02-22 16:12 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-18 10:09 [PATCH] selftests: KVM: add sev_migrate_tests on machines without SEV-ES Paolo Bonzini
2022-02-18 19:44 ` Peter Gonda
2022-02-22 16:12 ` Sean Christopherson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).