From patchwork Thu Jan 23 22:00:53 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pratik Rajesh Sampat X-Patchwork-Id: 859527 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2083.outbound.protection.outlook.com [40.107.243.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A88C21C5F34; Thu, 23 Jan 2025 22:01:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.83 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737669697; cv=fail; b=BvCzfi5GPrHGtA+YHlL7rUnzQsAHMO++o5f6GKnC7jwOEZN5s/miAKEWjBhDgxii15ngxyJspzMFk7+MiuBpf+RVodxgJTPJ3WH1qSg6TKEbcdAOqBEnfoc6PkJ9GlOM1f61JcCx783GRT8AoVAxpZnyGn4gbMJdbMfjZ9QJoXg= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737669697; c=relaxed/simple; bh=cUypLWhR+AqVFpfac8jIFXQ1A19F6VYFkYeDOaeYROA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=DooNjmIwkxDR73GeT1kmYxYMlRUsVKAhVhrPAEceS9KPiIDHERdqBwMYH9kIIOJf9oZvidRhK3lauN6WZxqeBbKCyneegLOl3TVlXBWDBNUkihlnE/Ms6Y+7VR2s0wZwi5MXRnz7Op81D3MHo2x3dkhIk3pmUwDmZxiddHCxR0w= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=W/9iBi+M; arc=fail smtp.client-ip=40.107.243.83 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="W/9iBi+M" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=mx2iSJ/3/PBpDiMwkBT/IsXeINEKooEgsDnOq5m4YtxUqFhctBWFrmMjNU4no/OAV/kWZTyZn7JpzSQSe0AdoV4i/k0HzllD43iTvo8/51AKjoZWYbmoHk4eZWw88nHZZMXl2PYv/427CNgouorZLyneDTjHZzLkVT0nC1YChvK4Ay0bybj6QOIVB9FKxlnVBUPA2N08b35rFkZ4Z5E33a3j8uiOFS17Bgp2YVDtYSXhHHf2zHTUcyNO0dv3iC+6oXmZI3BVGF+HFB/cRq7giDufq84y6IwchYbqZl7suqV/wCqPXso/svq0Zsh31zzx+Bbd82lglqBJoUMaXG9ZmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=j0s/+wPwAZiBTdlVt8wR7NSvWeYEG2LljblYoDWE/9k=; b=rVHTBkmr4qnYwxnOQsTKT0LPpMZo51L1phqN0P5iFgNkT+sTMKOcMBFO/BQ+WzcFr/h/NSZf2peFT6+gEmjxZQB+hejK3lHAJatZesmCKq/Lh1wouzM9rU37+xqRNJPsBxEMryTJUU7XXBOsGQeHRf4YM3luBytSZ9t8r5rdU6tKEIybWrKiEMx4y8ekH0ZSsKcCo/DjaCwnGMDWmk48zhYam9oX7hodEKCg6WEqOI8tmwlwNWBbKYvIm2SpMXLFXbHPunbMwUAs5AFe40WAiIovNgbXPVh/yH9wM0KFFxq25c6ZbnzAvXVPu8FrZJr0K40g3b6DmaDqwHiXRueHiA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=j0s/+wPwAZiBTdlVt8wR7NSvWeYEG2LljblYoDWE/9k=; b=W/9iBi+M1rmc0ssy04F/q80xRftrSCOCtm1wsQpTQHxZ9a3r2K8dAhTOCJV3eD9+1XTERd7/3R1YrpLs3lWdnXGfTRD47DxsXoXxjFaDsJ/JXkh/uTKBQWUE6ezPRkD5N+9d0luluyCLfbdc3YUsbbJejgZzAMc9EAttf4He/Iw= Received: from SJ0PR05CA0148.namprd05.prod.outlook.com (2603:10b6:a03:33d::33) by CH0PR12MB8577.namprd12.prod.outlook.com (2603:10b6:610:18b::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8377.16; Thu, 23 Jan 2025 22:01:32 +0000 Received: from CO1PEPF000042A8.namprd03.prod.outlook.com (2603:10b6:a03:33d::4) by SJ0PR05CA0148.outlook.office365.com (2603:10b6:a03:33d::33) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8272.12 via Frontend Transport; Thu, 23 Jan 2025 22:01:31 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CO1PEPF000042A8.mail.protection.outlook.com (10.167.243.37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8377.8 via Frontend Transport; Thu, 23 Jan 2025 22:01:30 +0000 Received: from sampat-dell.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 23 Jan 2025 16:01:29 -0600 From: "Pratik R. Sampat" To: , , , , CC: , , , , , , , , , , , , , Subject: [PATCH v5 2/9] KVM: SEV: Disable SEV on platform init failure Date: Thu, 23 Jan 2025 16:00:53 -0600 Message-ID: <20250123220100.339867-3-prsampat@amd.com> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250123220100.339867-1-prsampat@amd.com> References: <20250123220100.339867-1-prsampat@amd.com> Precedence: bulk X-Mailing-List: linux-kselftest@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF000042A8:EE_|CH0PR12MB8577:EE_ X-MS-Office365-Filtering-Correlation-Id: f3acf061-3f0c-473b-d4a8-08dd3bf97e6e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|82310400026|1800799024|376014|7416014|36860700013; X-Microsoft-Antispam-Message-Info: VWI50gWcY9AE2NhAMnxFFhAu1Sy3oV5dxktyGwIbbE0XzmeBENYivgOPxFoe1M4InM55GSbW0wAIAxgn9Ur06bsPsY/goG9UvCG39L3f0yPE66M06JVd0G7cU2XqId0ZxspgS+Le+LevvjNcIKU7Qj1gjHMFIJWuD6fPM9hiPEF1OrYIguGMC219VqAQ7K/ZrWY/CPnrSPfdUENI1dmKkjoyy1rmu8OVtld2ubd0Gxj9qQa5OdKbOsJtjZCer2bxDfGE91tjx9x6Zq75ntrrPrvx7cLzKnF5wEiTR9PW/V7mMafOtAjIL/YJWNJfnih8gv15N8Z0T1LPKtUKeDBz/d3VX+mtQFrAasaKgiUc9a7MqwlYhKWJy3FB+i2DFztucEv+dTGuDnNZKDZB8Kar5wIdHcnCeNLrTkEs5bSz4KV2HvqNUm1vcFISzcIe2yPAqpSEYcCnCKu8ds5X/KrJSgvBOW5s7NVnvOJ67lShNCXXeNdCHJqNbU0HBPYg5jEG1UFCXonjjM6wEnjn1Q/LDJIrE77UsvFv+rGWPml3Fv+0G0qm7L/eb0jxypk+YnV9MVDTsdd8HB4puRSKPL7We9SQx4J7sz7dmGcxQ3SuODeNBQQLmWIrp19h3IMiUwcPVF8iHmx5KbE+9pfjEa5hF9ZynML1upcX61VXXmZAZaNdxXLCUE4obl/WwxfDj02d4X3BKd6E8AMRdIjXWeAP7X9vj9GSl2+Z4E2E4FRlQFOtPGA6AXWMHdFicOxyBDUbsxdvDWNg/8IYonMBQQ7EpyNKEtn4A5aZ36X4DvR45RzIrP4Phu1PWCwkO3b1Oa5fSzJSm1K/eKmtFdWejm9JLpq2eyO2yt70ZnAduhNTLLZ0oARdukYvv30aAm9btqAggI25XG0Pc7g+uFh3eTud4fGGh+Av0xa1Xhdo+WWaoIXQMgvWevVFJbrKv3cDe71u8+/R3Uq8N/g29dG+JoUoLgw8MMQwD1zXRT4YG49pXgA5IQ6GWqLP5Lyn9lRWv6/Id9XJpbilt017CmXDRvsmDM4+AqmSgoWdXxQ6xrp5mzCOgewpjzaL6aUjaaEhaZ1vdKqNL4LyhuaBnwTR5JjpIBnN21ERCQ0Is9c/dfIPaNma9mQ2GHjy/IiRkNj1TKZdaIjAvBplBpZMrZxYrjVcyWIoVUv+2WvrAw6+IC5q33kXngR4M5R1+0k3/lON3Y/Tj7mmHqNhWEIAZPkFjk8m3EDOBSuusW9/H0ZADnOxk3uaR3prnV9f53NkLuI2AcXWJAdyNYNgWR76S7trtkUwF/qVjhPr4zR8HjOr97ostMHMmwoqYGLFp9DJTcKu07Klnwg4zIQlq7iXqsZHtIB3WUfoIV7ELTaort7MvQ0EbGouW0QojknQtO5k3d0O0FhT0ZQseRncki+ZOq/BGmUH0IJhQwVamyvGA8zrW4rfBXLpfDzi935GVrN8uIJWi60rw3JFqgjS3BZ9rl2gnVT307BlJJ5W5vLM4HWlhVGuE9U= X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230040)(82310400026)(1800799024)(376014)(7416014)(36860700013); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jan 2025 22:01:30.9004 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f3acf061-3f0c-473b-d4a8-08dd3bf97e6e X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000042A8.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR12MB8577 If the platform initialization sev_platform_init() fails, SEV cannot be set up and a secure VM cannot be spawned. Therefore, in this case, ensure that KVM does not set up, nor advertise support for SEV, SEV-ES, and SEV-SNP. Suggested-by: Nikunj A Dadhania Signed-off-by: Pratik R. Sampat --- v4..v5 * Export the failure of platform_init() to disable SEV+ support --- --- arch/x86/kvm/svm/sev.c | 2 +- drivers/crypto/ccp/sev-dev.c | 10 ++++++++++ include/linux/psp-sev.h | 3 +++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index b709c2f0945c..188f04247dcf 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2957,7 +2957,7 @@ void __init sev_hardware_setup(void) bool sev_es_supported = false; bool sev_supported = false; - if (!sev_enabled || !npt_enabled || !nrips) + if (!is_sev_platform_init() || !sev_enabled || !npt_enabled || !nrips) goto out; /* diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index b45cd60c19b0..374ca2dd5730 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -81,6 +81,8 @@ MODULE_FIRMWARE("amd/amd_sev_fam19h_model1xh.sbin"); /* 4th gen EPYC */ static bool psp_dead; static int psp_timeout; +static bool platform_init; + /* Trusted Memory Region (TMR): * The TMR is a 1MB area that must be 1MB aligned. Use the page allocator * to allocate the memory, which will return aligned memory for the specified @@ -1358,6 +1360,12 @@ int sev_platform_init(struct sev_platform_init_args *args) } EXPORT_SYMBOL_GPL(sev_platform_init); +bool is_sev_platform_init(void) +{ + return platform_init; +} +EXPORT_SYMBOL_GPL(is_sev_platform_init); + static int __sev_platform_shutdown_locked(int *error) { struct psp_device *psp = psp_master; @@ -2427,6 +2435,8 @@ void sev_pci_init(void) if (rc) dev_err(sev->dev, "SEV: failed to INIT error %#x, rc %d\n", args.error, rc); + else + platform_init = true; dev_info(sev->dev, "SEV%s API:%d.%d build:%d\n", sev->snp_initialized ? "-SNP" : "", sev->api_major, sev->api_minor, sev->build); diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index e841a8fbbb15..3a40b79fb37f 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -946,6 +946,7 @@ void *psp_copy_user_blob(u64 uaddr, u32 len); void *snp_alloc_firmware_page(gfp_t mask); void snp_free_firmware_page(void *addr); bool snp_fw_valid(void); +bool is_sev_platform_init(void); #else /* !CONFIG_CRYPTO_DEV_SP_PSP */ @@ -982,6 +983,8 @@ static inline void snp_free_firmware_page(void *addr) { } static inline bool snp_fw_valid(void) { return false; } +static inline bool is_sev_platform_init(void) { return false; } + #endif /* CONFIG_CRYPTO_DEV_SP_PSP */ #endif /* __PSP_SEV_H__ */ From patchwork Thu Jan 23 22:00:55 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pratik Rajesh Sampat X-Patchwork-Id: 859526 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2072.outbound.protection.outlook.com [40.107.237.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 04AE81CAA91; Thu, 23 Jan 2025 22:01:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.72 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737669719; cv=fail; b=FLwXVQnNBQiXgVECVH7O40tsxcrRfRipzLW8+ksN1onTv+FdprgWhSKWcILO81agNitqA/44j2cLI3SGavpgMt5cryU34w5r7d/uAAbti2G+KV9JLIEp1gQ9hkGgBtsAePeFjA0j+nol4aby+1lWA4w4hSIbWYb10syLUoC2Z9I= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737669719; c=relaxed/simple; bh=iJyRkZuGIdOsuOJh9PkDvFSKVOfbePPf+3pz8N6YMls=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Kd9N420DhCHn6JwFP2ppRONyC58ZTM1aLTLDfl3+isr9ahoQ3NAiU/WISUoKVnSp+GoMh58m+hufDWmUbD/l1pLBZWMe2iIN/c+rJ8lQAzUKCAMmOjlfGJk0hqekwXo4O7YJeZhe3T4ezL9dPXwn4Q019e6xocft42HpDhqKrb0= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=OqQ91mu8; arc=fail smtp.client-ip=40.107.237.72 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="OqQ91mu8" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=v0qpGSUSjxOCk9MKNJmp6TE9HMdp6ZPh8XR1ddJ6MpltSCGv84+i5FfCe5YO8Nicck5mXqygbVcwQsyBaOwBUYVZ9Q605d1T4LUaWP0mwaNCYjAj28spiEjcG5mS4aIkyDGRy5C+412IJyUwGiyziqQ6gWooMNoDFA85tCfTRQnCPWGtEfaJ7ym1P3aWLwOZO/gC2xTCwhsa1vch74/nwcewrK0b++/Ryl7qvjvV9c0CKZGgM5Rbx7Gf0qzkvXau9R6GaIdh6sNiurjdQHeUDoraYfw01Mk2iT42XgcBp99BwaAlUC0zuYCADCA+GpIbmwi7qwMb/RXnLeVoE18AYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ie0kCcGEqRklTROQfzy8+NkelMifHCrXpjcSSus4nME=; b=svkpOfhoyd2PdKzVw5m6htRImkXS+gBgpyBKdEfDu53wEuvkViIOWpr0pdc2wkGnRuw77wVxQsc7A60U8C7YfWSCx8GKzaLIW5OPUm8DYMN/mMFDEK2ioCh5PkgPKln17MpZ6qkp/dYpVEMQ0pBzGXkEF1vpZ/mccs4ZquriQxmTKiFFIVu4tyvYPXN/yb5AOU2N49EWqUorhUlzgd6qWg/ET3CligSV57RVIHMB31z2a2gJ/nzAEkBEhm9hOQt5loxmYe9GE+i6mXIgCq2BX0kDUkdsMfAAqFoYDyTqil4cI/7Pvr92/6ThkeRXPcYBaepBg6ZZY8hE/2AeqCZlbQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ie0kCcGEqRklTROQfzy8+NkelMifHCrXpjcSSus4nME=; b=OqQ91mu8apzxkdXDLUEVmUAwg0fMW7a0Zem0zg3iu1fy8cj6tcF8oq9tva1cBhWCITP0d3UhK8WzEmdZQ0YnsCn8aeak1MgHybJ/9NaBYF8Wo7ZvpIciz9A44jXYJlX1CeP7XzEbZ9WB3i7TC4iCYb/qd6u58DhMcfbhaunU/58= Received: from BYAPR05CA0100.namprd05.prod.outlook.com (2603:10b6:a03:e0::41) by DM6PR12MB4185.namprd12.prod.outlook.com (2603:10b6:5:216::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8356.22; Thu, 23 Jan 2025 22:01:54 +0000 Received: from CO1PEPF000042AD.namprd03.prod.outlook.com (2603:10b6:a03:e0:cafe::2b) by BYAPR05CA0100.outlook.office365.com (2603:10b6:a03:e0::41) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8377.18 via Frontend Transport; Thu, 23 Jan 2025 22:01:54 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CO1PEPF000042AD.mail.protection.outlook.com (10.167.243.42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8377.8 via Frontend Transport; Thu, 23 Jan 2025 22:01:53 +0000 Received: from sampat-dell.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 23 Jan 2025 16:01:52 -0600 From: "Pratik R. Sampat" To: , , , , CC: , , , , , , , , , , , , , Subject: [PATCH v5 4/9] KVM: selftests: Add VMGEXIT helper Date: Thu, 23 Jan 2025 16:00:55 -0600 Message-ID: <20250123220100.339867-5-prsampat@amd.com> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250123220100.339867-1-prsampat@amd.com> References: <20250123220100.339867-1-prsampat@amd.com> Precedence: bulk X-Mailing-List: linux-kselftest@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF000042AD:EE_|DM6PR12MB4185:EE_ X-MS-Office365-Filtering-Correlation-Id: e9ea9010-1a49-49ce-03ae-08dd3bf98c17 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|376014|7416014|1800799024|36860700013|82310400026; X-Microsoft-Antispam-Message-Info: EW1OpYmmQJqnqn3CYA9+KfMEEUX9/Fo5TgR0IlNFlQLJbBpgq9C8guMuhrdU/qrJvXQwNR5mPboDuVvel2tbs7eZtQn9ZCqdLcrFtMwu+EVARHV7rQsJCTw1dkIPvRWdH7+WmqgNrHm215RCOAV/zDh/FMxNnt0xO26JYu71Z8N2fU9YhnT5D5u1y4QZ7AT/arcNt8g27UA8L+RQnvrHC2ToSZ987M83nI4HJHWmh4BNv22g6flFDjCnyJISWAl6IyUCRH3PbI48rr2hDyr28Ym9cTiYr3dn2S/z+0a4AcJ9EnDuv+wKBiMGWDNUaXJ6BJuwx/gtVBqRzDIME/3YvMJ1ELt6exqJpRC7FOFkifvulN8qq7FtYPSbazh5j5iCZ5MT6IU2LFDO6JB65uIbX4olSCdZNAuGuuAMiGZZlhOX+0OvuZtyv5iJp8ZKkb1vGWuZjvAvL67lKdh5aNxQrsPJ6zRHY5y0wu4Sb+j2EgLPU8y8/7Z/CErlnTYdQSdPi+cYTjL6t/g0CPpXL/mZluqlXlDhhLt/rCIHH/CWTFXaG/U3QpHaePl1qmTqC9f3bwmXF38/cPUTIiNhaP3cJ9mqdluuaWqkhqk04KKnmltcuvcJrJ5nWKe4cI15KcL/wqWL5FS7DaCfu1kqX+cKniq2F3NOxP+4yMjPRuulFzj1HubTMVekal+2WQ9qtRXhr9PfXHvd+ZLeQNlKBEtwHEz+dnqtFWDEtarRHqlDtatRfLgWRP3jZg3eVPbhVEJOiEv3z8vls5v2M+YgImWqrXZNDTWoBpg+LWtoAs5WS8o6HmskHcNphnPN+hNB2GAJ7+NsPWJTPv5vpnmzJtK3ri7JQpptJpeTG8Zq32RFKNl7mRY7vY1E9xkIHeVC6QJKvLs+tqWbOOtEttar7thit373fZd8feBo5oDaT/5fXqjEzT7fRgCZW26XQVQWVywv+pYXJrm1cUbw0jHUbu9Sf3W+O6FStLl57foDJ2WHyP1464UcXoSUg2o/kDAXMDmZet45Yy0XEs6ABQq3Qddh9B1B0P+Yt2rXaaTRkHEP5Qe8wSTzmE2gyhcJUf1JmDVhNobhBw/XsYbPeCne8N0Ksno+6j6lbp6cG2IxGOJQyGOBnY5cyTETiYWkRNyCDwsDbuOjleyLWevvYvk+1TbOmiXe7BcwlC5H6WcDmDkH5zo4OWWlFKPubIPtLPAGXEHQFN3XbMeSDn6eZr4txA4LlSLP9YX2tT4l6DU8qy8uU5+ndq9SYma/Sicsm4DEc6kvrKlfJe5V9ddPtMiV9+ubItqCjfCYESERlyerUbIyV1r8L/vHe5QFQmserscAzMOwQTfY1BpkWFzLUNMMY+aSbDDXvZGHvJRvSDyYod4aMM8PNb82y9IEpxdFBfLFAbFEhiAcS1eaeAscbYc2Gd9c99e3UBX4ll9HP9DBvvv8ODVwFpGKFXVZPFfMW+XQuSvnmTmU6MN48udGGtm7naqL59ITzmQEf1gib6E0Sl5qLXQ= X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230040)(376014)(7416014)(1800799024)(36860700013)(82310400026); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jan 2025 22:01:53.8130 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e9ea9010-1a49-49ce-03ae-08dd3bf98c17 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000042AD.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4185 Abstract rep vmmcall coded into the VMGEXIT helper for the sev library. No functional change intended. Signed-off-by: Pratik R. Sampat --- tools/testing/selftests/kvm/include/x86/sev.h | 2 ++ tools/testing/selftests/kvm/x86/sev_smoke_test.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/kvm/include/x86/sev.h b/tools/testing/selftests/kvm/include/x86/sev.h index 82c11c81a956..e7df5d0987f6 100644 --- a/tools/testing/selftests/kvm/include/x86/sev.h +++ b/tools/testing/selftests/kvm/include/x86/sev.h @@ -27,6 +27,8 @@ enum sev_guest_state { #define GHCB_MSR_TERM_REQ 0x100 +#define VMGEXIT() { __asm__ __volatile__("rep; vmmcall"); } + void sev_vm_launch(struct kvm_vm *vm, uint32_t policy); void sev_vm_launch_measure(struct kvm_vm *vm, uint8_t *measurement); void sev_vm_launch_finish(struct kvm_vm *vm); diff --git a/tools/testing/selftests/kvm/x86/sev_smoke_test.c b/tools/testing/selftests/kvm/x86/sev_smoke_test.c index a1a688e75266..38f647fe55d2 100644 --- a/tools/testing/selftests/kvm/x86/sev_smoke_test.c +++ b/tools/testing/selftests/kvm/x86/sev_smoke_test.c @@ -27,7 +27,7 @@ static void guest_sev_es_code(void) * force "termination" to signal "done" via the GHCB MSR protocol. */ wrmsr(MSR_AMD64_SEV_ES_GHCB, GHCB_MSR_TERM_REQ); - __asm__ __volatile__("rep; vmmcall"); + VMGEXIT(); } static void guest_sev_code(void) From patchwork Thu Jan 23 22:00:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pratik Rajesh Sampat X-Patchwork-Id: 859525 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2068.outbound.protection.outlook.com [40.107.92.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 356861CDFD3; Thu, 23 Jan 2025 22:02:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.68 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737669747; cv=fail; b=sjxVNyuA+YCSxfbfa2d7bXRfQ1EYq9LW5qup1p0i79GcbXmMLIaKQwy19IQdQxAfmS78D4mOeMm7YA8uO35fxz8r6+0U9VzNeGaqwyJBibAet/WAw4qA4ZTUyplfnFkcntBXE/451uA3f78lIr0cPm0OIRRb6YcE4Po1zyZ9VzE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737669747; c=relaxed/simple; bh=Ba/a+u3CzQBX2MTfiGagB8Hfkj4AB0Y7xhBwNbvqIcI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=BT1GqfN2TzQh3ahc0ZPIhFkrtIiBtcINcFhK+6X1U9EVzMSCkYnkeUbpx3mV+TGACBRAeYyIw52qy9IrhC+rqgyVyk0So/CzKwxUoVvVtr+pgF6igoQDqrksAOP6KSMfL/OCEtJIMDabvSj2IFBYw6RM/JM36Zb9kGJb+N1uApI= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Cg4jySLW; arc=fail smtp.client-ip=40.107.92.68 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Cg4jySLW" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ILNg9sBc3Ew4jo1vC5MNV7JS4Dx4bKJjLBlooBflDt335AUgQCWbo0H/GopvYPsuFuJ3eaVHSBTOSlH5MvLour6XXHRJMfsNh7O7YXP01p/TAV13E4LtifyHjrPkPTk+eseQJBqZLzPTcAiyb7I017oKQ9UEwpyrR8Q+1/eQqFGhRElgfpb+DHLYCZOPYt7QCfC4aTkNx1JqFlMG9yC2cEMj2tSKq1Q/IEdmKp/UgBI4vrxNQZxdtQs5aOdmO0gI7oVYsGLakiGTqAocVSFeehZgaBUvpL/ZOeeVgfTKQFt+2ZNU6bL+aNjhAd0TL/EHSo36jBrNXAb5H1EJPZ+Rdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xtJuRok5jCqjdb6Jz7w9dLZ3t0DG1G1ioWe5IGE1f2A=; b=iLwujojVXwNIWHemhwQUqaypdgEyjQqABCLkCJOQcGLjzux4VsUQyLZuXqV8MaF4pbS5rO0bgVEFYj/T4Re2iX2iTh3vMZVM2EJ3WzYIGOXZ8+XYgUVJurNH5lItpdl635bA8J1n1CplrhgzRyklIXPiS+eNiDYOZjnvVRhG3vqIkUigWJIzYPzHAsvvbQpU8jb7IA1zZLw/5B5G7C+Bxpef810P3ErMNDWxfTp4JL+1UoK0cAV5geqg/AugUWdvdc5UX6MNvSQhiM1D1nccVLdZ0Z13pbqR8pDXlVA3CrHsDjnxXHGCT85X5birHGgxxgOGhssmDwDgOOX3qHdsVA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xtJuRok5jCqjdb6Jz7w9dLZ3t0DG1G1ioWe5IGE1f2A=; b=Cg4jySLWfgWU382YfKTiw5ESPgxahVh5rqNqtlFEopWniqAPd+QCiFWB7ZNEz1nETJFZZjJnlswmOZQImltVmbYMQ11TwtxSP+4aF5bzdL7SorphkRGB1uCsqpJ9WSQmRAAIifHlEEqutSROK9h/Ds1bfWfhNcmO5hPNg+V/rkQ= Received: from SJ0PR03CA0175.namprd03.prod.outlook.com (2603:10b6:a03:338::30) by DS0PR12MB6392.namprd12.prod.outlook.com (2603:10b6:8:cc::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8377.17; Thu, 23 Jan 2025 22:02:17 +0000 Received: from CO1PEPF000042AB.namprd03.prod.outlook.com (2603:10b6:a03:338:cafe::49) by SJ0PR03CA0175.outlook.office365.com (2603:10b6:a03:338::30) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8377.14 via Frontend Transport; Thu, 23 Jan 2025 22:02:17 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CO1PEPF000042AB.mail.protection.outlook.com (10.167.243.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8377.8 via Frontend Transport; Thu, 23 Jan 2025 22:02:16 +0000 Received: from sampat-dell.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 23 Jan 2025 16:02:15 -0600 From: "Pratik R. Sampat" To: , , , , CC: , , , , , , , , , , , , , Subject: [PATCH v5 6/9] KVM: selftests: Add library support for interacting with SNP Date: Thu, 23 Jan 2025 16:00:57 -0600 Message-ID: <20250123220100.339867-7-prsampat@amd.com> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250123220100.339867-1-prsampat@amd.com> References: <20250123220100.339867-1-prsampat@amd.com> Precedence: bulk X-Mailing-List: linux-kselftest@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF000042AB:EE_|DS0PR12MB6392:EE_ X-MS-Office365-Filtering-Correlation-Id: ab6d7af5-c514-4b82-47bd-08dd3bf999c3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|36860700013|82310400026|376014|1800799024|7416014; X-Microsoft-Antispam-Message-Info: ITnRaDjc6v26SxCzavxZ/MBj4z18y8/WqPwLi09sGiuisS9CCYhYYILMwR+TNfetvbtsSQ9bpw+EuHE7bHXd6HtQbWPf8psGhPEp6swAk2PK7V8JF5f3EQcm+eq9Wk6gObrKMm9vBt9YuWZOsJNgsh1IwibKhgZZ8CCGx5jlxwufcyoHnVNnL8F/QyzpDvhEdK3XO2oPIQvKnop6UOWnc5oGaanTf69eonr/1ByAkHsobc0G6tDjmGj+C8dXsEgW0dNpWBS7Q5/niq3zklGt4cmd/EsmiPwRV5rf+ayJ2knsZbSewaj6isDAL8KGYhT99gI75q9GHearuChjXkchgA5I1Hw2Jk2g7OilbQRpmvIbnXIEzizZBIyah06VgHFWOScEqxD5H396N6R3UJIUWk/oW8CUKVcOfsr1Tjdg45Cf2KFkg75AJlKeHtLrshN5v0BlyD8eLFa//ryB1VgHSAcAq2Y20oKz0CviqaUnw+Fvxqx4A9uMY7GGEz7w3Q13ek0N7+WybnfJx3THA4mycZDHkKlSVjuMns5ZRVvQuTGlnKpp+9JzIKLgomcnhxJIyTS+R91GUFaRDEGwhUwrRuYsADpmv6wompcV6jaHkAw+p9lerRyelPowee3tsO4HRCw10HMOZzXu1AUhTjyRKfdScblDW2UyVtXVRYXWgD5LEbw+jORuLJplMUOK4p+SlZXAAPc1sDYmaNwbmL5MCz9aWx/Z3CgSzae5iohPwcJxg6E0InE7a7x3qZbFQxdiRovoznD4wGGd1VG6p5pg4R9IlF5HNQ84mIcKE8ahi0+rabQzwGnmbygb7jENMqVRJH4dSxgdqyA63dnYqgmAZBlAydEFC8W1cbIHpRJd5xjZ0AC8J3Yq4BvuS4nSqWSoEsLnlg7erZ7ssamyyxIMmJpB1i0t3EwybpFdoTdDrcd1HuTod0EW9rb8MLCFgOVB7+90knFKG9V1mT0iSE/e15FMp4u1j7L1OrqbyH9pjLQUL/0IUoq97PdZZ1vqzl/Lu2pdNPHHWWGU+W9u4admfMCWpPrvjOigQmIYGdKUVLFY3x3npFacfOPijXrlGCvqBV3q3phg5iTIF7S2qPWYlHrb/9x+Ks84GTcWU441OTZEdp2EU2gb2VSBZj1fbeL3RgDizG4jHNZre1aTr25Cxpm+pXxx0PU6oKnv0jljLOtAXNKJoftMv8awHRt+XpCEUKSJ58TfZaVynkxiPaTBYZZez6XN0PUpyS9gDxAweRxxS2ZSzqLNFRhT0PxkoNcaGUhcAvK10S/LaZnFgiIC9gyYTPt9zpfmAKx643ttIN/nqwzltU63/GgtGRzBixeD0Tc0E1UMntce93LwPSDyQw8ANiNIh1U/6wmMfUIIzsEr7eb/VP5JU39DXLmvJPvm+WiYNXaNmeigShA1qbw2JdgfeipKfNMXGAnB5cx93RZI1OmrzKFLQq7mebdIxANba7HHGe7FW5BptHvTsnRI58RArCUgRup2DmG3HyPd8VA= X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230040)(36860700013)(82310400026)(376014)(1800799024)(7416014); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jan 2025 22:02:16.7367 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ab6d7af5-c514-4b82-47bd-08dd3bf999c3 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000042AB.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB6392 Extend the SEV library to include support for SNP ioctl() wrappers, which aid in launching and interacting with a SEV-SNP guest. Signed-off-by: Pratik R. Sampat --- v4..v5 * encrypt_region() cleanup of code flow * minor changes to comments --- --- tools/testing/selftests/kvm/include/x86/sev.h | 49 ++++++++++- tools/testing/selftests/kvm/lib/x86/sev.c | 82 +++++++++++++++++-- 2 files changed, 125 insertions(+), 6 deletions(-) diff --git a/tools/testing/selftests/kvm/include/x86/sev.h b/tools/testing/selftests/kvm/include/x86/sev.h index faed91435963..fd5d5261e10e 100644 --- a/tools/testing/selftests/kvm/include/x86/sev.h +++ b/tools/testing/selftests/kvm/include/x86/sev.h @@ -22,9 +22,20 @@ enum sev_guest_state { SEV_GUEST_STATE_RUNNING, }; +/* Minimum firmware version required for the SEV-SNP support */ +#define SNP_MIN_API_MAJOR 1 +#define SNP_MIN_API_MINOR 51 + #define SEV_POLICY_NO_DBG (1UL << 0) #define SEV_POLICY_ES (1UL << 2) +#define SNP_POLICY_SMT (1ULL << 16) +#define SNP_POLICY_RSVD_MBO (1ULL << 17) +#define SNP_POLICY_DBG (1ULL << 19) + +#define SNP_FW_VER_MINOR(min) ((uint8_t)(min) << 0) +#define SNP_FW_VER_MAJOR(maj) ((uint8_t)(maj) << 8) + #define GHCB_MSR_TERM_REQ 0x100 #define VMGEXIT() { __asm__ __volatile__("rep; vmmcall"); } @@ -36,13 +47,35 @@ bool is_sev_snp_vm(struct kvm_vm *vm); void sev_vm_launch(struct kvm_vm *vm, uint32_t policy); void sev_vm_launch_measure(struct kvm_vm *vm, uint8_t *measurement); void sev_vm_launch_finish(struct kvm_vm *vm); +void snp_vm_launch_start(struct kvm_vm *vm, uint64_t policy); +void snp_vm_launch_update(struct kvm_vm *vm); +void snp_vm_launch_finish(struct kvm_vm *vm); struct kvm_vm *vm_sev_create_with_one_vcpu(uint32_t type, void *guest_code, struct kvm_vcpu **cpu); -void vm_sev_launch(struct kvm_vm *vm, uint32_t policy, uint8_t *measurement); +void vm_sev_launch(struct kvm_vm *vm, uint64_t policy, uint8_t *measurement); kvm_static_assert(SEV_RET_SUCCESS == 0); +/* + * A SEV-SNP VM requires the policy reserved bit to always be set. + * The SMT policy bit is also required to be set based on SMT being + * available and active on the system. + */ +static inline u64 snp_default_policy(void) +{ + bool smt_active = false; + FILE *f; + + f = fopen("/sys/devices/system/cpu/smt/active", "r"); + if (f) { + smt_active = fgetc(f) - '0'; + fclose(f); + } + + return SNP_POLICY_RSVD_MBO | (smt_active ? SNP_POLICY_SMT : 0); +} + /* * The KVM_MEMORY_ENCRYPT_OP uAPI is utter garbage and takes an "unsigned long" * instead of a proper struct. The size of the parameter is embedded in the @@ -76,6 +109,7 @@ kvm_static_assert(SEV_RET_SUCCESS == 0); void sev_vm_init(struct kvm_vm *vm); void sev_es_vm_init(struct kvm_vm *vm); +void snp_vm_init(struct kvm_vm *vm); static inline void sev_register_encrypted_memory(struct kvm_vm *vm, struct userspace_mem_region *region) @@ -99,4 +133,17 @@ static inline void sev_launch_update_data(struct kvm_vm *vm, vm_paddr_t gpa, vm_sev_ioctl(vm, KVM_SEV_LAUNCH_UPDATE_DATA, &update_data); } +static inline void snp_launch_update_data(struct kvm_vm *vm, vm_paddr_t gpa, + uint64_t hva, uint64_t size, uint8_t type) +{ + struct kvm_sev_snp_launch_update update_data = { + .uaddr = hva, + .gfn_start = gpa >> PAGE_SHIFT, + .len = size, + .type = type, + }; + + vm_sev_ioctl(vm, KVM_SEV_SNP_LAUNCH_UPDATE, &update_data); +} + #endif /* SELFTEST_KVM_SEV_H */ diff --git a/tools/testing/selftests/kvm/lib/x86/sev.c b/tools/testing/selftests/kvm/lib/x86/sev.c index 280ec42e281b..17d493e9907a 100644 --- a/tools/testing/selftests/kvm/lib/x86/sev.c +++ b/tools/testing/selftests/kvm/lib/x86/sev.c @@ -31,7 +31,8 @@ bool is_sev_vm(struct kvm_vm *vm) * and find the first range, but that's correct because the condition * expression would cause us to quit the loop. */ -static void encrypt_region(struct kvm_vm *vm, struct userspace_mem_region *region) +static void encrypt_region(struct kvm_vm *vm, struct userspace_mem_region *region, + uint8_t page_type) { const struct sparsebit *protected_phy_pages = region->protected_phy_pages; const vm_paddr_t gpa_base = region->region.guest_phys_addr; @@ -41,13 +42,35 @@ static void encrypt_region(struct kvm_vm *vm, struct userspace_mem_region *regio if (!sparsebit_any_set(protected_phy_pages)) return; - sev_register_encrypted_memory(vm, region); + if (!is_sev_snp_vm(vm)) + sev_register_encrypted_memory(vm, region); sparsebit_for_each_set_range(protected_phy_pages, i, j) { const uint64_t size = (j - i + 1) * vm->page_size; const uint64_t offset = (i - lowest_page_in_region) * vm->page_size; - sev_launch_update_data(vm, gpa_base + offset, size); + if (is_sev_snp_vm(vm)) { + snp_launch_update_data(vm, gpa_base + offset, + (uint64_t)addr_gpa2hva(vm, gpa_base + offset), + size, page_type); + } else { + sev_launch_update_data(vm, gpa_base + offset, size); + } + } +} + +static void privatize_region(struct kvm_vm *vm, struct userspace_mem_region *region) +{ + const struct sparsebit *protected_phy_pages = region->protected_phy_pages; + const vm_paddr_t gpa_base = region->region.guest_phys_addr; + const sparsebit_idx_t lowest_page_in_region = gpa_base >> vm->page_shift; + sparsebit_idx_t i, j; + + sparsebit_for_each_set_range(protected_phy_pages, i, j) { + const uint64_t size = (j - i + 1) * vm->page_size; + const uint64_t offset = (i - lowest_page_in_region) * vm->page_size; + + vm_mem_set_private(vm, gpa_base + offset, size); } } @@ -77,6 +100,14 @@ void sev_es_vm_init(struct kvm_vm *vm) } } +void snp_vm_init(struct kvm_vm *vm) +{ + struct kvm_sev_init init = { 0 }; + + assert(vm->type == KVM_X86_SNP_VM); + vm_sev_ioctl(vm, KVM_SEV_INIT2, &init); +} + void sev_vm_launch(struct kvm_vm *vm, uint32_t policy) { struct kvm_sev_launch_start launch_start = { @@ -93,7 +124,7 @@ void sev_vm_launch(struct kvm_vm *vm, uint32_t policy) TEST_ASSERT_EQ(status.state, SEV_GUEST_STATE_LAUNCH_UPDATE); hash_for_each(vm->regions.slot_hash, ctr, region, slot_node) - encrypt_region(vm, region); + encrypt_region(vm, region, 0); if (policy & SEV_POLICY_ES) vm_sev_ioctl(vm, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL); @@ -129,6 +160,35 @@ void sev_vm_launch_finish(struct kvm_vm *vm) TEST_ASSERT_EQ(status.state, SEV_GUEST_STATE_RUNNING); } +void snp_vm_launch_start(struct kvm_vm *vm, uint64_t policy) +{ + struct kvm_sev_snp_launch_start launch_start = { + .policy = policy, + }; + + vm_sev_ioctl(vm, KVM_SEV_SNP_LAUNCH_START, &launch_start); +} + +void snp_vm_launch_update(struct kvm_vm *vm) +{ + struct userspace_mem_region *region; + int ctr; + + hash_for_each(vm->regions.slot_hash, ctr, region, slot_node) { + privatize_region(vm, region); + encrypt_region(vm, region, KVM_SEV_SNP_PAGE_TYPE_NORMAL); + } + + vm->arch.is_pt_protected = true; +} + +void snp_vm_launch_finish(struct kvm_vm *vm) +{ + struct kvm_sev_snp_launch_finish launch_finish = { 0 }; + + vm_sev_ioctl(vm, KVM_SEV_SNP_LAUNCH_FINISH, &launch_finish); +} + struct kvm_vm *vm_sev_create_with_one_vcpu(uint32_t type, void *guest_code, struct kvm_vcpu **cpu) { @@ -145,8 +205,20 @@ struct kvm_vm *vm_sev_create_with_one_vcpu(uint32_t type, void *guest_code, return vm; } -void vm_sev_launch(struct kvm_vm *vm, uint32_t policy, uint8_t *measurement) +void vm_sev_launch(struct kvm_vm *vm, uint64_t policy, uint8_t *measurement) { + if (is_sev_snp_vm(vm)) { + vm_enable_cap(vm, KVM_CAP_EXIT_HYPERCALL, (1 << KVM_HC_MAP_GPA_RANGE)); + + snp_vm_launch_start(vm, policy); + + snp_vm_launch_update(vm); + + snp_vm_launch_finish(vm); + + return; + } + sev_vm_launch(vm, policy); if (!measurement) From patchwork Thu Jan 23 22:00:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pratik Rajesh Sampat X-Patchwork-Id: 859524 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2062.outbound.protection.outlook.com [40.107.243.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9B0501CDA3F; Thu, 23 Jan 2025 22:02:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.62 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737669765; cv=fail; b=Djjnv1yKobCCtSxBVDvdgpwU7az7/vCdL0jV0WI6xbKJcFpzgx9+9n+loep87e7mfexw126UVlVc6ArrGfrdC7tOFMsSGJuDMPyW+cNlH5Bfx0ZBuSrt+NMmwTTf9uwJIGlrW1pkFfJW8ijuuyzbAWBaPOroovumYnaxoTYm2+k= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737669765; c=relaxed/simple; bh=MdohzQwl4m5/0EOWMrzox0t0l8LgxvQGRZkx85JR3WU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=cvoTlg2MnII5sU5clQSorFAGYDzDxcbG8g7umPD75jTqhkn8oKUcXP/b44CQAO0PsF1QPTlUbvN4V5MLqHxKA14fFIAyGIHcDtirjVbcB+aOYrYiFBy9HfafK6CeYxsK9F4xfJg9gzZQLyB1Z+wmrb80G9xyPhXLlTPsSIEtk7U= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=ht2KMQc/; arc=fail smtp.client-ip=40.107.243.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="ht2KMQc/" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=DxcjXDttc4qP3h/HLFta4zvj4nwTC/9gpfjU7siYzQT9ejyRYTo4urH0UZidevtjlXIJgDzP40WU6grBN3FYM893vBWXLzfUwiVzc96hlFdvwhNs8OCDhcxjcg1tsGNFQo/8iPUwHwdmynSZEyGL5lfmNcqfm6ry0pQjFTN32wY1xUefMLSLZl2JxaiqQMKDk/iygsE0c4hzKDpkaLUPU6FTRXVIz2xdClG2NDk2oIXetN/jS3+Sp+CkvZHKzHSCyiND4JMc5yuzhMzTjFi3G094SjLmmBO3bf+1bmYiUHrAP0G8Sps6nBKkpA3N+HoCjs2tT1q1sDbSOF6dPGLKcQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7E3LkbUAGEKYNAIktDqZTu/UV4pNwsMNzsMfnnwn0Oo=; b=TiZKLJBBOyY/PL+83H3QdwodsUE6OH3X0JE8zsYamIRnx5ZXPrzyW8Wg653pG0Kp6hSkRsvdx0YbAT1MkWOJBI/P+fyXHBoKRaPw/DTipvmZFtglK+f6D+uvs9k4eb5nP647V6lVPpvFae1ukZ0ky1Hpa6TUisfWCWk4epTdosk9G2DLiF/mJoCC9MNmexcq11iB1ggsRtL96vLRTMfw14poeHXQ3jaFO10Vz6FbGsjfc9dJpt1t18WSvb1jkF3CjbdBM3sj1sfeUJot7k8Xvo4Dmu8ZkXC3PncVb12E5yqKf/VMoj4pnUyjIG4Fh8MOG4bEqyrjO9DH5lJmm3wJ+g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7E3LkbUAGEKYNAIktDqZTu/UV4pNwsMNzsMfnnwn0Oo=; b=ht2KMQc/12mn786VRqzX0Zyx1CSUiDXUIYl795PoRZ8LevqYev5tebwpp7g2H+AScRgYGUHsFyxOuuHn6t/I47pYbKIsNiE+ANlxahYLRVeO82sfkJMKw0mqrndO2lw/LahIifdR8vYB8peZ9ih8WTyRXPn20epJfGOd3J1gu6U= Received: from BYAPR08CA0018.namprd08.prod.outlook.com (2603:10b6:a03:100::31) by SJ2PR12MB8159.namprd12.prod.outlook.com (2603:10b6:a03:4f9::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8293.15; Thu, 23 Jan 2025 22:02:39 +0000 Received: from CO1PEPF000042A7.namprd03.prod.outlook.com (2603:10b6:a03:100:cafe::4) by BYAPR08CA0018.outlook.office365.com (2603:10b6:a03:100::31) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8356.20 via Frontend Transport; Thu, 23 Jan 2025 22:02:39 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CO1PEPF000042A7.mail.protection.outlook.com (10.167.243.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8377.8 via Frontend Transport; Thu, 23 Jan 2025 22:02:39 +0000 Received: from sampat-dell.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 23 Jan 2025 16:02:38 -0600 From: "Pratik R. Sampat" To: , , , , CC: , , , , , , , , , , , , , Subject: [PATCH v5 8/9] KVM: selftests: Abstractions for SEV to decouple policy from type Date: Thu, 23 Jan 2025 16:00:59 -0600 Message-ID: <20250123220100.339867-9-prsampat@amd.com> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250123220100.339867-1-prsampat@amd.com> References: <20250123220100.339867-1-prsampat@amd.com> Precedence: bulk X-Mailing-List: linux-kselftest@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF000042A7:EE_|SJ2PR12MB8159:EE_ X-MS-Office365-Filtering-Correlation-Id: dc5a68b5-d557-4477-9fd1-08dd3bf9a730 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|82310400026|376014|7416014|1800799024|36860700013; X-Microsoft-Antispam-Message-Info: kHcl3cBjpBV9z9qWc1EVvWLsDYPvwWXVsTvJ5WAiA10mI1r9omQ7FfX3Sk4oj+/+ef9adv/6zUkqrljjwWOVwGWYJfb0SCM7caKeVNSQgnC2P74BDokYS40PgzWInl9HEEv5pmFBIBuVHrbC7ODsTa+PGjkqhqrYdgs2S9XPVzvOJIRb4fgVw+kKjgUYxwsbpMI6hXT5RhzaUYT06i11VHmUCJqJ/7y2xDg5x560pESm559vhtWGNnWS1HRJAqaaqNIaB1gQjJKzATQ/A+Q+4aDBrweQ8tIWyzDSuIuet4+FrnY5kIlRFFk2nf8+uI/HVy+US8Aam/9xBaxeFUKdOG6vBcs+6iy1l7HuvfjRwFN2pkissK7TqucF5Bi50TNP/CgSgr3k10mvb002jp+D+8/OVxO1YPBtjXew6liDAbqr4vyM1q21CPtXt174xS6Zf3gKt2IF2ag41jxu5G27ugcuRAj3vEkbaCM0JpnByYe4Xgqaemn1242d6SuQ3zUW4SaJVqDBHjkw4rA8uIbwlkZMTQ5O+1JKjb5dw8ltIVts2o0arHZtLMEt81Kl6f/+HrgJe8Ox8r+qd3gDd68jeaZe9zktEHQW8hldr2wOkaIE88LdN6meNu+7n4MQ/CEHqLWupUa4c78PnWuPymMd2aK+M1B7N7MRSwTGcEu1vWH2vTZdRYWJ9q0h5piej0TDhOmR0bjunlYoN2y4rojOWQkCYyRBXkryW2o2GDzZND+/+zlKIbQ5l1jl3YMXEZpUnF8qHodMZa6m3ezRYMfELaNVKhjZjXlrSXMEGVY/PblcEngtHqlC9u3pOuDrqdQg3bUxSuagnUujt1eOWpgsxtvfp8XHVUa9FwOpN+9TIz0ujViPqZMoZvggOFN/3aim31/U970/+7+U9GKSi6BK+7i0HLIdxuRGYFFlPq062rg1Qv5E7sG5Xm9XelFxUqUjYmjpVXqf0t+4eCnIS3ewLnrNF63tVwnWnWz2tYJ/uFAEKtfRmYdn5dA6DttRy5aGZ75wiiTN7+JZ/qrs5yu7QWbNvgAvsJ/qvkzUpYwnS9P7m2UGU4xzWBwsuZmEN2g/UbaWKDmzJrbx9wCebpBnlTeG5mzkjQuNmTP3wDMH40NPEcl5BhrrdMEQozEz4DbnioAhBz8N7vInCOdCfyqvRA/J+vFyPfsptlYkIAwoezttD8E/S6GaEWHd5RW+EtGCM9H9SwrTbSE0cdjB7E1nzGOm+rFDDYlEkTu2VhXdm/5EQ3JdDRvm6guMw3SMUfPA6xbKvO/x9TLQ+cBYDotgajOWr8wYxdnEDrCRg3TcuKXvfZDaHFxdT9egz6d/ymU107go/6OCkucdTTtmth/D8XkjqriUp8HIx38lSiDG/JG1MmoyQHZAOgnLcgPfHjL1h7DExXfgqNmqSECgJlN3z3KybtT6MNqhLsXTP7rWNvHCxR2cBVCjnMWFYIQlwiw/XTL1E82QA545p7x+KV+2w91NsaVI6BpFLKXqxbHa9Q4= X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230040)(82310400026)(376014)(7416014)(1800799024)(36860700013); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jan 2025 22:02:39.2636 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: dc5a68b5-d557-4477-9fd1-08dd3bf9a730 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000042A7.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR12MB8159 In preparation for SNP, cleanup the smoke test to decouple deriving type from policy. Introduce, wrappers for SEV and SEV-ES types to abstract the parametrized launch tests calls and reduce verbosity. No functional change intended. Signed-off-by: Pratik R. Sampat --- .../selftests/kvm/x86/sev_smoke_test.c | 50 ++++++++++++------- 1 file changed, 33 insertions(+), 17 deletions(-) diff --git a/tools/testing/selftests/kvm/x86/sev_smoke_test.c b/tools/testing/selftests/kvm/x86/sev_smoke_test.c index b18c78314d5b..3a36cd3ca151 100644 --- a/tools/testing/selftests/kvm/x86/sev_smoke_test.c +++ b/tools/testing/selftests/kvm/x86/sev_smoke_test.c @@ -61,7 +61,7 @@ static void compare_xsave(u8 *from_host, u8 *from_guest) abort(); } -static void test_sync_vmsa(uint32_t policy) +static void __test_sync_vmsa(uint32_t type, uint64_t policy) { struct kvm_vcpu *vcpu; struct kvm_vm *vm; @@ -71,7 +71,7 @@ static void test_sync_vmsa(uint32_t policy) double x87val = M_PI; struct kvm_xsave __attribute__((aligned(64))) xsave = { 0 }; - vm = vm_sev_create_with_one_vcpu(KVM_X86_SEV_ES_VM, guest_code_xsave, &vcpu); + vm = vm_sev_create_with_one_vcpu(type, guest_code_xsave, &vcpu); gva = vm_vaddr_alloc_shared(vm, PAGE_SIZE, KVM_UTIL_MIN_VADDR, MEM_REGION_TEST_DATA); hva = addr_gva2hva(vm, gva); @@ -88,7 +88,7 @@ static void test_sync_vmsa(uint32_t policy) : "ymm4", "st", "st(1)", "st(2)", "st(3)", "st(4)", "st(5)", "st(6)", "st(7)"); vcpu_xsave_set(vcpu, &xsave); - vm_sev_launch(vm, SEV_POLICY_ES | policy, NULL); + vm_sev_launch(vm, policy, NULL); /* This page is shared, so make it decrypted. */ memset(hva, 0, 4096); @@ -107,14 +107,12 @@ static void test_sync_vmsa(uint32_t policy) kvm_vm_free(vm); } -static void test_sev(void *guest_code, uint64_t policy) +static void __test_sev(void *guest_code, uint32_t type, uint64_t policy) { struct kvm_vcpu *vcpu; struct kvm_vm *vm; struct ucall uc; - uint32_t type = policy & SEV_POLICY_ES ? KVM_X86_SEV_ES_VM : KVM_X86_SEV_VM; - vm = vm_sev_create_with_one_vcpu(type, guest_code, &vcpu); /* TODO: Validate the measurement is as expected. */ @@ -149,6 +147,21 @@ static void test_sev(void *guest_code, uint64_t policy) kvm_vm_free(vm); } +static void test_sev(uint64_t policy) +{ + __test_sev(guest_sev_code, KVM_X86_SEV_VM, policy); +} + +static void test_sev_es(uint64_t policy) +{ + __test_sev(guest_sev_es_code, KVM_X86_SEV_ES_VM, policy); +} + +static void test_sync_vmsa_sev_es(uint64_t policy) +{ + __test_sync_vmsa(KVM_X86_SEV_ES_VM, policy); +} + static void guest_shutdown_code(void) { struct desc_ptr idt; @@ -160,16 +173,14 @@ static void guest_shutdown_code(void) __asm__ __volatile__("ud2"); } -static void test_sev_es_shutdown(void) +static void __test_sev_shutdown(uint32_t type, uint64_t policy) { struct kvm_vcpu *vcpu; struct kvm_vm *vm; - uint32_t type = KVM_X86_SEV_ES_VM; - vm = vm_sev_create_with_one_vcpu(type, guest_shutdown_code, &vcpu); - vm_sev_launch(vm, SEV_POLICY_ES, NULL); + vm_sev_launch(vm, policy, NULL); vcpu_run(vcpu); TEST_ASSERT(vcpu->run->exit_reason == KVM_EXIT_SHUTDOWN, @@ -179,25 +190,30 @@ static void test_sev_es_shutdown(void) kvm_vm_free(vm); } +static void test_sev_es_shutdown(uint64_t policy) +{ + __test_sev_shutdown(KVM_X86_SEV_ES_VM, SEV_POLICY_ES); +} + int main(int argc, char *argv[]) { const u64 xf_mask = XFEATURE_MASK_X87_AVX; TEST_REQUIRE(kvm_cpu_has(X86_FEATURE_SEV)); - test_sev(guest_sev_code, SEV_POLICY_NO_DBG); - test_sev(guest_sev_code, 0); + test_sev(SEV_POLICY_NO_DBG); + test_sev(0); if (kvm_cpu_has(X86_FEATURE_SEV_ES)) { - test_sev(guest_sev_es_code, SEV_POLICY_ES | SEV_POLICY_NO_DBG); - test_sev(guest_sev_es_code, SEV_POLICY_ES); + test_sev_es(SEV_POLICY_ES | SEV_POLICY_NO_DBG); + test_sev_es(SEV_POLICY_ES); - test_sev_es_shutdown(); + test_sev_es_shutdown(SEV_POLICY_ES); if (kvm_has_cap(KVM_CAP_XCRS) && (xgetbv(0) & kvm_cpu_supported_xcr0() & xf_mask) == xf_mask) { - test_sync_vmsa(0); - test_sync_vmsa(SEV_POLICY_NO_DBG); + test_sync_vmsa_sev_es(SEV_POLICY_ES); + test_sync_vmsa_sev_es(SEV_POLICY_NO_DBG | SEV_POLICY_ES); } }