+2

tools/testing/selftests/kvm/Makefile

reviewed

··· 37 37 LIBKVM_x86_64 += lib/x86_64/hyperv.c 38 38 LIBKVM_x86_64 += lib/x86_64/memstress.c 39 39 LIBKVM_x86_64 += lib/x86_64/processor.c 40 40 + LIBKVM_x86_64 += lib/x86_64/sev.c 40 41 LIBKVM_x86_64 += lib/x86_64/svm.c 41 42 LIBKVM_x86_64 += lib/x86_64/ucall.c 42 43 LIBKVM_x86_64 += lib/x86_64/vmx.c ··· 119 118 TEST_GEN_PROGS_x86_64 += x86_64/xen_shinfo_test 120 119 TEST_GEN_PROGS_x86_64 += x86_64/xen_vmcall_test 121 120 TEST_GEN_PROGS_x86_64 += x86_64/sev_migrate_tests 121 121 + TEST_GEN_PROGS_x86_64 += x86_64/sev_smoke_test 122 122 TEST_GEN_PROGS_x86_64 += x86_64/amx_test 123 123 TEST_GEN_PROGS_x86_64 += x86_64/max_vcpuid_cap_test 124 124 TEST_GEN_PROGS_x86_64 += x86_64/triple_fault_event_test

+3

tools/testing/selftests/kvm/guest_memfd_test.c

reviewed

··· 167 167 TEST_ASSERT(ret != -1, "memfd fstat should succeed"); 168 168 TEST_ASSERT(st1.st_size == 4096, "first memfd st_size should still match requested size"); 169 169 TEST_ASSERT(st1.st_ino != st2.st_ino, "different memfd should have different inode numbers"); 170 170 + 171 171 + close(fd2); 172 172 + close(fd1); 170 173 } 171 174 172 175 int main(int argc, char *argv[])

+7

tools/testing/selftests/kvm/include/aarch64/kvm_util_arch.h

reviewed

··· 1 1 + /* SPDX-License-Identifier: GPL-2.0-only */ 2 2 + #ifndef SELFTEST_KVM_UTIL_ARCH_H 3 3 + #define SELFTEST_KVM_UTIL_ARCH_H 4 4 + 5 5 + struct kvm_vm_arch {}; 6 6 + 7 7 + #endif // SELFTEST_KVM_UTIL_ARCH_H

+36

tools/testing/selftests/kvm/include/kvm_test_harness.h

reviewed

··· 1 1 + /* SPDX-License-Identifier: GPL-2.0-only */ 2 2 + /* 3 3 + * Macros for defining a KVM test 4 4 + * 5 5 + * Copyright (C) 2022, Google LLC. 6 6 + */ 7 7 + 8 8 + #ifndef SELFTEST_KVM_TEST_HARNESS_H 9 9 + #define SELFTEST_KVM_TEST_HARNESS_H 10 10 + 11 11 + #include "kselftest_harness.h" 12 12 + 13 13 + #define KVM_ONE_VCPU_TEST_SUITE(name) \ 14 14 + FIXTURE(name) { \ 15 15 + struct kvm_vcpu *vcpu; \ 16 16 + }; \ 17 17 + \ 18 18 + FIXTURE_SETUP(name) { \ 19 19 + (void)vm_create_with_one_vcpu(&self->vcpu, NULL); \ 20 20 + } \ 21 21 + \ 22 22 + FIXTURE_TEARDOWN(name) { \ 23 23 + kvm_vm_free(self->vcpu->vm); \ 24 24 + } 25 25 + 26 26 + #define KVM_ONE_VCPU_TEST(suite, test, guestcode) \ 27 27 + static void __suite##_##test(struct kvm_vcpu *vcpu); \ 28 28 + \ 29 29 + TEST_F(suite, test) \ 30 30 + { \ 31 31 + vcpu_arch_set_entry_point(self->vcpu, guestcode); \ 32 32 + __suite##_##test(self->vcpu); \ 33 33 + } \ 34 34 + static void __suite##_##test(struct kvm_vcpu *vcpu) 35 35 + 36 36 + #endif /* SELFTEST_KVM_TEST_HARNESS_H */

+53 -8

tools/testing/selftests/kvm/include/kvm_util_base.h

reviewed

··· 18 18 #include <linux/types.h> 19 19 20 20 #include <asm/atomic.h> 21 21 + #include <asm/kvm.h> 21 22 22 23 #include <sys/ioctl.h> 23 24 25 25 + #include "kvm_util_arch.h" 24 26 #include "sparsebit.h" 25 27 26 28 /* ··· 48 46 struct userspace_mem_region { 49 47 struct kvm_userspace_memory_region2 region; 50 48 struct sparsebit *unused_phy_pages; 49 49 + struct sparsebit *protected_phy_pages; 51 50 int fd; 52 51 off_t offset; 53 52 enum vm_mem_backing_src_type backing_src_type; ··· 93 90 struct kvm_vm { 94 91 int mode; 95 92 unsigned long type; 93 93 + uint8_t subtype; 96 94 int kvm_fd; 97 95 int fd; 98 96 unsigned int pgtable_levels; ··· 115 111 vm_vaddr_t idt; 116 112 vm_vaddr_t handlers; 117 113 uint32_t dirty_ring_size; 114 114 + uint64_t gpa_tag_mask; 115 115 + 116 116 + struct kvm_vm_arch arch; 118 117 119 118 /* Cache of information for binary stats interface */ 120 119 int stats_fd; ··· 198 191 }; 199 192 200 193 struct vm_shape { 201 201 - enum vm_guest_mode mode; 202 202 - unsigned int type; 194 194 + uint32_t type; 195 195 + uint8_t mode; 196 196 + uint8_t subtype; 197 197 + uint16_t padding; 203 198 }; 199 199 + 200 200 + kvm_static_assert(sizeof(struct vm_shape) == sizeof(uint64_t)); 204 201 205 202 #define VM_TYPE_DEFAULT 0 206 203 ··· 575 564 uint64_t guest_paddr, uint32_t slot, uint64_t npages, 576 565 uint32_t flags, int guest_memfd_fd, uint64_t guest_memfd_offset); 577 566 567 567 + #ifndef vm_arch_has_protected_memory 568 568 + static inline bool vm_arch_has_protected_memory(struct kvm_vm *vm) 569 569 + { 570 570 + return false; 571 571 + } 572 572 + #endif 573 573 + 578 574 void vm_mem_region_set_flags(struct kvm_vm *vm, uint32_t slot, uint32_t flags); 579 575 void vm_mem_region_move(struct kvm_vm *vm, uint32_t slot, uint64_t new_gpa); 580 576 void vm_mem_region_delete(struct kvm_vm *vm, uint32_t slot); ··· 591 573 vm_vaddr_t vm_vaddr_alloc(struct kvm_vm *vm, size_t sz, vm_vaddr_t vaddr_min); 592 574 vm_vaddr_t __vm_vaddr_alloc(struct kvm_vm *vm, size_t sz, vm_vaddr_t vaddr_min, 593 575 enum kvm_mem_region_type type); 576 576 + vm_vaddr_t vm_vaddr_alloc_shared(struct kvm_vm *vm, size_t sz, 577 577 + vm_vaddr_t vaddr_min, 578 578 + enum kvm_mem_region_type type); 594 579 vm_vaddr_t vm_vaddr_alloc_pages(struct kvm_vm *vm, int nr_pages); 595 580 vm_vaddr_t __vm_vaddr_alloc_page(struct kvm_vm *vm, 596 581 enum kvm_mem_region_type type); ··· 605 584 void *addr_gva2hva(struct kvm_vm *vm, vm_vaddr_t gva); 606 585 vm_paddr_t addr_hva2gpa(struct kvm_vm *vm, void *hva); 607 586 void *addr_gpa2alias(struct kvm_vm *vm, vm_paddr_t gpa); 587 587 + 588 588 + 589 589 + static inline vm_paddr_t vm_untag_gpa(struct kvm_vm *vm, vm_paddr_t gpa) 590 590 + { 591 591 + return gpa & ~vm->gpa_tag_mask; 592 592 + } 608 593 609 594 void vcpu_run(struct kvm_vcpu *vcpu); 610 595 int _vcpu_run(struct kvm_vcpu *vcpu); ··· 854 827 855 828 vm_paddr_t vm_phy_page_alloc(struct kvm_vm *vm, vm_paddr_t paddr_min, 856 829 uint32_t memslot); 857 857 - vm_paddr_t vm_phy_pages_alloc(struct kvm_vm *vm, size_t num, 858 858 - vm_paddr_t paddr_min, uint32_t memslot); 830 830 + vm_paddr_t __vm_phy_pages_alloc(struct kvm_vm *vm, size_t num, 831 831 + vm_paddr_t paddr_min, uint32_t memslot, 832 832 + bool protected); 859 833 vm_paddr_t vm_alloc_page_table(struct kvm_vm *vm); 834 834 + 835 835 + static inline vm_paddr_t vm_phy_pages_alloc(struct kvm_vm *vm, size_t num, 836 836 + vm_paddr_t paddr_min, uint32_t memslot) 837 837 + { 838 838 + /* 839 839 + * By default, allocate memory as protected for VMs that support 840 840 + * protected memory, as the majority of memory for such VMs is 841 841 + * protected, i.e. using shared memory is effectively opt-in. 842 842 + */ 843 843 + return __vm_phy_pages_alloc(vm, num, paddr_min, memslot, 844 844 + vm_arch_has_protected_memory(vm)); 845 845 + } 860 846 861 847 /* 862 848 * ____vm_create() does KVM_CREATE_VM and little else. __vm_create() also ··· 1009 969 * Input Args: 1010 970 * vm - Virtual Machine 1011 971 * vcpu_id - The id of the VCPU to add to the VM. 1012 1012 - * guest_code - The vCPU's entry point 1013 972 */ 1014 1014 - struct kvm_vcpu *vm_arch_vcpu_add(struct kvm_vm *vm, uint32_t vcpu_id, 1015 1015 - void *guest_code); 973 973 + struct kvm_vcpu *vm_arch_vcpu_add(struct kvm_vm *vm, uint32_t vcpu_id); 974 974 + void vcpu_arch_set_entry_point(struct kvm_vcpu *vcpu, void *guest_code); 1016 975 1017 976 static inline struct kvm_vcpu *vm_vcpu_add(struct kvm_vm *vm, uint32_t vcpu_id, 1018 977 void *guest_code) 1019 978 { 1020 1020 - return vm_arch_vcpu_add(vm, vcpu_id, guest_code); 979 979 + struct kvm_vcpu *vcpu = vm_arch_vcpu_add(vm, vcpu_id); 980 980 + 981 981 + vcpu_arch_set_entry_point(vcpu, guest_code); 982 982 + 983 983 + return vcpu; 1021 984 } 1022 985 1023 986 /* Re-create a vCPU after restarting a VM, e.g. for state save/restore tests. */ ··· 1123 1080 void kvm_selftest_arch_init(void); 1124 1081 1125 1082 void kvm_arch_vm_post_create(struct kvm_vm *vm); 1083 1083 + 1084 1084 + bool vm_is_gpa_protected(struct kvm_vm *vm, vm_paddr_t paddr); 1126 1085 1127 1086 uint32_t guest_get_vcpuid(void); 1128 1087

+7

tools/testing/selftests/kvm/include/riscv/kvm_util_arch.h

reviewed

··· 1 1 + /* SPDX-License-Identifier: GPL-2.0-only */ 2 2 + #ifndef SELFTEST_KVM_UTIL_ARCH_H 3 3 + #define SELFTEST_KVM_UTIL_ARCH_H 4 4 + 5 5 + struct kvm_vm_arch {}; 6 6 + 7 7 + #endif // SELFTEST_KVM_UTIL_ARCH_H

+7

tools/testing/selftests/kvm/include/s390x/kvm_util_arch.h

reviewed

··· 1 1 + /* SPDX-License-Identifier: GPL-2.0-only */ 2 2 + #ifndef SELFTEST_KVM_UTIL_ARCH_H 3 3 + #define SELFTEST_KVM_UTIL_ARCH_H 4 4 + 5 5 + struct kvm_vm_arch {}; 6 6 + 7 7 + #endif // SELFTEST_KVM_UTIL_ARCH_H

+38 -18

tools/testing/selftests/kvm/include/sparsebit.h

reviewed

··· 30 30 31 31 struct sparsebit *sparsebit_alloc(void); 32 32 void sparsebit_free(struct sparsebit **sbitp); 33 33 - void sparsebit_copy(struct sparsebit *dstp, struct sparsebit *src); 33 33 + void sparsebit_copy(struct sparsebit *dstp, const struct sparsebit *src); 34 34 35 35 - bool sparsebit_is_set(struct sparsebit *sbit, sparsebit_idx_t idx); 36 36 - bool sparsebit_is_set_num(struct sparsebit *sbit, 35 35 + bool sparsebit_is_set(const struct sparsebit *sbit, sparsebit_idx_t idx); 36 36 + bool sparsebit_is_set_num(const struct sparsebit *sbit, 37 37 sparsebit_idx_t idx, sparsebit_num_t num); 38 38 - bool sparsebit_is_clear(struct sparsebit *sbit, sparsebit_idx_t idx); 39 39 - bool sparsebit_is_clear_num(struct sparsebit *sbit, 38 38 + bool sparsebit_is_clear(const struct sparsebit *sbit, sparsebit_idx_t idx); 39 39 + bool sparsebit_is_clear_num(const struct sparsebit *sbit, 40 40 sparsebit_idx_t idx, sparsebit_num_t num); 41 41 - sparsebit_num_t sparsebit_num_set(struct sparsebit *sbit); 42 42 - bool sparsebit_any_set(struct sparsebit *sbit); 43 43 - bool sparsebit_any_clear(struct sparsebit *sbit); 44 44 - bool sparsebit_all_set(struct sparsebit *sbit); 45 45 - bool sparsebit_all_clear(struct sparsebit *sbit); 46 46 - sparsebit_idx_t sparsebit_first_set(struct sparsebit *sbit); 47 47 - sparsebit_idx_t sparsebit_first_clear(struct sparsebit *sbit); 48 48 - sparsebit_idx_t sparsebit_next_set(struct sparsebit *sbit, sparsebit_idx_t prev); 49 49 - sparsebit_idx_t sparsebit_next_clear(struct sparsebit *sbit, sparsebit_idx_t prev); 50 50 - sparsebit_idx_t sparsebit_next_set_num(struct sparsebit *sbit, 41 41 + sparsebit_num_t sparsebit_num_set(const struct sparsebit *sbit); 42 42 + bool sparsebit_any_set(const struct sparsebit *sbit); 43 43 + bool sparsebit_any_clear(const struct sparsebit *sbit); 44 44 + bool sparsebit_all_set(const struct sparsebit *sbit); 45 45 + bool sparsebit_all_clear(const struct sparsebit *sbit); 46 46 + sparsebit_idx_t sparsebit_first_set(const struct sparsebit *sbit); 47 47 + sparsebit_idx_t sparsebit_first_clear(const struct sparsebit *sbit); 48 48 + sparsebit_idx_t sparsebit_next_set(const struct sparsebit *sbit, sparsebit_idx_t prev); 49 49 + sparsebit_idx_t sparsebit_next_clear(const struct sparsebit *sbit, sparsebit_idx_t prev); 50 50 + sparsebit_idx_t sparsebit_next_set_num(const struct sparsebit *sbit, 51 51 sparsebit_idx_t start, sparsebit_num_t num); 52 52 - sparsebit_idx_t sparsebit_next_clear_num(struct sparsebit *sbit, 52 52 + sparsebit_idx_t sparsebit_next_clear_num(const struct sparsebit *sbit, 53 53 sparsebit_idx_t start, sparsebit_num_t num); 54 54 55 55 void sparsebit_set(struct sparsebit *sbitp, sparsebit_idx_t idx); ··· 62 62 sparsebit_idx_t start, sparsebit_num_t num); 63 63 void sparsebit_clear_all(struct sparsebit *sbitp); 64 64 65 65 - void sparsebit_dump(FILE *stream, struct sparsebit *sbit, 65 65 + void sparsebit_dump(FILE *stream, const struct sparsebit *sbit, 66 66 unsigned int indent); 67 67 - void sparsebit_validate_internal(struct sparsebit *sbit); 67 67 + void sparsebit_validate_internal(const struct sparsebit *sbit); 68 68 + 69 69 + /* 70 70 + * Iterate over an inclusive ranges within sparsebit @s. In each iteration, 71 71 + * @range_begin and @range_end will take the beginning and end of the set 72 72 + * range, which are of type sparsebit_idx_t. 73 73 + * 74 74 + * For example, if the range [3, 7] (inclusive) is set, within the 75 75 + * iteration,@range_begin will take the value 3 and @range_end will take 76 76 + * the value 7. 77 77 + * 78 78 + * Ensure that there is at least one bit set before using this macro with 79 79 + * sparsebit_any_set(), because sparsebit_first_set() will abort if none 80 80 + * are set. 81 81 + */ 82 82 + #define sparsebit_for_each_set_range(s, range_begin, range_end) \ 83 83 + for (range_begin = sparsebit_first_set(s), \ 84 84 + range_end = sparsebit_next_clear(s, range_begin) - 1; \ 85 85 + range_begin && range_end; \ 86 86 + range_begin = sparsebit_next_set(s, range_end), \ 87 87 + range_end = sparsebit_next_clear(s, range_begin) - 1) 68 88 69 89 #ifdef __cplusplus 70 90 }

+23

tools/testing/selftests/kvm/include/x86_64/kvm_util_arch.h

reviewed

··· 1 1 + /* SPDX-License-Identifier: GPL-2.0-only */ 2 2 + #ifndef SELFTEST_KVM_UTIL_ARCH_H 3 3 + #define SELFTEST_KVM_UTIL_ARCH_H 4 4 + 5 5 + #include <stdbool.h> 6 6 + #include <stdint.h> 7 7 + 8 8 + struct kvm_vm_arch { 9 9 + uint64_t c_bit; 10 10 + uint64_t s_bit; 11 11 + int sev_fd; 12 12 + bool is_pt_protected; 13 13 + }; 14 14 + 15 15 + static inline bool __vm_arch_has_protected_memory(struct kvm_vm_arch *arch) 16 16 + { 17 17 + return arch->c_bit || arch->s_bit; 18 18 + } 19 19 + 20 20 + #define vm_arch_has_protected_memory(vm) \ 21 21 + __vm_arch_has_protected_memory(&(vm)->arch) 22 22 + 23 23 + #endif // SELFTEST_KVM_UTIL_ARCH_H

+8

tools/testing/selftests/kvm/include/x86_64/processor.h

reviewed

··· 23 23 extern bool host_cpu_is_intel; 24 24 extern bool host_cpu_is_amd; 25 25 26 26 + enum vm_guest_x86_subtype { 27 27 + VM_SUBTYPE_NONE = 0, 28 28 + VM_SUBTYPE_SEV, 29 29 + VM_SUBTYPE_SEV_ES, 30 30 + }; 31 31 + 26 32 #define NMI_VECTOR 0x02 27 33 28 34 #define X86_EFLAGS_FIXED (1u << 1) ··· 279 273 #define X86_PROPERTY_MAX_EXT_LEAF KVM_X86_CPU_PROPERTY(0x80000000, 0, EAX, 0, 31) 280 274 #define X86_PROPERTY_MAX_PHY_ADDR KVM_X86_CPU_PROPERTY(0x80000008, 0, EAX, 0, 7) 281 275 #define X86_PROPERTY_MAX_VIRT_ADDR KVM_X86_CPU_PROPERTY(0x80000008, 0, EAX, 8, 15) 276 276 + #define X86_PROPERTY_SEV_C_BIT KVM_X86_CPU_PROPERTY(0x8000001F, 0, EBX, 0, 5) 282 277 #define X86_PROPERTY_PHYS_ADDR_REDUCTION KVM_X86_CPU_PROPERTY(0x8000001F, 0, EBX, 6, 11) 283 278 284 279 #define X86_PROPERTY_MAX_CENTAUR_LEAF KVM_X86_CPU_PROPERTY(0xC0000000, 0, EAX, 0, 31) ··· 1066 1059 } while (0) 1067 1060 1068 1061 void kvm_get_cpu_address_width(unsigned int *pa_bits, unsigned int *va_bits); 1062 1062 + void kvm_init_vm_address_properties(struct kvm_vm *vm); 1069 1063 bool vm_is_unrestricted_guest(struct kvm_vm *vm); 1070 1064 1071 1065 struct ex_regs {

+107

tools/testing/selftests/kvm/include/x86_64/sev.h

reviewed

··· 1 1 + /* SPDX-License-Identifier: GPL-2.0-only */ 2 2 + /* 3 3 + * Helpers used for SEV guests 4 4 + * 5 5 + */ 6 6 + #ifndef SELFTEST_KVM_SEV_H 7 7 + #define SELFTEST_KVM_SEV_H 8 8 + 9 9 + #include <stdint.h> 10 10 + #include <stdbool.h> 11 11 + 12 12 + #include "linux/psp-sev.h" 13 13 + 14 14 + #include "kvm_util.h" 15 15 + #include "svm_util.h" 16 16 + #include "processor.h" 17 17 + 18 18 + enum sev_guest_state { 19 19 + SEV_GUEST_STATE_UNINITIALIZED = 0, 20 20 + SEV_GUEST_STATE_LAUNCH_UPDATE, 21 21 + SEV_GUEST_STATE_LAUNCH_SECRET, 22 22 + SEV_GUEST_STATE_RUNNING, 23 23 + }; 24 24 + 25 25 + #define SEV_POLICY_NO_DBG (1UL << 0) 26 26 + #define SEV_POLICY_ES (1UL << 2) 27 27 + 28 28 + #define GHCB_MSR_TERM_REQ 0x100 29 29 + 30 30 + void sev_vm_launch(struct kvm_vm *vm, uint32_t policy); 31 31 + void sev_vm_launch_measure(struct kvm_vm *vm, uint8_t *measurement); 32 32 + void sev_vm_launch_finish(struct kvm_vm *vm); 33 33 + 34 34 + struct kvm_vm *vm_sev_create_with_one_vcpu(uint32_t policy, void *guest_code, 35 35 + struct kvm_vcpu **cpu); 36 36 + 37 37 + kvm_static_assert(SEV_RET_SUCCESS == 0); 38 38 + 39 39 + /* 40 40 + * The KVM_MEMORY_ENCRYPT_OP uAPI is utter garbage and takes an "unsigned long" 41 41 + * instead of a proper struct. The size of the parameter is embedded in the 42 42 + * ioctl number, i.e. is ABI and thus immutable. Hack around the mess by 43 43 + * creating an overlay to pass in an "unsigned long" without a cast (casting 44 44 + * will make the compiler unhappy due to dereferencing an aliased pointer). 45 45 + */ 46 46 + #define __vm_sev_ioctl(vm, cmd, arg) \ 47 47 + ({ \ 48 48 + int r; \ 49 49 + \ 50 50 + union { \ 51 51 + struct kvm_sev_cmd c; \ 52 52 + unsigned long raw; \ 53 53 + } sev_cmd = { .c = { \ 54 54 + .id = (cmd), \ 55 55 + .data = (uint64_t)(arg), \ 56 56 + .sev_fd = (vm)->arch.sev_fd, \ 57 57 + } }; \ 58 58 + \ 59 59 + r = __vm_ioctl(vm, KVM_MEMORY_ENCRYPT_OP, &sev_cmd.raw); \ 60 60 + r ?: sev_cmd.c.error; \ 61 61 + }) 62 62 + 63 63 + #define vm_sev_ioctl(vm, cmd, arg) \ 64 64 + ({ \ 65 65 + int ret = __vm_sev_ioctl(vm, cmd, arg); \ 66 66 + \ 67 67 + __TEST_ASSERT_VM_VCPU_IOCTL(!ret, #cmd, ret, vm); \ 68 68 + }) 69 69 + 70 70 + static inline void sev_vm_init(struct kvm_vm *vm) 71 71 + { 72 72 + vm->arch.sev_fd = open_sev_dev_path_or_exit(); 73 73 + 74 74 + vm_sev_ioctl(vm, KVM_SEV_INIT, NULL); 75 75 + } 76 76 + 77 77 + 78 78 + static inline void sev_es_vm_init(struct kvm_vm *vm) 79 79 + { 80 80 + vm->arch.sev_fd = open_sev_dev_path_or_exit(); 81 81 + 82 82 + vm_sev_ioctl(vm, KVM_SEV_ES_INIT, NULL); 83 83 + } 84 84 + 85 85 + static inline void sev_register_encrypted_memory(struct kvm_vm *vm, 86 86 + struct userspace_mem_region *region) 87 87 + { 88 88 + struct kvm_enc_region range = { 89 89 + .addr = region->region.userspace_addr, 90 90 + .size = region->region.memory_size, 91 91 + }; 92 92 + 93 93 + vm_ioctl(vm, KVM_MEMORY_ENCRYPT_REG_REGION, &range); 94 94 + } 95 95 + 96 96 + static inline void sev_launch_update_data(struct kvm_vm *vm, vm_paddr_t gpa, 97 97 + uint64_t size) 98 98 + { 99 99 + struct kvm_sev_launch_update_data update_data = { 100 100 + .uaddr = (unsigned long)addr_gpa2hva(vm, gpa), 101 101 + .len = size, 102 102 + }; 103 103 + 104 104 + vm_sev_ioctl(vm, KVM_SEV_LAUNCH_UPDATE_DATA, &update_data); 105 105 + } 106 106 + 107 107 + #endif /* SELFTEST_KVM_SEV_H */

+18 -6

tools/testing/selftests/kvm/lib/aarch64/processor.c

reviewed

··· 365 365 indent, "", pstate, pc); 366 366 } 367 367 368 368 - struct kvm_vcpu *aarch64_vcpu_add(struct kvm_vm *vm, uint32_t vcpu_id, 369 369 - struct kvm_vcpu_init *init, void *guest_code) 368 368 + void vcpu_arch_set_entry_point(struct kvm_vcpu *vcpu, void *guest_code) 369 369 + { 370 370 + vcpu_set_reg(vcpu, ARM64_CORE_REG(regs.pc), (uint64_t)guest_code); 371 371 + } 372 372 + 373 373 + static struct kvm_vcpu *__aarch64_vcpu_add(struct kvm_vm *vm, uint32_t vcpu_id, 374 374 + struct kvm_vcpu_init *init) 370 375 { 371 376 size_t stack_size; 372 377 uint64_t stack_vaddr; ··· 386 381 aarch64_vcpu_setup(vcpu, init); 387 382 388 383 vcpu_set_reg(vcpu, ARM64_CORE_REG(sp_el1), stack_vaddr + stack_size); 389 389 - vcpu_set_reg(vcpu, ARM64_CORE_REG(regs.pc), (uint64_t)guest_code); 384 384 + return vcpu; 385 385 + } 386 386 + 387 387 + struct kvm_vcpu *aarch64_vcpu_add(struct kvm_vm *vm, uint32_t vcpu_id, 388 388 + struct kvm_vcpu_init *init, void *guest_code) 389 389 + { 390 390 + struct kvm_vcpu *vcpu = __aarch64_vcpu_add(vm, vcpu_id, init); 391 391 + 392 392 + vcpu_arch_set_entry_point(vcpu, guest_code); 390 393 391 394 return vcpu; 392 395 } 393 396 394 394 - struct kvm_vcpu *vm_arch_vcpu_add(struct kvm_vm *vm, uint32_t vcpu_id, 395 395 - void *guest_code) 397 397 + struct kvm_vcpu *vm_arch_vcpu_add(struct kvm_vm *vm, uint32_t vcpu_id) 396 398 { 397 397 - return aarch64_vcpu_add(vm, vcpu_id, NULL, guest_code); 399 399 + return __aarch64_vcpu_add(vm, vcpu_id, NULL); 398 400 } 399 401 400 402 void vcpu_args_set(struct kvm_vcpu *vcpu, unsigned int num, ...)

+58 -9

tools/testing/selftests/kvm/lib/kvm_util.c

reviewed

··· 226 226 227 227 vm->mode = shape.mode; 228 228 vm->type = shape.type; 229 229 + vm->subtype = shape.subtype; 229 230 230 231 vm->pa_bits = vm_guest_mode_params[vm->mode].pa_bits; 231 232 vm->va_bits = vm_guest_mode_params[vm->mode].va_bits; ··· 267 266 case VM_MODE_PXXV48_4K: 268 267 #ifdef __x86_64__ 269 268 kvm_get_cpu_address_width(&vm->pa_bits, &vm->va_bits); 269 269 + kvm_init_vm_address_properties(vm); 270 270 /* 271 271 * Ignore KVM support for 5-level paging (vm->va_bits == 57), 272 272 * it doesn't take effect unless a CR4.LA57 is set, which it ··· 668 666 vm_ioctl(vm, KVM_SET_USER_MEMORY_REGION2, &region->region); 669 667 670 668 sparsebit_free(&region->unused_phy_pages); 669 669 + sparsebit_free(&region->protected_phy_pages); 671 670 ret = munmap(region->mmap_start, region->mmap_size); 672 671 TEST_ASSERT(!ret, __KVM_SYSCALL_ERROR("munmap()", ret)); 673 672 if (region->fd >= 0) { ··· 1050 1047 } 1051 1048 1052 1049 region->unused_phy_pages = sparsebit_alloc(); 1050 1050 + if (vm_arch_has_protected_memory(vm)) 1051 1051 + region->protected_phy_pages = sparsebit_alloc(); 1053 1052 sparsebit_set_num(region->unused_phy_pages, 1054 1053 guest_paddr >> vm->page_shift, npages); 1055 1054 region->region.slot = slot; ··· 1382 1377 return pgidx_start * vm->page_size; 1383 1378 } 1384 1379 1385 1385 - vm_vaddr_t __vm_vaddr_alloc(struct kvm_vm *vm, size_t sz, vm_vaddr_t vaddr_min, 1386 1386 - enum kvm_mem_region_type type) 1380 1380 + static vm_vaddr_t ____vm_vaddr_alloc(struct kvm_vm *vm, size_t sz, 1381 1381 + vm_vaddr_t vaddr_min, 1382 1382 + enum kvm_mem_region_type type, 1383 1383 + bool protected) 1387 1384 { 1388 1385 uint64_t pages = (sz >> vm->page_shift) + ((sz % vm->page_size) != 0); 1389 1386 1390 1387 virt_pgd_alloc(vm); 1391 1391 - vm_paddr_t paddr = vm_phy_pages_alloc(vm, pages, 1392 1392 - KVM_UTIL_MIN_PFN * vm->page_size, 1393 1393 - vm->memslots[type]); 1388 1388 + vm_paddr_t paddr = __vm_phy_pages_alloc(vm, pages, 1389 1389 + KVM_UTIL_MIN_PFN * vm->page_size, 1390 1390 + vm->memslots[type], protected); 1394 1391 1395 1392 /* 1396 1393 * Find an unused range of virtual page addresses of at least ··· 1410 1403 } 1411 1404 1412 1405 return vaddr_start; 1406 1406 + } 1407 1407 + 1408 1408 + vm_vaddr_t __vm_vaddr_alloc(struct kvm_vm *vm, size_t sz, vm_vaddr_t vaddr_min, 1409 1409 + enum kvm_mem_region_type type) 1410 1410 + { 1411 1411 + return ____vm_vaddr_alloc(vm, sz, vaddr_min, type, 1412 1412 + vm_arch_has_protected_memory(vm)); 1413 1413 + } 1414 1414 + 1415 1415 + vm_vaddr_t vm_vaddr_alloc_shared(struct kvm_vm *vm, size_t sz, 1416 1416 + vm_vaddr_t vaddr_min, 1417 1417 + enum kvm_mem_region_type type) 1418 1418 + { 1419 1419 + return ____vm_vaddr_alloc(vm, sz, vaddr_min, type, false); 1413 1420 } 1414 1421 1415 1422 /* ··· 1547 1526 void *addr_gpa2hva(struct kvm_vm *vm, vm_paddr_t gpa) 1548 1527 { 1549 1528 struct userspace_mem_region *region; 1529 1529 + 1530 1530 + gpa = vm_untag_gpa(vm, gpa); 1550 1531 1551 1532 region = userspace_mem_region_find(vm, gpa, gpa); 1552 1533 if (!region) { ··· 1896 1873 region->host_mem); 1897 1874 fprintf(stream, "%*sunused_phy_pages: ", indent + 2, ""); 1898 1875 sparsebit_dump(stream, region->unused_phy_pages, 0); 1876 1876 + if (region->protected_phy_pages) { 1877 1877 + fprintf(stream, "%*sprotected_phy_pages: ", indent + 2, ""); 1878 1878 + sparsebit_dump(stream, region->protected_phy_pages, 0); 1879 1879 + } 1899 1880 } 1900 1881 fprintf(stream, "%*sMapped Virtual Pages:\n", indent, ""); 1901 1882 sparsebit_dump(stream, vm->vpages_mapped, indent + 2); ··· 2001 1974 * num - number of pages 2002 1975 * paddr_min - Physical address minimum 2003 1976 * memslot - Memory region to allocate page from 1977 1977 + * protected - True if the pages will be used as protected/private memory 2004 1978 * 2005 1979 * Output Args: None 2006 1980 * ··· 2013 1985 * and their base address is returned. A TEST_ASSERT failure occurs if 2014 1986 * not enough pages are available at or above paddr_min. 2015 1987 */ 2016 2016 - vm_paddr_t vm_phy_pages_alloc(struct kvm_vm *vm, size_t num, 2017 2017 - vm_paddr_t paddr_min, uint32_t memslot) 1988 1988 + vm_paddr_t __vm_phy_pages_alloc(struct kvm_vm *vm, size_t num, 1989 1989 + vm_paddr_t paddr_min, uint32_t memslot, 1990 1990 + bool protected) 2018 1991 { 2019 1992 struct userspace_mem_region *region; 2020 1993 sparsebit_idx_t pg, base; ··· 2028 1999 paddr_min, vm->page_size); 2029 2000 2030 2001 region = memslot2region(vm, memslot); 2031 2031 - base = pg = paddr_min >> vm->page_shift; 2002 2002 + TEST_ASSERT(!protected || region->protected_phy_pages, 2003 2003 + "Region doesn't support protected memory"); 2032 2004 2005 2005 + base = pg = paddr_min >> vm->page_shift; 2033 2006 do { 2034 2007 for (; pg < base + num; ++pg) { 2035 2008 if (!sparsebit_is_set(region->unused_phy_pages, pg)) { ··· 2050 2019 abort(); 2051 2020 } 2052 2021 2053 2053 - for (pg = base; pg < base + num; ++pg) 2022 2022 + for (pg = base; pg < base + num; ++pg) { 2054 2023 sparsebit_clear(region->unused_phy_pages, pg); 2024 2024 + if (protected) 2025 2025 + sparsebit_set(region->protected_phy_pages, pg); 2026 2026 + } 2055 2027 2056 2028 return base * vm->page_size; 2057 2029 } ··· 2257 2223 setbuf(stdout, NULL); 2258 2224 2259 2225 kvm_selftest_arch_init(); 2226 2226 + } 2227 2227 + 2228 2228 + bool vm_is_gpa_protected(struct kvm_vm *vm, vm_paddr_t paddr) 2229 2229 + { 2230 2230 + sparsebit_idx_t pg = 0; 2231 2231 + struct userspace_mem_region *region; 2232 2232 + 2233 2233 + if (!vm_arch_has_protected_memory(vm)) 2234 2234 + return false; 2235 2235 + 2236 2236 + region = userspace_mem_region_find(vm, paddr, paddr); 2237 2237 + TEST_ASSERT(region, "No vm physical memory at 0x%lx", paddr); 2238 2238 + 2239 2239 + pg = paddr >> vm->page_shift; 2240 2240 + return sparsebit_is_set(region->protected_phy_pages, pg); 2260 2241 }

+6 -3

tools/testing/selftests/kvm/lib/riscv/processor.c

reviewed

··· 289 289 0, 0, 0, 0, 0, 0); 290 290 } 291 291 292 292 - struct kvm_vcpu *vm_arch_vcpu_add(struct kvm_vm *vm, uint32_t vcpu_id, 293 293 - void *guest_code) 292 292 + void vcpu_arch_set_entry_point(struct kvm_vcpu *vcpu, void *guest_code) 293 293 + { 294 294 + vcpu_set_reg(vcpu, RISCV_CORE_REG(regs.pc), (unsigned long)guest_code); 295 295 + } 296 296 + 297 297 + struct kvm_vcpu *vm_arch_vcpu_add(struct kvm_vm *vm, uint32_t vcpu_id) 294 298 { 295 299 int r; 296 300 size_t stack_size; ··· 328 324 329 325 /* Setup stack pointer and program counter of guest */ 330 326 vcpu_set_reg(vcpu, RISCV_CORE_REG(regs.sp), stack_vaddr + stack_size); 331 331 - vcpu_set_reg(vcpu, RISCV_CORE_REG(regs.pc), (unsigned long)guest_code); 332 327 333 328 /* Setup sscratch for guest_get_vcpuid() */ 334 329 vcpu_set_reg(vcpu, RISCV_GENERAL_CSR_REG(sscratch), vcpu_id);

+7 -6

tools/testing/selftests/kvm/lib/s390x/processor.c

reviewed

··· 155 155 virt_dump_region(stream, vm, indent, vm->pgd); 156 156 } 157 157 158 158 - struct kvm_vcpu *vm_arch_vcpu_add(struct kvm_vm *vm, uint32_t vcpu_id, 159 159 - void *guest_code) 158 158 + void vcpu_arch_set_entry_point(struct kvm_vcpu *vcpu, void *guest_code) 159 159 + { 160 160 + vcpu->run->psw_addr = (uintptr_t)guest_code; 161 161 + } 162 162 + 163 163 + struct kvm_vcpu *vm_arch_vcpu_add(struct kvm_vm *vm, uint32_t vcpu_id) 160 164 { 161 165 size_t stack_size = DEFAULT_STACK_PGS * getpagesize(); 162 166 uint64_t stack_vaddr; 163 167 struct kvm_regs regs; 164 168 struct kvm_sregs sregs; 165 169 struct kvm_vcpu *vcpu; 166 166 - struct kvm_run *run; 167 170 168 171 TEST_ASSERT(vm->page_size == 4096, "Unsupported page size: 0x%x", 169 172 vm->page_size); ··· 187 184 sregs.crs[1] = vm->pgd | 0xf; /* Primary region table */ 188 185 vcpu_sregs_set(vcpu, &sregs); 189 186 190 190 - run = vcpu->run; 191 191 - run->psw_mask = 0x0400000180000000ULL; /* DAT enabled + 64 bit mode */ 192 192 - run->psw_addr = (uintptr_t)guest_code; 187 187 + vcpu->run->psw_mask = 0x0400000180000000ULL; /* DAT enabled + 64 bit mode */ 193 188 194 189 return vcpu; 195 190 }

+24 -24

tools/testing/selftests/kvm/lib/sparsebit.c

reviewed

··· 202 202 /* Returns a pointer to the node that describes the 203 203 * lowest bit index. 204 204 */ 205 205 - static struct node *node_first(struct sparsebit *s) 205 205 + static struct node *node_first(const struct sparsebit *s) 206 206 { 207 207 struct node *nodep; 208 208 ··· 216 216 * lowest bit index > the index of the node pointed to by np. 217 217 * Returns NULL if no node with a higher index exists. 218 218 */ 219 219 - static struct node *node_next(struct sparsebit *s, struct node *np) 219 219 + static struct node *node_next(const struct sparsebit *s, struct node *np) 220 220 { 221 221 struct node *nodep = np; 222 222 ··· 244 244 * highest index < the index of the node pointed to by np. 245 245 * Returns NULL if no node with a lower index exists. 246 246 */ 247 247 - static struct node *node_prev(struct sparsebit *s, struct node *np) 247 247 + static struct node *node_prev(const struct sparsebit *s, struct node *np) 248 248 { 249 249 struct node *nodep = np; 250 250 ··· 273 273 * subtree and duplicates the bit settings to the newly allocated nodes. 274 274 * Returns the newly allocated copy of subtree. 275 275 */ 276 276 - static struct node *node_copy_subtree(struct node *subtree) 276 276 + static struct node *node_copy_subtree(const struct node *subtree) 277 277 { 278 278 struct node *root; 279 279 ··· 307 307 * index is within the bits described by the mask bits or the number of 308 308 * contiguous bits set after the mask. Returns NULL if there is no such node. 309 309 */ 310 310 - static struct node *node_find(struct sparsebit *s, sparsebit_idx_t idx) 310 310 + static struct node *node_find(const struct sparsebit *s, sparsebit_idx_t idx) 311 311 { 312 312 struct node *nodep; 313 313 ··· 393 393 } 394 394 395 395 /* Returns whether all the bits in the sparsebit array are set. */ 396 396 - bool sparsebit_all_set(struct sparsebit *s) 396 396 + bool sparsebit_all_set(const struct sparsebit *s) 397 397 { 398 398 /* 399 399 * If any nodes there must be at least one bit set. Only case ··· 775 775 /* Returns whether the bit at the index given by idx, within the 776 776 * sparsebit array is set or not. 777 777 */ 778 778 - bool sparsebit_is_set(struct sparsebit *s, sparsebit_idx_t idx) 778 778 + bool sparsebit_is_set(const struct sparsebit *s, sparsebit_idx_t idx) 779 779 { 780 780 struct node *nodep; 781 781 ··· 921 921 * used by test cases after they detect an unexpected condition, as a means 922 922 * to capture diagnostic information. 923 923 */ 924 924 - static void sparsebit_dump_internal(FILE *stream, struct sparsebit *s, 924 924 + static void sparsebit_dump_internal(FILE *stream, const struct sparsebit *s, 925 925 unsigned int indent) 926 926 { 927 927 /* Dump the contents of s */ ··· 969 969 * sparsebit_alloc(). It can though already have bits set, which 970 970 * if different from src will be cleared. 971 971 */ 972 972 - void sparsebit_copy(struct sparsebit *d, struct sparsebit *s) 972 972 + void sparsebit_copy(struct sparsebit *d, const struct sparsebit *s) 973 973 { 974 974 /* First clear any bits already set in the destination */ 975 975 sparsebit_clear_all(d); ··· 981 981 } 982 982 983 983 /* Returns whether num consecutive bits starting at idx are all set. */ 984 984 - bool sparsebit_is_set_num(struct sparsebit *s, 984 984 + bool sparsebit_is_set_num(const struct sparsebit *s, 985 985 sparsebit_idx_t idx, sparsebit_num_t num) 986 986 { 987 987 sparsebit_idx_t next_cleared; ··· 1005 1005 } 1006 1006 1007 1007 /* Returns whether the bit at the index given by idx. */ 1008 1008 - bool sparsebit_is_clear(struct sparsebit *s, 1008 1008 + bool sparsebit_is_clear(const struct sparsebit *s, 1009 1009 sparsebit_idx_t idx) 1010 1010 { 1011 1011 return !sparsebit_is_set(s, idx); 1012 1012 } 1013 1013 1014 1014 /* Returns whether num consecutive bits starting at idx are all cleared. */ 1015 1015 - bool sparsebit_is_clear_num(struct sparsebit *s, 1015 1015 + bool sparsebit_is_clear_num(const struct sparsebit *s, 1016 1016 sparsebit_idx_t idx, sparsebit_num_t num) 1017 1017 { 1018 1018 sparsebit_idx_t next_set; ··· 1041 1041 * value. Use sparsebit_any_set(), instead of sparsebit_num_set() > 0, 1042 1042 * to determine if the sparsebit array has any bits set. 1043 1043 */ 1044 1044 - sparsebit_num_t sparsebit_num_set(struct sparsebit *s) 1044 1044 + sparsebit_num_t sparsebit_num_set(const struct sparsebit *s) 1045 1045 { 1046 1046 return s->num_set; 1047 1047 } 1048 1048 1049 1049 /* Returns whether any bit is set in the sparsebit array. */ 1050 1050 - bool sparsebit_any_set(struct sparsebit *s) 1050 1050 + bool sparsebit_any_set(const struct sparsebit *s) 1051 1051 { 1052 1052 /* 1053 1053 * Nodes only describe set bits. If any nodes then there ··· 1070 1070 } 1071 1071 1072 1072 /* Returns whether all the bits in the sparsebit array are cleared. */ 1073 1073 - bool sparsebit_all_clear(struct sparsebit *s) 1073 1073 + bool sparsebit_all_clear(const struct sparsebit *s) 1074 1074 { 1075 1075 return !sparsebit_any_set(s); 1076 1076 } 1077 1077 1078 1078 /* Returns whether all the bits in the sparsebit array are set. */ 1079 1079 - bool sparsebit_any_clear(struct sparsebit *s) 1079 1079 + bool sparsebit_any_clear(const struct sparsebit *s) 1080 1080 { 1081 1081 return !sparsebit_all_set(s); 1082 1082 } 1083 1083 1084 1084 /* Returns the index of the first set bit. Abort if no bits are set. 1085 1085 */ 1086 1086 - sparsebit_idx_t sparsebit_first_set(struct sparsebit *s) 1086 1086 + sparsebit_idx_t sparsebit_first_set(const struct sparsebit *s) 1087 1087 { 1088 1088 struct node *nodep; 1089 1089 ··· 1097 1097 /* Returns the index of the first cleared bit. Abort if 1098 1098 * no bits are cleared. 1099 1099 */ 1100 1100 - sparsebit_idx_t sparsebit_first_clear(struct sparsebit *s) 1100 1100 + sparsebit_idx_t sparsebit_first_clear(const struct sparsebit *s) 1101 1101 { 1102 1102 struct node *nodep1, *nodep2; 1103 1103 ··· 1151 1151 /* Returns index of next bit set within s after the index given by prev. 1152 1152 * Returns 0 if there are no bits after prev that are set. 1153 1153 */ 1154 1154 - sparsebit_idx_t sparsebit_next_set(struct sparsebit *s, 1154 1154 + sparsebit_idx_t sparsebit_next_set(const struct sparsebit *s, 1155 1155 sparsebit_idx_t prev) 1156 1156 { 1157 1157 sparsebit_idx_t lowest_possible = prev + 1; ··· 1244 1244 /* Returns index of next bit cleared within s after the index given by prev. 1245 1245 * Returns 0 if there are no bits after prev that are cleared. 1246 1246 */ 1247 1247 - sparsebit_idx_t sparsebit_next_clear(struct sparsebit *s, 1247 1247 + sparsebit_idx_t sparsebit_next_clear(const struct sparsebit *s, 1248 1248 sparsebit_idx_t prev) 1249 1249 { 1250 1250 sparsebit_idx_t lowest_possible = prev + 1; ··· 1300 1300 * and returns the index of the first sequence of num consecutively set 1301 1301 * bits. Returns a value of 0 of no such sequence exists. 1302 1302 */ 1303 1303 - sparsebit_idx_t sparsebit_next_set_num(struct sparsebit *s, 1303 1303 + sparsebit_idx_t sparsebit_next_set_num(const struct sparsebit *s, 1304 1304 sparsebit_idx_t start, sparsebit_num_t num) 1305 1305 { 1306 1306 sparsebit_idx_t idx; ··· 1335 1335 * and returns the index of the first sequence of num consecutively cleared 1336 1336 * bits. Returns a value of 0 of no such sequence exists. 1337 1337 */ 1338 1338 - sparsebit_idx_t sparsebit_next_clear_num(struct sparsebit *s, 1338 1338 + sparsebit_idx_t sparsebit_next_clear_num(const struct sparsebit *s, 1339 1339 sparsebit_idx_t start, sparsebit_num_t num) 1340 1340 { 1341 1341 sparsebit_idx_t idx; ··· 1583 1583 * contiguous bits. This is done because '-' is used to specify command-line 1584 1584 * options, and sometimes ranges are specified as command-line arguments. 1585 1585 */ 1586 1586 - void sparsebit_dump(FILE *stream, struct sparsebit *s, 1586 1586 + void sparsebit_dump(FILE *stream, const struct sparsebit *s, 1587 1587 unsigned int indent) 1588 1588 { 1589 1589 size_t current_line_len = 0; ··· 1681 1681 * s. On error, diagnostic information is printed to stderr and 1682 1682 * abort is called. 1683 1683 */ 1684 1684 - void sparsebit_validate_internal(struct sparsebit *s) 1684 1684 + void sparsebit_validate_internal(const struct sparsebit *s) 1685 1685 { 1686 1686 bool error_detected = false; 1687 1687 struct node *nodep, *prev = NULL;

+2 -1

tools/testing/selftests/kvm/lib/ucall_common.c

reviewed

··· 29 29 vm_vaddr_t vaddr; 30 30 int i; 31 31 32 32 - vaddr = __vm_vaddr_alloc(vm, sizeof(*hdr), KVM_UTIL_MIN_VADDR, MEM_REGION_DATA); 32 32 + vaddr = vm_vaddr_alloc_shared(vm, sizeof(*hdr), KVM_UTIL_MIN_VADDR, 33 33 + MEM_REGION_DATA); 33 34 hdr = (struct ucall_header *)addr_gva2hva(vm, vaddr); 34 35 memset(hdr, 0, sizeof(*hdr)); 35 36

+41 -4

tools/testing/selftests/kvm/lib/x86_64/processor.c

reviewed

··· 9 9 #include "test_util.h" 10 10 #include "kvm_util.h" 11 11 #include "processor.h" 12 12 + #include "sev.h" 12 13 13 14 #ifndef NUM_INTERRUPTS 14 15 #define NUM_INTERRUPTS 256 ··· 158 157 { 159 158 uint64_t *pte = virt_get_pte(vm, parent_pte, vaddr, current_level); 160 159 160 160 + paddr = vm_untag_gpa(vm, paddr); 161 161 + 161 162 if (!(*pte & PTE_PRESENT_MASK)) { 162 163 *pte = PTE_PRESENT_MASK | PTE_WRITABLE_MASK; 163 164 if (current_level == target_level) ··· 203 200 "Physical address beyond maximum supported,\n" 204 201 " paddr: 0x%lx vm->max_gfn: 0x%lx vm->page_size: 0x%x", 205 202 paddr, vm->max_gfn, vm->page_size); 203 203 + TEST_ASSERT(vm_untag_gpa(vm, paddr) == paddr, 204 204 + "Unexpected bits in paddr: %lx", paddr); 206 205 207 206 /* 208 207 * Allocate upper level page tables, if not already present. Return ··· 227 222 TEST_ASSERT(!(*pte & PTE_PRESENT_MASK), 228 223 "PTE already present for 4k page at vaddr: 0x%lx", vaddr); 229 224 *pte = PTE_PRESENT_MASK | PTE_WRITABLE_MASK | (paddr & PHYSICAL_PAGE_MASK); 225 225 + 226 226 + /* 227 227 + * Neither SEV nor TDX supports shared page tables, so only the final 228 228 + * leaf PTE needs manually set the C/S-bit. 229 229 + */ 230 230 + if (vm_is_gpa_protected(vm, paddr)) 231 231 + *pte |= vm->arch.c_bit; 232 232 + else 233 233 + *pte |= vm->arch.s_bit; 230 234 } 231 235 232 236 void virt_arch_pg_map(struct kvm_vm *vm, uint64_t vaddr, uint64_t paddr) ··· 278 264 int *level) 279 265 { 280 266 uint64_t *pml4e, *pdpe, *pde; 267 267 + 268 268 + TEST_ASSERT(!vm->arch.is_pt_protected, 269 269 + "Walking page tables of protected guests is impossible"); 281 270 282 271 TEST_ASSERT(*level >= PG_LEVEL_NONE && *level < PG_LEVEL_NUM, 283 272 "Invalid PG_LEVEL_* '%d'", *level); ··· 513 496 * No need for a hugepage mask on the PTE, x86-64 requires the "unused" 514 497 * address bits to be zero. 515 498 */ 516 516 - return PTE_GET_PA(*pte) | (gva & ~HUGEPAGE_MASK(level)); 499 499 + return vm_untag_gpa(vm, PTE_GET_PA(*pte)) | (gva & ~HUGEPAGE_MASK(level)); 517 500 } 518 501 519 502 static void kvm_setup_gdt(struct kvm_vm *vm, struct kvm_dtable *dt) ··· 577 560 vm_create_irqchip(vm); 578 561 sync_global_to_guest(vm, host_cpu_is_intel); 579 562 sync_global_to_guest(vm, host_cpu_is_amd); 563 563 + 564 564 + if (vm->subtype == VM_SUBTYPE_SEV) 565 565 + sev_vm_init(vm); 566 566 + else if (vm->subtype == VM_SUBTYPE_SEV_ES) 567 567 + sev_es_vm_init(vm); 580 568 } 581 569 582 582 - struct kvm_vcpu *vm_arch_vcpu_add(struct kvm_vm *vm, uint32_t vcpu_id, 583 583 - void *guest_code) 570 570 + void vcpu_arch_set_entry_point(struct kvm_vcpu *vcpu, void *guest_code) 571 571 + { 572 572 + struct kvm_regs regs; 573 573 + 574 574 + vcpu_regs_get(vcpu, &regs); 575 575 + regs.rip = (unsigned long) guest_code; 576 576 + vcpu_regs_set(vcpu, &regs); 577 577 + } 578 578 + 579 579 + struct kvm_vcpu *vm_arch_vcpu_add(struct kvm_vm *vm, uint32_t vcpu_id) 584 580 { 585 581 struct kvm_mp_state mp_state; 586 582 struct kvm_regs regs; ··· 627 597 vcpu_regs_get(vcpu, &regs); 628 598 regs.rflags = regs.rflags | 0x2; 629 599 regs.rsp = stack_vaddr; 630 630 - regs.rip = (unsigned long) guest_code; 631 600 vcpu_regs_set(vcpu, &regs); 632 601 633 602 /* Setup the MP state */ ··· 1067 1038 } else { 1068 1039 *pa_bits = kvm_cpu_property(X86_PROPERTY_MAX_PHY_ADDR); 1069 1040 *va_bits = kvm_cpu_property(X86_PROPERTY_MAX_VIRT_ADDR); 1041 1041 + } 1042 1042 + } 1043 1043 + 1044 1044 + void kvm_init_vm_address_properties(struct kvm_vm *vm) 1045 1045 + { 1046 1046 + if (vm->subtype == VM_SUBTYPE_SEV || vm->subtype == VM_SUBTYPE_SEV_ES) { 1047 1047 + vm->arch.c_bit = BIT_ULL(this_cpu_property(X86_PROPERTY_SEV_C_BIT)); 1048 1048 + vm->gpa_tag_mask = vm->arch.c_bit; 1070 1049 } 1071 1050 } 1072 1051

+114

tools/testing/selftests/kvm/lib/x86_64/sev.c

reviewed

··· 1 1 + // SPDX-License-Identifier: GPL-2.0-only 2 2 + #define _GNU_SOURCE /* for program_invocation_short_name */ 3 3 + #include <stdint.h> 4 4 + #include <stdbool.h> 5 5 + 6 6 + #include "sev.h" 7 7 + 8 8 + /* 9 9 + * sparsebit_next_clear() can return 0 if [x, 2**64-1] are all set, and the 10 10 + * -1 would then cause an underflow back to 2**64 - 1. This is expected and 11 11 + * correct. 12 12 + * 13 13 + * If the last range in the sparsebit is [x, y] and we try to iterate, 14 14 + * sparsebit_next_set() will return 0, and sparsebit_next_clear() will try 15 15 + * and find the first range, but that's correct because the condition 16 16 + * expression would cause us to quit the loop. 17 17 + */ 18 18 + static void encrypt_region(struct kvm_vm *vm, struct userspace_mem_region *region) 19 19 + { 20 20 + const struct sparsebit *protected_phy_pages = region->protected_phy_pages; 21 21 + const vm_paddr_t gpa_base = region->region.guest_phys_addr; 22 22 + const sparsebit_idx_t lowest_page_in_region = gpa_base >> vm->page_shift; 23 23 + sparsebit_idx_t i, j; 24 24 + 25 25 + if (!sparsebit_any_set(protected_phy_pages)) 26 26 + return; 27 27 + 28 28 + sev_register_encrypted_memory(vm, region); 29 29 + 30 30 + sparsebit_for_each_set_range(protected_phy_pages, i, j) { 31 31 + const uint64_t size = (j - i + 1) * vm->page_size; 32 32 + const uint64_t offset = (i - lowest_page_in_region) * vm->page_size; 33 33 + 34 34 + sev_launch_update_data(vm, gpa_base + offset, size); 35 35 + } 36 36 + } 37 37 + 38 38 + void sev_vm_launch(struct kvm_vm *vm, uint32_t policy) 39 39 + { 40 40 + struct kvm_sev_launch_start launch_start = { 41 41 + .policy = policy, 42 42 + }; 43 43 + struct userspace_mem_region *region; 44 44 + struct kvm_sev_guest_status status; 45 45 + int ctr; 46 46 + 47 47 + vm_sev_ioctl(vm, KVM_SEV_LAUNCH_START, &launch_start); 48 48 + vm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &status); 49 49 + 50 50 + TEST_ASSERT_EQ(status.policy, policy); 51 51 + TEST_ASSERT_EQ(status.state, SEV_GUEST_STATE_LAUNCH_UPDATE); 52 52 + 53 53 + hash_for_each(vm->regions.slot_hash, ctr, region, slot_node) 54 54 + encrypt_region(vm, region); 55 55 + 56 56 + if (policy & SEV_POLICY_ES) 57 57 + vm_sev_ioctl(vm, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL); 58 58 + 59 59 + vm->arch.is_pt_protected = true; 60 60 + } 61 61 + 62 62 + void sev_vm_launch_measure(struct kvm_vm *vm, uint8_t *measurement) 63 63 + { 64 64 + struct kvm_sev_launch_measure launch_measure; 65 65 + struct kvm_sev_guest_status guest_status; 66 66 + 67 67 + launch_measure.len = 256; 68 68 + launch_measure.uaddr = (__u64)measurement; 69 69 + vm_sev_ioctl(vm, KVM_SEV_LAUNCH_MEASURE, &launch_measure); 70 70 + 71 71 + vm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &guest_status); 72 72 + TEST_ASSERT_EQ(guest_status.state, SEV_GUEST_STATE_LAUNCH_SECRET); 73 73 + } 74 74 + 75 75 + void sev_vm_launch_finish(struct kvm_vm *vm) 76 76 + { 77 77 + struct kvm_sev_guest_status status; 78 78 + 79 79 + vm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &status); 80 80 + TEST_ASSERT(status.state == SEV_GUEST_STATE_LAUNCH_UPDATE || 81 81 + status.state == SEV_GUEST_STATE_LAUNCH_SECRET, 82 82 + "Unexpected guest state: %d", status.state); 83 83 + 84 84 + vm_sev_ioctl(vm, KVM_SEV_LAUNCH_FINISH, NULL); 85 85 + 86 86 + vm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &status); 87 87 + TEST_ASSERT_EQ(status.state, SEV_GUEST_STATE_RUNNING); 88 88 + } 89 89 + 90 90 + struct kvm_vm *vm_sev_create_with_one_vcpu(uint32_t policy, void *guest_code, 91 91 + struct kvm_vcpu **cpu) 92 92 + { 93 93 + struct vm_shape shape = { 94 94 + .type = VM_TYPE_DEFAULT, 95 95 + .mode = VM_MODE_DEFAULT, 96 96 + .subtype = policy & SEV_POLICY_ES ? VM_SUBTYPE_SEV_ES : 97 97 + VM_SUBTYPE_SEV, 98 98 + }; 99 99 + struct kvm_vm *vm; 100 100 + struct kvm_vcpu *cpus[1]; 101 101 + uint8_t measurement[512]; 102 102 + 103 103 + vm = __vm_create_with_vcpus(shape, 1, 0, guest_code, cpus); 104 104 + *cpu = cpus[0]; 105 105 + 106 106 + sev_vm_launch(vm, policy); 107 107 + 108 108 + /* TODO: Validate the measurement is as expected. */ 109 109 + sev_vm_launch_measure(vm, measurement); 110 110 + 111 111 + sev_vm_launch_finish(vm); 112 112 + 113 113 + return vm; 114 114 + }

+18 -9

tools/testing/selftests/kvm/x86_64/fix_hypercall_test.c

reviewed

··· 9 9 #include <linux/stringify.h> 10 10 #include <stdint.h> 11 11 12 12 + #include "kvm_test_harness.h" 12 13 #include "apic.h" 13 14 #include "test_util.h" 14 15 #include "kvm_util.h" ··· 84 83 GUEST_DONE(); 85 84 } 86 85 86 86 + KVM_ONE_VCPU_TEST_SUITE(fix_hypercall); 87 87 + 87 88 static void enter_guest(struct kvm_vcpu *vcpu) 88 89 { 89 90 struct kvm_run *run = vcpu->run; ··· 106 103 } 107 104 } 108 105 109 109 - static void test_fix_hypercall(bool disable_quirk) 106 106 + static void test_fix_hypercall(struct kvm_vcpu *vcpu, bool disable_quirk) 110 107 { 111 111 - struct kvm_vcpu *vcpu; 112 112 - struct kvm_vm *vm; 108 108 + struct kvm_vm *vm = vcpu->vm; 113 109 114 114 - vm = vm_create_with_one_vcpu(&vcpu, guest_main); 115 115 - 116 116 - vm_init_descriptor_tables(vcpu->vm); 110 110 + vm_init_descriptor_tables(vm); 117 111 vcpu_init_descriptor_tables(vcpu); 118 112 vm_install_exception_handler(vcpu->vm, UD_VECTOR, guest_ud_handler); 119 113 ··· 126 126 enter_guest(vcpu); 127 127 } 128 128 129 129 - int main(void) 129 129 + KVM_ONE_VCPU_TEST(fix_hypercall, enable_quirk, guest_main) 130 130 + { 131 131 + test_fix_hypercall(vcpu, false); 132 132 + } 133 133 + 134 134 + KVM_ONE_VCPU_TEST(fix_hypercall, disable_quirk, guest_main) 135 135 + { 136 136 + test_fix_hypercall(vcpu, true); 137 137 + } 138 138 + 139 139 + int main(int argc, char *argv[]) 130 140 { 131 141 TEST_REQUIRE(kvm_check_cap(KVM_CAP_DISABLE_QUIRKS2) & KVM_X86_QUIRK_FIX_HYPERCALL_INSN); 132 142 133 133 - test_fix_hypercall(false); 134 134 - test_fix_hypercall(true); 143 143 + return test_harness_run(argc, argv); 135 144 }

+2

tools/testing/selftests/kvm/x86_64/private_mem_conversions_test.c

reviewed

··· 434 434 435 435 r = fallocate(memfd, FALLOC_FL_KEEP_SIZE, 0, memfd_size); 436 436 TEST_ASSERT(!r, __KVM_SYSCALL_ERROR("fallocate()", r)); 437 437 + 438 438 + close(memfd); 437 439 } 438 440 439 441 static void usage(const char *cmd)

+18 -42

tools/testing/selftests/kvm/x86_64/sev_migrate_tests.c

reviewed

··· 10 10 #include "test_util.h" 11 11 #include "kvm_util.h" 12 12 #include "processor.h" 13 13 - #include "svm_util.h" 13 13 + #include "sev.h" 14 14 #include "kselftest.h" 15 15 - 16 16 - #define SEV_POLICY_ES 0b100 17 15 18 16 #define NR_MIGRATE_TEST_VCPUS 4 19 17 #define NR_MIGRATE_TEST_VMS 3 ··· 20 22 21 23 bool have_sev_es; 22 24 23 23 - static int __sev_ioctl(int vm_fd, int cmd_id, void *data, __u32 *fw_error) 24 24 - { 25 25 - struct kvm_sev_cmd cmd = { 26 26 - .id = cmd_id, 27 27 - .data = (uint64_t)data, 28 28 - .sev_fd = open_sev_dev_path_or_exit(), 29 29 - }; 30 30 - int ret; 31 31 - 32 32 - ret = ioctl(vm_fd, KVM_MEMORY_ENCRYPT_OP, &cmd); 33 33 - *fw_error = cmd.error; 34 34 - return ret; 35 35 - } 36 36 - 37 37 - static void sev_ioctl(int vm_fd, int cmd_id, void *data) 38 38 - { 39 39 - int ret; 40 40 - __u32 fw_error; 41 41 - 42 42 - ret = __sev_ioctl(vm_fd, cmd_id, data, &fw_error); 43 43 - TEST_ASSERT(ret == 0 && fw_error == SEV_RET_SUCCESS, 44 44 - "%d failed: return code: %d, errno: %d, fw error: %d", 45 45 - cmd_id, ret, errno, fw_error); 46 46 - } 47 47 - 48 25 static struct kvm_vm *sev_vm_create(bool es) 49 26 { 50 27 struct kvm_vm *vm; 51 51 - struct kvm_sev_launch_start start = { 0 }; 52 28 int i; 53 29 54 30 vm = vm_create_barebones(); 55 55 - sev_ioctl(vm->fd, es ? KVM_SEV_ES_INIT : KVM_SEV_INIT, NULL); 31 31 + if (!es) 32 32 + sev_vm_init(vm); 33 33 + else 34 34 + sev_es_vm_init(vm); 35 35 + 56 36 for (i = 0; i < NR_MIGRATE_TEST_VCPUS; ++i) 57 37 __vm_vcpu_add(vm, i); 38 38 + 39 39 + sev_vm_launch(vm, es ? SEV_POLICY_ES : 0); 40 40 + 58 41 if (es) 59 59 - start.policy |= SEV_POLICY_ES; 60 60 - sev_ioctl(vm->fd, KVM_SEV_LAUNCH_START, &start); 61 61 - if (es) 62 62 - sev_ioctl(vm->fd, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL); 42 42 + vm_sev_ioctl(vm, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL); 63 43 return vm; 64 44 } 65 45 ··· 157 181 sev_vm = sev_vm_create(/* es= */ false); 158 182 sev_es_vm = sev_vm_create(/* es= */ true); 159 183 sev_es_vm_no_vmsa = vm_create_barebones(); 160 160 - sev_ioctl(sev_es_vm_no_vmsa->fd, KVM_SEV_ES_INIT, NULL); 184 184 + sev_es_vm_init(sev_es_vm_no_vmsa); 161 185 __vm_vcpu_add(sev_es_vm_no_vmsa, 1); 162 186 163 187 ret = __sev_migrate_from(sev_vm, sev_es_vm); ··· 206 230 TEST_ASSERT(!ret, "Copying context failed, ret: %d, errno: %d", ret, errno); 207 231 } 208 232 209 209 - static void verify_mirror_allowed_cmds(int vm_fd) 233 233 + static void verify_mirror_allowed_cmds(struct kvm_vm *vm) 210 234 { 211 235 struct kvm_sev_guest_status status; 236 236 + int cmd_id; 212 237 213 213 - for (int cmd_id = KVM_SEV_INIT; cmd_id < KVM_SEV_NR_MAX; ++cmd_id) { 238 238 + for (cmd_id = KVM_SEV_INIT; cmd_id < KVM_SEV_NR_MAX; ++cmd_id) { 214 239 int ret; 215 215 - __u32 fw_error; 216 240 217 241 /* 218 242 * These commands are allowed for mirror VMs, all others are ··· 232 256 * These commands should be disallowed before the data 233 257 * parameter is examined so NULL is OK here. 234 258 */ 235 235 - ret = __sev_ioctl(vm_fd, cmd_id, NULL, &fw_error); 259 259 + ret = __vm_sev_ioctl(vm, cmd_id, NULL); 236 260 TEST_ASSERT( 237 261 ret == -1 && errno == EINVAL, 238 262 "Should not be able call command: %d. ret: %d, errno: %d", 239 263 cmd_id, ret, errno); 240 264 } 241 265 242 242 - sev_ioctl(vm_fd, KVM_SEV_GUEST_STATUS, &status); 266 266 + vm_sev_ioctl(vm, KVM_SEV_GUEST_STATUS, &status); 243 267 } 244 268 245 269 static void test_sev_mirror(bool es) ··· 257 281 __vm_vcpu_add(dst_vm, i); 258 282 259 283 if (es) 260 260 - sev_ioctl(dst_vm->fd, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL); 284 284 + vm_sev_ioctl(dst_vm, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL); 261 285 262 262 - verify_mirror_allowed_cmds(dst_vm->fd); 286 286 + verify_mirror_allowed_cmds(dst_vm); 263 287 264 288 kvm_vm_free(src_vm); 265 289 kvm_vm_free(dst_vm);

+88

tools/testing/selftests/kvm/x86_64/sev_smoke_test.c

reviewed

··· 1 1 + // SPDX-License-Identifier: GPL-2.0-only 2 2 + #include <fcntl.h> 3 3 + #include <stdio.h> 4 4 + #include <stdlib.h> 5 5 + #include <string.h> 6 6 + #include <sys/ioctl.h> 7 7 + 8 8 + #include "test_util.h" 9 9 + #include "kvm_util.h" 10 10 + #include "processor.h" 11 11 + #include "svm_util.h" 12 12 + #include "linux/psp-sev.h" 13 13 + #include "sev.h" 14 14 + 15 15 + 16 16 + static void guest_sev_es_code(void) 17 17 + { 18 18 + /* TODO: Check CPUID after GHCB-based hypercall support is added. */ 19 19 + GUEST_ASSERT(rdmsr(MSR_AMD64_SEV) & MSR_AMD64_SEV_ENABLED); 20 20 + GUEST_ASSERT(rdmsr(MSR_AMD64_SEV) & MSR_AMD64_SEV_ES_ENABLED); 21 21 + 22 22 + /* 23 23 + * TODO: Add GHCB and ucall support for SEV-ES guests. For now, simply 24 24 + * force "termination" to signal "done" via the GHCB MSR protocol. 25 25 + */ 26 26 + wrmsr(MSR_AMD64_SEV_ES_GHCB, GHCB_MSR_TERM_REQ); 27 27 + __asm__ __volatile__("rep; vmmcall"); 28 28 + } 29 29 + 30 30 + static void guest_sev_code(void) 31 31 + { 32 32 + GUEST_ASSERT(this_cpu_has(X86_FEATURE_SEV)); 33 33 + GUEST_ASSERT(rdmsr(MSR_AMD64_SEV) & MSR_AMD64_SEV_ENABLED); 34 34 + 35 35 + GUEST_DONE(); 36 36 + } 37 37 + 38 38 + static void test_sev(void *guest_code, uint64_t policy) 39 39 + { 40 40 + struct kvm_vcpu *vcpu; 41 41 + struct kvm_vm *vm; 42 42 + struct ucall uc; 43 43 + 44 44 + vm = vm_sev_create_with_one_vcpu(policy, guest_code, &vcpu); 45 45 + 46 46 + for (;;) { 47 47 + vcpu_run(vcpu); 48 48 + 49 49 + if (policy & SEV_POLICY_ES) { 50 50 + TEST_ASSERT(vcpu->run->exit_reason == KVM_EXIT_SYSTEM_EVENT, 51 51 + "Wanted SYSTEM_EVENT, got %s", 52 52 + exit_reason_str(vcpu->run->exit_reason)); 53 53 + TEST_ASSERT_EQ(vcpu->run->system_event.type, KVM_SYSTEM_EVENT_SEV_TERM); 54 54 + TEST_ASSERT_EQ(vcpu->run->system_event.ndata, 1); 55 55 + TEST_ASSERT_EQ(vcpu->run->system_event.data[0], GHCB_MSR_TERM_REQ); 56 56 + break; 57 57 + } 58 58 + 59 59 + switch (get_ucall(vcpu, &uc)) { 60 60 + case UCALL_SYNC: 61 61 + continue; 62 62 + case UCALL_DONE: 63 63 + return; 64 64 + case UCALL_ABORT: 65 65 + REPORT_GUEST_ASSERT(uc); 66 66 + default: 67 67 + TEST_FAIL("Unexpected exit: %s", 68 68 + exit_reason_str(vcpu->run->exit_reason)); 69 69 + } 70 70 + } 71 71 + 72 72 + kvm_vm_free(vm); 73 73 + } 74 74 + 75 75 + int main(int argc, char *argv[]) 76 76 + { 77 77 + TEST_REQUIRE(kvm_cpu_has(X86_FEATURE_SEV)); 78 78 + 79 79 + test_sev(guest_sev_code, SEV_POLICY_NO_DBG); 80 80 + test_sev(guest_sev_code, 0); 81 81 + 82 82 + if (kvm_cpu_has(X86_FEATURE_SEV_ES)) { 83 83 + test_sev(guest_sev_es_code, SEV_POLICY_ES | SEV_POLICY_NO_DBG); 84 84 + test_sev(guest_sev_es_code, SEV_POLICY_ES); 85 85 + } 86 86 + 87 87 + return 0; 88 88 + }

+90 -31

tools/testing/selftests/kvm/x86_64/sync_regs_test.c

reviewed

··· 17 17 #include <sys/ioctl.h> 18 18 #include <pthread.h> 19 19 20 20 + #include "kvm_test_harness.h" 20 21 #include "test_util.h" 21 22 #include "kvm_util.h" 22 23 #include "processor.h" ··· 41 40 : : [port] "d" (UCALL_PIO_PORT), "D" (&uc_none) 42 41 : "rax", "rbx"); 43 42 } 43 43 + 44 44 + KVM_ONE_VCPU_TEST_SUITE(sync_regs_test); 44 45 45 46 static void compare_regs(struct kvm_regs *left, struct kvm_regs *right) 46 47 { ··· 155 152 return NULL; 156 153 } 157 154 158 158 - static void race_sync_regs(void *racer) 155 155 + static void race_sync_regs(struct kvm_vcpu *vcpu, void *racer) 159 156 { 160 157 const time_t TIMEOUT = 2; /* seconds, roughly */ 161 158 struct kvm_x86_state *state; 162 159 struct kvm_translation tr; 163 163 - struct kvm_vcpu *vcpu; 164 160 struct kvm_run *run; 165 165 - struct kvm_vm *vm; 166 161 pthread_t thread; 167 162 time_t t; 168 163 169 169 - vm = vm_create_with_one_vcpu(&vcpu, guest_code); 170 164 run = vcpu->run; 171 165 172 166 run->kvm_valid_regs = KVM_SYNC_X86_SREGS; ··· 205 205 TEST_ASSERT_EQ(pthread_join(thread, NULL), 0); 206 206 207 207 kvm_x86_state_cleanup(state); 208 208 - kvm_vm_free(vm); 209 208 } 210 209 211 211 - int main(int argc, char *argv[]) 210 210 + KVM_ONE_VCPU_TEST(sync_regs_test, read_invalid, guest_code) 212 211 { 213 213 - struct kvm_vcpu *vcpu; 214 214 - struct kvm_vm *vm; 215 215 - struct kvm_run *run; 216 216 - struct kvm_regs regs; 217 217 - struct kvm_sregs sregs; 218 218 - struct kvm_vcpu_events events; 219 219 - int rv, cap; 220 220 - 221 221 - cap = kvm_check_cap(KVM_CAP_SYNC_REGS); 222 222 - TEST_REQUIRE((cap & TEST_SYNC_FIELDS) == TEST_SYNC_FIELDS); 223 223 - TEST_REQUIRE(!(cap & INVALID_SYNC_FIELD)); 224 224 - 225 225 - vm = vm_create_with_one_vcpu(&vcpu, guest_code); 226 226 - 227 227 - run = vcpu->run; 212 212 + struct kvm_run *run = vcpu->run; 213 213 + int rv; 228 214 229 215 /* Request reading invalid register set from VCPU. */ 230 216 run->kvm_valid_regs = INVALID_SYNC_FIELD; ··· 226 240 "Invalid kvm_valid_regs did not cause expected KVM_RUN error: %d", 227 241 rv); 228 242 run->kvm_valid_regs = 0; 243 243 + } 244 244 + 245 245 + KVM_ONE_VCPU_TEST(sync_regs_test, set_invalid, guest_code) 246 246 + { 247 247 + struct kvm_run *run = vcpu->run; 248 248 + int rv; 229 249 230 250 /* Request setting invalid register set into VCPU. */ 231 251 run->kvm_dirty_regs = INVALID_SYNC_FIELD; ··· 247 255 "Invalid kvm_dirty_regs did not cause expected KVM_RUN error: %d", 248 256 rv); 249 257 run->kvm_dirty_regs = 0; 258 258 + } 259 259 + 260 260 + KVM_ONE_VCPU_TEST(sync_regs_test, req_and_verify_all_valid, guest_code) 261 261 + { 262 262 + struct kvm_run *run = vcpu->run; 263 263 + struct kvm_vcpu_events events; 264 264 + struct kvm_sregs sregs; 265 265 + struct kvm_regs regs; 250 266 251 267 /* Request and verify all valid register sets. */ 252 268 /* TODO: BUILD TIME CHECK: TEST_ASSERT(KVM_SYNC_X86_NUM_FIELDS != 3); */ 253 269 run->kvm_valid_regs = TEST_SYNC_FIELDS; 254 254 - rv = _vcpu_run(vcpu); 270 270 + vcpu_run(vcpu); 255 271 TEST_ASSERT_KVM_EXIT_REASON(vcpu, KVM_EXIT_IO); 256 272 257 273 vcpu_regs_get(vcpu, &regs); ··· 270 270 271 271 vcpu_events_get(vcpu, &events); 272 272 compare_vcpu_events(&events, &run->s.regs.events); 273 273 + } 274 274 + 275 275 + KVM_ONE_VCPU_TEST(sync_regs_test, set_and_verify_various, guest_code) 276 276 + { 277 277 + struct kvm_run *run = vcpu->run; 278 278 + struct kvm_vcpu_events events; 279 279 + struct kvm_sregs sregs; 280 280 + struct kvm_regs regs; 281 281 + 282 282 + /* Run once to get register set */ 283 283 + run->kvm_valid_regs = TEST_SYNC_FIELDS; 284 284 + vcpu_run(vcpu); 285 285 + TEST_ASSERT_KVM_EXIT_REASON(vcpu, KVM_EXIT_IO); 273 286 274 287 /* Set and verify various register values. */ 275 288 run->s.regs.regs.rbx = 0xBAD1DEA; ··· 291 278 292 279 run->kvm_valid_regs = TEST_SYNC_FIELDS; 293 280 run->kvm_dirty_regs = KVM_SYNC_X86_REGS | KVM_SYNC_X86_SREGS; 294 294 - rv = _vcpu_run(vcpu); 281 281 + vcpu_run(vcpu); 295 282 TEST_ASSERT_KVM_EXIT_REASON(vcpu, KVM_EXIT_IO); 296 283 TEST_ASSERT(run->s.regs.regs.rbx == 0xBAD1DEA + 1, 297 284 "rbx sync regs value incorrect 0x%llx.", ··· 308 295 309 296 vcpu_events_get(vcpu, &events); 310 297 compare_vcpu_events(&events, &run->s.regs.events); 298 298 + } 299 299 + 300 300 + KVM_ONE_VCPU_TEST(sync_regs_test, clear_kvm_dirty_regs_bits, guest_code) 301 301 + { 302 302 + struct kvm_run *run = vcpu->run; 311 303 312 304 /* Clear kvm_dirty_regs bits, verify new s.regs values are 313 305 * overwritten with existing guest values. ··· 320 302 run->kvm_valid_regs = TEST_SYNC_FIELDS; 321 303 run->kvm_dirty_regs = 0; 322 304 run->s.regs.regs.rbx = 0xDEADBEEF; 323 323 - rv = _vcpu_run(vcpu); 305 305 + vcpu_run(vcpu); 324 306 TEST_ASSERT_KVM_EXIT_REASON(vcpu, KVM_EXIT_IO); 325 307 TEST_ASSERT(run->s.regs.regs.rbx != 0xDEADBEEF, 326 308 "rbx sync regs value incorrect 0x%llx.", 327 309 run->s.regs.regs.rbx); 310 310 + } 311 311 + 312 312 + KVM_ONE_VCPU_TEST(sync_regs_test, clear_kvm_valid_and_dirty_regs, guest_code) 313 313 + { 314 314 + struct kvm_run *run = vcpu->run; 315 315 + struct kvm_regs regs; 316 316 + 317 317 + /* Run once to get register set */ 318 318 + run->kvm_valid_regs = TEST_SYNC_FIELDS; 319 319 + vcpu_run(vcpu); 320 320 + TEST_ASSERT_KVM_EXIT_REASON(vcpu, KVM_EXIT_IO); 328 321 329 322 /* Clear kvm_valid_regs bits and kvm_dirty_bits. 330 323 * Verify s.regs values are not overwritten with existing guest values ··· 344 315 run->kvm_valid_regs = 0; 345 316 run->kvm_dirty_regs = 0; 346 317 run->s.regs.regs.rbx = 0xAAAA; 318 318 + vcpu_regs_get(vcpu, &regs); 347 319 regs.rbx = 0xBAC0; 348 320 vcpu_regs_set(vcpu, &regs); 349 349 - rv = _vcpu_run(vcpu); 321 321 + vcpu_run(vcpu); 350 322 TEST_ASSERT_KVM_EXIT_REASON(vcpu, KVM_EXIT_IO); 351 323 TEST_ASSERT(run->s.regs.regs.rbx == 0xAAAA, 352 324 "rbx sync regs value incorrect 0x%llx.", ··· 356 326 TEST_ASSERT(regs.rbx == 0xBAC0 + 1, 357 327 "rbx guest value incorrect 0x%llx.", 358 328 regs.rbx); 329 329 + } 330 330 + 331 331 + KVM_ONE_VCPU_TEST(sync_regs_test, clear_kvm_valid_regs_bits, guest_code) 332 332 + { 333 333 + struct kvm_run *run = vcpu->run; 334 334 + struct kvm_regs regs; 335 335 + 336 336 + /* Run once to get register set */ 337 337 + run->kvm_valid_regs = TEST_SYNC_FIELDS; 338 338 + vcpu_run(vcpu); 339 339 + TEST_ASSERT_KVM_EXIT_REASON(vcpu, KVM_EXIT_IO); 359 340 360 341 /* Clear kvm_valid_regs bits. Verify s.regs values are not overwritten 361 342 * with existing guest values but that guest values are overwritten ··· 375 334 run->kvm_valid_regs = 0; 376 335 run->kvm_dirty_regs = TEST_SYNC_FIELDS; 377 336 run->s.regs.regs.rbx = 0xBBBB; 378 378 - rv = _vcpu_run(vcpu); 337 337 + vcpu_run(vcpu); 379 338 TEST_ASSERT_KVM_EXIT_REASON(vcpu, KVM_EXIT_IO); 380 339 TEST_ASSERT(run->s.regs.regs.rbx == 0xBBBB, 381 340 "rbx sync regs value incorrect 0x%llx.", ··· 384 343 TEST_ASSERT(regs.rbx == 0xBBBB + 1, 385 344 "rbx guest value incorrect 0x%llx.", 386 345 regs.rbx); 346 346 + } 387 347 388 388 - kvm_vm_free(vm); 348 348 + KVM_ONE_VCPU_TEST(sync_regs_test, race_cr4, guest_code) 349 349 + { 350 350 + race_sync_regs(vcpu, race_sregs_cr4); 351 351 + } 389 352 390 390 - race_sync_regs(race_sregs_cr4); 391 391 - race_sync_regs(race_events_exc); 392 392 - race_sync_regs(race_events_inj_pen); 353 353 + KVM_ONE_VCPU_TEST(sync_regs_test, race_exc, guest_code) 354 354 + { 355 355 + race_sync_regs(vcpu, race_events_exc); 356 356 + } 393 357 394 394 - return 0; 358 358 + KVM_ONE_VCPU_TEST(sync_regs_test, race_inj_pen, guest_code) 359 359 + { 360 360 + race_sync_regs(vcpu, race_events_inj_pen); 361 361 + } 362 362 + 363 363 + int main(int argc, char *argv[]) 364 364 + { 365 365 + int cap; 366 366 + 367 367 + cap = kvm_check_cap(KVM_CAP_SYNC_REGS); 368 368 + TEST_REQUIRE((cap & TEST_SYNC_FIELDS) == TEST_SYNC_FIELDS); 369 369 + TEST_REQUIRE(!(cap & INVALID_SYNC_FIELD)); 370 370 + 371 371 + return test_harness_run(argc, argv); 395 372 }

+14 -40

tools/testing/selftests/kvm/x86_64/userspace_msr_exit_test.c

reviewed

··· 8 8 #define _GNU_SOURCE /* for program_invocation_short_name */ 9 9 #include <sys/ioctl.h> 10 10 11 11 + #include "kvm_test_harness.h" 11 12 #include "test_util.h" 12 13 #include "kvm_util.h" 13 14 #include "vmx.h" ··· 528 527 process_ucall_done(vcpu); 529 528 } 530 529 531 531 - static void test_msr_filter_allow(void) 532 532 - { 533 533 - struct kvm_vcpu *vcpu; 534 534 - struct kvm_vm *vm; 535 535 - int rc; 530 530 + KVM_ONE_VCPU_TEST_SUITE(user_msr); 536 531 537 537 - vm = vm_create_with_one_vcpu(&vcpu, guest_code_filter_allow); 532 532 + KVM_ONE_VCPU_TEST(user_msr, msr_filter_allow, guest_code_filter_allow) 533 533 + { 534 534 + struct kvm_vm *vm = vcpu->vm; 535 535 + int rc; 538 536 539 537 rc = kvm_check_cap(KVM_CAP_X86_USER_SPACE_MSR); 540 538 TEST_ASSERT(rc, "KVM_CAP_X86_USER_SPACE_MSR is available"); ··· 585 585 } else { 586 586 printf("To run the instruction emulated tests set the module parameter 'kvm.force_emulation_prefix=1'\n"); 587 587 } 588 588 - 589 589 - kvm_vm_free(vm); 590 588 } 591 589 592 590 static int handle_ucall(struct kvm_vcpu *vcpu) ··· 644 646 } 645 647 } 646 648 647 647 - static void test_msr_filter_deny(void) 649 649 + KVM_ONE_VCPU_TEST(user_msr, msr_filter_deny, guest_code_filter_deny) 648 650 { 649 649 - struct kvm_vcpu *vcpu; 650 650 - struct kvm_vm *vm; 651 651 - struct kvm_run *run; 651 651 + struct kvm_vm *vm = vcpu->vm; 652 652 + struct kvm_run *run = vcpu->run; 652 653 int rc; 653 653 - 654 654 - vm = vm_create_with_one_vcpu(&vcpu, guest_code_filter_deny); 655 655 - run = vcpu->run; 656 654 657 655 rc = kvm_check_cap(KVM_CAP_X86_USER_SPACE_MSR); 658 656 TEST_ASSERT(rc, "KVM_CAP_X86_USER_SPACE_MSR is available"); ··· 683 689 done: 684 690 TEST_ASSERT(msr_reads == 4, "Handled 4 rdmsr in user space"); 685 691 TEST_ASSERT(msr_writes == 3, "Handled 3 wrmsr in user space"); 686 686 - 687 687 - kvm_vm_free(vm); 688 692 } 689 693 690 690 - static void test_msr_permission_bitmap(void) 694 694 + KVM_ONE_VCPU_TEST(user_msr, msr_permission_bitmap, guest_code_permission_bitmap) 691 695 { 692 692 - struct kvm_vcpu *vcpu; 693 693 - struct kvm_vm *vm; 696 696 + struct kvm_vm *vm = vcpu->vm; 694 697 int rc; 695 695 - 696 696 - vm = vm_create_with_one_vcpu(&vcpu, guest_code_permission_bitmap); 697 698 698 699 rc = kvm_check_cap(KVM_CAP_X86_USER_SPACE_MSR); 699 700 TEST_ASSERT(rc, "KVM_CAP_X86_USER_SPACE_MSR is available"); ··· 704 715 vm_ioctl(vm, KVM_X86_SET_MSR_FILTER, &filter_gs); 705 716 run_guest_then_process_rdmsr(vcpu, MSR_GS_BASE); 706 717 run_guest_then_process_ucall_done(vcpu); 707 707 - 708 708 - kvm_vm_free(vm); 709 718 } 710 719 711 720 #define test_user_exit_msr_ioctl(vm, cmd, arg, flag, valid_mask) \ ··· 773 786 } 774 787 775 788 /* Test that attempts to write to the unused bits in a flag fails. */ 776 776 - static void test_user_exit_msr_flags(void) 789 789 + KVM_ONE_VCPU_TEST(user_msr, user_exit_msr_flags, NULL) 777 790 { 778 778 - struct kvm_vcpu *vcpu; 779 779 - struct kvm_vm *vm; 780 780 - 781 781 - vm = vm_create_with_one_vcpu(&vcpu, NULL); 791 791 + struct kvm_vm *vm = vcpu->vm; 782 792 783 793 /* Test flags for KVM_CAP_X86_USER_SPACE_MSR. */ 784 794 run_user_space_msr_flag_test(vm); 785 795 786 796 /* Test flags and range flags for KVM_X86_SET_MSR_FILTER. */ 787 797 run_msr_filter_flag_test(vm); 788 788 - 789 789 - kvm_vm_free(vm); 790 798 } 791 799 792 800 int main(int argc, char *argv[]) 793 801 { 794 794 - test_msr_filter_allow(); 795 795 - 796 796 - test_msr_filter_deny(); 797 797 - 798 798 - test_msr_permission_bitmap(); 799 799 - 800 800 - test_user_exit_msr_flags(); 801 801 - 802 802 - return 0; 802 802 + return test_harness_run(argc, argv); 803 803 }

+12 -40

tools/testing/selftests/kvm/x86_64/vmx_pmu_caps_test.c

reviewed

··· 15 15 16 16 #include <linux/bitmap.h> 17 17 18 18 + #include "kvm_test_harness.h" 18 19 #include "kvm_util.h" 19 20 #include "vmx.h" 20 21 21 21 - union perf_capabilities { 22 22 + static union perf_capabilities { 22 23 struct { 23 24 u64 lbr_format:6; 24 25 u64 pebs_trap:1; ··· 33 32 u64 anythread_deprecated:1; 34 33 }; 35 34 u64 capabilities; 36 36 - }; 35 35 + } host_cap; 37 36 38 37 /* 39 38 * The LBR format and most PEBS features are immutable, all other features are ··· 74 73 GUEST_DONE(); 75 74 } 76 75 76 76 + KVM_ONE_VCPU_TEST_SUITE(vmx_pmu_caps); 77 77 + 77 78 /* 78 79 * Verify that guest WRMSRs to PERF_CAPABILITIES #GP regardless of the value 79 80 * written, that the guest always sees the userspace controlled value, and that 80 81 * PERF_CAPABILITIES is immutable after KVM_RUN. 81 82 */ 82 82 - static void test_guest_wrmsr_perf_capabilities(union perf_capabilities host_cap) 83 83 + KVM_ONE_VCPU_TEST(vmx_pmu_caps, guest_wrmsr_perf_capabilities, guest_code) 83 84 { 84 84 - struct kvm_vcpu *vcpu; 85 85 - struct kvm_vm *vm = vm_create_with_one_vcpu(&vcpu, guest_code); 86 85 struct ucall uc; 87 86 int r, i; 88 87 89 89 - vm_init_descriptor_tables(vm); 88 88 + vm_init_descriptor_tables(vcpu->vm); 90 89 vcpu_init_descriptor_tables(vcpu); 91 90 92 91 vcpu_set_msr(vcpu, MSR_IA32_PERF_CAPABILITIES, host_cap.capabilities); ··· 118 117 TEST_ASSERT(!r, "Post-KVM_RUN write '0x%llx'didn't fail", 119 118 host_cap.capabilities ^ BIT_ULL(i)); 120 119 } 121 121 - 122 122 - kvm_vm_free(vm); 123 120 } 124 121 125 122 /* 126 123 * Verify KVM allows writing PERF_CAPABILITIES with all KVM-supported features 127 124 * enabled, as well as '0' (to disable all features). 128 125 */ 129 129 - static void test_basic_perf_capabilities(union perf_capabilities host_cap) 126 126 + KVM_ONE_VCPU_TEST(vmx_pmu_caps, basic_perf_capabilities, guest_code) 130 127 { 131 131 - struct kvm_vcpu *vcpu; 132 132 - struct kvm_vm *vm = vm_create_with_one_vcpu(&vcpu, NULL); 133 133 - 134 128 vcpu_set_msr(vcpu, MSR_IA32_PERF_CAPABILITIES, 0); 135 129 vcpu_set_msr(vcpu, MSR_IA32_PERF_CAPABILITIES, host_cap.capabilities); 136 136 - 137 137 - kvm_vm_free(vm); 138 130 } 139 131 140 140 - static void test_fungible_perf_capabilities(union perf_capabilities host_cap) 132 132 + KVM_ONE_VCPU_TEST(vmx_pmu_caps, fungible_perf_capabilities, guest_code) 141 133 { 142 134 const uint64_t fungible_caps = host_cap.capabilities & ~immutable_caps.capabilities; 143 143 - 144 144 - struct kvm_vcpu *vcpu; 145 145 - struct kvm_vm *vm = vm_create_with_one_vcpu(&vcpu, NULL); 146 135 int bit; 147 136 148 137 for_each_set_bit(bit, &fungible_caps, 64) { ··· 141 150 host_cap.capabilities & ~BIT_ULL(bit)); 142 151 } 143 152 vcpu_set_msr(vcpu, MSR_IA32_PERF_CAPABILITIES, host_cap.capabilities); 144 144 - 145 145 - kvm_vm_free(vm); 146 153 } 147 154 148 155 /* ··· 149 160 * separately as they are multi-bit values, e.g. toggling or setting a single 150 161 * bit can generate a false positive without dedicated safeguards. 151 162 */ 152 152 - static void test_immutable_perf_capabilities(union perf_capabilities host_cap) 163 163 + KVM_ONE_VCPU_TEST(vmx_pmu_caps, immutable_perf_capabilities, guest_code) 153 164 { 154 165 const uint64_t reserved_caps = (~host_cap.capabilities | 155 166 immutable_caps.capabilities) & 156 167 ~format_caps.capabilities; 157 157 - 158 158 - struct kvm_vcpu *vcpu; 159 159 - struct kvm_vm *vm = vm_create_with_one_vcpu(&vcpu, NULL); 160 168 union perf_capabilities val = host_cap; 161 169 int r, bit; 162 170 ··· 187 201 TEST_ASSERT(!r, "Bad PEBS FMT = 0x%x didn't fail, host = 0x%x", 188 202 val.pebs_format, host_cap.pebs_format); 189 203 } 190 190 - 191 191 - kvm_vm_free(vm); 192 204 } 193 205 194 206 /* ··· 195 211 * LBR_TOS as those bits are writable across all uarch implementations (arch 196 212 * LBRs will need to poke a different MSR). 197 213 */ 198 198 - static void test_lbr_perf_capabilities(union perf_capabilities host_cap) 214 214 + KVM_ONE_VCPU_TEST(vmx_pmu_caps, lbr_perf_capabilities, guest_code) 199 215 { 200 200 - struct kvm_vcpu *vcpu; 201 201 - struct kvm_vm *vm; 202 216 int r; 203 217 204 218 if (!host_cap.lbr_format) 205 219 return; 206 206 - 207 207 - vm = vm_create_with_one_vcpu(&vcpu, NULL); 208 220 209 221 vcpu_set_msr(vcpu, MSR_IA32_PERF_CAPABILITIES, host_cap.capabilities); 210 222 vcpu_set_msr(vcpu, MSR_LBR_TOS, 7); ··· 209 229 210 230 r = _vcpu_set_msr(vcpu, MSR_LBR_TOS, 7); 211 231 TEST_ASSERT(!r, "Writing LBR_TOS should fail after disabling vPMU"); 212 212 - 213 213 - kvm_vm_free(vm); 214 232 } 215 233 216 234 int main(int argc, char *argv[]) 217 235 { 218 218 - union perf_capabilities host_cap; 219 219 - 220 236 TEST_REQUIRE(get_kvm_param_bool("enable_pmu")); 221 237 TEST_REQUIRE(kvm_cpu_has(X86_FEATURE_PDCM)); 222 238 ··· 224 248 TEST_ASSERT(host_cap.full_width_write, 225 249 "Full-width writes should always be supported"); 226 250 227 227 - test_basic_perf_capabilities(host_cap); 228 228 - test_fungible_perf_capabilities(host_cap); 229 229 - test_immutable_perf_capabilities(host_cap); 230 230 - test_guest_wrmsr_perf_capabilities(host_cap); 231 231 - test_lbr_perf_capabilities(host_cap); 251 251 + return test_harness_run(argc, argv); 232 252 }