| Message ID | 20250305230000.231025-1-prsampat@amd.com |
|---|---|
| Headers | show |
| Series | Basic SEV-SNP Selftests | expand |
A very gentle ping on this series. Thanks Pratik On 3/5/25 4:59 PM, Pratik R. Sampat wrote: > This patch series extends the sev_init2 and the sev_smoke test to > exercise the SEV-SNP VM launch workflow. > > Primarily, it introduces the architectural defines, its support in the > SEV library and extends the tests to interact with the SEV-SNP ioctl() > wrappers. > > Patch 1 - Do not advertise SNP on initialization failure > Patch 2 - SNP test for KVM_SEV_INIT2 > Patch 3 - Add vmgexit helper > Patch 4 - Add SMT control interface helper > Patch 5 - Replace assert() with TEST_ASSERT_EQ() > Patch 6 - Introduce SEV+ VM type check > Patch 7 - SNP iotcl() plumbing for the SEV library > Patch 8 - Force set GUEST_MEMFD for SNP > Patch 9 - Cleanups of smoke test - Decouple policy from type > Patch 10 - SNP smoke test > > The series is based on > git.kernel.org/pub/scm/virt/kvm/kvm.git next > > v7..v8: > * Dropped exporting the SNP initialized API from ccp to KVM. Instead > call SNP_PLATFORM_STATUS within KVM to query the initialization. (Tom) > > While it may be cheaper to query sev->snp_initialized from ccp, making > the SNP platform call within KVM does away with any dependencies. > > v6..v7: > https://lore.kernel.org/kvm/20250221210200.244405-7-prsampat@amd.com/ > Based on comments from Sean - > * Replaced FW check with sev->snp_initialized > * Dropped the patch which removes SEV+ KVM advertisement if INIT fails. > This should be now be resolved by the combination of the patches [1,2] > from Ashish. > * Change vmgexit to an inline function > * Export SMT control parsing interface to kvm_util > Note: hyperv_cpuid KST only compile tested > * Replace assert() with TEST_ASSERT_EQ() within SEV library > * Define KVM_SEV_PAGE_TYPE_INVALID for SEV call of encrypt_region() > * Parameterize encrypt_region() to include privatize_region() > * Deduplication of sev test calls between SEV,SEV-ES and SNP > * Removed FW version tests for SNP > * Included testing of SNP_POLICY_DBG > * Dropped most tags from patches that have been changed or indirectly > affected > > [1] https://lore.kernel.org/all/d6d08c6b-9602-4f3d-92c2-8db6d50a1b92@amd.com > [2] https://lore.kernel.org/all/f78ddb64087df27e7bcb1ae0ab53f55aa0804fab.1739226950.git.ashish.kalra@amd.com > > v5..v6: > https://lore.kernel.org/kvm/ab433246-e97c-495b-ab67-b0cb1721fb99@amd.com/ > * Rename is_sev_platform_init to sev_fw_initialized (Nikunj) > * Rename KVM CPU feature X86_FEATURE_SNP to X86_FEATURE_SEV_SNP (Nikunj) > * Collected Tags from Nikunj, Pankaj, Srikanth. > > v4..v5: > https://lore.kernel.org/kvm/8e7d8172-879e-4a28-8438-343b1c386ec9@amd.com/ > * Introduced a check to disable advertising support for SEV, SEV-ES > and SNP when platform initialization fails (Nikunj) > * Remove the redundant SNP check within is_sev_vm() (Nikunj) > * Cleanup of the encrypt_region flow for better readability (Nikunj) > * Refactor paths to use the canonical $(ARCH) to rebase for kvm/next > > v3..v4: > https://lore.kernel.org/kvm/20241114234104.128532-1-pratikrajesh.sampat@amd.com/ > * Remove SNP FW API version check in the test and ensure the KVM > capability advertises the presence of the feature. Retain the minimum > version definitions to exercise these API versions in the smoke test > * Retained only the SNP smoke test and SNP_INIT2 test > * The SNP architectural defined merged with SNP_INIT2 test patch > * SNP shutdown merged with SNP smoke test patch > * Add SEV VM type check to abstract comparisons and reduce clutter > * Define a SNP default policy which sets bits based on the presence of > SMT > * Decouple privatization and encryption for it to be SNP agnostic > * Assert for only positive tests using vm_ioctl() > * Dropped tested-by tags > > In summary - based on comments from Sean, I have primarily reduced the > scope of this patch series to focus on breaking down the SNP smoke test > patch (v3 - patch2) to first introduce SEV-SNP support and use this > interface to extend the sev_init2 and the sev_smoke test. > > The rest of the v3 patchset that introduces ioctl, pre fault, fallocate > and negative tests, will be re-worked and re-introduced subsequently in > future patch series post addressing the issues discussed. > > v2..v3: > https://lore.kernel.org/kvm/20240905124107.6954-1-pratikrajesh.sampat@amd.com/ > * Remove the assignments for the prefault and fallocate test type > enums. > * Fix error message for sev launch measure and finish. > * Collect tested-by tags [Peter, Srikanth] > > Pratik R. Sampat (10): > KVM: SEV: Disable SEV-SNP support on initialization failure > KVM: selftests: SEV-SNP test for KVM_SEV_INIT2 > KVM: selftests: Add vmgexit helper > KVM: selftests: Add SMT control state helper > KVM: selftests: Replace assert() with TEST_ASSERT_EQ() > KVM: selftests: Introduce SEV VM type check > KVM: selftests: Add library support for interacting with SNP > KVM: selftests: Force GUEST_MEMFD flag for SNP VM type > KVM: selftests: Abstractions for SEV to decouple policy from type > KVM: selftests: Add a basic SEV-SNP smoke test > > arch/x86/include/uapi/asm/kvm.h | 1 + > arch/x86/kvm/svm/sev.c | 30 +++++- > tools/arch/x86/include/uapi/asm/kvm.h | 1 + > .../testing/selftests/kvm/include/kvm_util.h | 35 +++++++ > .../selftests/kvm/include/x86/processor.h | 1 + > tools/testing/selftests/kvm/include/x86/sev.h | 42 ++++++++- > tools/testing/selftests/kvm/lib/kvm_util.c | 7 +- > .../testing/selftests/kvm/lib/x86/processor.c | 4 +- > tools/testing/selftests/kvm/lib/x86/sev.c | 93 +++++++++++++++++-- > .../testing/selftests/kvm/x86/hyperv_cpuid.c | 19 ---- > .../selftests/kvm/x86/sev_init2_tests.c | 13 +++ > .../selftests/kvm/x86/sev_smoke_test.c | 75 +++++++++------ > 12 files changed, 261 insertions(+), 60 deletions(-) >
This patch series extends the sev_init2 and the sev_smoke test to exercise the SEV-SNP VM launch workflow. Primarily, it introduces the architectural defines, its support in the SEV library and extends the tests to interact with the SEV-SNP ioctl() wrappers. Patch 1 - Do not advertise SNP on initialization failure Patch 2 - SNP test for KVM_SEV_INIT2 Patch 3 - Add vmgexit helper Patch 4 - Add SMT control interface helper Patch 5 - Replace assert() with TEST_ASSERT_EQ() Patch 6 - Introduce SEV+ VM type check Patch 7 - SNP iotcl() plumbing for the SEV library Patch 8 - Force set GUEST_MEMFD for SNP Patch 9 - Cleanups of smoke test - Decouple policy from type Patch 10 - SNP smoke test The series is based on git.kernel.org/pub/scm/virt/kvm/kvm.git next v7..v8: * Dropped exporting the SNP initialized API from ccp to KVM. Instead call SNP_PLATFORM_STATUS within KVM to query the initialization. (Tom) While it may be cheaper to query sev->snp_initialized from ccp, making the SNP platform call within KVM does away with any dependencies. v6..v7: https://lore.kernel.org/kvm/20250221210200.244405-7-prsampat@amd.com/ Based on comments from Sean - * Replaced FW check with sev->snp_initialized * Dropped the patch which removes SEV+ KVM advertisement if INIT fails. This should be now be resolved by the combination of the patches [1,2] from Ashish. * Change vmgexit to an inline function * Export SMT control parsing interface to kvm_util Note: hyperv_cpuid KST only compile tested * Replace assert() with TEST_ASSERT_EQ() within SEV library * Define KVM_SEV_PAGE_TYPE_INVALID for SEV call of encrypt_region() * Parameterize encrypt_region() to include privatize_region() * Deduplication of sev test calls between SEV,SEV-ES and SNP * Removed FW version tests for SNP * Included testing of SNP_POLICY_DBG * Dropped most tags from patches that have been changed or indirectly affected [1] https://lore.kernel.org/all/d6d08c6b-9602-4f3d-92c2-8db6d50a1b92@amd.com [2] https://lore.kernel.org/all/f78ddb64087df27e7bcb1ae0ab53f55aa0804fab.1739226950.git.ashish.kalra@amd.com v5..v6: https://lore.kernel.org/kvm/ab433246-e97c-495b-ab67-b0cb1721fb99@amd.com/ * Rename is_sev_platform_init to sev_fw_initialized (Nikunj) * Rename KVM CPU feature X86_FEATURE_SNP to X86_FEATURE_SEV_SNP (Nikunj) * Collected Tags from Nikunj, Pankaj, Srikanth. v4..v5: https://lore.kernel.org/kvm/8e7d8172-879e-4a28-8438-343b1c386ec9@amd.com/ * Introduced a check to disable advertising support for SEV, SEV-ES and SNP when platform initialization fails (Nikunj) * Remove the redundant SNP check within is_sev_vm() (Nikunj) * Cleanup of the encrypt_region flow for better readability (Nikunj) * Refactor paths to use the canonical $(ARCH) to rebase for kvm/next v3..v4: https://lore.kernel.org/kvm/20241114234104.128532-1-pratikrajesh.sampat@amd.com/ * Remove SNP FW API version check in the test and ensure the KVM capability advertises the presence of the feature. Retain the minimum version definitions to exercise these API versions in the smoke test * Retained only the SNP smoke test and SNP_INIT2 test * The SNP architectural defined merged with SNP_INIT2 test patch * SNP shutdown merged with SNP smoke test patch * Add SEV VM type check to abstract comparisons and reduce clutter * Define a SNP default policy which sets bits based on the presence of SMT * Decouple privatization and encryption for it to be SNP agnostic * Assert for only positive tests using vm_ioctl() * Dropped tested-by tags In summary - based on comments from Sean, I have primarily reduced the scope of this patch series to focus on breaking down the SNP smoke test patch (v3 - patch2) to first introduce SEV-SNP support and use this interface to extend the sev_init2 and the sev_smoke test. The rest of the v3 patchset that introduces ioctl, pre fault, fallocate and negative tests, will be re-worked and re-introduced subsequently in future patch series post addressing the issues discussed. v2..v3: https://lore.kernel.org/kvm/20240905124107.6954-1-pratikrajesh.sampat@amd.com/ * Remove the assignments for the prefault and fallocate test type enums. * Fix error message for sev launch measure and finish. * Collect tested-by tags [Peter, Srikanth] Pratik R. Sampat (10): KVM: SEV: Disable SEV-SNP support on initialization failure KVM: selftests: SEV-SNP test for KVM_SEV_INIT2 KVM: selftests: Add vmgexit helper KVM: selftests: Add SMT control state helper KVM: selftests: Replace assert() with TEST_ASSERT_EQ() KVM: selftests: Introduce SEV VM type check KVM: selftests: Add library support for interacting with SNP KVM: selftests: Force GUEST_MEMFD flag for SNP VM type KVM: selftests: Abstractions for SEV to decouple policy from type KVM: selftests: Add a basic SEV-SNP smoke test arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/svm/sev.c | 30 +++++- tools/arch/x86/include/uapi/asm/kvm.h | 1 + .../testing/selftests/kvm/include/kvm_util.h | 35 +++++++ .../selftests/kvm/include/x86/processor.h | 1 + tools/testing/selftests/kvm/include/x86/sev.h | 42 ++++++++- tools/testing/selftests/kvm/lib/kvm_util.c | 7 +- .../testing/selftests/kvm/lib/x86/processor.c | 4 +- tools/testing/selftests/kvm/lib/x86/sev.c | 93 +++++++++++++++++-- .../testing/selftests/kvm/x86/hyperv_cpuid.c | 19 ---- .../selftests/kvm/x86/sev_init2_tests.c | 13 +++ .../selftests/kvm/x86/sev_smoke_test.c | 75 +++++++++------ 12 files changed, 261 insertions(+), 60 deletions(-)