diff options
| author |  Sean Christopherson <seanjc@google.com>
| 2024-02-22 16:42:58 -0800 |
|---|---|---|
| committer | Sean Christopherson <seanjc@google.com>
| 2024-02-28 16:39:55 -0800 |
| commit | 40e09b3ccfacc640d58e1e3d6b8f29b2db0a9848 (patch) | |
| tree | 291aa24964376b96138284b9497cb9d69f80fbdf /tools/testing/selftests/kvm/lib | |
| parent | KVM: selftests: Add a basic SEV smoke test (diff) | |
| download | linux-40e09b3ccfacc640d58e1e3d6b8f29b2db0a9848.tar.gz linux-40e09b3ccfacc640d58e1e3d6b8f29b2db0a9848.tar.bz2 linux-40e09b3ccfacc640d58e1e3d6b8f29b2db0a9848.zip | |
KVM: selftests: Add a basic SEV-ES smoke test
Extend sev_smoke_test to also run a minimal SEV-ES smoke test so that it's
possible to test KVM's unique VMRUN=>#VMEXIT path for SEV-ES guests
without needing a full blown SEV-ES capable VM, which requires a rather
absurd amount of properly configured collateral.
Punt on proper GHCB and ucall support, and instead use the GHCB MSR
protocol to signal test completion. The most important thing at this
point is to have _any_ kind of testing of KVM's __svm_sev_es_vcpu_run().
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Peter Gonda <pgonda@google.com>
Cc: Carlos Bilbao <carlos.bilbao@amd.com>
Tested-by: Carlos Bilbao <carlos.bilbao@amd.com>
Link: https://lore.kernel.org/r/20240223004258.3104051-12-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Diffstat (limited to 'tools/testing/selftests/kvm/lib')
| -rw-r--r-- | tools/testing/selftests/kvm/lib/x86_64/processor.c | 2 | ||||
| -rw-r--r-- | tools/testing/selftests/kvm/lib/x86_64/sev.c | 6 |
2 files changed, 6 insertions, 2 deletions
diff --git a/tools/testing/selftests/kvm/lib/x86_64/processor.c b/tools/testing/selftests/kvm/lib/x86_64/processor.c index f1139ba35112..49288fe10cd3 100644 --- a/tools/testing/selftests/kvm/lib/x86_64/processor.c +++ b/tools/testing/selftests/kvm/lib/x86_64/processor.c @@ -1072,7 +1072,7 @@ void kvm_get_cpu_address_width(unsigned int *pa_bits, unsigned int *va_bits) void kvm_init_vm_address_properties(struct kvm_vm *vm) { - if (vm->subtype == VM_SUBTYPE_SEV) { + if (vm->subtype == VM_SUBTYPE_SEV || vm->subtype == VM_SUBTYPE_SEV_ES) { vm->arch.c_bit = BIT_ULL(this_cpu_property(X86_PROPERTY_SEV_C_BIT)); vm->gpa_tag_mask = vm->arch.c_bit; } diff --git a/tools/testing/selftests/kvm/lib/x86_64/sev.c b/tools/testing/selftests/kvm/lib/x86_64/sev.c index 9f5a3dbb5e65..e248d3364b9c 100644 --- a/tools/testing/selftests/kvm/lib/x86_64/sev.c +++ b/tools/testing/selftests/kvm/lib/x86_64/sev.c @@ -53,6 +53,9 @@ void sev_vm_launch(struct kvm_vm *vm, uint32_t policy) hash_for_each(vm->regions.slot_hash, ctr, region, slot_node) encrypt_region(vm, region); + if (policy & SEV_POLICY_ES) + vm_sev_ioctl(vm, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL); + vm->arch.is_pt_protected = true; } @@ -90,7 +93,8 @@ struct kvm_vm *vm_sev_create_with_one_vcpu(uint32_t policy, void *guest_code, struct vm_shape shape = { .type = VM_TYPE_DEFAULT, .mode = VM_MODE_DEFAULT, - .subtype = VM_SUBTYPE_SEV, + .subtype = policy & SEV_POLICY_ES ? VM_SUBTYPE_SEV_ES : + VM_SUBTYPE_SEV, }; struct kvm_vm *vm; struct kvm_vcpu *cpus[1]; |