sev_init2_tests.c 4.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. #include <linux/kvm.h>
  3. #include <linux/psp-sev.h>
  4. #include <stdio.h>
  5. #include <sys/ioctl.h>
  6. #include <stdlib.h>
  7. #include <errno.h>
  8. #include <pthread.h>
  9. #include "test_util.h"
  10. #include "kvm_util.h"
  11. #include "processor.h"
  12. #include "svm_util.h"
  13. #include "kselftest.h"
  14. #define SVM_SEV_FEAT_DEBUG_SWAP 32u
  15. /*
  16. * Some features may have hidden dependencies, or may only work
  17. * for certain VM types. Err on the side of safety and don't
  18. * expect that all supported features can be passed one by one
  19. * to KVM_SEV_INIT2.
  20. *
  21. * (Well, right now there's only one...)
  22. */
  23. #define KNOWN_FEATURES SVM_SEV_FEAT_DEBUG_SWAP
  24. int kvm_fd;
  25. u64 supported_vmsa_features;
  26. bool have_sev_es;
  27. bool have_snp;
  28. static int __sev_ioctl(int vm_fd, int cmd_id, void *data)
  29. {
  30. struct kvm_sev_cmd cmd = {
  31. .id = cmd_id,
  32. .data = (uint64_t)data,
  33. .sev_fd = open_sev_dev_path_or_exit(),
  34. };
  35. int ret;
  36. ret = ioctl(vm_fd, KVM_MEMORY_ENCRYPT_OP, &cmd);
  37. TEST_ASSERT(ret < 0 || cmd.error == SEV_RET_SUCCESS,
  38. "%d failed: fw error: %d\n",
  39. cmd_id, cmd.error);
  40. return ret;
  41. }
  42. static void test_init2(unsigned long vm_type, struct kvm_sev_init *init)
  43. {
  44. struct kvm_vm *vm;
  45. int ret;
  46. vm = vm_create_barebones_type(vm_type);
  47. ret = __sev_ioctl(vm->fd, KVM_SEV_INIT2, init);
  48. TEST_ASSERT(ret == 0,
  49. "KVM_SEV_INIT2 return code is %d (expected 0), errno: %d",
  50. ret, errno);
  51. kvm_vm_free(vm);
  52. }
  53. static void test_init2_invalid(unsigned long vm_type, struct kvm_sev_init *init, const char *msg)
  54. {
  55. struct kvm_vm *vm;
  56. int ret;
  57. vm = vm_create_barebones_type(vm_type);
  58. ret = __sev_ioctl(vm->fd, KVM_SEV_INIT2, init);
  59. TEST_ASSERT(ret == -1 && errno == EINVAL,
  60. "KVM_SEV_INIT2 should fail, %s.",
  61. msg);
  62. kvm_vm_free(vm);
  63. }
  64. void test_vm_types(void)
  65. {
  66. test_init2(KVM_X86_SEV_VM, &(struct kvm_sev_init){});
  67. /*
  68. * TODO: check that unsupported types cannot be created. Probably
  69. * a separate selftest.
  70. */
  71. if (have_sev_es)
  72. test_init2(KVM_X86_SEV_ES_VM, &(struct kvm_sev_init){});
  73. if (have_snp)
  74. test_init2(KVM_X86_SNP_VM, &(struct kvm_sev_init){});
  75. test_init2_invalid(0, &(struct kvm_sev_init){},
  76. "VM type is KVM_X86_DEFAULT_VM");
  77. if (kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SW_PROTECTED_VM))
  78. test_init2_invalid(KVM_X86_SW_PROTECTED_VM, &(struct kvm_sev_init){},
  79. "VM type is KVM_X86_SW_PROTECTED_VM");
  80. }
  81. void test_flags(uint32_t vm_type)
  82. {
  83. int i;
  84. for (i = 0; i < 32; i++)
  85. test_init2_invalid(vm_type,
  86. &(struct kvm_sev_init){ .flags = BIT(i) },
  87. "invalid flag");
  88. }
  89. void test_features(uint32_t vm_type, uint64_t supported_features)
  90. {
  91. int i;
  92. for (i = 0; i < 64; i++) {
  93. if (!(supported_features & BIT_ULL(i)))
  94. test_init2_invalid(vm_type,
  95. &(struct kvm_sev_init){ .vmsa_features = BIT_ULL(i) },
  96. "unknown feature");
  97. else if (KNOWN_FEATURES & BIT_ULL(i))
  98. test_init2(vm_type,
  99. &(struct kvm_sev_init){ .vmsa_features = BIT_ULL(i) });
  100. }
  101. }
  102. int main(int argc, char *argv[])
  103. {
  104. int kvm_fd = open_kvm_dev_path_or_exit();
  105. bool have_sev;
  106. TEST_REQUIRE(__kvm_has_device_attr(kvm_fd, KVM_X86_GRP_SEV,
  107. KVM_X86_SEV_VMSA_FEATURES) == 0);
  108. kvm_device_attr_get(kvm_fd, KVM_X86_GRP_SEV,
  109. KVM_X86_SEV_VMSA_FEATURES,
  110. &supported_vmsa_features);
  111. have_sev = kvm_cpu_has(X86_FEATURE_SEV);
  112. TEST_ASSERT(have_sev == !!(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SEV_VM)),
  113. "sev: KVM_CAP_VM_TYPES (%x) does not match cpuid (checking %x)",
  114. kvm_check_cap(KVM_CAP_VM_TYPES), 1 << KVM_X86_SEV_VM);
  115. TEST_REQUIRE(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SEV_VM));
  116. have_sev_es = kvm_cpu_has(X86_FEATURE_SEV_ES);
  117. TEST_ASSERT(have_sev_es == !!(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SEV_ES_VM)),
  118. "sev-es: KVM_CAP_VM_TYPES (%x) does not match cpuid (checking %x)",
  119. kvm_check_cap(KVM_CAP_VM_TYPES), 1 << KVM_X86_SEV_ES_VM);
  120. have_snp = kvm_cpu_has(X86_FEATURE_SEV_SNP);
  121. TEST_ASSERT(have_snp == !!(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SNP_VM)),
  122. "sev-snp: KVM_CAP_VM_TYPES (%x) indicates SNP support (bit %d), but CPUID does not",
  123. kvm_check_cap(KVM_CAP_VM_TYPES), KVM_X86_SNP_VM);
  124. test_vm_types();
  125. test_flags(KVM_X86_SEV_VM);
  126. if (have_sev_es)
  127. test_flags(KVM_X86_SEV_ES_VM);
  128. if (have_snp)
  129. test_flags(KVM_X86_SNP_VM);
  130. test_features(KVM_X86_SEV_VM, 0);
  131. if (have_sev_es)
  132. test_features(KVM_X86_SEV_ES_VM, supported_vmsa_features);
  133. if (have_snp)
  134. test_features(KVM_X86_SNP_VM, supported_vmsa_features);
  135. return 0;
  136. }