Hi All,
This is the version 7 of the patch written to add tests for
AMD SEV-ES #VC handling. This version attempts to
address review comments to the previous version of the patch.
Changes v6->v7:
1. Added information about how to run the tests.
2. test->priv no longer points to a location on heap.
Thanks,
Vasant
arch/x86/Kbuild | 2 +
arch/x86/Kconfig.debug | 19 +++++
arch/x86/kernel/Makefile | 7 ++
arch/x86/tests/Makefile | 3 +
arch/x86/tests/sev-test-vc.c | 145 +++++++++++++++++++++++++++++++++++
5 files changed, 176 insertions(+)
create mode 100644 arch/x86/tests/Makefile
create mode 100644 arch/x86/tests/sev-test-vc.c
base-commit: b13baccc3850ca8b8cccbf8ed9912dbaa0fdf7f3
--
2.32.0
These tests:
1. install a kretprobe on the #VC handler (sev_es_ghcb_hv_call, to
access GHCB before/after the resulting VMGEXIT).
2. trigger an NAE by issuing an IO instruction.
3. check that the kretprobe was hit with the right
exit_code available in GHCB.
To run these tests, configuration options CONFIG_X86_TESTS and
CONFIG_AMD_SEV_ES_TEST_VC have to be enabled. These tests run
at the kernel boot time. Result of the test execution can be
monitored in the kernel log.
Signed-off-by: Vasant Karasulli <[email protected]>
---
arch/x86/tests/sev-test-vc.c | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/arch/x86/tests/sev-test-vc.c b/arch/x86/tests/sev-test-vc.c
index 629aa0ca1c86..33ca761bf9cb 100644
--- a/arch/x86/tests/sev-test-vc.c
+++ b/arch/x86/tests/sev-test-vc.c
@@ -8,7 +8,9 @@
#include <asm/cpufeature.h>
#include <asm/sev-common.h>
#include <asm/debugreg.h>
+#include <asm/io.h>
#include <asm/svm.h>
+#include <asm/apicdef.h>
#include <kunit/test.h>
#include <linux/kprobes.h>
@@ -101,11 +103,36 @@ static void sev_es_nae_dr7_rw(struct kunit *test)
native_set_debugreg(7, native_get_debugreg(7)));
}
+static void sev_es_nae_ioio(struct kunit *test)
+{
+ unsigned long port = 0x80;
+ char val = 0;
+
+ check_op(test, SVM_EXIT_IOIO, val = inb(port));
+ check_op(test, SVM_EXIT_IOIO, outb(val, port));
+ check_op(test, SVM_EXIT_IOIO, insb(port, &val, sizeof(val)));
+ check_op(test, SVM_EXIT_IOIO, outsb(port, &val, sizeof(val)));
+}
+
+static void sev_es_nae_mmio(struct kunit *test)
+{
+ unsigned long lapic_ver_pa = APIC_DEFAULT_PHYS_BASE + APIC_LVR;
+ unsigned long __iomem *lapic = ioremap(lapic_ver_pa, 0x4);
+ unsigned long lapic_version = 0;
+
+ check_op(test, SVM_VMGEXIT_MMIO_READ, lapic_version = *lapic);
+ check_op(test, SVM_VMGEXIT_MMIO_WRITE, *lapic = lapic_version);
+
+ iounmap(lapic);
+}
+
static struct kunit_case sev_es_vc_testcases[] = {
KUNIT_CASE(sev_es_nae_cpuid),
KUNIT_CASE(sev_es_nae_wbinvd),
KUNIT_CASE(sev_es_nae_msr),
KUNIT_CASE(sev_es_nae_dr7_rw),
+ KUNIT_CASE(sev_es_nae_ioio),
+ KUNIT_CASE(sev_es_nae_mmio),
{}
};
--
2.32.0
These tests:
1. install a kretprobe on the #VC handler (sev_es_ghcb_hv_call, to
access GHCB before/after the resulting VMGEXIT).
2. trigger an NAE by accessing either MSR or DR7.
3. check that the kretprobe was hit with the right exit_code available
in GHCB.
To run these tests, configuration options CONFIG_X86_TESTS and
CONFIG_AMD_SEV_ES_TEST_VC have to be enabled. These tests run
at the kernel boot time. Result of the test execution can be
monitored in the kernel log.
Signed-off-by: Vasant Karasulli <[email protected]>
---
arch/x86/tests/sev-test-vc.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/arch/x86/tests/sev-test-vc.c b/arch/x86/tests/sev-test-vc.c
index 900ca357a273..629aa0ca1c86 100644
--- a/arch/x86/tests/sev-test-vc.c
+++ b/arch/x86/tests/sev-test-vc.c
@@ -7,6 +7,7 @@
#include <asm/cpufeature.h>
#include <asm/sev-common.h>
+#include <asm/debugreg.h>
#include <asm/svm.h>
#include <kunit/test.h>
#include <linux/kprobes.h>
@@ -89,9 +90,22 @@ static void sev_es_nae_wbinvd(struct kunit *test)
check_op(test, SVM_EXIT_WBINVD, wbinvd());
}
+static void sev_es_nae_msr(struct kunit *test)
+{
+ check_op(test, SVM_EXIT_MSR, __rdmsr(MSR_IA32_TSC));
+}
+
+static void sev_es_nae_dr7_rw(struct kunit *test)
+{
+ check_op(test, SVM_EXIT_WRITE_DR7,
+ native_set_debugreg(7, native_get_debugreg(7)));
+}
+
static struct kunit_case sev_es_vc_testcases[] = {
KUNIT_CASE(sev_es_nae_cpuid),
KUNIT_CASE(sev_es_nae_wbinvd),
+ KUNIT_CASE(sev_es_nae_msr),
+ KUNIT_CASE(sev_es_nae_dr7_rw),
{}
};
--
2.32.0