Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp664929pxb; Wed, 22 Sep 2021 10:06:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzv8OsMOnHTTPhtt+y9djZvA1oafyW/ro+ag/R5NwWNZLiRmugYGYcq0GCvJkt7Co8j3bqx X-Received: by 2002:a50:dacf:: with SMTP id s15mr321190edj.385.1632330394598; Wed, 22 Sep 2021 10:06:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632330394; cv=none; d=google.com; s=arc-20160816; b=RrH6Xmci4bmRx2NsVHTitMc1KfdLJJpBxgcPlR6KZXk6m9p0fbOTe6lEYITX3e1OXd tvV9uYIQWlEn5wvL0B7IeOTbkAHC5FeAYuI92G7JfinxD3WoUqbRlSWk50d8U9tjsRYx +CvaBm5wuzgR1IuhKbs+492TAuIfvuWZFl8WDz46+FGUDVRzqkzcdK+8ky+Yf/ljlr/e SvkB40kBY5I5oAMnIEAaXEYU0s9Nh4nYIHgYbv8oQQuHY/2ZJ1Zypg7cBfKHJ0H8O3/U 46/DSKcLJY6daT5Y29fi3XXbUhZHMhAzgToBRSFxkGARo5F/U/pWeGoZCCddPh+lpa61 qcLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=Faf2cZB5lcF2TiJPWF7UxSxoJCWTK7cTaP6BQu5ESS0=; b=nI7Vr8H24JlTlquRVhd5Rm3KcaSPAQSY9JY6Xq9oykgZI4vW4ZKxMGJvnFEvUqeOtE yjXKMTXuhZkwnEefY65pg1MXgKriFkzKsKmI45FriOPp0O5arma8k56mUmDpuJWZMqrb Tbp5nka92F54o8S0kETyesvUYaotOv2LMDq/uLeL47u0GrOn1Yz97i7hfY96P6Nc5Za9 m0LClgwburfVaUZS3d5VQ/d8uIEvZFQbYQ25j0naN1N0oBiCDd00KV5Qaf3dM82CRBv/ xOndb4LvqybkzdWpcI02igl01T5Pe5fCkdVr/+u6OaDPlV2GHPLQ0h9Z2IC9XFN1enJZ PJ4Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="ZPNR/ydj"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l4si4692031edj.282.2021.09.22.10.06.10; Wed, 22 Sep 2021 10:06:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="ZPNR/ydj"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236753AbhIVRGW (ORCPT + 99 others); Wed, 22 Sep 2021 13:06:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37470 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236744AbhIVRGU (ORCPT ); Wed, 22 Sep 2021 13:06:20 -0400 Received: from mail-ot1-x32e.google.com (mail-ot1-x32e.google.com [IPv6:2607:f8b0:4864:20::32e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D9853C061757 for ; Wed, 22 Sep 2021 10:04:50 -0700 (PDT) Received: by mail-ot1-x32e.google.com with SMTP id 67-20020a9d0449000000b00546e5a8062aso4404182otc.9 for ; Wed, 22 Sep 2021 10:04:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Faf2cZB5lcF2TiJPWF7UxSxoJCWTK7cTaP6BQu5ESS0=; b=ZPNR/ydjFjqI+i3u1egXlTfOYWVGgBleJHSiS1o570GSXhBrXOAYmq0mljdGxuNjYR xoaxXILq1FyG1qOVyP5aHjFoSxTxize5/AB2al671bdgFnycJPga8DVLuaFRgwKagJAB bHWTLiiDixaXIhkPAYEMc4zg1U8vvqn0TYre4YkVkVLOiTqPiogNhbRmIMzBZ6q5q/mH YSxMEpw5Jefexpgofcsry73AKEELlLKMRScQ7dUi//r33UqZ/dvDLQ6xybxD8AJXF03e wB72lGDxLIZNUjOnUA73CNaLh/9V0Oj2n3BJqZap9y5NdVvDFTDW3kbldbxNNkyKRYcS toRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Faf2cZB5lcF2TiJPWF7UxSxoJCWTK7cTaP6BQu5ESS0=; b=x/qLgLWpvlYrDycNKI6cl+GVVw9vuK9QP53XQ3PITK0HIBVPhtG0YnD4YuMkCCVaeI 6pNIwhzNUP9GU06elFkmx0P5u2Pig2AgULVS5nHq3Lg+3OguIaVZmkPn7bLfd623b07m kDQoxDYUhl43aC02F49BvztVsZ1jUaEAh8vWUdsJphHmwQ6B233TqUvSZHaNQ2UTdOQ0 IuKVTF0b9GgR/hCeFTsgL0/6g6ddt6RwQPzmHtKtW1t2Yy/d97zznj/ogJL64DivnD7f cUiDiSbMX6DX5QLG7Kv77RYSy5sdlMmwLQTOq90wrO+SwiO7JJlUfwJzk5htL14GGSUB QEbQ== X-Gm-Message-State: AOAM533kLrlU3d0JxXRB7i+cQRxh5Ent8ol8fkN7ulNNvibYAEI+q6bh M6j4c3V7F3vVx4yBgXZLN2HfUoDmc46rHxUeI1ywdg== X-Received: by 2002:a05:6830:2b27:: with SMTP id l39mr163964otv.25.1632330290007; Wed, 22 Sep 2021 10:04:50 -0700 (PDT) MIME-Version: 1.0 References: <20210914164727.3007031-1-pgonda@google.com> <20210914164727.3007031-5-pgonda@google.com> In-Reply-To: <20210914164727.3007031-5-pgonda@google.com> From: Marc Orr Date: Wed, 22 Sep 2021 10:04:38 -0700 Message-ID: Subject: Re: [PATCH 4/4 V8] selftest: KVM: Add intra host migration tests To: Peter Gonda Cc: kvm list , Sean Christopherson , David Rientjes , Brijesh Singh , LKML Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Sep 14, 2021 at 9:47 AM Peter Gonda wrote: > > Adds testcases for intra host migration for SEV and SEV-ES. Also adds > locking test to confirm no deadlock exists. > > Signed-off-by: Peter Gonda > Suggested-by: Sean Christopherson > Reviewed-by: Marc Orr > Cc: Marc Orr > Cc: Sean Christopherson > Cc: David Rientjes > Cc: Brijesh Singh > Cc: kvm@vger.kernel.org > Cc: linux-kernel@vger.kernel.org > --- > tools/testing/selftests/kvm/Makefile | 1 + > .../selftests/kvm/x86_64/sev_vm_tests.c | 203 ++++++++++++++++++ > 2 files changed, 204 insertions(+) > create mode 100644 tools/testing/selftests/kvm/x86_64/sev_vm_tests.c > > diff --git a/tools/testing/selftests/kvm/Makefile b/tools/testing/selftests/kvm/Makefile > index c103873531e0..44fd3566fb51 100644 > --- a/tools/testing/selftests/kvm/Makefile > +++ b/tools/testing/selftests/kvm/Makefile > @@ -72,6 +72,7 @@ TEST_GEN_PROGS_x86_64 += x86_64/vmx_pmu_msrs_test > TEST_GEN_PROGS_x86_64 += x86_64/xen_shinfo_test > TEST_GEN_PROGS_x86_64 += x86_64/xen_vmcall_test > TEST_GEN_PROGS_x86_64 += x86_64/vmx_pi_mmio_test > +TEST_GEN_PROGS_x86_64 += x86_64/sev_vm_tests > TEST_GEN_PROGS_x86_64 += access_tracking_perf_test > TEST_GEN_PROGS_x86_64 += demand_paging_test > TEST_GEN_PROGS_x86_64 += dirty_log_test > diff --git a/tools/testing/selftests/kvm/x86_64/sev_vm_tests.c b/tools/testing/selftests/kvm/x86_64/sev_vm_tests.c > new file mode 100644 > index 000000000000..ec3bbc96e73a > --- /dev/null > +++ b/tools/testing/selftests/kvm/x86_64/sev_vm_tests.c > @@ -0,0 +1,203 @@ > +// SPDX-License-Identifier: GPL-2.0-only > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +#include "test_util.h" > +#include "kvm_util.h" > +#include "processor.h" > +#include "svm_util.h" > +#include "kselftest.h" > +#include "../lib/kvm_util_internal.h" > + > +#define SEV_POLICY_ES 0b100 > + > +#define NR_MIGRATE_TEST_VCPUS 4 > +#define NR_MIGRATE_TEST_VMS 3 > +#define NR_LOCK_TESTING_THREADS 3 > +#define NR_LOCK_TESTING_ITERATIONS 10000 > + > +static void sev_ioctl(int vm_fd, int cmd_id, void *data) > +{ > + struct kvm_sev_cmd cmd = { > + .id = cmd_id, > + .data = (uint64_t)data, > + .sev_fd = open_sev_dev_path_or_exit(), > + }; > + int ret; > + > + ret = ioctl(vm_fd, KVM_MEMORY_ENCRYPT_OP, &cmd); > + TEST_ASSERT((ret == 0 || cmd.error == SEV_RET_SUCCESS), > + "%d failed: return code: %d, errno: %d, fw error: %d", > + cmd_id, ret, errno, cmd.error); > +} > + > +static struct kvm_vm *sev_vm_create(bool es) > +{ > + struct kvm_vm *vm; > + struct kvm_sev_launch_start start = { 0 }; > + int i; > + > + vm = vm_create(VM_MODE_DEFAULT, 0, O_RDWR); > + sev_ioctl(vm->fd, es ? KVM_SEV_ES_INIT : KVM_SEV_INIT, NULL); > + for (i = 0; i < NR_MIGRATE_TEST_VCPUS; ++i) > + vm_vcpu_add(vm, i); > + if (es) > + start.policy |= SEV_POLICY_ES; > + sev_ioctl(vm->fd, KVM_SEV_LAUNCH_START, &start); > + if (es) > + sev_ioctl(vm->fd, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL); > + return vm; > +} > + > +static struct kvm_vm *__vm_create(void) > +{ > + struct kvm_vm *vm; > + int i; > + > + vm = vm_create(VM_MODE_DEFAULT, 0, O_RDWR); > + for (i = 0; i < NR_MIGRATE_TEST_VCPUS; ++i) > + vm_vcpu_add(vm, i); > + > + return vm; > +} > + > +static int __sev_migrate_from(int dst_fd, int src_fd) > +{ > + struct kvm_enable_cap cap = { > + .cap = KVM_CAP_VM_MIGRATE_PROTECTED_VM_FROM, > + .args = { src_fd } > + }; > + > + return ioctl(dst_fd, KVM_ENABLE_CAP, &cap); > +} > + > + > +static void sev_migrate_from(int dst_fd, int src_fd) > +{ > + int ret; > + > + ret = __sev_migrate_from(dst_fd, src_fd); > + TEST_ASSERT(!ret, "Migration failed, ret: %d, errno: %d\n", ret, errno); > +} > + > +static void test_sev_migrate_from(bool es) > +{ > + struct kvm_vm *src_vm; > + struct kvm_vm *dst_vms[NR_MIGRATE_TEST_VMS]; > + int i; > + > + src_vm = sev_vm_create(es); > + for (i = 0; i < NR_MIGRATE_TEST_VMS; ++i) > + dst_vms[i] = __vm_create(); > + > + /* Initial migration from the src to the first dst. */ > + sev_migrate_from(dst_vms[0]->fd, src_vm->fd); > + > + for (i = 1; i < NR_MIGRATE_TEST_VMS; i++) > + sev_migrate_from(dst_vms[i]->fd, dst_vms[i - 1]->fd); > + > + /* Migrate the guest back to the original VM. */ > + sev_migrate_from(src_vm->fd, dst_vms[NR_MIGRATE_TEST_VMS - 1]->fd); > + > + kvm_vm_free(src_vm); > + for (i = 0; i < NR_MIGRATE_TEST_VMS; ++i) > + kvm_vm_free(dst_vms[i]); > +} > + > +struct locking_thread_input { > + struct kvm_vm *vm; > + int source_fds[NR_LOCK_TESTING_THREADS]; > +}; > + > +static void *locking_test_thread(void *arg) > +{ > + int i, j; > + struct locking_thread_input *input = (struct locking_test_thread *)arg; > + > + for (i = 0; i < NR_LOCK_TESTING_ITERATIONS; ++i) { > + j = i % NR_LOCK_TESTING_THREADS; > + __sev_migrate_from(input->vm->fd, input->source_fds[j]); > + } > + > + return NULL; > +} > + > +static void test_sev_migrate_locking(void) > +{ > + struct locking_thread_input input[NR_LOCK_TESTING_THREADS]; > + pthread_t pt[NR_LOCK_TESTING_THREADS]; > + int i; > + > + for (i = 0; i < NR_LOCK_TESTING_THREADS; ++i) { > + input[i].vm = sev_vm_create(/* es= */ false); > + input[0].source_fds[i] = input[i].vm->fd; > + } > + for (i = 1; i < NR_LOCK_TESTING_THREADS; ++i) > + memcpy(input[i].source_fds, input[0].source_fds, > + sizeof(input[i].source_fds)); > + > + for (i = 0; i < NR_LOCK_TESTING_THREADS; ++i) > + pthread_create(&pt[i], NULL, locking_test_thread, &input[i]); > + > + for (i = 0; i < NR_LOCK_TESTING_THREADS; ++i) > + pthread_join(pt[i], NULL); > +} > + > +static void test_sev_migrate_parameters(void) > +{ > + struct kvm_vm *sev_vm, *sev_es_vm, *vm_no_vcpu, *vm_no_sev, > + *sev_es_vm_no_vmsa; > + int ret; > + > + sev_vm = sev_vm_create(/* es= */ false); > + sev_es_vm = sev_vm_create(/* es= */ true); > + vm_no_vcpu = vm_create(VM_MODE_DEFAULT, 0, O_RDWR); > + vm_no_sev = __vm_create(); > + sev_es_vm_no_vmsa = vm_create(VM_MODE_DEFAULT, 0, O_RDWR); > + sev_ioctl(sev_es_vm_no_vmsa->fd, KVM_SEV_ES_INIT, NULL); > + vm_vcpu_add(sev_es_vm_no_vmsa, 1); > + > + > + ret = __sev_migrate_from(sev_vm->fd, sev_es_vm->fd); > + TEST_ASSERT( > + ret == -1 && errno == EINVAL, > + "Should not be able migrate to SEV enabled VM. ret: %d, errno: %d\n", > + ret, errno); > + > + ret = __sev_migrate_from(sev_es_vm->fd, sev_vm->fd); > + TEST_ASSERT( > + ret == -1 && errno == EINVAL, > + "Should not be able migrate to SEV-ES enabled VM. ret: %d, errno: %d\n", > + ret, errno); > + > + ret = __sev_migrate_from(vm_no_vcpu->fd, sev_es_vm->fd); > + TEST_ASSERT( > + ret == -1 && errno == EINVAL, > + "SEV-ES migrations require same number of vCPUS. ret: %d, errno: %d\n", > + ret, errno); > + > + ret = __sev_migrate_from(vm_no_vcpu->fd, sev_es_vm_no_vmsa->fd); > + TEST_ASSERT( > + ret == -1 && errno == EINVAL, > + "SEV-ES migrations require UPDATE_VMSA. ret %d, errno: %d\n", > + ret, errno); > + > + ret = __sev_migrate_from(vm_no_vcpu->fd, vm_no_sev->fd); > + TEST_ASSERT(ret == -1 && errno == EINVAL, > + "Migrations require SEV enabled. ret %d, errno: %d\n", ret, > + errno); > +} > + > +int main(int argc, char *argv[]) > +{ > + test_sev_migrate_from(/* es= */ false); > + test_sev_migrate_from(/* es= */ true); > + test_sev_migrate_locking(); > + test_sev_migrate_parameters(); > + return 0; > +} > -- > 2.33.0.309.g3052b89438-goog > Reviewed-by: Marc Orr