Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp4698783rwe; Tue, 30 Aug 2022 15:22:54 -0700 (PDT) X-Google-Smtp-Source: AA6agR5+TUl/kl4ufvSBKqEcAqiTM4iI9zFH2BWz0ovDh4ILDjVLBxZUMeMaYXzy8I/3TiMBsGVY X-Received: by 2002:a63:c108:0:b0:41d:6bf3:6807 with SMTP id w8-20020a63c108000000b0041d6bf36807mr19811330pgf.157.1661898174599; Tue, 30 Aug 2022 15:22:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661898174; cv=none; d=google.com; s=arc-20160816; b=caz2E5h9Exdl+q2p9QfNsep0FAIjFNU2J3Zlz2Q2BoXNySZXv0A30jGoOTH5iaAH5s hORY0GQZUlymUSRC9BFGyoHqs9FIndXZY39Ub/B7FKtsheG/Wjp3XfO2/weNK9GaF435 LVJ2RNNcZwvTv3W4rhnfEzM2Pw8jGlHCi9gkCCJJr1wrGo57KNRDtU14facomhefh4YM JAK9fY1NSwsLxhKj5wu7F2mtP+oiQS3Aewn1OwFFnLLpRtit13odlfy5Xdjly78oagqi Aizt4EXd9n1gTaskyfzxaQvHxQ4DLzYbUlM3HaztO8P/j82syVItyAuR3jsOooSgNgf9 qN2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=T9yOZxwNH1Vwea4FbMMjM8N2gmoqmFgTmVLKZvXCyGw=; b=BooQvt1Bsb/LjjMM7VgXXpvRWtkX59hBvkjnd7Ck9x5XF9R8eJtTGLQev7rvUJuOyJ VAvAWWRtHB0ZwUSk8+kWv5oFTz2ncCwEP01EIzuG+7oaL/J81DygeGinSMjP6GxDE/Vf v0Wh93WfZb5H/tjDqesM3Uw81g8nN7cqMnI9tP5+NyCYqSjIsyn4R4rvhOaGxA5f7AeE jR+F6lfhNVFCi62/jfISRvii97CLKfQ6XQSBMAItaGYwmd2kJDXpbrTYCfXmnub+nYpY PtMm4qbA9n4Y2gsJjFQN70vtXu2pMaQ2BEyCVq1QS64CRe1aGiY4Ev+ThiDeaIvHwpt9 JyWA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=eOlvFAgZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f4-20020a635104000000b00429c51217b5si3137220pgb.331.2022.08.30.15.22.43; Tue, 30 Aug 2022 15:22:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=eOlvFAgZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232089AbiH3WUb (ORCPT + 99 others); Tue, 30 Aug 2022 18:20:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51912 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231776AbiH3WUN (ORCPT ); Tue, 30 Aug 2022 18:20:13 -0400 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 21BF1220E1 for ; Tue, 30 Aug 2022 15:20:11 -0700 (PDT) Received: by mail-pj1-x1049.google.com with SMTP id r13-20020a17090a454d00b001f04dfc6195so5412140pjm.2 for ; Tue, 30 Aug 2022 15:20:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date; bh=T9yOZxwNH1Vwea4FbMMjM8N2gmoqmFgTmVLKZvXCyGw=; b=eOlvFAgZHsItzGfjv1tWpFsZXrOJO22R3iWXR8OZBM91PKIkAjTfnCHMDNUvt+SdhZ Bm6lmB7UOemd4FkIOLnGeMo6bCoB6YH2EvQJiroRFzf8w0AfjL8GSBHSQDD1a7Q084dB 2LHamFKzMB7cIe94d4EsxfRHbl0zxq7TTcNYGFq2r2o5TJWSQkMVnMxPxEuoPYgKpCQ9 ST35fHZqFlS03jmaCfdmYLlJJchkR4S+iPX+2JSVH2IKBkdMPPod97mx5tS3rgEWa3kd GY08Y4z9mbP5elCtcrPjQPNzQbKoZsjDT0/qh7F5wRv2WKNtye4tdGj/3cp0R0E+iedR 00Xw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date; bh=T9yOZxwNH1Vwea4FbMMjM8N2gmoqmFgTmVLKZvXCyGw=; b=ukPRkdXSjvHFV2NVNHilJGDDnWJuCWkOjdJUFZHdqkNBwWvw78gqe9KTw3/Tp69CGR EOZKXS/5z6eO/ZdRJ0DUv6GgRHnborNTre6rnT/NZpXFMWdeuYFpsjm8YRaP9H3dXNsP VsQI0fLu4jmYGG+0Myzkf4Cl3iaQTb3Eiqa1CKUVVRGmsbSKYgKdVacMYM3WAz8ec328 myy3FYsloj6K7MhexrCuHUK6gIiIr7kCEiRgYkKdwQeOG7iqh8YshPIoLKX5/4j7yq6w h+j/Wp+rmqFFUDQ8esrBP79olCWbR3cHU/5i1tYeR3lWLZNS8r/V6gDjgkLw4Fy9hpvi vaKA== X-Gm-Message-State: ACgBeo16aC5sBNTIO8XIMYPGYe8it5ajaLCK04Wl2CZBlPSOzjhntdip yvAoxHybHzDmdJXKaN4J4vE8Hj+mZQ== X-Received: from sagi.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:241b]) (user=sagis job=sendgmr) by 2002:a63:fb56:0:b0:429:983f:b91e with SMTP id w22-20020a63fb56000000b00429983fb91emr19753498pgj.399.1661898010578; Tue, 30 Aug 2022 15:20:10 -0700 (PDT) Date: Tue, 30 Aug 2022 22:19:46 +0000 In-Reply-To: <20220830222000.709028-1-sagis@google.com> Mime-Version: 1.0 References: <20220830222000.709028-1-sagis@google.com> X-Mailer: git-send-email 2.37.2.789.g6183377224-goog Message-ID: <20220830222000.709028-4-sagis@google.com> Subject: [RFC PATCH v2 03/17] KVM: selftest: Adding TDX life cycle test. From: Sagi Shahar To: linux-kselftest@vger.kernel.org Cc: Paolo Bonzini , Sean Christopherson , Isaku Yamahata , Sagi Shahar , Erdem Aktas , Ryan Afranji , Roger Wang , Shuah Khan , Andrew Jones , Marc Zyngier , Ben Gardon , Jim Mattson , David Matlack , Peter Xu , Oliver Upton , Ricardo Koller , Yang Zhong , Wei Wang , Xiaoyao Li , Peter Gonda , Marc Orr , Emanuele Giuseppe Esposito , Christian Borntraeger , Eric Auger , Yanan Wang , Aaron Lewis , Vitaly Kuznetsov , Peter Shier , Axel Rasmussen , Zhenzhong Duan , "Maciej S . Szmigiero" , Like Xu , linux-kernel@vger.kernel.org, kvm@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Erdem Aktas Adding a test to verify TDX lifecycle by creating a TD and running a dummy TDVMCALL inside it. Signed-off-by: Erdem Aktas Signed-off-by: Sagi Shahar Signed-off-by: Ryan Afranji --- tools/testing/selftests/kvm/Makefile | 1 + tools/testing/selftests/kvm/lib/x86_64/tdx.h | 149 ++++++++++++++++++ .../selftests/kvm/x86_64/tdx_vm_tests.c | 104 ++++++++++++ 3 files changed, 254 insertions(+) create mode 100644 tools/testing/selftests/kvm/x86_64/tdx_vm_tests.c diff --git a/tools/testing/selftests/kvm/Makefile b/tools/testing/selftests/kvm/Makefile index ad4d60dadc06..208e0cc30048 100644 --- a/tools/testing/selftests/kvm/Makefile +++ b/tools/testing/selftests/kvm/Makefile @@ -140,6 +140,7 @@ TEST_GEN_PROGS_x86_64 += set_memory_region_test TEST_GEN_PROGS_x86_64 += steal_time TEST_GEN_PROGS_x86_64 += kvm_binary_stats_test TEST_GEN_PROGS_x86_64 += system_counter_offset_test +TEST_GEN_PROGS_x86_64 += x86_64/tdx_vm_tests # Compiled outputs used by test targets TEST_GEN_PROGS_EXTENDED_x86_64 += x86_64/nx_huge_pages_test diff --git a/tools/testing/selftests/kvm/lib/x86_64/tdx.h b/tools/testing/selftests/kvm/lib/x86_64/tdx.h index 61b997dfc420..d5de52657112 100644 --- a/tools/testing/selftests/kvm/lib/x86_64/tdx.h +++ b/tools/testing/selftests/kvm/lib/x86_64/tdx.h @@ -51,6 +51,12 @@ #define _PAGE_RW (1UL<<1) /* writeable */ #define _PAGE_PS (1UL<<7) /* page size bit*/ +#define TDX_INSTRUCTION_IO 30 + +#define TDX_SUCCESS_PORT 0x30 +#define TDX_IO_READ 0 +#define TDX_IO_WRITE 1 + #define GDT_ENTRY(flags, base, limit) \ ((((base) & 0xff000000ULL) << (56-24)) | \ (((flags) & 0x0000f0ffULL) << 40) | \ @@ -83,4 +89,147 @@ void prepare_source_image(struct kvm_vm *vm, void *guest_code, size_t guest_code_size, uint64_t guest_code_signature); +/* + * Generic TDCALL function that can be used to communicate with TDX module or + * VMM. + * Input operands: rax, rbx, rcx, rdx, r8-r15, rbp, rsi, rdi + * Output operands: rax, r8-r15, rbx, rdx, rdi, rsi + * rcx is actually a bitmap to tell TDX module which register values will be + * exposed to the VMM. + * XMM0-XMM15 registers can be used as input operands but the current + * implementation does not support it yet. + */ +static inline void tdcall(struct kvm_regs *regs) +{ + asm volatile ( + "mov %13, %%rax;\n\t" + "mov %14, %%rbx;\n\t" + "mov %15, %%rcx;\n\t" + "mov %16, %%rdx;\n\t" + "mov %17, %%r8;\n\t" + "mov %18, %%r9;\n\t" + "mov %19, %%r10;\n\t" + "mov %20, %%r11;\n\t" + "mov %21, %%r12;\n\t" + "mov %22, %%r13;\n\t" + "mov %23, %%r14;\n\t" + "mov %24, %%r15;\n\t" + "mov %25, %%rbp;\n\t" + "mov %26, %%rsi;\n\t" + "mov %27, %%rdi;\n\t" + ".byte 0x66, 0x0F, 0x01, 0xCC;\n\t" + "mov %%rax, %0;\n\t" + "mov %%rbx, %1;\n\t" + "mov %%rdx, %2;\n\t" + "mov %%r8, %3;\n\t" + "mov %%r9, %4;\n\t" + "mov %%r10, %5;\n\t" + "mov %%r11, %6;\n\t" + "mov %%r12, %7;\n\t" + "mov %%r13, %8;\n\t" + "mov %%r14, %9;\n\t" + "mov %%r15, %10;\n\t" + "mov %%rsi, %11;\n\t" + "mov %%rdi, %12;\n\t" + : "=m" (regs->rax), "=m" (regs->rbx), "=m" (regs->rdx), + "=m" (regs->r8), "=m" (regs->r9), "=m" (regs->r10), + "=m" (regs->r11), "=m" (regs->r12), "=m" (regs->r13), + "=m" (regs->r14), "=m" (regs->r15), "=m" (regs->rsi), + "=m" (regs->rdi) + : "m" (regs->rax), "m" (regs->rbx), "m" (regs->rcx), + "m" (regs->rdx), "m" (regs->r8), "m" (regs->r9), + "m" (regs->r10), "m" (regs->r11), "m" (regs->r12), + "m" (regs->r13), "m" (regs->r14), "m" (regs->r15), + "m" (regs->rbp), "m" (regs->rsi), "m" (regs->rdi) + : "rax", "rbx", "rcx", "rdx", "r8", "r9", "r10", "r11", + "r12", "r13", "r14", "r15", "rbp", "rsi", "rdi"); +} + + +/* + * Do a TDVMCALL IO request + * + * Input Args: + * port - IO port to do read/write + * size - Number of bytes to read/write. 1=1byte, 2=2bytes, 4=4bytes. + * write - 1=IO write 0=IO read + * data - pointer for the data to write + * + * Output Args: + * data - pointer for data to be read + * + * Return: + * On success, return 0. For Invalid-IO-Port error, returns -1. + * + * Does an IO operation using the following tdvmcall interface. + * + * TDG.VP.VMCALL-Input Operands + * R11 30 for IO + * + * R12 Size of access. 1=1byte, 2=2bytes, 4=4bytes. + * R13 Direction. 0=Read, 1=Write. + * R14 Port number + * R15 Data to write, if R13 is 1. + * + * TDG.VP.VMCALL-Output Operands + * R10 TDG.VP.VMCALL-return code. + * R11 Data to read, if R13 is 0. + * + * TDG.VP.VMCALL-Status Codes + * Error Code Value Description + * TDG.VP.VMCALL_SUCCESS 0x0 TDG.VP.VMCALL is successful + * TDG.VP.VMCALL_INVALID_OPERAND 0x80000000 00000000 Invalid-IO-Port access + */ +static inline uint64_t tdvmcall_io(uint64_t port, uint64_t size, + uint64_t write, uint64_t *data) +{ + struct kvm_regs regs; + + memset(®s, 0, sizeof(regs)); + regs.r11 = TDX_INSTRUCTION_IO; + regs.r12 = size; + regs.r13 = write; + regs.r14 = port; + if (write) { + regs.r15 = *data; + regs.rcx = 0xFC00; + } else { + regs.rcx = 0x7C00; + } + tdcall(®s); + if (!write) + *data = regs.r11; + return regs.r10; +} + +/* + * Report test success to user space. + */ +static inline void tdvmcall_success(void) +{ + uint64_t code = 0; + + tdvmcall_io(TDX_SUCCESS_PORT, /*size=*/4, TDX_IO_WRITE, &code); +} + + +#define TDX_FUNCTION_SIZE(name) ((uint64_t)&__stop_sec_ ## name -\ + (uint64_t)&__start_sec_ ## name) \ + +#define TDX_GUEST_FUNCTION__(name, section_name) \ +extern char *__start_sec_ ## name ; \ +extern char *__stop_sec_ ## name ; \ +static void \ +__attribute__((__flatten__, section(section_name))) name(void *arg) + + +#define STRINGIFY2(x) #x +#define STRINGIFY(x) STRINGIFY2(x) +#define CONCAT2(a, b) a##b +#define CONCAT(a, b) CONCAT2(a, b) + + +#define TDX_GUEST_FUNCTION(name) \ +TDX_GUEST_FUNCTION__(name, STRINGIFY(CONCAT(sec_, name))) + #endif // KVM_LIB_TDX_H_ diff --git a/tools/testing/selftests/kvm/x86_64/tdx_vm_tests.c b/tools/testing/selftests/kvm/x86_64/tdx_vm_tests.c new file mode 100644 index 000000000000..590e45aa7570 --- /dev/null +++ b/tools/testing/selftests/kvm/x86_64/tdx_vm_tests.c @@ -0,0 +1,104 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include +#include +#include +#include "../lib/x86_64/tdx.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define CHECK_GUEST_COMPLETION(VCPU) \ + (TEST_ASSERT( \ + ((VCPU)->run->exit_reason == KVM_EXIT_IO) && \ + ((VCPU)->run->io.port == TDX_SUCCESS_PORT) && \ + ((VCPU)->run->io.size == 4) && \ + ((VCPU)->run->io.direction == TDX_IO_WRITE), \ + "Unexpected exit values while waiting for test complition: %u (%s) %d %d %d\n", \ + (VCPU)->run->exit_reason, exit_reason_str((VCPU)->run->exit_reason), \ + (VCPU)->run->io.port, (VCPU)->run->io.size, (VCPU)->run->io.direction)) + +/* + * There might be multiple tests we are running and if one test fails, it will + * prevent the subsequent tests to run due to how tests are failing with + * TEST_ASSERT function. The run_in_new_process function will run a test in a + * new process context and wait for it to finish or fail to prevent TEST_ASSERT + * to kill the main testing process. + */ +void run_in_new_process(void (*func)(void)) +{ + if (fork() == 0) { + func(); + exit(0); + } + wait(NULL); +} + +/* + * Verify that the TDX is supported by the KVM. + */ +bool is_tdx_enabled(void) +{ + return !!(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_TDX_VM)); +} + +/* + * Do a dummy io exit to verify that the TD has been initialized correctly and + * guest can run some code inside. + */ +TDX_GUEST_FUNCTION(guest_dummy_exit) +{ + tdvmcall_success(); +} + +/* + * TD lifecycle test will create a TD which runs a dumy IO exit to verify that + * the guest TD has been created correctly. + */ +void verify_td_lifecycle(void) +{ + struct kvm_vcpu *vcpu; + struct kvm_vm *vm; + + printf("Verifying TD lifecycle:\n"); + /* Create a TD VM with no memory.*/ + vm = vm_create_tdx(); + + /* Allocate TD guest memory and initialize the TD.*/ + initialize_td(vm); + + /* Initialize the TD vcpu and copy the test code to the guest memory.*/ + vcpu = vm_vcpu_add_tdx(vm, 0); + + /* Setup and initialize VM memory */ + prepare_source_image(vm, guest_dummy_exit, + TDX_FUNCTION_SIZE(guest_dummy_exit), 0); + finalize_td_memory(vm); + + vcpu_run(vcpu); + CHECK_GUEST_COMPLETION(vcpu); + + kvm_vm_free(vm); + printf("\t ... PASSED\n"); +} + +int main(int argc, char **argv) +{ + if (!is_tdx_enabled()) { + print_skip("TDX is not supported by the KVM"); + exit(KSFT_SKIP); + } + + run_in_new_process(&verify_td_lifecycle); + + return 0; +} -- 2.37.2.789.g6183377224-goog