On 11/03/2020 23:53, Nadav Amit wrote:
On Mar 11, 2020, at 2:46 PM, Sean Christopherson <sean.j.christopherson@xxxxxxxxx> wrote:
On Wed, Mar 11, 2020 at 01:38:24PM -0700, Krish Sadhukhan wrote:
That being said, I don't understand the motivation for these tests. KVM
doesn't have any dedicated logic for checking guest segments, i.e. these
tests are validating hardware behavior, not KVM behavior. The validation
resources thrown at hardware dwarf what kvm-unit-tests can do, i.e. the
odds of finding a silicon bug are tiny, and the odds of such a bug being
exploitable aginst L0 are downright miniscule.
I see no reason for not including such tests. Liran said he uses
kvm-unit-test with WHPX, and I also use it in some non-KVM setups.
+1.
I admit I haven't read this thread at all but I wanted to point out
something I already told Paolo at KVM Forum:
kvm-unit-tests should be renamed to cpu-unit-tests. i.e. It should be
treated as a suite of unit-tests that verifies CPU behavior.
It doesn't matter if the CPU it runs on top of is Bare-Metal (As Nadav
runs it) or on top of a vCPU implementation (E.g. KVM, VirtualBox,
VMware, Hyper-V, whatever).
There are multiple reasons of why it should be treated like that:
* It allows us to verify that the unit-test indeed pass on a real CPU
and thus enforce on vCPU implementation a behavior that a real CPU
performs. Instead of what the unit-test author thought the CPU should
perform.
I have personally already made a mistake on this area when I wrote
the unit-test to verify KVM handling of INIT signal while vCPU is in VMX
root-mode. Nadav run the test on top of a Bare-Metal CPU and showed that
the unit-test fails and therefore should written otherwise.
* It allows, hopefully, for multiple hypervisor vendors to collaborate
on the same set of unit-tests. Sharing regression tests and helping each
other enforce correct vCPU behavior.
As Nadav have pointed out, I have used this technique already to run
the unit-tests on top of Hyper-V using WHPX. Which indeed revealed bugs
in Hyper-V.
Of course it was best if Intel would have shared their unit-tests for
CPU functionality (Sean? I'm looking at you :P), but I am not aware that
they did.
So cpu-unit-tests (Previously named kvm-unit-tests) should be our best
replacement for now.
This is also why I would wish that we will make sure that all unit-tests
enforcing CPU functionality will be written in cpu-unit-tests and not on
KVM selftests.
Only tests involving using KVM userspace API should be written in KVM
selftests suite.
-Liran
