Re: [kvm-unit-tests PATCH v3 17/17] x86 AMD SEV-ES: Add test cases

[Paolo Bonzini <pbonzini@xxxxxxxxxx>]

On 18/10/21 13:47, Varad Gautam wrote:
> Hi Zixuan,
>
> On 10/4/21 10:49 PM, Zixuan Wang wrote:
> > From: Zixuan Wang <zixuanwang@xxxxxxxxxx>
> >
> > SEV-ES introduces #VC handler for guest/host communications, e.g.,
> > accessing MSR, executing CPUID. This commit provides test cases to check
> > if SEV-ES is enabled and if rdmsr/wrmsr are handled correctly in SEV-ES.
> >
> > Signed-off-by: Zixuan Wang <zixuanwang@xxxxxxxxxx>
> > ---
> >   x86/amd_sev.c | 30 ++++++++++++++++++++++++++++++
> >   1 file changed, 30 insertions(+)
> >
> > diff --git a/x86/amd_sev.c b/x86/amd_sev.c
> > index a07a48f..21a491c 100644
> > --- a/x86/amd_sev.c
> > +++ b/x86/amd_sev.c
> > @@ -13,6 +13,7 @@
> >   #include "libcflat.h"
> >   #include "x86/processor.h"
> >   #include "x86/amd_sev.h"
> > +#include "msr.h"
> >   
> >   #define EXIT_SUCCESS 0
> >   #define EXIT_FAILURE 1
> > @@ -55,10 +56,39 @@ static int test_sev_activation(void)
> >   	return EXIT_SUCCESS;
> >   }
> >   
> > +static int test_sev_es_activation(void)
> > +{
> > +	if (!(rdmsr(MSR_SEV_STATUS) & SEV_ES_ENABLED_MASK)) {
> > +		return EXIT_FAILURE;
> > +	}
> > +
> > +	return EXIT_SUCCESS;
> > +}
> > +
> > +static int test_sev_es_msr(void)
> > +{
> > +	/*
> > +	 * With SEV-ES, rdmsr/wrmsr trigger #VC exception. If #VC is handled
> > +	 * correctly, rdmsr/wrmsr should work like without SEV-ES and not crash
> > +	 * the guest VM.
> > +	 */
> > +	u64 val = 0x1234;
> > +	wrmsr(MSR_TSC_AUX, val);
> > +	if(val != rdmsr(MSR_TSC_AUX)) {
> > +		return EXIT_FAILURE;
>
> See note below.
>
> > +	}
> > +
> > +	return EXIT_SUCCESS;
> > +}
> > +
> >   int main(void)
> >   {
> >   	int rtn;
> >   	rtn = test_sev_activation();
> >   	report(rtn == EXIT_SUCCESS, "SEV activation test.");
> > +	rtn = test_sev_es_activation();
> > +	report(rtn == EXIT_SUCCESS, "SEV-ES activation test.");
> > +	rtn = test_sev_es_msr();
>
> There is nothing SEV-ES specific about this function, it only wraps
> rdmsr/wrmsr, which are supposed to generate #VC exceptions on SEV-ES.
> Since the same scenario can be covered by running the msr testcase
> as a SEV-ES guest and observing if it crashes, does testing
> rdmsr/wrmsr one more time here gain us any new information?
>
> Also, the function gets called from main() even if
> test_sev_es_activation() failed or SEV-ES was inactive.

Agreed, this patch is still a bit rough.  However, a very simple change 
to report whether SEV-ES is enabled is a good addition to x86/amd_sev.c

Paolo