This series introduces support for SNP features to KVM-Unit-Tests environment. Goal of this work is to use KUT to build and develop a test suite for KVM hypervisor with SEV-SNP support to test basic functionality as well as determine whether hypervisor can handle edge cases that a normal SNP guest otherwise wouldn't perform/request. These patches are rebased on top of [1] and are available at: https://github.com/pvpk1994/kvm-unit-tests-1/tree/SNP_RFC_v1 which is in-turn is rebased on top of kvm-unit-tests master tree (Commit: e96011b32944): https://gitlab.com/kvm-unit-tests/kvm-unit-tests ============ Patch layout ============ Patches 1-2: Provide MMIO access support to the APIC page by unsetting C-bit in guest page table for SEV-ES/SEV-SNP guest. Patch 3: Enables support for running SEV-SNP tests in UEFI environment. Patches 4-6: Enables support for SEV-SNP in KUT and provides an acitvation test to determine whether SEV-SNP has been enabled or not. Patch 7: Sets up a new page table to enable page allocation support in UEFI environment for SEV-SNP related tests that are introduced in this patchset. Patches 8-9: Enables support to perform page state changes (Private <=> Shared) using GHCB MSR protocol. Patches 10-11: Enables support to perform page state changes (Private <=> Shared) using GHCB NAE events. These tests support 2M and 4K pages. Patches 12-13: Introduces tests that perform page state conversions within a 2M range to demonstrate how hypervisor/qemu handle page state conversions that a regular SNP guest would not perform during its lifetime. ================================ Procedure to run this test-suite ================================ SEV-SNP KUT guest requires UEFI/OVMF to bootup. Information on how to run the SEV-SNP tests with UEFI support can be found in x86/efi/README.md introduced in this patchset. Use the following (Kernel, OVMF, QEMU) to run the SNP tests: Use qemu (SNP supported) that is listed here: https://github.com/AMDESE/qemu/tree/snp-latest (Commit: a4f571b72e03 at the time of writing) Use OVMF (SNP supported) available at: https://github.com/AMDESE/ovmf/tree/snp-latest (Commit: f992fee06f64 at the time of writing) Use SNP host kernel available at: https://github.com/AMDESE/linux/tree/snp-host-latest (Commit: f9b5bc22b945 at the time of writing) The following scripts can help build QEMU, OVMF, kernel: https://github.com/AMDESE/AMDSEV/tree/snp-latest (Commit: 111ad2cc8dfd at the time of writing) System can be configured as follows to run UEFI SNP tests: ./configure --enable-efi This will configure KUT to use #VC handler that it sets up once GHCB page is mapped. ./configure --enable-efi --amdsev-efi-vc The above configuration option will build KUT and let SNP test use #VC handler that is setup by OVMF throughout the lifetime of SNP guest. The SNP tests introduced in this patchset run well with both the above configuration options (--enable-efi & --enable-efi --amdsev-efi-vc). Once configured, SEV-SNP support can be tested as follows: export QEMU=/path/to/qemu-system-x86_64 export EFI_UEFI=/path/to/OVMF_CODE.fd export EFI_VARS=/path/to/OVMF_VARS.fd (if any) EFI_SNP=y ./x86/efi/run ./x86/amd_sev.efi NOTE: Ensure the memory provided via "size=" above matches with the memory passed in x86/efi/run ($TEST_DIR/run -m 1G). Otherwise, QEMU will report about machine memory size mismatch with size of memory backend. ===== TODOs ===== * Introduce an edge case for when page size is 2MB, the page_state_change.cur_page must be incremented for each successful 4K page processed. (Documented in GHCB spec - Page State Change section) * Addition of more edge cases in Page state changes to ensure host/qemu handle these cases correctly. ========== References ========== [1] https://lore.kernel.org/all/20240411172944.23089-1-vsntk18@xxxxxxxxx/ Any feedback/review is very much appreciated! Pavan ----------------------------------------------------------------------- Pavan Kumar Paluri (13): x86/apic: Include asm/io.h and use those definitions to avoid duplication x86/apic: Add MMIO access support for SEV-ES/SNP guest with C-bit unset x86/efi: Add support for running tests with UEFI in SEV-SNP environment x86 AMD SEV-ES: Rename setup_amd_sev_es() to setup_vc_handler() x86 AMD SEV-SNP: Enable SEV-SNP support x86 AMD SEV-SNP: Add tests for presence of confidential computing blob x86 AMD SEV-ES: Set GHCB page attributes for a new page table x86 AMD SEV-SNP: Test Private->Shared Page state changes using GHCB MSR x86 AMD SEV-SNP: Test Shared->Private Page State Changes using GHCB MSR x86 AMD SEV-SNP: Change guest pages from Private->Shared using GHCB NAE x86 AMD SEV-SNP: Change guest pages from Shared->Private using GHCB NAE x86 AMD SEV-SNP: Test-1: Perform Intermix to 2M Private PSCs x86 AMD SEV-SNP: Test-2: Perform Intermix to 2M private to 2M shared PSCs lib/linux/efi.h | 1 + lib/x86/amd_sev.c | 22 +- lib/x86/amd_sev.h | 95 +++++- lib/x86/amd_sev_vc.c | 2 +- lib/x86/apic.c | 18 +- lib/x86/setup.c | 8 +- lib/x86/svm.h | 1 + lib/x86/vm.c | 6 + x86/amd_sev.c | 682 +++++++++++++++++++++++++++++++++++++++++++ x86/efi/README.md | 6 + x86/efi/run | 37 ++- 11 files changed, 858 insertions(+), 20 deletions(-) -- 2.34.1
