lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <b7c4316a-1b00-521c-991a-57e1d105952f@amd.com>
Date: Thu, 11 Jul 2024 10:56:13 -0500
From: Tom Lendacky <thomas.lendacky@....com>
To: "Pratik R. Sampat" <pratikrajesh.sampat@....com>, kvm@...r.kernel.org
Cc: shuah@...nel.org, michael.roth@....com, seanjc@...gle.com,
 pbonzini@...hat.com, pgonda@...gle.com, linux-kselftest@...r.kernel.org,
 linux-kernel@...r.kernel.org
Subject: Re: [RFC 1/5] selftests: KVM: Add a basic SNP smoke test

On 7/10/24 17:05, Pratik R. Sampat wrote:
> Extend sev_smoke_test to also run a minimal SEV-SNP smoke test that
> initializes and sets up private memory regions required to run a simple
> SEV-SNP guest.
> 
> Similar to it's SEV-ES smoke test counterpart, this also does not support
> GHCB and ucall yet and uses the GHCB MSR protocol to trigger an exit of
> the type KVM_EXIT_SYSTEM_EVENT.
> 
> Also, decouple policy and type and require functions to provide both
> such that there is no assumption regarding the type using policy.
> 
> Signed-off-by: Pratik R. Sampat <pratikrajesh.sampat@....com>
> ---
>  .../selftests/kvm/include/x86_64/processor.h  |  1 +
>  .../selftests/kvm/include/x86_64/sev.h        | 29 ++++++++
>  tools/testing/selftests/kvm/lib/kvm_util.c    |  7 +-
>  .../selftests/kvm/lib/x86_64/processor.c      |  6 +-
>  tools/testing/selftests/kvm/lib/x86_64/sev.c  | 70 ++++++++++++++++++-
>  .../selftests/kvm/x86_64/sev_smoke_test.c     | 51 ++++++++++----
>  6 files changed, 146 insertions(+), 18 deletions(-)
> 
> diff --git a/tools/testing/selftests/kvm/include/x86_64/processor.h b/tools/testing/selftests/kvm/include/x86_64/processor.h
> index 8eb57de0b587..5683fc9794e4 100644
> --- a/tools/testing/selftests/kvm/include/x86_64/processor.h
> +++ b/tools/testing/selftests/kvm/include/x86_64/processor.h

> +
> +	if (kvm_cpu_has(X86_FEATURE_SNP) && is_kvm_snp_supported()) {
> +		test_sev(guest_snp_code, KVM_X86_SNP_VM, SNP_POLICY_SMT | SNP_POLICY_RSVD_MBO);
> +		/* Test minimum firmware level */
> +		test_sev(guest_snp_code, KVM_X86_SNP_VM,
> +			 SNP_POLICY_SMT | SNP_POLICY_RSVD_MBO |
> +			 (SNP_FW_REQ_VER_MAJOR * SNP_POLICY_ABI_MAJOR) |
> +			 (SNP_FW_REQ_VER_MINOR * SNP_POLICY_ABI_MINOR));

This seems an odd way of setting these fields. Maybe, instead, use a
couple of macros that take the values and shift appropriately and ensure
that they don't exceed the 8-bits each field occupies.

Thanks,
Tom

>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ