lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250228093024.114983-1-Neeraj.Upadhyay@amd.com>
Date: Fri, 28 Feb 2025 14:59:53 +0530
From: Neeraj Upadhyay <Neeraj.Upadhyay@....com>
To: <kvm@...r.kernel.org>, <seanjc@...gle.com>, <pbonzini@...hat.com>
CC: <linux-kernel@...r.kernel.org>, <Thomas.Lendacky@....com>,
	<nikunj@....com>, <Santosh.Shukla@....com>, <Vasant.Hegde@....com>,
	<Suravee.Suthikulpanit@....com>, <bp@...en8.de>, <David.Kaplan@....com>,
	<huibo.wang@....com>, <naveen.rao@....com>, <pgonda@...gle.com>,
	<linux-kselftest@...r.kernel.org>, <shuah@...nel.org>
Subject: [RFC PATCH 00/31] AMD: Add Secure AVIC KVM selftests

This series adds KVM selftests for Secure AVIC.

The Secure AVIC KVM support patch series is at:

https://lore.kernel.org/kvm/20250228085115.105648-1-Neeraj.Upadhyay@amd.com/T/#u  

Git tree is available at:

  https://github.com/AMDESE/linux-kvm/tree/savic-host-latest

This series depends on SNP Smoke tests patch series by Pratik:

https://lore.kernel.org/lkml/20250123220100.339867-1-prsampat@amd.com/

- Patch 1-6 are taken from Peter Gonda's patch series for GHCB support
  for SEV-ES guests. GHCB support for SNP guests is added to these
  patches.

  https://lore.kernel.org/lkml/Ziln_Spd6KtgVqkr@google.com/T/#m6c0fc7e2b2e35f71da67402036332afeed8c8021

  Patches 7-8 are fixes on top of Peter's series.

- Patch 9 fixes IDT vector for #VC exception (29) which has a valid
  error code associated with the exception.

- Patch 10 adds #VC exception handling for rdmsr/wrmsr accesses of
  SEV-ES guests.

- Patch 11 skips vm_is_gpa_protected() check for APIC MMIO base address
  in __virt_pg_map() for VMs with protected memory. This is required
  for xapic tests enablement for SEV VMs.

- Patch 12 and 13 are PoC patches to support MMIO #VC handling for SEV-ES
  guests. They add x86 instruction decoding support.

- Patch 14 adds #VC handling for MMIO accesses by SEV-ES guests.

- Patch 15 adds movabs instruction decoding for cases where compiler
  generates movabs for MMIO reads/writes.

- Patch 16 adds SEV guests testing support in xapic_state_test.

- Patch 17 adds x2apic mode support in xapic_ipi_test.

- Patch 18 adds SEV VMs support in xapic_ipi_test.

- Patch 19 adds a library for Secure AVIC backing page initialization
  and enabling Secure AVIC for a SNP guest.

- Patch 20 adds support for SVM_EXIT_AVIC_UNACCELERATED_ACCESS #VC
  exception handling for APIC msr reads/writes by Secure AVIC enabled
  VM.

- Patch 21 adds support for SVM_EXIT_AVIC_INCOMPLETE_IPI #VC error
  code handling for Secure AVIC enabled VM.

- Patch 22 adds args param to kvm_arch_vm_post_create() to pass
  vmsa features to KVM_SEV_INIT2 ioctl for SEV VMs.

- Patch 23 adds an api for passing guest APIC page GPA to Hypervisor.

- Patch 24 adds Secure AVIC VM support to xapic_ipi_test test.

- Patch 25 adds a test for verifying APIC regs MMIO/msr accesses
  for a Secure AVIC VM before it enables x2apic mode, in x2apic mode
  and after enabling Secure AVIC in the Secure AVIC control msr.

- Patch 26 adds a msr access test to verify accelerated/unaccelerated
  msr acceses for Secure AVIC enabled VM.

- Patch 27 tests idle hlt for Secure AVIC enabled VM.

- Patch 28 adds IOAPIC tests for Secure AVIC enabled VM.

- Patch 29 adds cross-vCPU IPI testing with various destination
  shorthands for Secure AVIC enabled VM. 

- Patch 30 adds Hypervisor NMI injection and cross-vCPU ICR based NMI
  for Secure AVIC enabled VM.

- Patch 31 adds MSI injection test for Secure AVIC enabled VM.
  
Neeraj Upadhyay (25):
  KVM: selftests: Fix ghcb_entry returned in ghcb_alloc()
  KVM: selftests: Make GHCB entry page size aligned
  KVM: selftests: Add support for #VC in x86 exception handlers
  KVM: selftests: Add MSR VC handling support for SEV-ES VMs
  KVM: selftests: Skip vm_is_gpa_protected() call for APIC MMIO base
  KVM: selftests: Add instruction decoding support
  KVM: selftests: Add instruction decoding support
  KVM: selftests: Add MMIO VC exception handling for SEV-ES guests
  KVM: selftests: Add instruction decoding for movabs instructions
  KVM: selftests: Add SEV guests support in xapic_state_test
  KVM: selftests: Add x2apic mode testing in xapic_ipi_test
  KVM: selftests: Add SEV VM support in xapic_ipi_test
  KVM: selftests: Add  Secure AVIC lib
  KVM: selftests: Add unaccelerated APIC msrs #VC handling
  KVM: selftests: Add IPI handling support for Secure AVIC
  KVM: selftests: Add args param to kvm_arch_vm_post_create()
  KVM: selftests: Add SAVIC GPA notification GHCB call
  KVM: selftests: Add Secure AVIC mode to xapic_ipi_test
  KVM: selftests: Add Secure AVIC APIC regs test
  KVM: selftests: Add test to verify APIC MSR accesses for SAVIC guest
  KVM: selftests: Extend savic test with idle halt testing
  KVM: selftests: Add IOAPIC tests for Secure AVIC
  KVM: selftests: Add cross-vCPU IPI testing for SAVIC guests
  KVM: selftests: Add NMI test for SAVIC guests
  KVM: selftests: Add MSI injection test for SAVIC

Peter Gonda (6):
  Add GHCB with setters and getters
  Add arch specific additional guest pages
  Add vm_vaddr_alloc_pages_shared()
  Add GHCB allocations and helpers
  Add is_sev_enabled() helpers
  Add ability for SEV-ES guests to use ucalls via GHCB

 tools/arch/x86/include/asm/msr-index.h        |    4 +-
 tools/testing/selftests/kvm/.gitignore        |    3 +-
 tools/testing/selftests/kvm/Makefile.kvm      |   16 +-
 .../testing/selftests/kvm/include/kvm_util.h  |   14 +-
 .../testing/selftests/kvm/include/x86/apic.h  |   57 +
 .../selftests/kvm/include/x86/ex_regs.h       |   21 +
 .../selftests/kvm/include/x86/insn-eval.h     |   48 +
 .../selftests/kvm/include/x86/processor.h     |   18 +-
 .../testing/selftests/kvm/include/x86/savic.h |   25 +
 tools/testing/selftests/kvm/include/x86/sev.h |   15 +
 tools/testing/selftests/kvm/include/x86/svm.h |  109 ++
 tools/testing/selftests/kvm/lib/kvm_util.c    |  109 +-
 .../testing/selftests/kvm/lib/x86/handlers.S  |    4 +-
 .../testing/selftests/kvm/lib/x86/insn-eval.c | 1726 +++++++++++++++++
 .../testing/selftests/kvm/lib/x86/processor.c |   24 +-
 tools/testing/selftests/kvm/lib/x86/savic.c   |  490 +++++
 tools/testing/selftests/kvm/lib/x86/sev.c     |  598 +++++-
 tools/testing/selftests/kvm/lib/x86/ucall.c   |   18 +
 tools/testing/selftests/kvm/s390/cmma_test.c  |    2 +-
 tools/testing/selftests/kvm/x86/savic_test.c  | 1549 +++++++++++++++
 .../selftests/kvm/x86/sev_smoke_test.c        |   40 +-
 .../selftests/kvm/x86/xapic_ipi_test.c        |  183 +-
 .../selftests/kvm/x86/xapic_state_test.c      |  117 +-
 23 files changed, 5084 insertions(+), 106 deletions(-)
 create mode 100644 tools/testing/selftests/kvm/include/x86/ex_regs.h
 create mode 100644 tools/testing/selftests/kvm/include/x86/insn-eval.h
 create mode 100644 tools/testing/selftests/kvm/include/x86/savic.h
 create mode 100644 tools/testing/selftests/kvm/lib/x86/insn-eval.c
 create mode 100644 tools/testing/selftests/kvm/lib/x86/savic.c
 create mode 100644 tools/testing/selftests/kvm/x86/savic_test.c


base-commit: f7bafceba76e9ab475b413578c1757ee18c3e44b
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ