From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 875EDC54798 for ; Thu, 29 Feb 2024 08:31:15 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EE8FA6B009F; Thu, 29 Feb 2024 03:31:14 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id E985A6B00A0; Thu, 29 Feb 2024 03:31:14 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D86D86B00A1; Thu, 29 Feb 2024 03:31:14 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id CAC066B009F for ; Thu, 29 Feb 2024 03:31:14 -0500 (EST) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 92AC71C1599 for ; Thu, 29 Feb 2024 08:31:14 +0000 (UTC) X-FDA: 81844171668.24.597AB8B Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.16]) by imf23.hostedemail.com (Postfix) with ESMTP id 91B04140009 for ; Thu, 29 Feb 2024 08:31:11 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=K9dYnj1p; spf=none (imf23.hostedemail.com: domain of binbin.wu@linux.intel.com has no SPF policy when checking 192.198.163.16) smtp.mailfrom=binbin.wu@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1709195472; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=nsGWn/TTin7h9hW+ltxdBXv0MeYezI1nY9nBbsx4azc=; b=oEBZeevx5NkcMtaey+Y5Vh7ch86tGKEKwFBLEFXGXR6mWPRI7iH1UEZSJ49ARhZgCVil6A xS+EfAUrv0RKDzgfA3p16e/bnTfJcI/fIjBFNbtfAHxesOuaRIPEP/kecXL5Bwdm9oXgCm sUOALri2PqToCMx/IsQyHg0jJqMPuYU= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=K9dYnj1p; spf=none (imf23.hostedemail.com: domain of binbin.wu@linux.intel.com has no SPF policy when checking 192.198.163.16) smtp.mailfrom=binbin.wu@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1709195472; a=rsa-sha256; cv=none; b=5iBkw0QoUhcHo9htVTAAAKZu3MtMlg4bnXFDZ/zsjJRTlQZ9AzBXtn6DX7NJQvXlULWZEH Su4JwbDGurYcV/VWA8gGg9/D/YZfd38atZH+6mYv304mjle9XgTDc4g7E92lTtBGGPpSCU KXxKRvM0VDmGW+pnV5+VT+VYjsboOGc= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1709195471; x=1740731471; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=OWd4fYTux+hAijsOgcO4XFq2Ff+muAy39DNVb8ggNhg=; b=K9dYnj1pLZ9QhlESdstErgjsph0SH5PzJP61nRYTQAALPGLAnO1t0gNe amQd6FLL/unD2183F5DnLFcrozs11EmlCKFxfUn7uAWlwx9o1z2xlG2gH rdumqEPNvNtTBRvVPc3Vawpb8lFtvUMRH/MNbEF1asOj7itfKfgUY3iKS v45acpxES9GMo8/IkXSFaizY5c7J2IFxlLC7vwMexdvq3vFSuU8msg0B0 yQsk1K17AjgM7RnqYILqUASDazRV1snIRxRY5Xjs7lCwYZhEEZNSbpgHW 1gQzJT6s/TiHQdlRzlIzsSxsS4TYZU5CDFtqi4thYY+1J0QbJtuc/adXD w==; X-IronPort-AV: E=McAfee;i="6600,9927,10998"; a="4231410" X-IronPort-AV: E=Sophos;i="6.06,192,1705392000"; d="scan'208";a="4231410" Received: from fmviesa002.fm.intel.com ([10.60.135.142]) by fmvoesa110.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Feb 2024 00:31:09 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.06,192,1705392000"; d="scan'208";a="30923916" Received: from binbinwu-mobl.ccr.corp.intel.com (HELO [10.124.225.159]) ([10.124.225.159]) by fmviesa002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Feb 2024 00:31:04 -0800 Message-ID: <9ceaf8d8-383a-4989-b58e-727d70ed525b@linux.intel.com> Date: Thu, 29 Feb 2024 16:31:01 +0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [RFC PATCH v5 06/29] KVM: selftests: TDX: Use KVM_TDX_CAPABILITIES to validate TDs' attribute configuration To: Sagi Shahar Cc: linux-kselftest@vger.kernel.org, Ackerley Tng , Ryan Afranji , Erdem Aktas , Isaku Yamahata , Sean Christopherson , Paolo Bonzini , Shuah Khan , Peter Gonda , Haibo Xu , Chao Peng , Vishal Annapurve , Roger Wang , Vipin Sharma , jmattson@google.com, dmatlack@google.com, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-mm@kvack.org References: <20231212204647.2170650-1-sagis@google.com> <20231212204647.2170650-7-sagis@google.com> From: Binbin Wu In-Reply-To: <20231212204647.2170650-7-sagis@google.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 91B04140009 X-Rspam-User: X-Stat-Signature: rknjkijpdecipd9zisazsgu7a18b6mmd X-Rspamd-Server: rspam01 X-HE-Tag: 1709195471-484247 X-HE-Meta: U2FsdGVkX18akeclBea1trMZ7/lJRNkf8bxsaeNGZUXlnjyO/dhwnm0hM7x42iXxcvcINIYRS4+LFen2a21wOU9XFqz5PDO63tH2wH6kUObVvVdSSyGZTf3M5furJQSUH4kCsQaTfhS2aMDsu6lWpGr5benJIZ/iaw0EO/ukMlG/uaZEa8VaiIw8RGImWt73l0Bot4B1whN3yej/UjE9yFjd3Rrh4nfj2uxu7JET7wpsK/3sX0EWbz109vbwDgXlh3S9X6M4U0UIk8ALnN1zjZh79NUQI3VSSub/MAOYB9m9VD2/qzATT9th0KavLZOUfq/mTyj4Pp/mZnBvKEje46L6/tRWAbATcAiSt1xv2JX1P7/x3nUVW7KWazUSgHWwYUEsj+njM3wrae6f/ZN0zf/YrSIqYZoDKAOkDMN1/ArB8re98VKOdKaCDiprZM1dwDwauhma3MfyqGURUbkgy+7wJ7TXTYc8oUm7ubZ8GBdh/ULSF9vURVYjlYmmST/wPPCTRNvLNJmx1QzYFEaeN2VZCycLnSROKfN61q2pPUAWb/l0b+BpoQKFvJ4zlTE+yIQtlYkmdUc/CbZlA/DFGv3/YKFkjfG38rkWCLK3BjWlzwdc7LMlUynaL7U1u+jAkjA6Udx1n0k1IZn/FztvVWpse4+l1wywcKR0i9xPZpuJC816THt3aoueH9uckFjicfU8mODMQeNrQtuuOrV/2DrgT6ZMSKgTYLuvejAB73dKl9nQf4PowIxmvT0xZ9IFS/VEgDPHSAsOXQfH1xdJ8PJJmB2Qbny6z2q7da+a0EeD4jNIKOOSLjpGzXxy0hb8LJkKbJYTXmIqsFuLqSesGs952WcCE1yvAzalIO0D5z6PCHDEyFsjy+4MgVqn1ig17l4oW9TmaJJP8beANXAGsIkHptPXUfFh X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 12/13/2023 4:46 AM, Sagi Shahar wrote: > From: Ackerley Tng > > This also exercises the KVM_TDX_CAPABILITIES ioctl. > > Suggested-by: Isaku Yamahata > Signed-off-by: Ackerley Tng > Signed-off-by: Ryan Afranji > Signed-off-by: Sagi Shahar > --- > .../selftests/kvm/lib/x86_64/tdx/tdx_util.c | 69 ++++++++++++++++++- > 1 file changed, 66 insertions(+), 3 deletions(-) Nit: Can also dump 'supported_gpaw' in tdx_read_capabilities(). Reviewed-by: Binbin Wu > > diff --git a/tools/testing/selftests/kvm/lib/x86_64/tdx/tdx_util.c b/tools/testing/selftests/kvm/lib/x86_64/tdx/tdx_util.c > index 9b69c733ce01..6b995c3f6153 100644 > --- a/tools/testing/selftests/kvm/lib/x86_64/tdx/tdx_util.c > +++ b/tools/testing/selftests/kvm/lib/x86_64/tdx/tdx_util.c > @@ -27,10 +27,9 @@ static char *tdx_cmd_str[] = { > }; > #define TDX_MAX_CMD_STR (ARRAY_SIZE(tdx_cmd_str)) > > -static void tdx_ioctl(int fd, int ioctl_no, uint32_t flags, void *data) > +static int _tdx_ioctl(int fd, int ioctl_no, uint32_t flags, void *data) > { > struct kvm_tdx_cmd tdx_cmd; > - int r; > > TEST_ASSERT(ioctl_no < TDX_MAX_CMD_STR, "Unknown TDX CMD : %d\n", > ioctl_no); > @@ -40,11 +39,58 @@ static void tdx_ioctl(int fd, int ioctl_no, uint32_t flags, void *data) > tdx_cmd.flags = flags; > tdx_cmd.data = (uint64_t)data; > > - r = ioctl(fd, KVM_MEMORY_ENCRYPT_OP, &tdx_cmd); > + return ioctl(fd, KVM_MEMORY_ENCRYPT_OP, &tdx_cmd); > +} > + > +static void tdx_ioctl(int fd, int ioctl_no, uint32_t flags, void *data) > +{ > + int r; > + > + r = _tdx_ioctl(fd, ioctl_no, flags, data); > TEST_ASSERT(r == 0, "%s failed: %d %d", tdx_cmd_str[ioctl_no], r, > errno); > } > > +static struct kvm_tdx_capabilities *tdx_read_capabilities(struct kvm_vm *vm) > +{ > + int i; > + int rc = -1; > + int nr_cpuid_configs = 4; > + struct kvm_tdx_capabilities *tdx_cap = NULL; > + > + do { > + nr_cpuid_configs *= 2; > + > + tdx_cap = realloc( > + tdx_cap, sizeof(*tdx_cap) + > + nr_cpuid_configs * sizeof(*tdx_cap->cpuid_configs)); > + TEST_ASSERT(tdx_cap != NULL, > + "Could not allocate memory for tdx capability nr_cpuid_configs %d\n", > + nr_cpuid_configs); > + > + tdx_cap->nr_cpuid_configs = nr_cpuid_configs; > + rc = _tdx_ioctl(vm->fd, KVM_TDX_CAPABILITIES, 0, tdx_cap); > + } while (rc < 0 && errno == E2BIG); > + > + TEST_ASSERT(rc == 0, "KVM_TDX_CAPABILITIES failed: %d %d", > + rc, errno); > + > + pr_debug("tdx_cap: attrs: fixed0 0x%016llx fixed1 0x%016llx\n" > + "tdx_cap: xfam fixed0 0x%016llx fixed1 0x%016llx\n", > + tdx_cap->attrs_fixed0, tdx_cap->attrs_fixed1, > + tdx_cap->xfam_fixed0, tdx_cap->xfam_fixed1); > + > + for (i = 0; i < tdx_cap->nr_cpuid_configs; i++) { > + const struct kvm_tdx_cpuid_config *config = > + &tdx_cap->cpuid_configs[i]; > + pr_debug("cpuid config[%d]: leaf 0x%x sub_leaf 0x%x eax 0x%08x ebx 0x%08x ecx 0x%08x edx 0x%08x\n", > + i, config->leaf, config->sub_leaf, > + config->eax, config->ebx, config->ecx, config->edx); > + } > + > + return tdx_cap; > +} > + > #define XFEATURE_MASK_CET (XFEATURE_MASK_CET_USER | XFEATURE_MASK_CET_KERNEL) > > static void tdx_apply_cpuid_restrictions(struct kvm_cpuid2 *cpuid_data) > @@ -78,6 +124,21 @@ static void tdx_apply_cpuid_restrictions(struct kvm_cpuid2 *cpuid_data) > } > } > > +static void tdx_check_attributes(struct kvm_vm *vm, uint64_t attributes) > +{ > + struct kvm_tdx_capabilities *tdx_cap; > + > + tdx_cap = tdx_read_capabilities(vm); > + > + /* TDX spec: any bits 0 in attrs_fixed0 must be 0 in attributes */ > + TEST_ASSERT_EQ(attributes & ~tdx_cap->attrs_fixed0, 0); > + > + /* TDX spec: any bits 1 in attrs_fixed1 must be 1 in attributes */ > + TEST_ASSERT_EQ(attributes & tdx_cap->attrs_fixed1, tdx_cap->attrs_fixed1); > + > + free(tdx_cap); > +} > + > static void tdx_td_init(struct kvm_vm *vm, uint64_t attributes) > { > const struct kvm_cpuid2 *cpuid; > @@ -91,6 +152,8 @@ static void tdx_td_init(struct kvm_vm *vm, uint64_t attributes) > memset(init_vm, 0, sizeof(*init_vm)); > memcpy(&init_vm->cpuid, cpuid, kvm_cpuid2_size(cpuid->nent)); > > + tdx_check_attributes(vm, attributes); > + > init_vm->attributes = attributes; > > tdx_apply_cpuid_restrictions(&init_vm->cpuid);