xref: /linux/tools/testing/selftests/kvm/x86/sev_init2_tests.c (revision 25489a4f556414445d342951615178368ee45cde) 
1 // SPDX-License-Identifier: GPL-2.0-only
2 #include <linux/kvm.h>
3 #include <linux/psp-sev.h>
4 #include <stdio.h>
5 #include <sys/ioctl.h>
6 #include <stdlib.h>
7 #include <errno.h>
8 #include <pthread.h>
9 
10 #include "test_util.h"
11 #include "kvm_util.h"
12 #include "processor.h"
13 #include "svm_util.h"
14 #include "kselftest.h"
15 
16 #define SVM_SEV_FEAT_DEBUG_SWAP 32u
17 
18 /*
19  * Some features may have hidden dependencies, or may only work
20  * for certain VM types.  Err on the side of safety and don't
21  * expect that all supported features can be passed one by one
22  * to KVM_SEV_INIT2.
23  *
24  * (Well, right now there's only one...)
25  */
26 #define KNOWN_FEATURES SVM_SEV_FEAT_DEBUG_SWAP
27 
28 int kvm_fd;
29 u64 supported_vmsa_features;
30 bool have_sev_es;
31 bool have_snp;
32 
33 static int __sev_ioctl(int vm_fd, int cmd_id, void *data)
34 {
35 	struct kvm_sev_cmd cmd = {
36 		.id = cmd_id,
37 		.data = (uint64_t)data,
38 		.sev_fd = open_sev_dev_path_or_exit(),
39 	};
40 	int ret;
41 
42 	ret = ioctl(vm_fd, KVM_MEMORY_ENCRYPT_OP, &cmd);
43 	TEST_ASSERT(ret < 0 || cmd.error == SEV_RET_SUCCESS,
44 		    "%d failed: fw error: %d\n",
45 		    cmd_id, cmd.error);
46 
47 	return ret;
48 }
49 
50 static void test_init2(unsigned long vm_type, struct kvm_sev_init *init)
51 {
52 	struct kvm_vm *vm;
53 	int ret;
54 
55 	vm = vm_create_barebones_type(vm_type);
56 	ret = __sev_ioctl(vm->fd, KVM_SEV_INIT2, init);
57 	TEST_ASSERT(ret == 0,
58 		    "KVM_SEV_INIT2 return code is %d (expected 0), errno: %d",
59 		    ret, errno);
60 	kvm_vm_free(vm);
61 }
62 
63 static void test_init2_invalid(unsigned long vm_type, struct kvm_sev_init *init, const char *msg)
64 {
65 	struct kvm_vm *vm;
66 	int ret;
67 
68 	vm = vm_create_barebones_type(vm_type);
69 	ret = __sev_ioctl(vm->fd, KVM_SEV_INIT2, init);
70 	TEST_ASSERT(ret == -1 && errno == EINVAL,
71 		    "KVM_SEV_INIT2 should fail, %s.",
72 		    msg);
73 	kvm_vm_free(vm);
74 }
75 
76 void test_vm_types(void)
77 {
78 	test_init2(KVM_X86_SEV_VM, &(struct kvm_sev_init){});
79 
80 	/*
81 	 * TODO: check that unsupported types cannot be created.  Probably
82 	 * a separate selftest.
83 	 */
84 	if (have_sev_es)
85 		test_init2(KVM_X86_SEV_ES_VM, &(struct kvm_sev_init){});
86 
87 	if (have_snp)
88 		test_init2(KVM_X86_SNP_VM, &(struct kvm_sev_init){});
89 
90 	test_init2_invalid(0, &(struct kvm_sev_init){},
91 			   "VM type is KVM_X86_DEFAULT_VM");
92 	if (kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SW_PROTECTED_VM))
93 		test_init2_invalid(KVM_X86_SW_PROTECTED_VM, &(struct kvm_sev_init){},
94 				   "VM type is KVM_X86_SW_PROTECTED_VM");
95 }
96 
97 void test_flags(uint32_t vm_type)
98 {
99 	int i;
100 
101 	for (i = 0; i < 32; i++)
102 		test_init2_invalid(vm_type,
103 			&(struct kvm_sev_init){ .flags = BIT(i) },
104 			"invalid flag");
105 }
106 
107 void test_features(uint32_t vm_type, uint64_t supported_features)
108 {
109 	int i;
110 
111 	for (i = 0; i < 64; i++) {
112 		if (!(supported_features & BIT_ULL(i)))
113 			test_init2_invalid(vm_type,
114 				&(struct kvm_sev_init){ .vmsa_features = BIT_ULL(i) },
115 				"unknown feature");
116 		else if (KNOWN_FEATURES & BIT_ULL(i))
117 			test_init2(vm_type,
118 				&(struct kvm_sev_init){ .vmsa_features = BIT_ULL(i) });
119 	}
120 }
121 
122 int main(int argc, char *argv[])
123 {
124 	int kvm_fd = open_kvm_dev_path_or_exit();
125 	bool have_sev;
126 
127 	TEST_REQUIRE(__kvm_has_device_attr(kvm_fd, KVM_X86_GRP_SEV,
128 					   KVM_X86_SEV_VMSA_FEATURES) == 0);
129 	kvm_device_attr_get(kvm_fd, KVM_X86_GRP_SEV,
130 			    KVM_X86_SEV_VMSA_FEATURES,
131 			    &supported_vmsa_features);
132 
133 	have_sev = kvm_cpu_has(X86_FEATURE_SEV);
134 	TEST_ASSERT(have_sev == !!(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SEV_VM)),
135 		    "sev: KVM_CAP_VM_TYPES (%x) does not match cpuid (checking %x)",
136 		    kvm_check_cap(KVM_CAP_VM_TYPES), 1 << KVM_X86_SEV_VM);
137 
138 	TEST_REQUIRE(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SEV_VM));
139 	have_sev_es = kvm_cpu_has(X86_FEATURE_SEV_ES);
140 
141 	TEST_ASSERT(have_sev_es == !!(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SEV_ES_VM)),
142 		    "sev-es: KVM_CAP_VM_TYPES (%x) does not match cpuid (checking %x)",
143 		    kvm_check_cap(KVM_CAP_VM_TYPES), 1 << KVM_X86_SEV_ES_VM);
144 
145 	have_snp = kvm_cpu_has(X86_FEATURE_SEV_SNP);
146 	TEST_ASSERT(have_snp == !!(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SNP_VM)),
147 		    "sev-snp: KVM_CAP_VM_TYPES (%x) indicates SNP support (bit %d), but CPUID does not",
148 		    kvm_check_cap(KVM_CAP_VM_TYPES), KVM_X86_SNP_VM);
149 
150 	test_vm_types();
151 
152 	test_flags(KVM_X86_SEV_VM);
153 	if (have_sev_es)
154 		test_flags(KVM_X86_SEV_ES_VM);
155 	if (have_snp)
156 		test_flags(KVM_X86_SNP_VM);
157 
158 	test_features(KVM_X86_SEV_VM, 0);
159 	if (have_sev_es)
160 		test_features(KVM_X86_SEV_ES_VM, supported_vmsa_features);
161 	if (have_snp)
162 		test_features(KVM_X86_SNP_VM, supported_vmsa_features);
163 
164 	return 0;
165 }
166