From nobody Sun Feb 8 07:07:48 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1667390405; cv=none; d=zohomail.com; s=zohoarc; b=P49RmNITyBOSvA42gjieaeagLbnsQaJCcAiFWd0QW4zQPcW1nQQj1ZQbIzc7u78Fqzhd/dhfTZHXTS5bBX0Fe8OMSOiFZGDacX5A3/oxih75GQqId4Avgtsq/+DUuVmJUNTS5zh6XczQ99VQljG0XCzu6e5i2dor3MkgM23dmYI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667390405; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=reDonJEk6lLzFi2K95aKhJJUqB0+UFrSkeyDpO8ZKMo=; b=nL5b8d8NIRzARRFENNH52Ec04rWZxsU4+786flxek64tz+XCt1XZ/bhbTt/mdSzXiPQ74jHMmRtib4uQVdZ3UN+VX0mJ79tC6lZDsUl78fy/6Vibo3nNYr9rXtv4HJO7krhNydbqrIGDcrp3d+K3UlCSqAgP8Xmn7WN8z9Zs3zc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 166739040556921.130629198222778; Wed, 2 Nov 2022 05:00:05 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-629-9i7pOoWmOGeRQEHsVn8wfg-1; Wed, 02 Nov 2022 07:59:19 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 16C7D3C10170; Wed, 2 Nov 2022 11:59:14 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 027B440C6EE9; Wed, 2 Nov 2022 11:59:14 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id D3CC11946A52; Wed, 2 Nov 2022 11:59:13 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 851981946597 for ; Wed, 2 Nov 2022 11:59:12 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 6B278111CB8B; Wed, 2 Nov 2022 11:59:12 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.154]) by smtp.corp.redhat.com (Postfix) with ESMTP id D027C1121339; Wed, 2 Nov 2022 11:59:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1667390404; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=reDonJEk6lLzFi2K95aKhJJUqB0+UFrSkeyDpO8ZKMo=; b=fBC7+oJxCPTTsTyla/HjI+6VfznPOJxPDdr59tyeSsywGH/Ep4lUmoR9oxAU0ePBRoEq2w rt33Vsk51Q1WVeoFX1skzL/or406Se4Z4InX7iq7j/tmCuTDj/0nCIWUSChZvUODN1iEgo liPfx6qzlcdQjVHITtEcUoNe366hSBM= X-MC-Unique: 9i7pOoWmOGeRQEHsVn8wfg-1 X-Original-To: libvir-list@listman.corp.redhat.com From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH v3 11/12] scripts: add systemtap script for capturing SEV-ES VMSA Date: Wed, 2 Nov 2022 11:59:00 +0000 Message-Id: <20221102115901.823636-12-berrange@redhat.com> In-Reply-To: <20221102115901.823636-1-berrange@redhat.com> References: <20221102115901.823636-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1667390407225100001 In general we expect to be able to construct a SEV-ES VMSA blob from knowledge about the AMD achitectural CPU register defaults, KVM setup and QEMU setup. If any of this unexpectedly changes, figuring out what's wrong could be horrible. This systemtap script demonstrates how to capture the real VMSA that is used for a SEV-ES as it is booted. The captured data can be fed into the 'sevctl vmsa show' command in order to produce formatted info with named registers, allowing a 'diff' to be performed. This script will need updating for any kernel version that is not 6.0, to set the correct line numbers. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: J=C3=A1n Tomko --- examples/systemtap/amd-sev-es-vmsa.stp | 48 ++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 examples/systemtap/amd-sev-es-vmsa.stp diff --git a/examples/systemtap/amd-sev-es-vmsa.stp b/examples/systemtap/am= d-sev-es-vmsa.stp new file mode 100644 index 0000000000..551ed739b7 --- /dev/null +++ b/examples/systemtap/amd-sev-es-vmsa.stp @@ -0,0 +1,48 @@ +#!/usr/bin/stap +# +# Copyright (C) 2022 Red Hat, Inc. +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see +# . +# +# A script that captures the VMSA blob for the boot vCPU and +# first additional vCPU, when a KVM guest is booted with SEV-ES +# +# The captured VMSA will be printed to the console in hex format, +# and can be converted to the required binary format by feeding +# it through +# +# perl -e 'while (<>) { print pack("C64", map { hex($_) } ( $_ =3D~ m/../g= )); }' > vmsa.bin +# + +probe begin { + printf("Running\n") +} + +function dump_vmsa(addr:long) { + printf("VMSA\n") + for (i =3D 0; i < 4096 ; i+=3D 64) { + printf("%.64M\n", addr + i); + } +} + +# This line number will need to be updated for the specific kernel +# version that is being probed. The line that needs to be targetted +# is the one beween the call to clflush_cache_range(...) and the +# call to sev_issue_cmd(kvm, SEV_CMD_LAUNCH_UPDATE...). +# +# Line 632 is correct for Linux v6.0 +probe module("kvm_amd").statement("__sev_launch_update_vmsa@arch/x86/kvm/s= vm/sev.c:632") { + dump_vmsa($svm->vmsa) +} --=20 2.37.3