From nobody Mon Feb 9 19:31:03 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1667832131; cv=none; d=zohomail.com; s=zohoarc; b=HN9nN1bCPzS188Hgk9T7sW4pSeRDM1zPIMdVSKjorsbyjsGcKE/MWotYQ9hMS6G0tMdPp1PJua8tXdXI+DVRM8lPAdwudKVggisCj6oIp3s/abepaTlvg9r82EBN4xzEGWoJ7jhmrhX+wkeisLejW2iyGPiC/F96y0VL+AWd1CA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667832131; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=CCjziqOwaRQ+N/5QSdWc294OPH9/QNqKQeTNwSJJ/io=; b=GQ8Q9LhdWT03IPrbTz/YNEG0rlEktycYzyTdRxDiDZEEcICZ3FuSUv55fqcs7VTQUuyOcGsKOv20IZiuUWVHQN5rKOeWJMLW4SrMezgwcqBlWd2eRwxqtOVPYJLcKxlpvxgTU6uMLt21SVSRGybC9zxpwL8r4NT21wiR1jS3KDg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1667832131907631.2622462660659; Mon, 7 Nov 2022 06:42:11 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-385-6nTvVmzcMrqZQXWqFOMlag-1; Mon, 07 Nov 2022 09:42:07 -0500 Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D3C971012464; Mon, 7 Nov 2022 14:42:02 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id BE7954B400F; Mon, 7 Nov 2022 14:42:02 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 99C211946A50; Mon, 7 Nov 2022 14:41:45 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id B1F5719465A0 for ; Mon, 7 Nov 2022 14:41:39 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id AD19D40C83AD; Mon, 7 Nov 2022 14:41:39 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.58]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1236940C2064; Mon, 7 Nov 2022 14:41:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1667832130; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=CCjziqOwaRQ+N/5QSdWc294OPH9/QNqKQeTNwSJJ/io=; b=VrPUSwNysrsM/TC9ztBTB6qbE+ilO6NWyCbYp7IZuf3hDH9vbLeFeda0Qs6UdZjTS/R9fv i6qwrIZbsPammL9u8XHuvpaJaxCmSK+2JD7QDRkJ+fcz2ehBiWvSw+kcbvhLeHuOG15xr1 SAhaTohwn3fn5Uv5M2VnvkARYMTR3SY= X-MC-Unique: 6nTvVmzcMrqZQXWqFOMlag-1 X-Original-To: libvir-list@listman.corp.redhat.com From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH v4 11/12] scripts: add systemtap script for capturing SEV-ES VMSA Date: Mon, 7 Nov 2022 14:41:26 +0000 Message-Id: <20221107144127.973324-12-berrange@redhat.com> In-Reply-To: <20221107144127.973324-1-berrange@redhat.com> References: <20221107144127.973324-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?UTF-8?q?J=C3=A1n=20Tomko?= Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1667832132616100001 In general we expect to be able to construct a SEV-ES VMSA blob from knowledge about the AMD achitectural CPU register defaults, KVM setup and QEMU setup. If any of this unexpectedly changes, figuring out what's wrong could be horrible. This systemtap script demonstrates how to capture the real VMSA that is used for a SEV-ES as it is booted. The captured data can be fed into the 'sevctl vmsa show' command in order to produce formatted info with named registers, allowing a 'diff' to be performed. This script will need updating for any kernel version that is not 6.0, to set the correct line numbers. Reviewed-by: J=C3=A1n Tomko Signed-off-by: Daniel P. Berrang=C3=A9 --- examples/systemtap/amd-sev-es-vmsa.stp | 48 ++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 examples/systemtap/amd-sev-es-vmsa.stp diff --git a/examples/systemtap/amd-sev-es-vmsa.stp b/examples/systemtap/am= d-sev-es-vmsa.stp new file mode 100644 index 0000000000..551ed739b7 --- /dev/null +++ b/examples/systemtap/amd-sev-es-vmsa.stp @@ -0,0 +1,48 @@ +#!/usr/bin/stap +# +# Copyright (C) 2022 Red Hat, Inc. +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see +# . +# +# A script that captures the VMSA blob for the boot vCPU and +# first additional vCPU, when a KVM guest is booted with SEV-ES +# +# The captured VMSA will be printed to the console in hex format, +# and can be converted to the required binary format by feeding +# it through +# +# perl -e 'while (<>) { print pack("C64", map { hex($_) } ( $_ =3D~ m/../g= )); }' > vmsa.bin +# + +probe begin { + printf("Running\n") +} + +function dump_vmsa(addr:long) { + printf("VMSA\n") + for (i =3D 0; i < 4096 ; i+=3D 64) { + printf("%.64M\n", addr + i); + } +} + +# This line number will need to be updated for the specific kernel +# version that is being probed. The line that needs to be targetted +# is the one beween the call to clflush_cache_range(...) and the +# call to sev_issue_cmd(kvm, SEV_CMD_LAUNCH_UPDATE...). +# +# Line 632 is correct for Linux v6.0 +probe module("kvm_amd").statement("__sev_launch_update_vmsa@arch/x86/kvm/s= vm/sev.c:632") { + dump_vmsa($svm->vmsa) +} --=20 2.37.3