[v5] Basic SEV-SNP Selftests

[PATCH v5 3/9] KVM: selftests: SEV-SNP test for KVM_SEV_INIT2

Posted by Pratik R. Sampat 6 days, 19 hours ago

Add the X86_FEATURE_SNP CPU feature to the architectural definition for
the SEV-SNP VM type to exercise the KVM_SEV_INIT2 call. Ensure that the
SNP test is skipped in scenarios where CPUID supports it but KVM does
not, preventing reporting of failure in such cases.

Signed-off-by: Pratik R. Sampat <prsampat@amd.com>
---
 tools/testing/selftests/kvm/include/x86/processor.h |  1 +
 tools/testing/selftests/kvm/x86/sev_init2_tests.c   | 13 +++++++++++++
 2 files changed, 14 insertions(+)

diff --git a/tools/testing/selftests/kvm/include/x86/processor.h b/tools/testing/selftests/kvm/include/x86/processor.h
index d60da8966772..1e05e610bb06 100644
--- a/tools/testing/selftests/kvm/include/x86/processor.h
+++ b/tools/testing/selftests/kvm/include/x86/processor.h
@@ -199,6 +199,7 @@ struct kvm_x86_cpu_feature {
 #define	X86_FEATURE_VGIF		KVM_X86_CPU_FEATURE(0x8000000A, 0, EDX, 16)
 #define X86_FEATURE_SEV			KVM_X86_CPU_FEATURE(0x8000001F, 0, EAX, 1)
 #define X86_FEATURE_SEV_ES		KVM_X86_CPU_FEATURE(0x8000001F, 0, EAX, 3)
+#define X86_FEATURE_SNP			KVM_X86_CPU_FEATURE(0x8000001F, 0, EAX, 4)
 
 /*
  * KVM defined paravirt features.
diff --git a/tools/testing/selftests/kvm/x86/sev_init2_tests.c b/tools/testing/selftests/kvm/x86/sev_init2_tests.c
index 3fb967f40c6a..3f8fb2cc3431 100644
--- a/tools/testing/selftests/kvm/x86/sev_init2_tests.c
+++ b/tools/testing/selftests/kvm/x86/sev_init2_tests.c
@@ -28,6 +28,7 @@
 int kvm_fd;
 u64 supported_vmsa_features;
 bool have_sev_es;
+bool have_snp;
 
 static int __sev_ioctl(int vm_fd, int cmd_id, void *data)
 {
@@ -83,6 +84,9 @@ void test_vm_types(void)
 	if (have_sev_es)
 		test_init2(KVM_X86_SEV_ES_VM, &(struct kvm_sev_init){});
 
+	if (have_snp)
+		test_init2(KVM_X86_SNP_VM, &(struct kvm_sev_init){});
+
 	test_init2_invalid(0, &(struct kvm_sev_init){},
 			   "VM type is KVM_X86_DEFAULT_VM");
 	if (kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SW_PROTECTED_VM))
@@ -138,15 +142,24 @@ int main(int argc, char *argv[])
 		    "sev-es: KVM_CAP_VM_TYPES (%x) does not match cpuid (checking %x)",
 		    kvm_check_cap(KVM_CAP_VM_TYPES), 1 << KVM_X86_SEV_ES_VM);
 
+	have_snp = kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SNP_VM);
+	TEST_ASSERT(!have_snp || kvm_cpu_has(X86_FEATURE_SNP),
+		    "sev-snp: KVM_CAP_VM_TYPES (%x) indicates SNP support (bit %d), but CPUID does not",
+		    kvm_check_cap(KVM_CAP_VM_TYPES), KVM_X86_SNP_VM);
+
 	test_vm_types();
 
 	test_flags(KVM_X86_SEV_VM);
 	if (have_sev_es)
 		test_flags(KVM_X86_SEV_ES_VM);
+	if (have_snp)
+		test_flags(KVM_X86_SNP_VM);
 
 	test_features(KVM_X86_SEV_VM, 0);
 	if (have_sev_es)
 		test_features(KVM_X86_SEV_ES_VM, supported_vmsa_features);
+	if (have_snp)
+		test_features(KVM_X86_SNP_VM, supported_vmsa_features);
 
 	return 0;
 }
-- 
2.43.0

Re: [PATCH v5 3/9] KVM: selftests: SEV-SNP test for KVM_SEV_INIT2

Posted by Nikunj A Dadhania 2 days, 5 hours ago

"Pratik R. Sampat" <prsampat@amd.com> writes:

> Add the X86_FEATURE_SNP CPU feature to the architectural definition for
> the SEV-SNP VM type to exercise the KVM_SEV_INIT2 call. Ensure that the
> SNP test is skipped in scenarios where CPUID supports it but KVM does
> not, preventing reporting of failure in such cases.
>
> Signed-off-by: Pratik R. Sampat <prsampat@amd.com>

With a minor nit below:

Reviewed-by: Nikunj A Dadhania <nikunj@amd.com>

> ---
>  tools/testing/selftests/kvm/include/x86/processor.h |  1 +
>  tools/testing/selftests/kvm/x86/sev_init2_tests.c   | 13 +++++++++++++
>  2 files changed, 14 insertions(+)
>
> diff --git a/tools/testing/selftests/kvm/include/x86/processor.h b/tools/testing/selftests/kvm/include/x86/processor.h
> index d60da8966772..1e05e610bb06 100644
> --- a/tools/testing/selftests/kvm/include/x86/processor.h
> +++ b/tools/testing/selftests/kvm/include/x86/processor.h
> @@ -199,6 +199,7 @@ struct kvm_x86_cpu_feature {
>  #define	X86_FEATURE_VGIF		KVM_X86_CPU_FEATURE(0x8000000A, 0, EDX, 16)
>  #define X86_FEATURE_SEV			KVM_X86_CPU_FEATURE(0x8000001F, 0, EAX, 1)
>  #define X86_FEATURE_SEV_ES		KVM_X86_CPU_FEATURE(0x8000001F, 0, EAX, 3)
> +#define X86_FEATURE_SNP			KVM_X86_CPU_FEATURE(0x8000001F, 0, EAX, 4)

Can we keep the naming same as in cpufeatures.h: X86_FEATURE_SEV_SNP ?

Regards
Nikunj

>
>  /*
>   * KVM defined paravirt features.
> diff --git a/tools/testing/selftests/kvm/x86/sev_init2_tests.c b/tools/testing/selftests/kvm/x86/sev_init2_tests.c
> index 3fb967f40c6a..3f8fb2cc3431 100644
> --- a/tools/testing/selftests/kvm/x86/sev_init2_tests.c
> +++ b/tools/testing/selftests/kvm/x86/sev_init2_tests.c
> @@ -28,6 +28,7 @@
>  int kvm_fd;
>  u64 supported_vmsa_features;
>  bool have_sev_es;
> +bool have_snp;
>  
>  static int __sev_ioctl(int vm_fd, int cmd_id, void *data)
>  {
> @@ -83,6 +84,9 @@ void test_vm_types(void)
>  	if (have_sev_es)
>  		test_init2(KVM_X86_SEV_ES_VM, &(struct kvm_sev_init){});
>  
> +	if (have_snp)
> +		test_init2(KVM_X86_SNP_VM, &(struct kvm_sev_init){});
> +
>  	test_init2_invalid(0, &(struct kvm_sev_init){},
>  			   "VM type is KVM_X86_DEFAULT_VM");
>  	if (kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SW_PROTECTED_VM))
> @@ -138,15 +142,24 @@ int main(int argc, char *argv[])
>  		    "sev-es: KVM_CAP_VM_TYPES (%x) does not match cpuid (checking %x)",
>  		    kvm_check_cap(KVM_CAP_VM_TYPES), 1 << KVM_X86_SEV_ES_VM);
>  
> +	have_snp = kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SNP_VM);
> +	TEST_ASSERT(!have_snp || kvm_cpu_has(X86_FEATURE_SNP),
> +		    "sev-snp: KVM_CAP_VM_TYPES (%x) indicates SNP support (bit %d), but CPUID does not",
> +		    kvm_check_cap(KVM_CAP_VM_TYPES), KVM_X86_SNP_VM);
> +
>  	test_vm_types();
>  
>  	test_flags(KVM_X86_SEV_VM);
>  	if (have_sev_es)
>  		test_flags(KVM_X86_SEV_ES_VM);
> +	if (have_snp)
> +		test_flags(KVM_X86_SNP_VM);
>  
>  	test_features(KVM_X86_SEV_VM, 0);
>  	if (have_sev_es)
>  		test_features(KVM_X86_SEV_ES_VM, supported_vmsa_features);
> +	if (have_snp)
> +		test_features(KVM_X86_SNP_VM, supported_vmsa_features);
>  
>  	return 0;
>  }
> -- 
> 2.43.0

Re: [PATCH v5 3/9] KVM: selftests: SEV-SNP test for KVM_SEV_INIT2

Posted by Pratik Rajesh Sampat 1 day, 23 hours ago

Hi Nikunj

On 1/28/25 6:13 AM, Nikunj A Dadhania wrote:
> "Pratik R. Sampat" <prsampat@amd.com> writes:
> 
>> Add the X86_FEATURE_SNP CPU feature to the architectural definition for
>> the SEV-SNP VM type to exercise the KVM_SEV_INIT2 call. Ensure that the
>> SNP test is skipped in scenarios where CPUID supports it but KVM does
>> not, preventing reporting of failure in such cases.
>>
>> Signed-off-by: Pratik R. Sampat <prsampat@amd.com>
> 
> With a minor nit below:
> 
> Reviewed-by: Nikunj A Dadhania <nikunj@amd.com>
> 
>> ---
>>  tools/testing/selftests/kvm/include/x86/processor.h |  1 +
>>  tools/testing/selftests/kvm/x86/sev_init2_tests.c   | 13 +++++++++++++
>>  2 files changed, 14 insertions(+)
>>
>> diff --git a/tools/testing/selftests/kvm/include/x86/processor.h b/tools/testing/selftests/kvm/include/x86/processor.h
>> index d60da8966772..1e05e610bb06 100644
>> --- a/tools/testing/selftests/kvm/include/x86/processor.h
>> +++ b/tools/testing/selftests/kvm/include/x86/processor.h
>> @@ -199,6 +199,7 @@ struct kvm_x86_cpu_feature {
>>  #define	X86_FEATURE_VGIF		KVM_X86_CPU_FEATURE(0x8000000A, 0, EDX, 16)
>>  #define X86_FEATURE_SEV			KVM_X86_CPU_FEATURE(0x8000001F, 0, EAX, 1)
>>  #define X86_FEATURE_SEV_ES		KVM_X86_CPU_FEATURE(0x8000001F, 0, EAX, 3)
>> +#define X86_FEATURE_SNP			KVM_X86_CPU_FEATURE(0x8000001F, 0, EAX, 4)
> 
> Can we keep the naming same as in cpufeatures.h: X86_FEATURE_SEV_SNP ?
> 

Thanks for your reviews!

Overall, I was trying to be consistent with KVM by dropping the SEV
prefix from SNP in the rest of the SEV library to improve brevity and
reduce line clutter. However, for consistency with cpufeatures.h, I can
change this instance to include the SEV infix as well.

Pratik