- Jan 26, 2023
-
-
Until we add support for KVMTOOL to run the tests using the scripts, provide a temporary script to run all the Realm tests. Signed-off-by:
Alexandru Elisei <alexandru.elisei@arm.com> Signed-off-by:
Joey Gouly <joey.gouly@arm.com>
-
Do some basic tests that trigger marking a memory region as RIPAS_EMPTY and accessing the shared memory. Also, convert it back to RAM and make sure the contents are scrubbed. Signed-off-by:
Suzuki K Poulose <suzuki.poulose@arm.com> Signed-off-by:
-
Add tests for Attestation and measurement related RSI calls. Signed-off-by:
Mate Toth-Pal <mate.toth-pal@arm.com> Co-developed-by:
-
RMM encodes error code and index in the result of an operation. Add helpers to decode this information for use with the attestation tests. Signed-off-by:
-
Add wrappers for the Attestation and measurement related RSI calls. These will be later used in the test cases Signed-off-by:
-
Add a library wrapper around the QCBOR for parsing the Arm CCA attestation tokens. Signed-off-by:
-
The QCBOR library will be used for Realm attestation. Signed-off-by:
-
Adds the library QCBOR as submodule. This will be later used for arm64 realm attestation token parsing. The repository is available at: https://github.com/laurencelundblade/QCBOR tag v1.0 Signed-off-by:
-
Enable memory encryption support for Realms. When a page is "decrypted", we set the RIPAS to EMPTY, hinting to the hypervisor that it could reclaim the page backing the IPA. Also the pagetable is updated with the PTE_NS_SHARED attrbiute, whic in effect turns the "ipa" to the unprotected alias. Similarly for "encryption" we mark the IPA back to RIPAS_RAM and clear the PTE_NS_SHARED attribute. Signed-off-by:
-
GICv3-ITS is emulated by the host and thus we should allocate shared pages for access by the host. Make sure the allocations are shared. Signed-off-by:
-
Joey Gouly authored
Add support for allocating "pages" that can be shared with the host. Or in other words, decrypted pages. This is achieved by adding hooks for setting a memory region as "encrypted" or "decrypted", which can be overridden by the architecture specific backends. Also add a new flag - FLAG_SHARED - for allocating shared pages. The page allocation/free routines get a "_shared_" variant too. These will be later used for Realm support and tests. Signed-off-by: -
The RMM/Host could inject Synchronous External Aborts in to the Realm for various reasons. RMM injects the SEA for : * Instruction/Data fetch from an IPA that is in RIPAS_EMPTY state * Instruction fetch from an Unprotected IPA. Trigger these conditions from within the Realm and verify that the SEAs are received. Signed-off-by:
Djordje Kovacevic <djordje.kovacevic@arm.com>
Signed-off-by: -
Test that the FPU/SIMD registers are saved and restored correctly when context switching VCPUs. In order to test fpu/simd functionality, we need to make sure that kvm-unit-tests doesn't generate code that uses the fpu registers, as that might interfere with the test results. Thus make sure we compile the tests with -mgeneral-regs-only. Signed-off-by:
Subhasish Ghosh <subhasish.ghosh@arm.com> Signed-off-by:
-
Test that a HVC instruction in a Realm is turned into an undefined exception. Test that RSI_HOST_CALL passes through to the Hypervisor. Signed-off-by:
Gareth Stockwell <gareth.stockwell@arm.com> Signed-off-by:
-
The realm manager treats instruction aborts as fatal errors, skip this test. Signed-off-by:
-
Joey Gouly authored
Add basic test for checking the RSI version command. Signed-off-by: -
A Realm must mark areas of memory as RIPAS_RAM before an access is made. The binary image is loaded by the VMM and thus the area is converted. However, the file image may not cover tail portion of the "memory" image (e.g, BSS, stack etc.). Convert the area touched by the early boot code to RAM before the access is made in early assembly code. Once, we land in the C code, we take care of converting the entire RAM region to RIPAS_RAM. Please note that this operation doesn't require the host to commit memory to the Realm. Signed-off-by:
Jean-Philippe Brucker <jean-philippe@linaro.org> Signed-off-by:
-
A Realm must ensure that the "RAM" region is set to RIPAS_RAM, before any access is made. This patch makes sure that all memory blocks are marked as RIPAS_RAM. Also, before we relocate the "FDT" and "initrd", make sure the target location is marked too. This happens before we parse the memory blocks. It is OK to do this operation on a given IPA multiple times. So, we don't exclude the inital image areas from the "target" list. Also, this operation doesn't require the host to commit physical memory to back the IPAs yet. It can be done on demand via fault handling. Signed-off-by:
-
Joey Gouly authored
For a Realm, the guest physical address (in reality the IPA/GPA of the VM) has an associated state (Realm IPA State, RIPAS) which is either of : RIPAS_RAM RIPAS_EMPTY The state of the physical address decides certain behaviors. e.g., any access to a RIPAS_EMPTY PA will generate a Synchronous External Abort back to the Realm, from the RMM. All "PA" that represents RAM for the Realm, must be set to RIPAS_RAM before an access is made. When the initial image (e.g., test, DTB) of a Realm is loaded, the hypervisor/VMM can transition the state of the loaded "area" to RIPAS_RAM. The rest of the "RAM" must be transitioned by the test payload before any access is made. Similarly, a Realm could set an "IPA" to RIPAS_EMPTY, when it is about to use the "unprotected" alias of the IPA. This is a hint for the host to reclaim the page from the protected "IPA. This patchs adds supporting helpers for setting the IPA state from Realm. These will be used later for the Realm. Co-developed-by:
-
Joey Gouly authored
During the boot, run a check for the presence of RMM. If we are Realm, detect the Realm configuration using RSI and initialise the key parameters. Also expose a helper to indicate if this is running inside a Realm Co-developed-by:
-
Joey Gouly authored
A Realm must access any emulated I/O mappings with the PTE_NS_SHARED bit set. This is modelled as a PTE attribute, but is actually part of the address. So, when MMU is disabled, the "physical address" must reflect this bit set. We access the UART early before the MMU is enabled. So, make sure the UART is accessed always with the bit set. Signed-off-by: -
To create shared pages, the NS_SHARED bit must be written into the idmap. Before VM initializations, idmap hasn't necessarily been created. To write shared pages, access must be done on a IPA with the NS_SHARED bit. When the stage-1 MMU is enabled, that bit is set in the PTE. But when the stage-1 MMU is disabled, then the realm must write to the IPA with NS_SHARED directly. To avoid changing the whole virtio infrastructure to support pre-MMU in a realm, move the IO initialization after MMU enablement. Signed-off-by:
-
Joey Gouly authored
Introduce a new attribute to indicate the mapping is "Shared" with the host. This will be used by the Realms to share pages with the Host. For normal VMs, this is always 0. For realms, this is dynamic, depending on the IPA width. The top bit of the IPA is "treated" as the "NS_SHARED" attribute, making the VM access the unprotected alias of the IPA. By default, apply the NS_SHARED attribute for all I/O. Signed-off-by: -
Joey Gouly authored
We are about to add Realm support where the physical address width may be known via RSI. Make the Physical Address mask dynamic, so that it can be adjusted to the limit for the realm. This will be required for making pages shared, as we introduce the "sharing" attribute as the top bit of the IPA. Signed-off-by: -
Joey Gouly authored
Add the defintions for the Realm Service Interface (RSI). RSI calls are a way for the Realm to communicate with the RMM and request information/services. Signed-off-by: -
PSCI uses the SMC Calling Convention (SMCCC) to communicate with the higher level software. PSCI uses at most 4 arguments and expend only one return value. However, SMCCC has provisions for more arguments (upto 17 depending on the SMCCC version) and upto 10 distinct return values. We are going to be adding tests that make use of it, so add support for the extended number of arguments and return values. Also rename the SMCCC functions to generic, non-PSCI names, so they can be used for Realm services. Signed-off-by:
-
- Jan 24, 2023
-
-
Don't implicitly rely on this header being included. Signed-off-by:
-
- Jan 17, 2023
-
-
Thomas Huth authored
When mis-typing one of the options of the configure script, it shows you the list of valid options, but does not tell you which option was wrong. Then it can take a while until you figured out where the typo is. Let's help the user here a little bit by printing which option had not been understood. Message-Id: <20230112095523.938919-1-thuth@redhat.com> Reviewed-by:
Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by:
Thomas Huth <thuth@redhat.com>
-
- Jan 05, 2023
-
-
Nina Schoetterl-Glausch authored
The code is a 64bit number of which the upper 48 bits must be 0. Fixes: 965e38a0 ("s390x: Test effect of storage keys on diag 308") Signed-off-by:
Nina Schoetterl-Glausch <nsg@linux.ibm.com> Message-Id: <20230104175950.731988-1-nsg@linux.ibm.com> Signed-off-by:
-
Thomas Huth authored
The big-sur-base image has been decomissioned by Cirrus-CI, so we have to update to a newer version of macOS now. Message-Id: <20230104142511.297077-1-thuth@redhat.com> Signed-off-by:
-
- Jan 04, 2023
-
-
Claudio Imbrenda authored
A recent patch broke make standalone. The function find_word is not available when running make standalone, replace it with a simple grep. Fixes: 743cacf7 ("s390x: don't run migration tests under PV") Reported-by:
Claudio Imbrenda <imbrenda@linux.ibm.com> Message-Id: <20221220175508.57180-1-imbrenda@linux.ibm.com> Reviewed-by:
Nico Boehr <nrb@linux.ibm.com> Signed-off-by:
-
- Dec 13, 2022
-
-
Nico Boehr authored
Some tests already shipped with their own do_migrate() function, remove it and instead use the new migrate_once() function. The control flow in the gic tests can be simplified due to migrate_once(). Signed-off-by:
Andrew Jones <andrew.jones@linux.dev> Message-Id: <20221212111731.292942-5-nrb@linux.ibm.com> Signed-off-by:
-
Nico Boehr authored
migrate_once() can simplify the control flow in migration-skey and migration-cmm. Signed-off-by:
-
Nico Boehr authored
Signed-off-by:
-
Nico Boehr authored
Migration tests can ask migrate_cmd to migrate them to a new QEMU process. Requesting migration and waiting for completion is hence a common pattern which is repeated all over the code base. Add a function which does all of that to avoid repeating the same pattern. Since migrate_cmd currently can only migrate exactly once, this function is called migrate_once() and is a no-op when it has been called before. This can simplify the control flow, especially when tests are skipped. Suggested-by:
-
- Dec 07, 2022
-
-
Thomas Huth authored
Our gitlab-ci jobs were still running with Fedora 32 that is out of service already. Let's update to Fedora 37 that brings a new QEMU which also allows to run more tests with TCG. While we're at it, also list each test in single lines and sort them alphabetically so that it is easier to follow which tests get added and removed. Beside adding some new tests, two entries are also removed here: The "port80" test was removed a while ago from the x86 folder already, but not from the .gitlab-ci.yml yet (seems like the run script simply ignores unknown tests instead of complaining), and the "tsc_adjust" is only skipping in the CI, so it's currently not really usefull to try to run it in the CI. Message-Id: <20221206104003.149630-1-thuth@redhat.com> Acked-by:
-
Thomas Huth authored
Starting with version 7.0, QEMU starts the pseries guests in 32-bit mode instead of 64-bit (see QEMU commit 6e3f09c28a - "spapr: Force 32bit when resetting a core"). This causes our test_64bit() in powerpc/emulator.c to fail. Let's switch to 64-bit in our startup code instead to fix the issue. Message-Id: <20221206110851.154297-1-thuth@redhat.com> Reviewed-by:
Cédric Le Goater <clg@kaod.org> Signed-off-by:
-
- Nov 25, 2022
-
-
Like Xu authored
Compilation of the files fails on ARCH=i386 with i686-elf gcc on macos_i386 because they use "%d" format specifier that does not match the actual size of uint32_t: In function 'rdpmc': lib/libcflat.h:141:24: error: format '%d' expects argument of type 'int', but argument 6 has type 'uint32_t' {aka 'long unsigned int'} [-Werror=format=] 141 | printf("%s:%d: assert failed: %s: " fmt "\n", \ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ Use PRId32 instead of "d" to take into account macos_i386 case. Reported-by:Like Xu <likexu@tencent.com> Message-Id: <20221124123149.91339-1-likexu@tencent.com> Signed-off-by:
-
- Nov 14, 2022
-
-
Like Xu authored
Updated test cases to cover KVM enabling code for AMD Guest PerfMonV2. The Intel-specific PMU helpers were added to check for AMD cpuid, and some of the same semantics of MSRs were assigned during the initialization phase. The vast majority of pmu test cases are reused seamlessly. On some x86 machines (AMD only), even with retired events, the same workload is measured repeatedly and the number of events collected is erratic, which essentially reflects the details of hardware implementation, and from a software perspective, the type of event is an unprecise event, which brings a tolerance check in the counter overflow testcases. Signed-off-by:
Sean Christopherson <seanjc@google.com> Link: https://lore.kernel.org/r/20221102225110.3023543-28-seanjc@google.com
-
Like Xu authored
AMD core PMU before Zen4 did not have version numbers, there were no fixed counters, it had a hard-coded number of generic counters, bit-width, and only hardware events common across amd generations (starting with K7) were added to amd_gp_events[] table. All above differences are instantiated at the detection step, and it also covers the K7 PMU registers, which is consistent with bare-metal. Cc: Sandipan Das <sandipan.das@amd.com> Signed-off-by:
-
