On 10/30/17 10:12 AM, Borislav Petkov wrote:
...
> Lemme see:
>
> sev_dbg_crypt() does
>
> ret = __sev_dbg_decrypt(kvm,
> __sme_page_pa(src_p[0]) + s_off,
> dst_vaddr, 0,
> __sme_page_pa(dst_p[0]) + d_off,
> len, &argp->error);
>
> and that 4th argument is 0. IINM, that's dst_kaddr and you're doing
>
> memcpy((void *)dst_kaddr, page_address(tpage) + offset, size);
> ^^^^^^^^^^^^^^^^
The 3rd argument 'dst_uaddr' should always contain a valid value and 4th
argument should not be used. The else statement should not be used
during DBG_DECRYPT command.
/*
* If destination buffer is a userspace buffer then use
* copy_to_user otherwise memcpy.
*/
if (dst_uaddr) {
if (copy_to_user((void __user
*)(uintptr_t)dst_uaddr,
page_address(tpage) + offset,
size))
ret = -EFAULT;
} else {
memcpy((void *)dst_kaddr, page_address(tpage) +
offset, size);
}
Here is sequence
sev_dbg_crypt() does:
dst_vaddr = params.dst_uaddr;
.......
for(...) {
dst_p = sev_pin_memory(..., dst_vaddr ...)
if (!dst_p) {
return -EFAULT;
}
ret = __sev_dbg_decrypt(kvm,
__sme_page_pa(src_p[0]) + s_off,
dst_vaddr, 0,
__sme_page_pa(dst_p[0]) + d_off,
len, &argp->error);
....
The 3rd argument will be zero when we are handling the DBG_ENCRYPT
with length not aligned to 16-byte boundary. In that case we allocate a
intermediate buffer (dst_kaddr). I will try with gcc7 and look into
restructure code to fix the compiler warning.
