Re: [Part2 PATCH v7 33/38] KVM: SVM: Add support for SEV DEBUG_ENCRYPT command

Borislav Petkov <bp@xxxxxxxxx> · Mon, 6 Nov 2017 12:31:05 +0100

On Wed, Nov 01, 2017 at 04:17:18PM -0500, Brijesh Singh wrote:
> The command copies a plaintext into guest memory and encrypts it using
> the VM encryption key. The command will be used for debug purposes
> (e.g setting breakpoints through gdbserver)

...

> @@ -6161,11 +6238,19 @@ static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec)
>  		d_off = dst_vaddr & ~PAGE_MASK;
>  		len = min_t(size_t, (PAGE_SIZE - s_off), size);
>  
> -		ret = sev_dbg_decrypt_user(kvm,
> -					   __sme_page_pa(src_p[0]) + s_off,
> -					   dst_vaddr,
> -					   __sme_page_pa(dst_p[0]) + d_off,
> -					   len, &argp->error);
> +		if (dec)
> +			ret = sev_dbg_decrypt_user(kvm,
> +						   __sme_page_pa(src_p[0]) + s_off,
> +						   dst_vaddr,
> +						   __sme_page_pa(dst_p[0]) + d_off,
> +						   len, &argp->error);
> +		else
> +			ret = __sev_dbg_encrypt_user(kvm,
> +						     __sme_page_pa(src_p[0]) + s_off,
> +						     vaddr,
> +						     __sme_page_pa(dst_p[0]) + d_off,
> +						     dst_vaddr,
> +						     len, &argp->error);

sev_dbg_decrypt_user but __sev_dbg_encrypt_user, with the "__" ??

>  
>  		sev_unpin_memory(kvm, src_p, 1);
>  		sev_unpin_memory(kvm, dst_p, 1);
> @@ -6186,6 +6271,11 @@ static int sev_dbg_decrypt(struct kvm *kvm, struct kvm_sev_cmd *argp)
>  	return sev_dbg_crypt(kvm, argp, true);
>  }
>  
> +static int sev_dbg_encrypt(struct kvm *kvm, struct kvm_sev_cmd *argp)
> +{
> +	return sev_dbg_crypt(kvm, argp, false);
> +}

Get rid of those silly wrappers:

---

diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index a60454afb4d2..68d398e72c4c 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -6261,16 +6261,6 @@ static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec)
 	return ret;
 }
 
-static int sev_dbg_decrypt(struct kvm *kvm, struct kvm_sev_cmd *argp)
-{
-	return sev_dbg_crypt(kvm, argp, true);
-}
-
-static int sev_dbg_encrypt(struct kvm *kvm, struct kvm_sev_cmd *argp)
-{
-	return sev_dbg_crypt(kvm, argp, false);
-}
-
 static int svm_mem_enc_op(struct kvm *kvm, void __user *argp)
 {
 	struct kvm_sev_cmd sev_cmd;
@@ -6304,10 +6294,10 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp)
 		r = sev_guest_status(kvm, &sev_cmd);
 		break;
 	case KVM_SEV_DBG_DECRYPT:
-		r = sev_dbg_decrypt(kvm, &sev_cmd);
+		r = sev_dbg_crypt(kvm, argp, true);
 		break;
 	case KVM_SEV_DBG_ENCRYPT:
-		r = sev_dbg_encrypt(kvm, &sev_cmd);
+		r = sev_dbg_crypt(kvm, argp, false);
 		break;
 	default:
 		r = -EINVAL;

-- 
Regards/Gruss,
    Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.






