On 03/07/2018 11:27 AM, Dr. David Alan Gilbert wrote: [...]
+{ + SEVState *s = (SEVState *)handle; + + /* If policy does not allow debug then no need to register ops */ + if (s->policy & SEV_POLICY_NODBG) { + return; + }So what happens if someone tries to use a gdb or monitor command when policy didn't allow debug? Does it end up with an obvious error somehow?
In those cases caller will get encrypted bytes, leading to unintelligible data. It can sometime translate into obvious errors e.g caller tries to walk guest pagtable and it gets garbage and will have trouble dumping the pgtables etc. Many times qemu calls ldphys_* functions to access the data it may get tricky to report the errors.
-Brijesh
