The command decrypts a page of guest memory for debugging purposes. For more information see [1], section 7.1 [1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx> --- arch/x86/kvm/svm.c | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 63e7d15..b383bc7 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -5606,6 +5606,84 @@ err_1: return ret; } +static int __sev_dbg_decrypt_page(struct kvm *kvm, unsigned long src, + void *dst, int *psp_ret) +{ + int ret, pinned; + struct page **inpages; + struct psp_data_dbg *decrypt; + + decrypt = kzalloc(sizeof(*decrypt), GFP_KERNEL); + if (!decrypt) + return -ENOMEM; + + ret = -ENOMEM; + inpages = kzalloc(1 * sizeof(struct page *), GFP_KERNEL); + if (!inpages) + goto err_1; + + /* pin the user virtual address */ + ret = -EFAULT; + down_read(¤t->mm->mmap_sem); + pinned = get_user_pages(src, 1, 1, 0, inpages, NULL); + up_read(¤t->mm->mmap_sem); + if (pinned < 0) + goto err_2; + + decrypt->hdr.buffer_len = sizeof(*decrypt); + decrypt->handle = kvm_sev_handle(); + decrypt->dst_addr = __pa(dst) | sme_me_mask; + decrypt->src_addr = __sev_page_pa(inpages[0]); + decrypt->length = PAGE_SIZE; + + ret = psp_dbg_decrypt(decrypt, psp_ret); + if (ret) + printk(KERN_ERR "SEV: DEBUG_DECRYPT %d (%#010x)\n", + ret, *psp_ret); + release_pages(inpages, 1, 0); +err_2: + kfree(inpages); +err_1: + kfree(decrypt); + return ret; +} + +static int sev_dbg_decrypt(struct kvm *kvm, + struct kvm_sev_dbg_decrypt __user *argp, + int *psp_ret) +{ + void *data; + int ret, offset, len; + struct kvm_sev_dbg_decrypt debug; + + if (!kvm_sev_guest()) + return -ENOTTY; + + if (copy_from_user(&debug, argp, sizeof(*argp))) + return -EFAULT; + + if (debug.length > PAGE_SIZE) + return -EINVAL; + + data = (void *) get_zeroed_page(GFP_KERNEL); + if (!data) + return -ENOMEM; + + /* decrypt one page */ + ret = __sev_dbg_decrypt_page(kvm, debug.src_addr, data, psp_ret); + if (ret) + goto err_1; + + /* we have decrypted full page but copy request length */ + offset = debug.src_addr & (PAGE_SIZE - 1); + len = min_t(size_t, (PAGE_SIZE - offset), debug.length); + if (copy_to_user((uint8_t *)debug.dst_addr, data + offset, len)) + ret = -EFAULT; +err_1: + free_page((unsigned long)data); + return ret; +} + static int amd_sev_issue_cmd(struct kvm *kvm, struct kvm_sev_issue_cmd __user *user_data) { @@ -5636,6 +5714,11 @@ static int amd_sev_issue_cmd(struct kvm *kvm, &arg.ret_code); break; } + case KVM_SEV_DBG_DECRYPT: { + r = sev_dbg_decrypt(kvm, (void *)arg.opaque, + &arg.ret_code); + break; + } default: break; } -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html