| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20171106113105.qvw5wq7qts3ak5c2@pd.tnic>
Date: Mon, 6 Nov 2017 12:31:05 +0100
From: Borislav Petkov <bp@...en8.de>
To: Brijesh Singh <brijesh.singh@....com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H. Peter Anvin" <hpa@...or.com>,
Paolo Bonzini <pbonzini@...hat.com>,
Radim Krčmář <rkrcmar@...hat.com>,
Joerg Roedel <joro@...tes.org>,
Tom Lendacky <thomas.lendacky@....com>, x86@...nel.org
Subject: Re: [Part2 PATCH v7 33/38] KVM: SVM: Add support for SEV
DEBUG_ENCRYPT command
On Wed, Nov 01, 2017 at 04:17:18PM -0500, Brijesh Singh wrote:
> The command copies a plaintext into guest memory and encrypts it using
> the VM encryption key. The command will be used for debug purposes
> (e.g setting breakpoints through gdbserver)
...
> @@ -6161,11 +6238,19 @@ static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec)
> d_off = dst_vaddr & ~PAGE_MASK;
> len = min_t(size_t, (PAGE_SIZE - s_off), size);
>
> - ret = sev_dbg_decrypt_user(kvm,
> - __sme_page_pa(src_p[0]) + s_off,
> - dst_vaddr,
> - __sme_page_pa(dst_p[0]) + d_off,
> - len, &argp->error);
> + if (dec)
> + ret = sev_dbg_decrypt_user(kvm,
> + __sme_page_pa(src_p[0]) + s_off,
> + dst_vaddr,
> + __sme_page_pa(dst_p[0]) + d_off,
> + len, &argp->error);
> + else
> + ret = __sev_dbg_encrypt_user(kvm,
> + __sme_page_pa(src_p[0]) + s_off,
> + vaddr,
> + __sme_page_pa(dst_p[0]) + d_off,
> + dst_vaddr,
> + len, &argp->error);
sev_dbg_decrypt_user but __sev_dbg_encrypt_user, with the "__" ??
>
> sev_unpin_memory(kvm, src_p, 1);
> sev_unpin_memory(kvm, dst_p, 1);
> @@ -6186,6 +6271,11 @@ static int sev_dbg_decrypt(struct kvm *kvm, struct kvm_sev_cmd *argp)
> return sev_dbg_crypt(kvm, argp, true);
> }
>
> +static int sev_dbg_encrypt(struct kvm *kvm, struct kvm_sev_cmd *argp)
> +{
> + return sev_dbg_crypt(kvm, argp, false);
> +}
Get rid of those silly wrappers:
---
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index a60454afb4d2..68d398e72c4c 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -6261,16 +6261,6 @@ static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec)
return ret;
}
-static int sev_dbg_decrypt(struct kvm *kvm, struct kvm_sev_cmd *argp)
-{
- return sev_dbg_crypt(kvm, argp, true);
-}
-
-static int sev_dbg_encrypt(struct kvm *kvm, struct kvm_sev_cmd *argp)
-{
- return sev_dbg_crypt(kvm, argp, false);
-}
-
static int svm_mem_enc_op(struct kvm *kvm, void __user *argp)
{
struct kvm_sev_cmd sev_cmd;
@@ -6304,10 +6294,10 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp)
r = sev_guest_status(kvm, &sev_cmd);
break;
case KVM_SEV_DBG_DECRYPT:
- r = sev_dbg_decrypt(kvm, &sev_cmd);
+ r = sev_dbg_crypt(kvm, argp, true);
break;
case KVM_SEV_DBG_ENCRYPT:
- r = sev_dbg_encrypt(kvm, &sev_cmd);
+ r = sev_dbg_crypt(kvm, argp, false);
break;
default:
r = -EINVAL;
--
Regards/Gruss,
Boris.
Good mailing practices for 400: avoid top-posting and trim the reply.
Powered by blists - more mailing lists