From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Subject: Re: [PATCH v11 21/28] sev/i386: add debug encrypt and
 decrypt commands
Date: Wed, 7 Mar 2018 18:24:10 +0000
Message-ID: <20180307182409.GI3089@work-vm>
References: <20180307165038.88640-1-brijesh.singh@amd.com>
	<20180307165038.88640-22-brijesh.singh@amd.com>
	<20180307172703.GH3089@work-vm>
	<6b8bf293-4a3c-5832-8617-a2b957f97a83@amd.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Peter Maydell <peter.maydell@linaro.org>, kvm@vger.kernel.org,
	"Michael S. Tsirkin" <mst@redhat.com>,
	Stefan Hajnoczi <stefanha@gmail.com>, qemu-devel@nongnu.org,
	Alexander Graf <agraf@suse.de>,
	"Edgar E. Iglesias" <edgar.iglesias@xilinx.com>,
	Markus Armbruster <armbru@redhat.com>, Bruce Rogers <brogers@suse.com>,
	Christian Borntraeger <borntraeger@de.ibm.com>,
	Marcel Apfelbaum <marcel@redhat.com>, Borislav Petkov <bp@suse.de>,
	Thomas Lendacky <Thomas.Lendacky@amd.com>,
	Eduardo Habkost <ehabkost@redhat.com>,
	Richard Henderson <richard.henderson@linaro.org>,
	Alistair Francis <alistair.francis@xilinx.com>,
	Cornelia Huck <cornelia.huck@de.ibm.com>,
	Richard Henderson <rth@twiddle.net>,
	Peter Crosthwaite <crosthwaite.peter@gmail.com>,
	Paolo Bonzini <pbonzini@redhat.com>
To: Brijesh Singh <brijesh.singh@amd.com>
Return-path: <qemu-devel-bounces+gceq-qemu-devel2=m.gmane.org@nongnu.org>
Content-Disposition: inline
In-Reply-To: <6b8bf293-4a3c-5832-8617-a2b957f97a83@amd.com>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+gceq-qemu-devel2=m.gmane.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+gceq-qemu-devel2=m.gmane.org@nongnu.org>
List-Id: kvm.vger.kernel.org

* Brijesh Singh (brijesh.singh@amd.com) wrote:
> 
> 
> On 03/07/2018 11:27 AM, Dr. David Alan Gilbert wrote:
> 
> [...]
> 
> > > +{
> > > +    SEVState *s = (SEVState *)handle;
> > > +
> > > +    /* If policy does not allow debug then no need to register ops */
> > > +    if (s->policy & SEV_POLICY_NODBG) {
> > > +        return;
> > > +    }
> > 
> > So what happens if someone tries to use a gdb or monitor command when
> > policy didn't allow debug?  Does it end up with an obvious error
> > somehow?
> > 
> 
> In those cases caller will get encrypted bytes, leading to unintelligible
> data. It can sometime translate into  obvious errors e.g caller tries to
> walk guest pagtable and it gets garbage and will have trouble dumping the
> pgtables etc. Many times qemu calls ldphys_* functions to access the data it
> may get tricky to report the errors.

So would it make sense to have something like:

sev_mem_cant_read(uint8_t *dst, const uint8_t *src, uint32_t len, MemTxAttrs attrs)
{
    error_report("SEV Guest policy does not allow debug access");

    return -EPERM;
}

void
sev_set_debug_ops(void *handle, MemoryRegion *mr)
{
    SEVState *s = (SEVState *)handle;

    /* If policy does not allow debug then no need to register ops */
    if (s->policy & SEV_POLICY_NODBG) {
        sev_ops.read = sev_mem_cant_read;
        sev_ops.write = sev_mem_cant_write;
    } else {
        sev_ops.read = sev_mem_read;
        sev_ops.write = sev_mem_write;
    }

Dave

> 
> -Brijesh
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK