From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57634)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <brijesh.singh@amd.com>) id 1c1bOL-0006Fq-Cw
	for qemu-devel@nongnu.org; Tue, 01 Nov 2016 11:54:27 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <brijesh.singh@amd.com>) id 1c1bOG-000422-BP
	for qemu-devel@nongnu.org; Tue, 01 Nov 2016 11:54:25 -0400
Received: from mail-cys01nam02on0086.outbound.protection.outlook.com
	([104.47.37.86]:12384
	helo=NAM02-CY1-obe.outbound.protection.outlook.com)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <brijesh.singh@amd.com>)
	id 1c1bOG-00041l-3S
	for qemu-devel@nongnu.org; Tue, 01 Nov 2016 11:54:20 -0400
From: Brijesh Singh <brijesh.singh@amd.com>
Date: Tue, 1 Nov 2016 11:54:15 -0400
Message-ID: <147801565526.18237.9087833269089838528.stgit@brijesh-build-machine>
In-Reply-To: <147801550845.18237.12915616525154608660.stgit@brijesh-build-machine>
References: <147801550845.18237.12915616525154608660.stgit@brijesh-build-machine>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] [RFC PATCH v3 14/18] sev: add DEBUG_ENCRYPT command
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Thomas.Lendacky@amd.com, ehabkost@redhat.com, crosthwaite.peter@gmail.com, armbru@redhat.com, mst@redhat.com, p.fedin@samsung.com, qemu-devel@nongnu.org, lcapitulino@redhat.com, pbonzini@redhat.com, rth@twiddle.net
Cc: brijesh.ksingh@gmail.com

The command is used to encrypt a region of guest memory for debug.

The command will be used by gdbserver when writing the data into guest
memory for debug purposes (e.g setting breakpoint)

A typical usage looks like:
 cpu_memory_rw_debug
   cpu_physical_memory_rw_debug_internal
     sev_debug_encrypt

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 sev.c |   29 ++++++++++++++++++++++++++---
 1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/sev.c b/sev.c
index f690a86..1a579ca 100644
--- a/sev.c
+++ b/sev.c
@@ -351,18 +351,41 @@ sev_debug_decrypt(SEVState *s, uint8_t *dst, const uint8_t *src, uint32_t len)
 }
 
 static int
+sev_debug_encrypt(SEVState *s, uint8_t *dst, const uint8_t *src, uint32_t len)
+{
+    int ret;
+    struct kvm_sev_dbg_encrypt *dbg;
+
+    dbg = g_malloc0(sizeof(*dbg));
+    if (!dbg) {
+        return 1;
+    }
+
+    dbg->src_addr = (unsigned long)src;
+    dbg->dst_addr = (unsigned long)dst;
+    dbg->length = len;
+
+    ret = sev_ioctl(KVM_SEV_DBG_ENCRYPT, dbg);
+    DPRINTF("SEV: debug encrypt src %#lx dst %#lx len %#x\n",
+            (unsigned long)src, (unsigned long)dst, len);
+    g_free(dbg);
+
+    return ret;
+}
+
+static int
 sev_mem_write(uint8_t *dst, const uint8_t *src, uint32_t len, MemTxAttrs attrs)
 {
     SEVState *s = kvm_memory_encryption_get_handle();
 
-    assert(s != NULL && s->state != SEV_STATE_INVALID);
+    assert(attrs.debug || (s != NULL && s->state != SEV_STATE_INVALID));
 
     if (s->state == SEV_STATE_LAUNCHING) {
         memcpy(dst, src, len);
         return sev_launch_update(s, dst, len);
     }
 
-    return 0;
+    return sev_debug_encrypt(s, dst, src, len);
 }
 
 static int
@@ -486,7 +509,7 @@ sev_guest_mem_enc(void *handle, uint8_t *dst, const uint8_t *src, uint32_t len)
     assert(s != NULL && s->state != SEV_STATE_INVALID);
 
     /* use SEV debug command to decrypt memory */
-    return 1;
+    return sev_debug_encrypt((SEVState *)handle, dst, src, len);
 }
 
 bool