From patchwork Wed Nov  1 21:17:18 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Brijesh Singh <brijesh.singh@amd.com>
X-Patchwork-Id: 10037209
Return-Path: <kvm-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	77069603B5 for <patchwork-kvm@patchwork.kernel.org>;
	Wed,  1 Nov 2017 21:20:21 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 73C8F20072
	for <patchwork-kvm@patchwork.kernel.org>;
	Wed,  1 Nov 2017 21:20:21 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 67FA72834A; Wed,  1 Nov 2017 21:20:21 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 031FA20072
	for <patchwork-kvm@patchwork.kernel.org>;
	Wed,  1 Nov 2017 21:20:15 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S933570AbdKAVUF (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Wed, 1 Nov 2017 17:20:05 -0400
Received: from mail-by2nam01on0041.outbound.protection.outlook.com
	([104.47.34.41]:43936
	"EHLO NAM01-BY2-obe.outbound.protection.outlook.com"
	rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
	id S933611AbdKAVRq (ORCPT <rfc822;kvm@vger.kernel.org>);
	Wed, 1 Nov 2017 17:17:46 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=amdcloud.onmicrosoft.com; s=selector1-amd-com;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
	bh=bkOcYz/lMyK02q2uFgRP6/azvePsGSfdNWiUvUav9nM=;
	b=2by+LInZnkTchpcPbUWS8NX+lLCsfRZlYK3KRIUtdgDmGBgYHbkB/2ZZC50arWvC5HXpuSC5wiPJuuDDZh9K/XcTdADl++iZ3tX2jtCLKVQv0CAE5tVb8BvipA3F9BcOQwiyeEri4QIj7yYMzSA70E5yQpkbHnKHcsyXtf7tmLI=
Authentication-Results: spf=none (sender IP is )
	smtp.mailfrom=brijesh.singh@amd.com;
Received: from wsp141597wss.amd.com (165.204.78.1) by
	BY2PR12MB0145.namprd12.prod.outlook.com (10.162.82.18) with Microsoft
	SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
	15.20.178.6; Wed, 1 Nov 2017 21:17:42 +0000
From: Brijesh Singh <brijesh.singh@amd.com>
To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: bp@alien8.de, Brijesh Singh <brijesh.singh@amd.com>,
	Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
	"H. Peter Anvin" <hpa@zytor.com>, Paolo Bonzini <pbonzini@redhat.com>,
	=?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>,
	Joerg Roedel <joro@8bytes.org>, Borislav Petkov <bp@suse.de>,
	Tom Lendacky <thomas.lendacky@amd.com>, x86@kernel.org
Subject: [Part2 PATCH v7 33/38] KVM: SVM: Add support for SEV DEBUG_ENCRYPT
	command
Date: Wed,  1 Nov 2017 16:17:18 -0500
Message-Id: <20171101211723.71594-4-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.9.5
In-Reply-To: <20171101211723.71594-1-brijesh.singh@amd.com>
References: <20171101211723.71594-1-brijesh.singh@amd.com>
MIME-Version: 1.0
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: CY4PR02CA0025.namprd02.prod.outlook.com (10.175.57.139) To
	BY2PR12MB0145.namprd12.prod.outlook.com (10.162.82.18)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 3c2cf931-7cec-465a-5285-08d5216dfd82
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
	RULEID:(22001)(48565401081)(4534020)(4602075)(2017052603199);
	SRVR:BY2PR12MB0145;
X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145;
	3:xgwkpQdThaLsdipSHRS5ZlzaLJOb+yfojHRpeVNh+MUMB+9ncavmUyPM4g0PbrL8Mj0dxvwEViA3PZB/i1zhSVdZFChd5uPdZHF6tmEh/7KoneNVlbL0TQSSY5Z9mvQzRqHpWPudm04m3AdKbMlnK2jgCGiH4g32T/ncp9fAiSeib7gcI92FDawT0EZRjXgjVpuogq4Yp3H8ThidjX8Jyc2CSW4GWXOXOj4rWLMfqL3oFZjyiyWcVpkF5IGMoNYJ;
	25:tsHwHWUAXBYPL92Yhv1Fq071Y9DacJCnn6I88JLZ7fiO8ZKK7sv15dJaZTcjjPU3s31CqzXngl4nDIjNOc8LqKixds4Bbe+1ojiW0ylEsazzTASb3cw4fBt1tiSerngXseyUhZ+fy6epSvYn+lbJkMBtRkd2AN1NLAXWsu6F3vIGA2aits32nSy8EbrG7u279HqGhYJLOEuZDsys6miOo8/rAZ9p4p9K3uQxxHT5JJ1fORTmg1YcXroBraexKbYjoCS9l3RUAQzx0NRt/7ZJMjfWL/0aEvmkofQZgNt11bMCIwuJxefe2VWaQq768CDv+Dj9WO9UYrWonc1Lq64YqA==;
	31:JZdE1isbmgeXEFMuomvXVm26Z3JXf3LW19mKdvmEh36d4++U2mcOagYxSdhvM8SkciMvxroTQ2rQBzOLn14kqu4J6FlxZHv9V0ss2B6ucGfCCPMpCVODLC2Rnm+xob0/awEuA2h5wYO+X7ZsjEfPYT4ZJn73vAnETDMAAYILSyWXJghgnc19D3rYe57P0wdMPb9z6um1VNoXZd5n8jh64KCIg9/509P0R6XrtkKHN9k=
X-MS-TrafficTypeDiagnostic: BY2PR12MB0145:
X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145;
	20:XLvtDRa8ul9+Q9as/eFQFzDbB21tXNGMUqjOy5pFpvLdZ+NualC5fb/UppgyS/1USQDhxOY4F3WJd/HQYdfp67SjcntqSBctkiQQ5j88tVZCLHLCWWkzOU9ApXjIGjTkxt1Hjcp21REfmu2ZzxhV6yD9tneped6gai9Bt/8lnQQxpDW2wm9567LmxypcEpfhAmU9mgWL0vjt2AfRrmq573g0gQo3JgMKC8rJl2nprAq/wb/iVbZmivNcUKn066mzPAyF0M5wKIjqcD0U300pJvp2Guh4FQBEl/PeYLdzJrDzmyA906vSbLqIu/gXPSrQZ/oZVBxPNgn8LLl5hdnZ4pSPr+ZGBJpehxgACcSFk8k+3397/TWdpYGDw2ceNQmGMhC2hQGOtfm3yWET6O1Px/H1fuHkbh3zHBlujKZcMAwX4cDIx8lJ2WjwUHf+NyK2sDZb9P4w30zjuZ7KZVnr8GkPv+ZE1AFrKZ08KkYhKiF5Yf5uQM2wNpJGu2LhBtxk;
	4:mDmwIzZR5cqTSyYWiFgnlTgGALlPMlXAUDYkH1cCuDvYvLRGDOv3+UPhK63HDH3MlhXFS4+bO/dZD3YsLiJaOelnjLJLfOHbvEuAQi0s140m3aAsdfawD7A2Nsq9vLxf4264TOgxJDjSS/yITU3Qo0RelY//qmuGs5WfTnzdOWLPscUeF2fG+c5m8vyupchg0pY8YekGcxQwLSL0bCtI2/JEsrSWD9timZ3LzJskS/Jt6f+gY93W8lnuwng3wsv9yHw4hKF5jowwBLG3i2EZMJCb6/yhVQLAesy0XeoG680GXOQuhlna+gdxe5DuZFN+IvN0YOCM+9kyxIaivaSoOg==
X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110);
X-Microsoft-Antispam-PRVS: 
 <BY2PR12MB014502FCD7CEC9BEE9B18448E55F0@BY2PR12MB0145.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3002001)(100000703101)(100105400095)(3231020)(6055026)(6041248)(20161123555025)(20161123560025)(20161123562025)(20161123564025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);
	SRVR:BY2PR12MB0145; BCL:0; PCL:0;
	RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);
	SRVR:BY2PR12MB0145;
X-Forefront-PRVS: 0478C23FE0
X-Forefront-Antispam-Report: SFV:NSPM;
	SFS:(10009020)(6009001)(39860400002)(346002)(376002)(199003)(189002)(23676003)(25786009)(2950100002)(4326008)(36756003)(8936002)(81156014)(81166006)(8676002)(33646002)(2906002)(68736007)(2870700001)(6116002)(86362001)(3846002)(54906003)(97736004)(1076002)(53936002)(50226002)(316002)(47776003)(50986999)(53416004)(66066001)(76176999)(50466002)(478600001)(101416001)(6486002)(105586002)(5660300001)(6666003)(189998001)(106356001)(7416002)(7736002)(305945005)(16526018);
	DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR12MB0145;
	H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1;
	MX:1; LANG:en;
Received-SPF: None (protection.outlook.com: amd.com does not designate
	permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 
 =?utf-8?B?MTtCWTJQUjEyTUIwMTQ1OzIzOldQOVN4QUlFSTdCMjhvc2NTT01MeTArenRx?=
	=?utf-8?B?b0tOb2J6NGZ4YlQ3OEhvT2hhSWplUzZicnRqbTdGNmJRM2FZamVldjBWd0t1?=
	=?utf-8?B?NkR5S05PWnB1UXZrK1dJZkxZajJHK28wMHpRVVNhbktDV3FSTTBXY1dXNjFP?=
	=?utf-8?B?Z20xaGhsMzhISkRlQ3BEMk50eU5TcWFpRC8vMUk2N3lLRUlTRnFiZU9Mbis4?=
	=?utf-8?B?SFBMQzZ3ZHhRRnQwdHF6bDB2UTBEZjNiWUFrUGJPNy81M1htTDNEK2JnWGlB?=
	=?utf-8?B?N3NFSWFPendHT0F2enBwNk12M1pTTEd3SFhzNDRmZ1d1U0JyTGdvYklHdHp6?=
	=?utf-8?B?TG1aUjdHQWp3WEpyT0dRTmVMLytTbjR5MUs5YVR6NG0rZlczWEtEWHNoL3Fw?=
	=?utf-8?B?MTg1Um14S0c1a2JaTlhFUU5KRGVUd0x0clZPMTlRQS9xVUs3ZzNCV21QU3dp?=
	=?utf-8?B?SE4zdy9jZmJNb1E0OTlIT0lDenRJU0tKTXdocE9tOEZ6bEMyek9kOERRQno0?=
	=?utf-8?B?ZmdLS0d1eHdhc1JMMXJKZjVUQmgrUEdyaGFmeHhMRGZkL2hqcWJ1Q1M4NUt5?=
	=?utf-8?B?elNTQWxudnpFeXZpM2tJSDF0Q0JzckF2NTFDQ2xBVC9hNitrK1ZzQzVUQits?=
	=?utf-8?B?bE9RNlpLOGF1WEZYS1dxUjgyZVJxZUdDd2xsRzVFbnFHSjlqUTkrMXEvNmZF?=
	=?utf-8?B?SS9iRmhuWnZkZ1N0T0dDV2JCRS9EMGtVMFFFZkQyZkJPWU9kRkQ5VGhUVlZT?=
	=?utf-8?B?NTRmTkhadFRVWDZ1RXkvZTdKb09INXhnd2krb1VKSDBuL1JVRGJ0b055ZTlS?=
	=?utf-8?B?QytQUHFRNmRLSWdQWDd4djU1bm1kKzFLU2E3YlZFL0VrRnRGVnh2NkR3UElT?=
	=?utf-8?B?ZWpLNWJGa2dIUTFqc0FHOEdNeXlUaURkWDFKTktWenJORFR4MUh1WCtMV0k4?=
	=?utf-8?B?MlE4N0lzYmdLbXdxUTB2cGxTTDc5bDFVZ2pXQmNFcktydFh3RGl6aDlLMHdz?=
	=?utf-8?B?TCtTdTVIbkQ5Ti83dzg5eFNlWDV1ZzNNSzlSVVR2WjlHRmo0MG5NU1dxdEdj?=
	=?utf-8?B?SlFFQzZsRXlxWDZOemY2ZEZ5NFRIK2RVSit2VXZNNlFSTlRRVlEzanV1Zldz?=
	=?utf-8?B?cEFMVXQ0QnBSdUxoL0E3LzFpVVdxczBKc2Q2UkQ4K0hoaGo1WUpUSzRjVkNF?=
	=?utf-8?B?WHJHaUZYY0gvRStPQzE0SzVMNUFLUGFaV0lIWmJHQmJaYWhxdGhSTUlCU25H?=
	=?utf-8?B?UWhjU1kyUWQ4S0R0bFhKT0hDSW9pVlNKWVVVR00zMjdOeS9jMXltYUxPM2hR?=
	=?utf-8?B?VlZBYy9acis2NWdhNzBjSWUzVmFTdG1yZzBXQUd6c1VEamdXNDY3SmZkOGhR?=
	=?utf-8?B?SXpYclYvYUJIbERuY2YvL09aNU80V2k5L3BoRHgyY3ZhUVdXZ1RIbk92UHJX?=
	=?utf-8?Q?PG+QtEE72hPf3o/HGiFocPW8WM5?=
X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145;
	6:mGyeAd+PJWgT1WRbwtpP7Bdo1oFMSYI89wghd8WmewQT8K9WVkwqeIIyJsDn75EgXmS1HMfZuhsGPcq64UQDeDQ5/To4JhvD91dRbQmZZM7WUD6kQrCuKrM+K2ar5IDs3c5hA+vgyF0FXYHRi4FD2+mIoF97lSwy3jURBjMQzjBHNX3w7fvDCi9YY0ibOEOukoArkLyVuG06pPnb7N52w+fCEJjjsfYYwigld2OcydQ/ORwTJQKp2MM7V8tdQXKdhBS0DTQYWNHHZVwPtCxJ+qBpV2dzC8zdrmB0NUqq1/2M6gLqbp5OGiheDHXajQYg0XW2P2Cvn8EKbFkG6D0MevOxWilKeVJPTY5tf9OD/+I=;
	5:tle23O/99QG0IQT/ra1Eu2VGYlUcOXC924JYNGCljgEMsJJLH0vA1GhQsYGgeNGoG/cVQmrZPr6bfPnx7BxiT/ccAlBzMZ+dVrTxHVsqH3K7iE9pmyzFrfezYAkmPLZ1RUfp+bk+xx7VQWRVo8bZlrTwOTPCQQR+SElILmbRvzM=;
	24:z9jvZjDjA8gZ8XHjf8L1aa7razp3DfMAPOkhFiN1NETiTMRr/xPvBDWo80Qnb1OtFyX3VbRoS90DSmWk8PQjjLU6W03fBmTlWbBTphb3MWw=;
	7:tZQed+6TlrG4Wbq5j8MJkoDTeMGKUoKGz+bzyi7ATv6lQyrdP3qeCd7XhB7ZBYPjHHZ0ljMNR+kVRYG6mQakbwPabmPHmRhhBweMNxguPlv8rdk+hV3F3sDoOwKixissVJhqxNS6wkr2DVMPcth8OR/RIgkqi80aaa8N1sZ2Dl27H00myINTkoFteV21xL6oHa9OxAhvteZ98UWgPHGxf81q22zPLWAM06/wKpAMBRGUArSlpyXkFjHPSx3sIr9w
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145;
	20:DRxjZ5K0PpDqJyEk9Vr6MTJwadKKiaiy00m0q0XXsvCy0eQ3L9+OIVowyfNWJ+ktStDFLQSXDMBioOFxqCht80LZ40mMjsgjLUtVFMY2v+JGJPrBu1X5iF3nLm2W3JHxnmg3fAQlXCNq0kTA3utSwn7A5cw673ZLbmOBTGK4f8s+sbdfRd+9m0rSuetTFMKBHoEyHgInlb3U5DUzFnWOsjXjOgFPVdxPpEINdKfyCdDXHFYJDTWW0B4ekxTK3Rnj
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Nov 2017 21:17:42.0965
	(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 3c2cf931-7cec-465a-5285-08d5216dfd82
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR12MB0145
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

The command copies a plaintext into guest memory and encrypts it using
the VM encryption key. The command will be used for debug purposes
(e.g setting breakpoints through gdbserver)

Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář" <rkrcmar@redhat.com>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: x86@kernel.org
Cc: kvm@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 arch/x86/kvm/svm.c | 103 ++++++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 98 insertions(+), 5 deletions(-)

diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index adf4d80caee4..35840979627f 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -6109,6 +6109,83 @@ static int sev_dbg_decrypt_user(struct kvm *kvm, unsigned long paddr,
 	return ret;
 }
 
+static int __sev_dbg_encrypt_user(struct kvm *kvm, unsigned long paddr,
+				  unsigned long __user vaddr,
+				  unsigned long dst_paddr,
+				  unsigned long __user dst_vaddr,
+				  int size, int *error)
+{
+	struct page *src_tpage = NULL;
+	struct page *dst_tpage = NULL;
+	int ret, len = size;
+
+	/* If source buffer is not aligned then use an intermediate buffer */
+	if (!IS_ALIGNED(vaddr, 16)) {
+		src_tpage = alloc_page(GFP_KERNEL);
+		if (!src_tpage)
+			return -ENOMEM;
+
+		if (copy_from_user(page_address(src_tpage),
+				(void __user *)(uintptr_t)vaddr, size)) {
+			__free_page(src_tpage);
+			return -EFAULT;
+		}
+
+		paddr = __sme_page_pa(src_tpage);
+	}
+
+	/*
+	 *  If destination buffer or length is not aligned then do read-modify-write:
+	 *   - decrypt destination in an intermediate buffer
+	 *   - copy the source buffer in an intermediate buffer
+	 *   - use the intermediate buffer as source buffer
+	 */
+	if (!IS_ALIGNED(dst_vaddr, 16) || !IS_ALIGNED(size, 16)) {
+		int dst_offset;
+
+		dst_tpage = alloc_page(GFP_KERNEL);
+		if (!dst_tpage) {
+			ret = -ENOMEM;
+			goto e_free;
+		}
+
+		ret = __sev_dbg_decrypt(kvm, dst_paddr,
+					__sme_page_pa(dst_tpage), size, error);
+		if (ret)
+			goto e_free;
+
+		/*
+		 *  If source is kernel buffer then use memcpy() otherwise
+		 *  copy_from_user().
+		 */
+		dst_offset = dst_paddr & 15;
+
+		if (src_tpage)
+			memcpy(page_address(dst_tpage) + dst_offset,
+			       page_address(src_tpage), size);
+		else {
+			if (copy_from_user(page_address(dst_tpage) + dst_offset,
+					   (void __user *)(uintptr_t)vaddr, size)) {
+				ret = -EFAULT;
+				goto e_free;
+			}
+		}
+
+		paddr = __sme_page_pa(dst_tpage);
+		dst_paddr = round_down(dst_paddr, 16);
+		len = round_up(size, 16);
+	}
+
+	ret = __sev_issue_dbg_cmd(kvm, paddr, dst_paddr, len, error, true);
+
+e_free:
+	if (src_tpage)
+		__free_page(src_tpage);
+	if (dst_tpage)
+		__free_page(dst_tpage);
+	return ret;
+}
+
 static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec)
 {
 	unsigned long vaddr, vaddr_end, next_vaddr;
@@ -6161,11 +6238,19 @@ static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec)
 		d_off = dst_vaddr & ~PAGE_MASK;
 		len = min_t(size_t, (PAGE_SIZE - s_off), size);
 
-		ret = sev_dbg_decrypt_user(kvm,
-					   __sme_page_pa(src_p[0]) + s_off,
-					   dst_vaddr,
-					   __sme_page_pa(dst_p[0]) + d_off,
-					   len, &argp->error);
+		if (dec)
+			ret = sev_dbg_decrypt_user(kvm,
+						   __sme_page_pa(src_p[0]) + s_off,
+						   dst_vaddr,
+						   __sme_page_pa(dst_p[0]) + d_off,
+						   len, &argp->error);
+		else
+			ret = __sev_dbg_encrypt_user(kvm,
+						     __sme_page_pa(src_p[0]) + s_off,
+						     vaddr,
+						     __sme_page_pa(dst_p[0]) + d_off,
+						     dst_vaddr,
+						     len, &argp->error);
 
 		sev_unpin_memory(kvm, src_p, 1);
 		sev_unpin_memory(kvm, dst_p, 1);
@@ -6186,6 +6271,11 @@ static int sev_dbg_decrypt(struct kvm *kvm, struct kvm_sev_cmd *argp)
 	return sev_dbg_crypt(kvm, argp, true);
 }
 
+static int sev_dbg_encrypt(struct kvm *kvm, struct kvm_sev_cmd *argp)
+{
+	return sev_dbg_crypt(kvm, argp, false);
+}
+
 static int svm_mem_enc_op(struct kvm *kvm, void __user *argp)
 {
 	struct kvm_sev_cmd sev_cmd;
@@ -6221,6 +6311,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp)
 	case KVM_SEV_DBG_DECRYPT:
 		r = sev_dbg_decrypt(kvm, &sev_cmd);
 		break;
+	case KVM_SEV_DBG_ENCRYPT:
+		r = sev_dbg_encrypt(kvm, &sev_cmd);
+		break;
 	default:
 		r = -EINVAL;
 		goto out;