From patchwork Mon Nov 6 18:15:25 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10044067 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 0F55A60247 for ; Mon, 6 Nov 2017 18:19:17 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 063C527CEA for ; Mon, 6 Nov 2017 18:19:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EE0F729F0C; Mon, 6 Nov 2017 18:19:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2C8F729E2A for ; Mon, 6 Nov 2017 18:19:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754604AbdKFSRt (ORCPT ); Mon, 6 Nov 2017 13:17:49 -0500 Received: from mail-by2nam01on0082.outbound.protection.outlook.com ([104.47.34.82]:58805 "EHLO NAM01-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932881AbdKFSPr (ORCPT ); Mon, 6 Nov 2017 13:15:47 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=3rFzLCWET2V1q9rQ8q5jx0f72xdZ360PLKQmECzSemk=; b=3Pzj8Bm49xEHlJluiVqfKiRGrHomuR7LlQZCSNjEVl2i2F2jVQJ3HP+Wy6wE57KIaMi8AWQuHunmvPwqt9hQYWLf+wWYCfvKrZslMUpXQLC6hLRgVSM822eZal9HwJiyKEEijYAnBKLRhikZvh1iXY8LDkeo6ce6v35q0oQAGik= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0157.namprd12.prod.outlook.com (10.162.3.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Mon, 6 Nov 2017 18:15:41 +0000 From: Brijesh Singh To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: bp@alien8.de, Brijesh Singh , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Joerg Roedel , Borislav Petkov , Tom Lendacky , x86@kernel.org Subject: [Part2 PATCH v8 33/38] KVM: SVM: Add support for SEV DEBUG_ENCRYPT command Date: Mon, 6 Nov 2017 12:15:25 -0600 Message-Id: <20171106181530.68894-4-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171106181530.68894-1-brijesh.singh@amd.com> References: <20171106181530.68894-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: SN4PR0601CA0012.namprd06.prod.outlook.com (10.162.115.150) To SN1PR12MB0157.namprd12.prod.outlook.com (10.162.3.144) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 93ae1310-36eb-4231-7f52-08d52542643c X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603249); SRVR:SN1PR12MB0157; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 3:ItuoyxVbk5C2Hyu3aVnetdsfDP3bZChcU+hylonqcwWyIALm60+T86EuqrxdG71mR4cDVwNpb+JQVN5JaFMXI9yU3GibkOBUG3ZLms4QYRAcefqRqwVu8/ZkyGE+lv0Pj0vPbdQiBPBCGL0v+24ggRNIKRod9UUFjD/T8w76LB8VfnqXhCajKaE82XoednB+N9eyOgoKmTvwQVx0NZ8Jflx93M84YVqT66zyXjHixTATKES+WH9zK1RfqwUIdMsy; 25:r8v7+uZ9uN/MmTItbAVH3CTqbd66NYNb92MbkyF0CVMXOw5UxgDVSv4FKHHIoC3RoWRVXCgdG2Baq0dHPjwflm/sqqeNM8QJC4I7M1YwVWFw99c//s20z6JX07KT7zelnnQlQFvAVDeS+XyQQxPnwh5G8g6LtmwMopUH9nENem198Ow3oUowTjMcQIyQ4fG3xKIP/0EXhTU8wE10YaGRQTfO899i10ktZEqA5IA4XJkbzicbsQyQCWiLqgDixQSamydu8brE81MOX4YO+7nmveeeKcsFU7IzRl20WRe6vVAwftFZ8BGW3bot8TX5EqC42bEfxcZOoA/xNATp9k6n6A==; 31:6WTH3W7PyHvlHznU1x1bczhVmpo+lenot0VzilRBJZpcQGwY7sYFjeD6DZSBK8zLGkFZBAfLqsWDGrUR0qt2quI9q/nSjxPjpClTI+1zO8ONHizwwVCxhTChOlu7K9iG5SJq0lrZJj6WEH9LN3iPxVOBPd7cY1KR+2JWAHYi5HxN51/ND0GaPm0CEBl6YToMEgA6rD5+dgQF0iL3lJp1j0BUKZb2bBLHs7i1HWJz6Ww= X-MS-TrafficTypeDiagnostic: SN1PR12MB0157: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 20:00XD/hbxApyXlNJ/OGAxz0IKbbKLoccSX2MvOlihoJM+6VjR08ChPBFtxPs/ZBZ+WWHrHJagB04pTu+3HG+YW3qBteDt67RF9lR8f0Y6elyao9Ci0jiXDxQO/Izt3Wc2ptZuTgADrtuhev82Wam79nF6evtA1xe60JlPQXIUmpb+WMrlVGAuqqdrQKb2/pBLLRjNkPl4WsD+Tvj4ReYsisZI20/ebw4b3LesRrYqgRCo1hbCYX3YfTtE2WVAjCn1Sc/PQ5E0W2j/+NYOHhbyCl+o7tVvx881ntk+PkG+BmnFy4M+y9idkDBuHSL41QLdi6VgDul8oPShKPlF/x8eayZGugOye+Odtpt2832GjiesrQzebBXUTwsgN/IHH9iIeVFOBvSXTy2wvN1njNxAdOH/mPs4WMDZT0JnJNRq+zhCGsgHzYUgMNW3SLf8xaSfYFEqj/p2YBn8WGwqimUyVPANkSc1XkWH4EiH7neA0cx5mAIJGY0cS7sILXbtOa9U; 4:BRnnhcViP2kM2T/p6pR+JlYvPAkI4J+LHDT+y/vKb9bqEtdm6s3ECJMpo3jRW6SNQmjNjzAmc/Ud82bVlv9+BrtJtE85WkB3VgyiJdVjp6mwO7CsPDgBQN6ihHNHwec1E6M+VGD2jtjUxnYfQJEaw5PvRpSh97Ni+j5B/e5rjVNcnJXYNWAv8jbcUJ8/viEp2i9cDdsqcUp1pvgBadREsVHffz+0ep0zFk0XD98K3ljP88y7Awev22YYAjNbNN9WJ4KiUvn3l29Frwe9bv8FNPLHU67GeaSaMfFHrfaCpcSTpmgrLmbFuOrFBkdlZSh4Ez1/5UZ0PYXjsGW7HXKT6w== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(93006095)(93001095)(3231021)(10201501046)(3002001)(6055026)(6041248)(20161123564025)(20161123560025)(20161123555025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:SN1PR12MB0157; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:SN1PR12MB0157; X-Forefront-PRVS: 048396AFA0 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(346002)(39860400002)(199003)(189002)(25786009)(1076002)(3846002)(6116002)(316002)(305945005)(50466002)(2870700001)(86362001)(50226002)(4326008)(23676003)(54906003)(50986999)(2906002)(76176999)(97736004)(53416004)(101416001)(7736002)(68736007)(16526018)(478600001)(53936002)(8936002)(5660300001)(6486002)(33646002)(106356001)(105586002)(7416002)(6666003)(36756003)(189998001)(2950100002)(81166006)(66066001)(47776003)(8676002)(81156014); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0157; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjFQUjEyTUIwMTU3OzIzOiszakZJYXMrRVB0MG4wbXFJUTJ3V3Z2UCt1?= =?utf-8?B?K3Y3eWVYN3dRTld2LzFMVVk3Q3FxYXdCWjYyWS9ZdFQrenJvQjUrN0tqS0p1?= =?utf-8?B?Q2dwNXFWWlF1dXZpTUUwTEdIM0lWSHhaNG5wUDBRWm91MkhkOVVBazgxNmM3?= =?utf-8?B?Q0NVZDZZWVBZSWRKWWp6VEpWRWpZMFhIZE8xVmNvYnZDTFFDQzZmM1QzUlZX?= =?utf-8?B?aGp0MG1JemJNVEh4eGFmNFBZZW5UYTJHeVBtMVByMGZLWGV2Sm9mRzIxellQ?= =?utf-8?B?NVo0aVlzR2lDRFQrWDBUTFpobWlzbmdFeWRTUkhaTzNSNnB3YkhVaDA5dWlK?= =?utf-8?B?TUVKNjczcUI5ZlYzbjZOTFFUNTdNVzNRcDlmQVdhZWNqalZOR09PTWY0MTlO?= =?utf-8?B?eEdNSjY0VEp4QUxkNTI5L25DNFBqY1NMQ0pKWmZjQ0RlWTBwajJEL25Cek84?= =?utf-8?B?MzNpbC91RmMxd2YzVVRSckNxUXg5ZHJKaVF2U0hGZS9GVi9aK2g5M2czcW0y?= =?utf-8?B?NCthc0REcHJLUDZ6eTQ1OUMvZ3NmeUYxdGlzcDNnU05LbkQrSTRlYlR4Nlla?= =?utf-8?B?ajdsUTN6YWk5T2hCOVdzaGFkRGxOQzBJeUxRU0FsaW85Z0xYK0hxeTBKVlZF?= =?utf-8?B?MVhYMVJiczdKWE9XRXZrOG95bnZleUxoaFk2UDlyYytRTlI2VzBkQ3ZzN0w2?= =?utf-8?B?OFdNSE1WaUhmcmtBRnNwSnFGZWtvdXFJTWRNUEpDb0tDb015NVJLdEN3OGhZ?= =?utf-8?B?aFVRSDRoZ2hKalFIYnFTblRoTWJpS28yRnFmNjl3NkwrVlAzanIzZzBtOUxZ?= =?utf-8?B?bWQwbVZLeGxkeVlOWTBKZHQ4a1Zmd0E3UEZTc1p5akZzdjhMQXoydG81R2Uz?= =?utf-8?B?di8xQnhTRWZobHBZdmNEVldVT2s1UG4wNlY3OGJJTDVOenkva2xYT2RxaXNJ?= =?utf-8?B?bVUwQ3YweWl1dDJjOWora2NDRVVJUTljNk9ycFU5MmVjcndjeUptc3NTTmll?= =?utf-8?B?WTZvUzJONDBOcEVuVEduZGJpTEc1d0hqR01nT3RPTGI0YW80cGpUMXRoRGhj?= =?utf-8?B?QlpjVTFkQUpIbGhTdk1NcDJWS0JEVDVhWFpkR1A1VktOaDdTZ3ZVOW42d3ZQ?= =?utf-8?B?S1RZSzVvYW9rdVlxTXp5bE5aT0VuV1hpUkZGeVJOcWR1ZkVEeTcrTHIyOXF6?= =?utf-8?B?VEFWL0NOVk1IVEJmN0gzY1ExYXpnK2RBWnA1OHQ2U29XTUZLSFUrMy9kYTJo?= =?utf-8?B?UEtxV2hCempUN2JwYWVMUldhamRhMFNwUFhyZml5QlpiTnAxWSsyWnl4SHl5?= =?utf-8?B?cG92TFl2RkJTZlRVUDhrSGlJQlpCNnhkd2JkZmhXcmx6WDJUWW4ydGY2anNj?= =?utf-8?B?Q3ZpcVpGNnE1VTdPazl4em1ySTdxbEFDTWtjRG96VkR4ekJsWklhenQ2MUlL?= =?utf-8?Q?scLp+dk2EfYlyEuRXi2Xn2g3X/F?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 6:NVFh+q/k9B3vfCenlX1tGVsZge9kU91UlUJbUdzIUFiwLiMr7JMYYFJR1mwqDO2r6Fs0T5uAdJj0WNsvI9u+zmPKARkfm2IrDx4TCNzF1Fts6hn9ZTXITxC/ocFX/PmhN2zpVjNw+YVsPukegbe48sj/OsQhzglQwV6/zp8FISFcNZQ1CLdn3IlgPOZ7rt/22WPMg4KnxyeKXPx0GJPV2neaXQpJ13/pH4j7m+2v6bxmVlXETOep/4OA4poyd+OwpSfgR+G5tcP8c7UZ0NWp8OnsjcyUIFhX444dYjiGjIk0Hl7XTqu4mV/IhBXFd4bcEMmr8X/B0jpGcg0NpTa3JNHbdjSbN0cqedHtpTBR8OI=; 5:LA2AEVfXTSC64cUc/FVrnKF71UQnQ8MPE4cwqj0gUHanFPkagNotpH5ZMVn3HCgnFEL2LxYFLggYWzHXB0ZIAJbxHJPY0/qW9/V0KyL9zzRHb0wAeRft0H2fzs7HSg0zvU2xAlBR4c2LBC/goP44IYCjaLLsOtkwkW/UXapOLZU=; 24:lha2EIOssR3egI4nPGZiHQ6h/h39qHi6Qu5hYqVdM9PgoVhIw/gYHZ18pWh7PCkE5BCKOvCxYgHaCjub5ICyOTNtVzVpm10/FgFygdh/BHo=; 7:j9TpAFXhzsbbp4vJt6eM+YF+0h1hRn/JHSaGtnY/aQ6WBcwbd7vbkvbFJYw9nmnLLfwD2D/BvzPZnMXLVz/P321lNVGbgwdUBlNvxey+dFfbCQmG/u9oYAYVu7mZRpH1EUIVwhiOWWhfv6aNDYh5HGX+EA3fPzkhdB9qfLmueiVM7BU2IHpUF40wPSPzCkQcd4v1xrOxEOG9tQjCdtePXS9dw3HNBknmsX3gH1DCVtKQ5YJ4yY4W28mKrniH0Umm SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 20:Z3+QnenEP7yx8/DocRHCumGauzVSGrJA4M57BtMQ7ylV/ddAi0l3KoqVdy4DhtA5E2gsOmzs498MR7T3QoQYe6UPfqf68Ef4cfqyy+BemRw8tSUYV1yO9zMznjTLEYHCwPMnUvxl5g9lRa/UZNPKxQaUwb+AmqKw54WsaMi7Z9QdhHEQkUW3kVhFkjjQiJqmFGrqrleMapjBzhEWzv8U+lKGmqoQ+JS35eaaP0J/pc5EQ6v5Qaqnee8ckR6N+ZiQ X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Nov 2017 18:15:41.8486 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 93ae1310-36eb-4231-7f52-08d52542643c X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0157 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The command copies a plaintext into guest memory and encrypts it using the VM encryption key. The command will be used for debug purposes (e.g setting breakpoints through gdbserver) Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 98 +++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 93 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 55adcd35cdd2..3e7c7dc72c2d 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -6200,6 +6200,83 @@ static int __sev_dbg_decrypt_user(struct kvm *kvm, unsigned long paddr, return ret; } +static int __sev_dbg_encrypt_user(struct kvm *kvm, unsigned long paddr, + unsigned long __user vaddr, + unsigned long dst_paddr, + unsigned long __user dst_vaddr, + int size, int *error) +{ + struct page *src_tpage = NULL; + struct page *dst_tpage = NULL; + int ret, len = size; + + /* If source buffer is not aligned then use an intermediate buffer */ + if (!IS_ALIGNED(vaddr, 16)) { + src_tpage = alloc_page(GFP_KERNEL); + if (!src_tpage) + return -ENOMEM; + + if (copy_from_user(page_address(src_tpage), + (void __user *)(uintptr_t)vaddr, size)) { + __free_page(src_tpage); + return -EFAULT; + } + + paddr = __sme_page_pa(src_tpage); + } + + /* + * If destination buffer or length is not aligned then do read-modify-write: + * - decrypt destination in an intermediate buffer + * - copy the source buffer in an intermediate buffer + * - use the intermediate buffer as source buffer + */ + if (!IS_ALIGNED(dst_vaddr, 16) || !IS_ALIGNED(size, 16)) { + int dst_offset; + + dst_tpage = alloc_page(GFP_KERNEL); + if (!dst_tpage) { + ret = -ENOMEM; + goto e_free; + } + + ret = __sev_dbg_decrypt(kvm, dst_paddr, + __sme_page_pa(dst_tpage), size, error); + if (ret) + goto e_free; + + /* + * If source is kernel buffer then use memcpy() otherwise + * copy_from_user(). + */ + dst_offset = dst_paddr & 15; + + if (src_tpage) + memcpy(page_address(dst_tpage) + dst_offset, + page_address(src_tpage), size); + else { + if (copy_from_user(page_address(dst_tpage) + dst_offset, + (void __user *)(uintptr_t)vaddr, size)) { + ret = -EFAULT; + goto e_free; + } + } + + paddr = __sme_page_pa(dst_tpage); + dst_paddr = round_down(dst_paddr, 16); + len = round_up(size, 16); + } + + ret = __sev_issue_dbg_cmd(kvm, paddr, dst_paddr, len, error, true); + +e_free: + if (src_tpage) + __free_page(src_tpage); + if (dst_tpage) + __free_page(dst_tpage); + return ret; +} + static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec) { unsigned long vaddr, vaddr_end, next_vaddr; @@ -6252,11 +6329,19 @@ static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec) d_off = dst_vaddr & ~PAGE_MASK; len = min_t(size_t, (PAGE_SIZE - s_off), size); - ret = __sev_dbg_decrypt_user(kvm, - __sme_page_pa(src_p[0]) + s_off, - dst_vaddr, - __sme_page_pa(dst_p[0]) + d_off, - len, &argp->error); + if (dec) + ret = __sev_dbg_decrypt_user(kvm, + __sme_page_pa(src_p[0]) + s_off, + dst_vaddr, + __sme_page_pa(dst_p[0]) + d_off, + len, &argp->error); + else + ret = __sev_dbg_encrypt_user(kvm, + __sme_page_pa(src_p[0]) + s_off, + vaddr, + __sme_page_pa(dst_p[0]) + d_off, + dst_vaddr, + len, &argp->error); sev_unpin_memory(kvm, src_p, 1); sev_unpin_memory(kvm, dst_p, 1); @@ -6307,6 +6392,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_DBG_DECRYPT: r = sev_dbg_crypt(kvm, &sev_cmd, true); break; + case KVM_SEV_DBG_ENCRYPT: + r = sev_dbg_crypt(kvm, &sev_cmd, false); + break; default: r = -EINVAL; goto out;