From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752486AbdJDNPh (ORCPT <rfc822;w@1wt.eu>);
        Wed, 4 Oct 2017 09:15:37 -0400
Received: from mail-cys01nam02on0059.outbound.protection.outlook.com ([104.47.37.59]:3808
        "EHLO NAM02-CY1-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1752167AbdJDNPb (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 4 Oct 2017 09:15:31 -0400
From: Brijesh Singh <brijesh.singh@amd.com>
To: x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Brijesh Singh <brijesh.singh@amd.com>,
        Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
        "H. Peter Anvin" <hpa@zytor.com>, Paolo Bonzini <pbonzini@redhat.com>,
        =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>,
        Joerg Roedel <joro@8bytes.org>, Borislav Petkov <bp@suse.de>,
        Tom Lendacky <thomas.lendacky@amd.com>
Subject: [Part2 PATCH v5 25/31] KVM: SVM: Add support for SEV DEBUG_ENCRYPT command
Date: Wed,  4 Oct 2017 08:14:06 -0500
Message-Id: <20171004131412.13038-26-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.9.5
In-Reply-To: <20171004131412.13038-1-brijesh.singh@amd.com>
References: <20171004131412.13038-1-brijesh.singh@amd.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: MWHPR2201CA0056.namprd22.prod.outlook.com (10.172.59.30) To
 SN1PR12MB0160.namprd12.prod.outlook.com (10.162.3.147)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 161f7ddf-508a-49b5-397e-08d50b29fa4f
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(2017030254152)(48565401081)(2017052603199)(201703131423075)(201703031133081)(201702281549075);SRVR:SN1PR12MB0160;
X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0160;3:+XZZXawNGFno2vkX5sy9QwwimC4ftuifbZXOn7W+T6T+vUyZzwU3eGwrrBrrTd/o+eJtQGD3OgWn6ePeY9OohGB5sC1K6F2dgdVGLoAe7qlp40jwEvssr2ia0RkdIXhKML9C2Nr9MpqZQ+68uPgDrmqXISNhKCmfsw4kMs5TMhvc4iEd6m4uM8w3yydVr65vGfjfdWDnrLh5rxsU0crGRJSFYJxm8nyug7RjtgimBTh7Lo1o6/+/d/AeDJ8MU9Fh;25:iov1SOPTnI0wVPodw4JtlXHYB68pEYmsp7sxOWziAeiPuMIQc44HU1jKqezRdsM2XEnBBMoLpWGtC5GkNtdOJSa9Efbww7a1yN7ZhGYb4ZQ7g+Zp4P6mqarSxSAaUVrVo0Dc0Y2Bggv/0eh1GzoHApBw+vbnYj21hmnpo20sf5yIbCq0WoIsHn97kXwIgRt/OzcZOwjhZIJS+vO+eSLUSpy+Nci34v7JUy68Xqlutrmkz1AhBWts2WiMwRhYacErxJaQ2bWMz/3rgtnkNQbcEuP5Z0p6CsLSnDip1xLDf321NblK++bjKhELn/LwtjLm9HY5hjlL9BObor1Fgrjlbw==;31:exPPpFI+ozazMWM6Ry7SSP0L7nR3aeWLcjUdoL/YU/H5HdALQXd1iZbIrBmqzrr4Zh1r1VYE+6ZB4+GOO2fsCJ5v5PudTzNlyBjpQ45Zd5HqBwGOZERBmCWz4uSbE2YRhKSJqvQ9t449RmXJ5GPm/gzGWddUz4+2ACBlD1dr1IUywDLY1pitnRE0HtGj7dKDiv1ulw4YQ59C4QJeHbiOElVx89mBuBbYZ71mxQ03qqY=
X-MS-TrafficTypeDiagnostic: SN1PR12MB0160:
X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0160;20:bwROQCfXX848+iI65sINa/duCZFgWUBrAatiUXNC/14JOV6rEQK4nhovQbExfA26vQWFESy2Gu5VdCTUQ96s3/gZO8k4YLPp7hvurtjzlrhKDH9XGmDloUP6GZO6Yll3nmiiSFDRqmUAjaKv4T2KILiv5H6wvi+2iDV4JmSom1UOHEjct9+3Ij7yVxjFDQOaG9lNif+57+jX/cLyqbCPfpPK6AApeS90lnF5ETsXLOCPF7DuIn7r5Q6FXdyAsdGy9WykNKgIAX42UpNCWkciHKtpCN36JZMbUN6I7GEBHcimC1s2hAXzmUQzIztieGfavVH24SrdKR/J5ysPPmXggVYFDZZRuF1zd0M6j0IGhrhKVknsbs6jU7crxt4PQiJrlCvq+ZaFM9XZSfPPR7DDc/HNZykH3Lx9qKgjiug/WUQNWx/kbhB8eQxs9sLS3NcnLdzkZG+q3KBmGe4CPKEluOAO0b/URVc1xRntry7f3onPJVwPSTxr08Fu+ShCTyO6;4:D3zejvE4pT/AsZF+7YtP7NiCz2+OsNxnxvi7x4PaWrOQ7/t73CmzIKAyGLFmApXj8voB83nFUIwqohLe02t5zkT06LoR1dDYwAVqC7MJSXgObNg4yP85Q6OXatXYd8q4Rm+Ghi1HmDv8R3sz7GTf4WLjVyEjB4uDyvJe2Nsi0de0b6h7ugMe+XFsl3MmBJPCh9ABt5eZWM3PKQkfISmMcAdoHoFjqYp1ya/xaa3qxB3z2Ka3gMB4IicDoyxv9HGQEQzMBRNHJFlxv/1UBQiEBkRab8ihgiwYbmRduQDBvEUSe/EykVvzcNNyPHqyD+LUPPMxsvGxhkVBFkxQ70onoA==
X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110);
X-Microsoft-Antispam-PRVS: <SN1PR12MB01603484BB6E1E1B5A5D09B8E5730@SN1PR12MB0160.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123562025)(20161123555025)(20161123560025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:SN1PR12MB0160;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:SN1PR12MB0160;
X-Forefront-PRVS: 0450A714CB
X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6009001)(39860400002)(346002)(376002)(199003)(189002)(97736004)(86362001)(23676002)(76176999)(53936002)(50986999)(1076002)(6116002)(3846002)(478600001)(36756003)(47776003)(101416001)(33646002)(6486002)(66066001)(189998001)(68736007)(105586002)(53416004)(50466002)(4326008)(54906003)(8936002)(305945005)(6666003)(2870700001)(81166006)(5660300001)(81156014)(25786009)(2906002)(8676002)(7736002)(2950100002)(7416002)(50226002)(106356001)(316002)(16526018);DIR:OUT;SFP:1101;SCL:1;SRVR:SN1PR12MB0160;H:ubuntu-010236106000.amd.com;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en;
Authentication-Results: spf=none (sender IP is )
 smtp.mailfrom=brijesh.singh@amd.com; 
X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjFQUjEyTUIwMTYwOzIzOlArbkkySEp0WlA1bTUzeFNvR25YWmZrNURr?=
 =?utf-8?B?TFR1V1FmRnpybVdSTDBIQ1pLZTRVNkEwRzN1dmlaU0lxZmk2MWlReCtUd1Y4?=
 =?utf-8?B?VlQ5VDJjd2pLRHFTZDA5N2JIdHlUa0VzbTNmL01iaTZUUmdXR0tKZlJ4bzZq?=
 =?utf-8?B?T2hmaWFXTDVhcm1nUmUra2RpWDZidkpRMUpONW8wVWtWenpjK0JoTG5TaVVF?=
 =?utf-8?B?c1JKSGg5K21xSG5UT0dtSXBPbzdnS2E3L2ZpNm5XUlhGejF1eGZRT25VWWlT?=
 =?utf-8?B?QVZ0cE85TWc0YkVZRnptVEswcjl0TWYzQTRLdXhPbWhzM1JPWE0va21SR0Jj?=
 =?utf-8?B?N0NaSjZiVzlwb2NORjNhM1Qwd2tTZFI1U3VZK1FId3YwT3VzKzFWT2FQZ0dY?=
 =?utf-8?B?bWR2a2U3ME5tOWVYYW5iQUNlbFZUb2JqbVcyem1rZG5yNDh2SHdzQWo0Nmhi?=
 =?utf-8?B?Vi9JQzJnYWg4U0RxcUo3ZlJuWms0aXV0Y0tCT2FiNTVtT0VGVndDOVhuZzc5?=
 =?utf-8?B?Mks1Wnc1VHdmU0VjZUVhMmRXSlljWGZQai9paUVPcDB1OEZSb3J5SWh6QVhC?=
 =?utf-8?B?Q3AyYnZMUHllSHlOeGd5UzNPZEovU0lzM0tKbk5FR3RHL0d0UDJkUTN1RjV1?=
 =?utf-8?B?aXhOU2w0d0RIdlBmNld2dWlNYlRQbnJjUUg1WFFTa21lakVsS2N6dnpNMXhW?=
 =?utf-8?B?NnRValc4b3BUVnFKblp6Y2JiamZ2QlZtdkZPdjd2VThwYnlqQWdvelBRRnR0?=
 =?utf-8?B?dnNMTUlXdEdWbGpHOU9nS2c1dTc3STF1YmVBaCtRNEJoZlJOVlBIV1dZWmpv?=
 =?utf-8?B?MHBGdUZySmd3bEJURURsTmw2ZlBDZnNQSmU1VDdrdUpnbDRSWFhyaDN4VHNS?=
 =?utf-8?B?cERDRzYvRzZmOVpMRWNSNUR5UWlKczlVdFlLVHg5WG5qYVBZYlVlcTJxR24r?=
 =?utf-8?B?QVNzMDBEOENFUTZTMzZaVzJpYmZhUzhkSlQ4YnExeWQ2YVczSmxCeUV1OVZV?=
 =?utf-8?B?U2dBaHdpTG5aNjFPZFlrRzBhdjBscUZFSVgyUzdEME9iQTcxQSs0ck50YmJm?=
 =?utf-8?B?QkdLdll3T0kraTFhWG9HdU1OaGRoZGpVSWNjU05JK3VyQWpBK25jSmsvcVN5?=
 =?utf-8?B?VC9FdEMwVXdFTkc4RUlaUEJ6Yi9kck9nQkZDb1lvT0VBcXRBZzhkaDlwVWFx?=
 =?utf-8?B?VUswc1dHc3RkRHZqVmErRmtrRS9XQUU5TkQvMXBacWo0VnVSNllDNlZkSTJj?=
 =?utf-8?B?T1FZMXRPNTBBcmFoVWJBNTJkM1RqNnJ2VUsxdDJRNlhQdzdUdFJNUytVMysz?=
 =?utf-8?B?dUtiSlRkRnM1WUI3N05IcVprbEl1TEpsUmt2Z09oYWlhWlNDaEVVRXpZTkVv?=
 =?utf-8?B?aEZCZjA4b3BRSmZJcjRob2xOTTI3OURYRkZzV1NhUXJ0M2pkS0NBRmZKLzhT?=
 =?utf-8?Q?YUkq1D8SsbZdxbpWDrUhqcnHZVj?=
X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0160;6:nfYpLKM2F/zoocMBy6pMNdts2QOBlqbLMUAcRgytEJcgU/bkvT2bYuoZTh9DUoqNNsCsSC2o1Pdp/pCcvB4Egs3MI579oZnBSboWLLi2cPzvRGwzVt3cklDdEgO+q0oxQSzR5x3ofu41X5lM3+ISVC4o+OMUlrLbhTAIRLU1d13jjC20b+Njurr5P8Ao+RqyX1Z514R3JcBdbRRvqfGn2Yj61CLlNgYPYgrH7+ZXNBg7slUkJzrj9O6NQjWIvBWy8keitUJgJ4XGj6M+H86haFwsFEOiwCTesgWfw/piRe29dRjwsuAV1GXK2Y0weLPxhsTxoOPU7F9csGytAl5nNQ==;5:LE2vmuEw7G6nA+x6F7L1qdrdzEBfsp2MBa1YfJqhaodHrEMt/OePCs600iAMk6IssDP8OR5e/zRz1ZzTb/0Y2HJCB5iKm/MRAP2f+b6m+yRhJti7ClUh/A+5R/zrXT+GU8YWIULu4w4uRywvPAmK/A==;24:6l/pocURXExDZy/ovzJXegI1XE7j7ufS4/JV0XSYm1w3drn0NeoBtHrbBNS68BWQxM2NjplW/kSXa8aiKY+S7vsjEGHrn5gBBJUW6q0yHaI=;7:fwVtTJTFYbFygWSsrtKguNHbiHgtOyTU1fnLPSfO5j5+/6pKI6dtUyqySSHKrPAN8OpcuYklgJRHPI9nYlEEQNPR3Lqc2VwIkhmQKPAXxtWek7wdLZloj0k7xWOg4mg8SnaUX+A9UfS/JxjkSZWPRXV7Rnsn8m6e6clcXrRJOcezFBfv+Xig1bHCM1bBNX8DQabHws9xG2gHR6NirieRmCtq3UQ2tPgHfEstF19LZ3Y=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0160;20:p25hM3BS8WMjhQq7tEs9YP+u/mPRVUaOplJznAtFFOR3wHfLeejsgTtpiWsiCuaAC5i5nKkI/6x1wA2iCBOF7gdEuuWvi+t9h3zq8kFJzZCg5Plu/zIfuPxOX5ZIA7yNgRJlNgS7iv1baQ1W+VN1ed+FRNRtYPkInDfLzKVXyYeJukNqkE8Y7mjclopaHby39KNIBJnyGJsmgXmyYXPFhKcTbJo51w8qnP44Pp+TEe1jNevobLNDcMmRp8OShvUm
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Oct 2017 13:15:24.7916 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0160
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The command copies a plaintext into guest memory and encrypts it using
the VM encryption key. The command will be used for debug purposes
(e.g setting breakpoints through gdbserver)

Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář" <rkrcmar@redhat.com>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: x86@kernel.org
Cc: kvm@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 arch/x86/kvm/svm.c | 120 ++++++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 115 insertions(+), 5 deletions(-)

diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 373f6c34e006..2aa50b220163 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -6212,6 +6212,99 @@ static int __sev_dbg_decrypt(struct kvm *kvm, unsigned long paddr,
 	return ret;
 }
 
+static int __sev_dbg_encrypt(struct kvm *kvm, unsigned long __user vaddr,
+			     unsigned long paddr, unsigned long __user dst_vaddr,
+			     unsigned long dst_paddr, int size, int *error)
+{
+	struct page *src_tpage = NULL;
+	struct page *dst_tpage = NULL;
+	int ret, len = size;
+
+	/*
+	 *  If source buffer is not 16-byte aligned then we copy the data from
+	 *  source buffer into a PAGE aligned intermediate (src_tpage) buffer
+	 *  and use this intermediate buffer as source buffer.
+	 */
+	if (!IS_ALIGNED(vaddr, 16)) {
+		src_tpage = alloc_page(GFP_KERNEL);
+		if (!src_tpage)
+			return -ENOMEM;
+
+		if (copy_from_user(page_address(src_tpage),
+			(void __user *)(uintptr_t)vaddr, size)) {
+			__free_page(src_tpage);
+			return -EFAULT;
+		}
+		paddr = __sme_page_pa(src_tpage);
+
+		clflush_cache_range(page_address(src_tpage), PAGE_SIZE);
+	}
+
+	/*
+	 *  If destination buffer or length is not 16-byte aligned then:
+	 *   - decrypt portion of destination buffer into intermediate buffer
+	 *     (dst_tpage)
+	 *   - copy the source data into intermediate buffer
+	 *   - use the intermediate buffer as source buffer
+	 */
+	if (!IS_ALIGNED(dst_vaddr, 16) ||
+	    !IS_ALIGNED(size, 16)) {
+		int dst_offset;
+
+		dst_tpage = alloc_page(GFP_KERNEL);
+		if (!dst_tpage) {
+			ret = -ENOMEM;
+			goto e_free;
+		}
+
+		/* decrypt destination buffer into intermediate buffer */
+		ret = __sev_dbg_decrypt(kvm,
+					round_down(dst_paddr, 16),
+					0,
+					(unsigned long)page_address(dst_tpage),
+					__sme_page_pa(dst_tpage),
+					round_up(size, 16),
+					error);
+		if (ret)
+			goto e_free;
+
+		dst_offset = dst_paddr & 15;
+
+		/*
+		 * modify the intermediate buffer with data from source buffer.
+		 */
+		if (src_tpage)
+			memcpy(page_address(dst_tpage) + dst_offset,
+			       page_address(src_tpage), size);
+		else {
+			if (copy_from_user(page_address(dst_tpage) + dst_offset,
+					   (void __user *)(uintptr_t)vaddr, size)) {
+				ret = -EFAULT;
+				goto e_free;
+			}
+		}
+
+
+		/* use intermediate buffer as source */
+		paddr = __sme_page_pa(dst_tpage);
+
+		clflush_cache_range(page_address(dst_tpage), PAGE_SIZE);
+
+		/* now we have length and destination buffer aligned */
+		dst_paddr = round_down(dst_paddr, 16);
+		len = round_up(size, 16);
+	}
+
+	ret = __sev_issue_dbg_cmd(kvm, paddr, dst_paddr, len, error, true);
+
+e_free:
+	if (src_tpage)
+		__free_page(src_tpage);
+	if (dst_tpage)
+		__free_page(dst_tpage);
+	return ret;
+}
+
 static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec)
 {
 	unsigned long vaddr, vaddr_end, next_vaddr;
@@ -6265,11 +6358,19 @@ static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec)
 		d_off = dst_vaddr & ~PAGE_MASK;
 		len = min_t(size_t, (PAGE_SIZE - s_off), size);
 
-		ret = __sev_dbg_decrypt(kvm,
-				       __sme_page_pa(src_p[0]) + s_off,
-				       dst_vaddr, 0,
-				       __sme_page_pa(dst_p[0]) + d_off,
-				       len, &argp->error);
+		if (dec)
+			ret = __sev_dbg_decrypt(kvm,
+						__sme_page_pa(src_p[0]) + s_off,
+						dst_vaddr, 0,
+						__sme_page_pa(dst_p[0]) + d_off,
+						len, &argp->error);
+		else
+			ret = __sev_dbg_encrypt(kvm,
+						vaddr,
+						__sme_page_pa(src_p[0]) + s_off,
+						dst_vaddr,
+						__sme_page_pa(dst_p[0]) + d_off,
+						len, &argp->error);
 
 		sev_unpin_memory(kvm, src_p, 1);
 		sev_unpin_memory(kvm, dst_p, 1);
@@ -6290,6 +6391,11 @@ static int sev_dbg_decrypt(struct kvm *kvm, struct kvm_sev_cmd *argp)
 	return sev_dbg_crypt(kvm, argp, true);
 }
 
+static int sev_dbg_encrypt(struct kvm *kvm, struct kvm_sev_cmd *argp)
+{
+	return sev_dbg_crypt(kvm, argp, false);
+}
+
 static int svm_mem_enc_op(struct kvm *kvm, void __user *argp)
 {
 	struct kvm_sev_cmd sev_cmd;
@@ -6332,6 +6438,10 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp)
 		r = sev_dbg_decrypt(kvm, &sev_cmd);
 		break;
 	}
+	case KVM_SEV_DBG_ENCRYPT: {
+		r = sev_dbg_encrypt(kvm, &sev_cmd);
+		break;
+	}
 	default:
 		break;
 	}
-- 
2.9.5