Re: [Qemu-devel] [PATCH v11 21/28] sev/i386: add debug encrypt and decry

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v11 21/28] sev/i386: add debug encrypt and decry

From:	Brijesh Singh
Subject:	Re: [Qemu-devel] [PATCH v11 21/28] sev/i386: add debug encrypt and decrypt commands
Date:	Wed, 7 Mar 2018 11:40:54 -0600
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0



On 03/07/2018 11:27 AM, Dr. David Alan Gilbert wrote:

[...]

+{
+    SEVState *s = (SEVState *)handle;
+
+    /* If policy does not allow debug then no need to register ops */
+    if (s->policy & SEV_POLICY_NODBG) {
+        return;
+    }


So what happens if someone tries to use a gdb or monitor command when
policy didn't allow debug?  Does it end up with an obvious error
somehow?

In those cases caller will get encrypted bytes, leading tounintelligible data. It can sometime translate into obvious errors e.gcaller tries to walk guest pagtable and it gets garbage and will havetrouble dumping the pgtables etc. Many times qemu calls ldphys_*functions to access the data it may get tricky to report the errors.



-Brijesh

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH v11 19/28] sev/i386: finalize the SEV guest launch flow, (continued)
- [Qemu-devel] [PATCH v11 19/28] sev/i386: finalize the SEV guest launch flow, Brijesh Singh, 2018/03/07
- [Qemu-devel] [PATCH v11 16/28] sev/i386: add command to encrypt guest memory region, Brijesh Singh, 2018/03/07
- [Qemu-devel] [PATCH v11 18/28] sev/i386: add support to LAUNCH_MEASURE command, Brijesh Singh, 2018/03/07
- [Qemu-devel] [PATCH v11 23/28] qmp: add query-sev-launch-measure command, Brijesh Singh, 2018/03/07
- [Qemu-devel] [PATCH v11 11/28] sev/i386: add command to initialize the memory encryption context, Brijesh Singh, 2018/03/07
- [Qemu-devel] [PATCH v11 14/28] hmp: add 'info sev' command, Brijesh Singh, 2018/03/07
- [Qemu-devel] [PATCH v11 13/28] kvm: introduce memory encryption APIs, Brijesh Singh, 2018/03/07
- [Qemu-devel] [PATCH v11 17/28] target/i386: encrypt bios rom, Brijesh Singh, 2018/03/07
- [Qemu-devel] [PATCH v11 21/28] sev/i386: add debug encrypt and decrypt commands, Brijesh Singh, 2018/03/07
  - Re: [Qemu-devel] [PATCH v11 21/28] sev/i386: add debug encrypt and decrypt commands, Dr. David Alan Gilbert, 2018/03/07
    - Re: [Qemu-devel] [PATCH v11 21/28] sev/i386: add debug encrypt and decrypt commands, Brijesh Singh <=
    - Re: [Qemu-devel] [PATCH v11 21/28] sev/i386: add debug encrypt and decrypt commands, Dr. David Alan Gilbert, 2018/03/07
    - Re: [Qemu-devel] [PATCH v11 21/28] sev/i386: add debug encrypt and decrypt commands, Brijesh Singh, 2018/03/07
    - Re: [Qemu-devel] [PATCH v11 21/28] sev/i386: add debug encrypt and decrypt commands, Dr. David Alan Gilbert, 2018/03/07
- [Qemu-devel] [PATCH v11 25/28] cpu/i386: populate CPUID 0x8000_001F when SEV is active, Brijesh Singh, 2018/03/07
- [Qemu-devel] [PATCH v11 22/28] target/i386: clear C-bit when walking SEV guest page table, Brijesh Singh, 2018/03/07
- [Qemu-devel] [PATCH v11 26/28] qmp: add query-sev-capabilities command, Brijesh Singh, 2018/03/07
- [Qemu-devel] [PATCH v11 27/28] sev/i386: add sev_get_capabilities(), Brijesh Singh, 2018/03/07
- [Qemu-devel] [PATCH v11 24/28] sev/i386: add migration blocker, Brijesh Singh, 2018/03/07
- [Qemu-devel] [PATCH v11 28/28] tests/qmp-test: blacklist sev specific qmp commands, Brijesh Singh, 2018/03/07
- Re: [Qemu-devel] [PATCH v11 00/28] x86: Secure Encrypted Virtualization (AMD), no-reply, 2018/03/07

Prev by Date: Re: [Qemu-devel] [PATCH v1 00/22] Spec conformance bug fixes and cleanups
Next by Date: Re: [Qemu-devel] [PATCH v5 05/11] linux-user: fix mmap/munmap/mprotect/mremap/shmat
Previous by thread: Re: [Qemu-devel] [PATCH v11 21/28] sev/i386: add debug encrypt and decrypt commands
Next by thread: Re: [Qemu-devel] [PATCH v11 21/28] sev/i386: add debug encrypt and decrypt commands
Index(es):
- Date
- Thread