|
From: | Brijesh Singh |
Subject: | Re: [Qemu-devel] [PATCH v11 21/28] sev/i386: add debug encrypt and decrypt commands |
Date: | Wed, 7 Mar 2018 11:40:54 -0600 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 |
On 03/07/2018 11:27 AM, Dr. David Alan Gilbert wrote: [...]
+{ + SEVState *s = (SEVState *)handle; + + /* If policy does not allow debug then no need to register ops */ + if (s->policy & SEV_POLICY_NODBG) { + return; + }So what happens if someone tries to use a gdb or monitor command when policy didn't allow debug? Does it end up with an obvious error somehow?
In those cases caller will get encrypted bytes, leading to unintelligible data. It can sometime translate into obvious errors e.g caller tries to walk guest pagtable and it gets garbage and will have trouble dumping the pgtables etc. Many times qemu calls ldphys_* functions to access the data it may get tricky to report the errors.
-Brijesh
[Prev in Thread] | Current Thread | [Next in Thread] |