Re: [PATCH v2 1/2] x86: only modify setup_data if the boot protocol indicates safety

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Michael S. Tsirkin" via <qemu-devel@nongnu.org>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: CAHmME9prkBV6WkbXrKWTFzZbeAsGHLZqqps3ieChj6ZF9S_v7A@mail.gmail.com,
	"Gerd Hoffmann" <kraxel@redhat.com>,
	"Laurent Vivier" <laurent@vivier.eu>,
	"Paolo Bonzini" <pbonzini@redhat.com>,
	"Peter Maydell" <peter.maydell@linaro.org>,
	"Philippe Mathieu-Daudé" <f4bug@amsat.org>,
	"Richard Henderson" <richard.henderson@linaro.org>,
	"Ard Biesheuvel" <ardb@kernel.org>
Subject: Re: [PATCH v2 1/2] x86: only modify setup_data if the boot protocol indicates safety
Date: Tue, 6 Sep 2022 06:40:48 -0400	[thread overview]
Message-ID: <20220906063954-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <20220906103657.282785-1-Jason@zx2c4.com>

On Tue, Sep 06, 2022 at 12:36:56PM +0200, Jason A. Donenfeld wrote:
> It's only safe to modify the setup_data pointer on newer kernels where
> the EFI stub loader will ignore it. So condition setting that offset on
> the newer boot protocol version. While we're at it, gate this on SEV too.
> This depends on the kernel commit linked below going upstream.
> 
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Laurent Vivier <laurent@vivier.eu>
> Cc: Michael S. Tsirkin <mst@redhat.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Peter Maydell <peter.maydell@linaro.org>
> Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
> Cc: Richard Henderson <richard.henderson@linaro.org>
> Cc: Ard Biesheuvel <ardb@kernel.org>
> Link: https://lore.kernel.org/linux-efi/20220904165321.1140894-1-Jason@zx2c4.com/
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

BTW what does it have to do with SEV?
Is this because SEV is not going to trust the data to be random anyway?

> ---
>  hw/i386/x86.c | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/i386/x86.c b/hw/i386/x86.c
> index 050eedc0c8..fddc20df03 100644
> --- a/hw/i386/x86.c
> +++ b/hw/i386/x86.c
> @@ -1088,8 +1088,15 @@ void x86_load_linux(X86MachineState *x86ms,
>          qemu_guest_getrandom_nofail(setup_data->data, RNG_SEED_LENGTH);
>      }
>  
> -    /* Offset 0x250 is a pointer to the first setup_data link. */
> -    stq_p(header + 0x250, first_setup_data);
> +    /*
> +     * Only modify the header if doing so won't crash EFI boot, which is the
> +     * case only for newer boot protocols, and don't do so either if SEV is
> +     * enabled.
> +     */
> +    if (protocol >= 0x210 && !sev_enabled()) {
> +        /* Offset 0x250 is a pointer to the first setup_data link. */
> +        stq_p(header + 0x250, first_setup_data);
> +    }
>  
>      /*
>       * If we're starting an encrypted VM, it will be OVMF based, which uses the
> -- 
> 2.37.3

next      parent reply	other threads:[~2022-09-06 12:43 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20220906103657.282785-1-Jason@zx2c4.com>
2022-09-06 10:40 ` Michael S. Tsirkin via [this message]
2022-09-06 10:43   ` [PATCH v2 1/2] x86: only modify setup_data if the boot protocol indicates safety Jason A. Donenfeld
2022-09-06 10:45     ` Michael S. Tsirkin
2022-09-06 10:46       ` Jason A. Donenfeld
2022-09-06 10:51         ` Jason A. Donenfeld
2022-09-06 11:27           ` [PATCH v3 " Jason A. Donenfeld
2022-09-06 11:27             ` [PATCH v3 2/2] x86: re-enable rng seeding via setup_data Jason A. Donenfeld
2022-09-07  7:59               ` Gerd Hoffmann
2022-09-06 11:14       ` [PATCH v2 1/2] x86: only modify setup_data if the boot protocol indicates safety Ard Biesheuvel
2022-09-06 11:33         ` Daniel P. Berrangé
2022-09-08 11:30           ` Laszlo Ersek
2022-09-08 12:28             ` Ard Biesheuvel
2022-09-08 12:42               ` Daniel P. Berrangé
2022-09-06 10:46 ` Gerd Hoffmann via
2022-09-06 10:48   ` Jason A. Donenfeld
2022-09-06 10:27 [PATCH] " Jason A. Donenfeld
2022-09-06 10:37 ` [PATCH v2 1/2] " Jason A. Donenfeld

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220906063954-mutt-send-email-mst@kernel.org \
    --to=qemu-devel@nongnu.org \
    --cc=CAHmME9prkBV6WkbXrKWTFzZbeAsGHLZqqps3ieChj6ZF9S_v7A@mail.gmail.com \
    --cc=Jason@zx2c4.com \
    --cc=ardb@kernel.org \
    --cc=f4bug@amsat.org \
    --cc=kraxel@redhat.com \
    --cc=laurent@vivier.eu \
    --cc=mst@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=peter.maydell@linaro.org \
    --cc=richard.henderson@linaro.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.