Re: Regarding commit a9bcedd (SD card size has to be power of 2)

["Daniel P. Berrangé" <berrange@redhat.com>]

On Wed, Jun 23, 2021 at 12:59:45PM +0200, Philippe Mathieu-Daudé wrote:
> Hi,
> 
> On 6/23/21 11:28 AM, Daniel P. Berrangé wrote:
> > On Mon, Jun 07, 2021 at 04:29:54PM +0800, Tom Yan wrote:
> >> Hi philmd (and others),
> >>
> >> So I just noticed your commit of requiring the size of an emulated SD
> >> card to be a power of 2, when I was trying to emulate one for an
> >> actual one (well, it's a microSD, but still), as it errored out.
> >>
> >> You claim that the kernel will consider it to be a firmware bug and
> >> "correct" the capacity by rounding it up. Could you provide a concrete
> >> reference to the code that does such a thing? I'm not ruling out that
> >> some crazy code could have gone upstream because some reviewers might
> >> not be doing their job right, but if that really happened, it's a
> >> kernel bug/regression and qemu should not do an equally-crazy thing to
> >> "fix" it.
> > 
> > I looked back at the original threads for details, but didn't
> > find any aside from this short message saying it broke Linux:
> > 
> >   https://www.mail-archive.com/qemu-devel@nongnu.org/msg720737.html
> > 
> > Philippe, do you have more details on the problem hit, or pointer
> > to where the power-of-2 restriction is in Linux ?
> 
> Sorry for not responding soon enough, too many things.
> 
> I wrote patches to address Tom's problem, but couldn't fix all
> the cases yet. So far the problem is not Linux but firmwares
> announcing pow2 to Linux without checking card layout.
> 
> It is hard to make everybody happy, security users and odd firmwares.
> 
> I came out with a larger series to be able to classify QEMU API /
> devices code as security sensible or not, and use of some unsafe
> API to taint some security mode (so far only displaying a warning).
> If the security mode is tainted (use of unsafe device, unsafe config,
> unsafe feature), then users shouldn't expect safety in the guest.
> 
> That way I could have classified the SD card model as unsafe and not
> bothered various users by restricting to pow2 card sizes.

Ok, so QEMU has to be robust against guest OS, even if it is the
fault of the firmware for telling guest the wrong size info. I
don't think this means QEMU needs to restrict the sizes though.

If QEMU's CVE fix breaks guest when the firmware is giving wrong
info, then we should just pass that bug report onto the firmware
maintainers.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|