From patchwork Tue Sep 6 10:37:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 1674743 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=zx2c4.com header.i=@zx2c4.com header.a=rsa-sha256 header.s=20210105 header.b=n11uCKDK; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MMNvN5wdyz1yhP for ; Tue, 6 Sep 2022 21:48:48 +1000 (AEST) Received: from localhost ([::1]:35832 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oVX4P-000582-1c for incoming@patchwork.ozlabs.org; Tue, 06 Sep 2022 07:48:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50280) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oVVyY-0007UY-QF for qemu-devel@nongnu.org; Tue, 06 Sep 2022 06:38:38 -0400 Received: from ams.source.kernel.org ([2604:1380:4601:e00::1]:43542) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oVVyW-0000gC-PJ for qemu-devel@nongnu.org; Tue, 06 Sep 2022 06:38:38 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 629EFB815F8; Tue, 6 Sep 2022 10:38:10 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4549DC433C1; Tue, 6 Sep 2022 10:38:08 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="n11uCKDK" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1662460686; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+589JaX73rA3Fr/Ij7ofECbPNDxTX6gvt9o8oskIqXk=; b=n11uCKDKzvxnQLAnPevPF5jd6G7nr/VaDc/4QTMVD9y7GnVun7skmTmnt3oB0D/pNbNRLT kkDhHeJAAgY9a3Vulyvg8eT75uMAzn6IkDgE0HtdmORZS4zpxmAxsTZmkth8hr8V+kGz06 0NMBdiGSTmB1FRMKZtfTdFz2FhIm9m0= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id aab725e6 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Tue, 6 Sep 2022 10:38:06 +0000 (UTC) From: "Jason A. Donenfeld" To: qemu-devel@nongnu.org Cc: "Jason A. Donenfeld" , Gerd Hoffmann , Laurent Vivier , "Michael S . Tsirkin" , Paolo Bonzini , Peter Maydell , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , Richard Henderson , Ard Biesheuvel Subject: [PATCH v2 1/2] x86: only modify setup_data if the boot protocol indicates safety Date: Tue, 6 Sep 2022 12:37:59 +0200 Message-Id: <20220906103800.285176-1-Jason@zx2c4.com> In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=2604:1380:4601:e00::1; envelope-from=SRS0=X/Hh=ZJ=zx2c4.com=Jason@kernel.org; helo=ams.source.kernel.org X-Spam_score_int: -67 X-Spam_score: -6.8 X-Spam_bar: ------ X-Spam_report: (-6.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" It's only safe to modify the setup_data pointer on newer kernels where the EFI stub loader will ignore it. So condition setting that offset on the newer boot protocol version. While we're at it, gate this on SEV too. This depends on the kernel commit linked below going upstream. Cc: Gerd Hoffmann Cc: Laurent Vivier Cc: Michael S. Tsirkin Cc: Paolo Bonzini Cc: Peter Maydell Cc: Philippe Mathieu-Daudé Cc: Richard Henderson Cc: Ard Biesheuvel Link: https://lore.kernel.org/linux-efi/20220904165321.1140894-1-Jason@zx2c4.com/ Signed-off-by: Jason A. Donenfeld --- hw/i386/x86.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/hw/i386/x86.c b/hw/i386/x86.c index 050eedc0c8..fddc20df03 100644 --- a/hw/i386/x86.c +++ b/hw/i386/x86.c @@ -1088,8 +1088,15 @@ void x86_load_linux(X86MachineState *x86ms, qemu_guest_getrandom_nofail(setup_data->data, RNG_SEED_LENGTH); } - /* Offset 0x250 is a pointer to the first setup_data link. */ - stq_p(header + 0x250, first_setup_data); + /* + * Only modify the header if doing so won't crash EFI boot, which is the + * case only for newer boot protocols, and don't do so either if SEV is + * enabled. + */ + if (protocol >= 0x210 && !sev_enabled()) { + /* Offset 0x250 is a pointer to the first setup_data link. */ + stq_p(header + 0x250, first_setup_data); + } /* * If we're starting an encrypted VM, it will be OVMF based, which uses the From patchwork Tue Sep 6 10:38:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 1674773 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=zx2c4.com header.i=@zx2c4.com header.a=rsa-sha256 header.s=20210105 header.b=HqRBglJ2; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MMPTd2lzlz1yh5 for ; Tue, 6 Sep 2022 22:15:01 +1000 (AEST) Received: from localhost ([::1]:55012 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oVXTl-0006Sw-92 for incoming@patchwork.ozlabs.org; Tue, 06 Sep 2022 08:14:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50278) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oVVyY-0007Tz-Le for qemu-devel@nongnu.org; Tue, 06 Sep 2022 06:38:38 -0400 Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]:51202) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oVVyN-0000gB-Ac for qemu-devel@nongnu.org; Tue, 06 Sep 2022 06:38:38 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 03B1161295; Tue, 6 Sep 2022 10:38:12 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6D6E0C433B5; Tue, 6 Sep 2022 10:38:10 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="HqRBglJ2" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1662460690; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xKNRnVi5BdlG96+IIYret9OaQjpcnXURwPugpZDE/YM=; b=HqRBglJ2lGYuylsn9fsuYNxWUAhKJ63ExXfofy54kg7Pl8LXfpWpko+vhIZNYTEFp4nCeZ PslT3lwV7Kyb9lmnYHdGLggZn+DbiZl/EklWDtJKgJdri4DZGCWfIlJemmQWOa38SuzzSU KPknDyXGZy/MxbfLxkarwW4WBaRpsU0= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 6135510c (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Tue, 6 Sep 2022 10:38:09 +0000 (UTC) From: "Jason A. Donenfeld" To: qemu-devel@nongnu.org Cc: "Jason A. Donenfeld" , Gerd Hoffmann , Laurent Vivier , "Michael S . Tsirkin" , Paolo Bonzini , Peter Maydell , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , Richard Henderson , Ard Biesheuvel Subject: [PATCH v2 2/2] x86: re-enable rng seeding via setup_data Date: Tue, 6 Sep 2022 12:38:00 +0200 Message-Id: <20220906103800.285176-2-Jason@zx2c4.com> In-Reply-To: <20220906103800.285176-1-Jason@zx2c4.com> References: <20220906103800.285176-1-Jason@zx2c4.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2604:1380:4641:c500::1; envelope-from=SRS0=X/Hh=ZJ=zx2c4.com=Jason@kernel.org; helo=dfw.source.kernel.org X-Spam_score_int: -67 X-Spam_score: -6.8 X-Spam_bar: ------ X-Spam_report: (-6.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" This reverts 3824e25db1 ("x86: disable rng seeding via setup_data"), but for 7.2 rather than 7.1, now that modifying setup_data is safe to do. Cc: Gerd Hoffmann Cc: Laurent Vivier Cc: Michael S. Tsirkin Cc: Paolo Bonzini Cc: Peter Maydell Cc: Philippe Mathieu-Daudé Cc: Richard Henderson Cc: Ard Biesheuvel Signed-off-by: Jason A. Donenfeld --- hw/i386/microvm.c | 2 +- hw/i386/pc_piix.c | 3 ++- hw/i386/pc_q35.c | 3 ++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/hw/i386/microvm.c b/hw/i386/microvm.c index 52cafa003d..7fe8cce03e 100644 --- a/hw/i386/microvm.c +++ b/hw/i386/microvm.c @@ -332,7 +332,7 @@ static void microvm_memory_init(MicrovmMachineState *mms) rom_set_fw(fw_cfg); if (machine->kernel_filename != NULL) { - x86_load_linux(x86ms, fw_cfg, 0, true, true); + x86_load_linux(x86ms, fw_cfg, 0, true, false); } if (mms->option_roms) { diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c index 8043a250ad..0b1a79c0fa 100644 --- a/hw/i386/pc_piix.c +++ b/hw/i386/pc_piix.c @@ -439,7 +439,6 @@ static void pc_i440fx_7_2_machine_options(MachineClass *m) m->alias = "pc"; m->is_default = true; pcmc->default_cpu_version = 1; - pcmc->legacy_no_rng_seed = true; } DEFINE_I440FX_MACHINE(v7_2, "pc-i440fx-7.2", NULL, @@ -447,9 +446,11 @@ DEFINE_I440FX_MACHINE(v7_2, "pc-i440fx-7.2", NULL, static void pc_i440fx_7_1_machine_options(MachineClass *m) { + PCMachineClass *pcmc = PC_MACHINE_CLASS(m); pc_i440fx_7_2_machine_options(m); m->alias = NULL; m->is_default = false; + pcmc->legacy_no_rng_seed = true; compat_props_add(m->compat_props, hw_compat_7_1, hw_compat_7_1_len); compat_props_add(m->compat_props, pc_compat_7_1, pc_compat_7_1_len); } diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c index 53eda50e81..a496bd6e74 100644 --- a/hw/i386/pc_q35.c +++ b/hw/i386/pc_q35.c @@ -376,7 +376,6 @@ static void pc_q35_7_2_machine_options(MachineClass *m) pc_q35_machine_options(m); m->alias = "q35"; pcmc->default_cpu_version = 1; - pcmc->legacy_no_rng_seed = true; } DEFINE_Q35_MACHINE(v7_2, "pc-q35-7.2", NULL, @@ -384,8 +383,10 @@ DEFINE_Q35_MACHINE(v7_2, "pc-q35-7.2", NULL, static void pc_q35_7_1_machine_options(MachineClass *m) { + PCMachineClass *pcmc = PC_MACHINE_CLASS(m); pc_q35_7_2_machine_options(m); m->alias = NULL; + pcmc->legacy_no_rng_seed = true; compat_props_add(m->compat_props, hw_compat_7_1, hw_compat_7_1_len); compat_props_add(m->compat_props, pc_compat_7_1, pc_compat_7_1_len); }