From patchwork Tue Sep 13 23:41:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 1677577 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=zx2c4.com header.i=@zx2c4.com header.a=rsa-sha256 header.s=20210105 header.b=jPEwifZK; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MS0Q74nnlz1yp0 for ; Wed, 14 Sep 2022 09:42:54 +1000 (AEST) Received: from localhost ([::1]:51452 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oYFYH-0004cG-VD for incoming@patchwork.ozlabs.org; Tue, 13 Sep 2022 19:42:49 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:55476) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oYFXc-0004bh-FG for qemu-devel@nongnu.org; Tue, 13 Sep 2022 19:42:08 -0400 Received: from ams.source.kernel.org ([145.40.68.75]:55224) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oYFXa-0005ef-3n for qemu-devel@nongnu.org; Tue, 13 Sep 2022 19:42:08 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 8813EB81183; Tue, 13 Sep 2022 23:42:01 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3E410C433D6; Tue, 13 Sep 2022 23:41:59 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="jPEwifZK" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1663112516; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SncbfloIKoicgDu1+JUjqKSLcKrEvv7sBWmCUhdIV4I=; b=jPEwifZKc2rBO9DEi/d1x0GXVY/Jf9manR590lmT8pNhSX0aUzuGZXug9Rk39CFYeD6sxR EGISiS7du1Ev3gBYsIqI3+w1HaBEeStQwNruYlDRv7gI3kSPsGoaHXxBhlQKAqB0iMBmR5 xex0d5smOWMOCdUftIHqUlNjpy+GrKI= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 2f36b101 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Tue, 13 Sep 2022 23:41:56 +0000 (UTC) From: "Jason A. Donenfeld" To: qemu-devel@nongnu.org Cc: "Jason A. Donenfeld" , Gerd Hoffmann , Laurent Vivier , "Michael S . Tsirkin" , Paolo Bonzini , Peter Maydell , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , Richard Henderson , Ard Biesheuvel Subject: [PATCH v4 1/2] x86: return modified setup_data only if read as memory, not as file Date: Wed, 14 Sep 2022 00:41:34 +0100 Message-Id: <20220913234135.255426-1-Jason@zx2c4.com> MIME-Version: 1.0 Received-SPF: pass client-ip=145.40.68.75; envelope-from=SRS0=hIhw=ZQ=zx2c4.com=Jason@kernel.org; helo=ams.source.kernel.org X-Spam_score_int: -67 X-Spam_score: -6.8 X-Spam_bar: ------ X-Spam_report: (-6.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" If setup_data is being read into a specific memory location, then generally the setup_data address parameter is read first, so that the caller knows where to read it into. In that case, we should return setup_data containing the absolute addresses that are hard coded and determined a priori. This is the case when kernels are loaded by BIOS, for example. In contrast, when setup_data is read as a file, then we shouldn't modify setup_data, since the absolute address will be wrong by definition. This is the case when OVMF loads the image. This allows setup_data to be used like normal, without crashing when EFI tries to use it. (As a small development note, strangely, fw_cfg_add_file_callback() was exported but fw_cfg_add_bytes_callback() wasn't, so this makes that consistent.) Cc: Gerd Hoffmann Cc: Laurent Vivier Cc: Michael S. Tsirkin Cc: Paolo Bonzini Cc: Peter Maydell Cc: Philippe Mathieu-Daudé Cc: Richard Henderson Suggested-by: Ard Biesheuvel Signed-off-by: Jason A. Donenfeld Reviewed-by: Ard Biesheuvel --- hw/i386/x86.c | 37 +++++++++++++++++++++++++++---------- hw/nvram/fw_cfg.c | 12 ++++++------ include/hw/nvram/fw_cfg.h | 22 ++++++++++++++++++++++ 3 files changed, 55 insertions(+), 16 deletions(-) diff --git a/hw/i386/x86.c b/hw/i386/x86.c index 050eedc0c8..933bbdd836 100644 --- a/hw/i386/x86.c +++ b/hw/i386/x86.c @@ -764,6 +764,18 @@ static bool load_elfboot(const char *kernel_filename, return true; } +struct setup_data_fixup { + void *pos; + hwaddr val; + uint32_t addr; +}; + +static void fixup_setup_data(void *opaque) +{ + struct setup_data_fixup *fixup = opaque; + stq_p(fixup->pos, fixup->val); +} + void x86_load_linux(X86MachineState *x86ms, FWCfgState *fw_cfg, int acpi_data_size, @@ -1088,8 +1100,11 @@ void x86_load_linux(X86MachineState *x86ms, qemu_guest_getrandom_nofail(setup_data->data, RNG_SEED_LENGTH); } - /* Offset 0x250 is a pointer to the first setup_data link. */ - stq_p(header + 0x250, first_setup_data); + fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, prot_addr); + fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size); + fw_cfg_add_bytes(fw_cfg, FW_CFG_KERNEL_DATA, kernel, kernel_size); + sev_load_ctx.kernel_data = (char *)kernel; + sev_load_ctx.kernel_size = kernel_size; /* * If we're starting an encrypted VM, it will be OVMF based, which uses the @@ -1099,16 +1114,18 @@ void x86_load_linux(X86MachineState *x86ms, * file the user passed in. */ if (!sev_enabled()) { + struct setup_data_fixup *fixup = g_malloc(sizeof(*fixup)); + memcpy(setup, header, MIN(sizeof(header), setup_size)); + /* Offset 0x250 is a pointer to the first setup_data link. */ + fixup->pos = setup + 0x250; + fixup->val = first_setup_data; + fixup->addr = real_addr; + fw_cfg_add_bytes_callback(fw_cfg, FW_CFG_SETUP_ADDR, fixup_setup_data, NULL, + fixup, &fixup->addr, sizeof(fixup->addr), true); + } else { + fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_ADDR, real_addr); } - - fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, prot_addr); - fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size); - fw_cfg_add_bytes(fw_cfg, FW_CFG_KERNEL_DATA, kernel, kernel_size); - sev_load_ctx.kernel_data = (char *)kernel; - sev_load_ctx.kernel_size = kernel_size; - - fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_ADDR, real_addr); fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_SIZE, setup_size); fw_cfg_add_bytes(fw_cfg, FW_CFG_SETUP_DATA, setup, setup_size); sev_load_ctx.setup_data = (char *)setup; diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c index d605f3f45a..564bda3395 100644 --- a/hw/nvram/fw_cfg.c +++ b/hw/nvram/fw_cfg.c @@ -692,12 +692,12 @@ static const VMStateDescription vmstate_fw_cfg = { } }; -static void fw_cfg_add_bytes_callback(FWCfgState *s, uint16_t key, - FWCfgCallback select_cb, - FWCfgWriteCallback write_cb, - void *callback_opaque, - void *data, size_t len, - bool read_only) +void fw_cfg_add_bytes_callback(FWCfgState *s, uint16_t key, + FWCfgCallback select_cb, + FWCfgWriteCallback write_cb, + void *callback_opaque, + void *data, size_t len, + bool read_only) { int arch = !!(key & FW_CFG_ARCH_LOCAL); diff --git a/include/hw/nvram/fw_cfg.h b/include/hw/nvram/fw_cfg.h index 0e7a8bc7af..e4fef393be 100644 --- a/include/hw/nvram/fw_cfg.h +++ b/include/hw/nvram/fw_cfg.h @@ -117,6 +117,28 @@ struct FWCfgMemState { */ void fw_cfg_add_bytes(FWCfgState *s, uint16_t key, void *data, size_t len); +/** + * fw_cfg_add_bytes_callback: + * @s: fw_cfg device being modified + * @key: selector key value for new fw_cfg item + * @select_cb: callback function when selecting + * @write_cb: callback function after a write + * @callback_opaque: argument to be passed into callback function + * @data: pointer to start of item data + * @len: size of item data + * @read_only: is file read only + * + * Add a new fw_cfg item, available by selecting the given key, as a raw + * "blob" of the given size. The data referenced by the starting pointer + * is only linked, NOT copied, into the data structure of the fw_cfg device. + */ +void fw_cfg_add_bytes_callback(FWCfgState *s, uint16_t key, + FWCfgCallback select_cb, + FWCfgWriteCallback write_cb, + void *callback_opaque, + void *data, size_t len, + bool read_only); + /** * fw_cfg_add_string: * @s: fw_cfg device being modified From patchwork Tue Sep 13 23:41:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 1677576 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=zx2c4.com header.i=@zx2c4.com header.a=rsa-sha256 header.s=20210105 header.b=mT71h/we; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MS0Q75KTyz1ypW for ; Wed, 14 Sep 2022 09:42:54 +1000 (AEST) Received: from localhost ([::1]:51454 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oYFYI-0004d2-87 for incoming@patchwork.ozlabs.org; Tue, 13 Sep 2022 19:42:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:55478) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oYFXd-0004c9-2T for qemu-devel@nongnu.org; Tue, 13 Sep 2022 19:42:09 -0400 Received: from ams.source.kernel.org ([2604:1380:4601:e00::1]:48426) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oYFXb-0005et-5M for qemu-devel@nongnu.org; Tue, 13 Sep 2022 19:42:08 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 8BA87B8118A; Tue, 13 Sep 2022 23:42:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8744AC433D6; Tue, 13 Sep 2022 23:42:02 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="mT71h/we" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1663112521; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=S0NdGTedj2Uwu3hKr/q8XtZuSVdOKgVx5ePIUIFlf4g=; b=mT71h/weufPsG9bwCCeM1pugkeAC7y3cLoaHYFXrmD0uIdv5nlz3IyktN3KZpP3dyXNjQa Ouwb005gyNXW5T8q6+RYFdfXdqDh3yJt9EzoiaZSJKrkattxAmUTZ6Whxwjeo/vHo07/qA OFgY5BBo3ph9VbCDOogzTCvCKc3Nv5o= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 529e5e05 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Tue, 13 Sep 2022 23:42:01 +0000 (UTC) From: "Jason A. Donenfeld" To: qemu-devel@nongnu.org Cc: "Jason A. Donenfeld" , Laurent Vivier , "Michael S . Tsirkin" , Paolo Bonzini , Peter Maydell , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , Richard Henderson , Ard Biesheuvel , Gerd Hoffmann Subject: [PATCH v4 2/2] x86: re-enable rng seeding via setup_data Date: Wed, 14 Sep 2022 00:41:35 +0100 Message-Id: <20220913234135.255426-2-Jason@zx2c4.com> In-Reply-To: <20220913234135.255426-1-Jason@zx2c4.com> References: <20220913234135.255426-1-Jason@zx2c4.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2604:1380:4601:e00::1; envelope-from=SRS0=hIhw=ZQ=zx2c4.com=Jason@kernel.org; helo=ams.source.kernel.org X-Spam_score_int: -67 X-Spam_score: -6.8 X-Spam_bar: ------ X-Spam_report: (-6.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" This reverts 3824e25db1 ("x86: disable rng seeding via setup_data"), but for 7.2 rather than 7.1, now that modifying setup_data is safe to do. Cc: Laurent Vivier Cc: Michael S. Tsirkin Cc: Paolo Bonzini Cc: Peter Maydell Cc: Philippe Mathieu-Daudé Cc: Richard Henderson Cc: Ard Biesheuvel Acked-by: Gerd Hoffmann Signed-off-by: Jason A. Donenfeld --- hw/i386/microvm.c | 2 +- hw/i386/pc_piix.c | 3 ++- hw/i386/pc_q35.c | 3 ++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/hw/i386/microvm.c b/hw/i386/microvm.c index 52cafa003d..7fe8cce03e 100644 --- a/hw/i386/microvm.c +++ b/hw/i386/microvm.c @@ -332,7 +332,7 @@ static void microvm_memory_init(MicrovmMachineState *mms) rom_set_fw(fw_cfg); if (machine->kernel_filename != NULL) { - x86_load_linux(x86ms, fw_cfg, 0, true, true); + x86_load_linux(x86ms, fw_cfg, 0, true, false); } if (mms->option_roms) { diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c index 8043a250ad..0b1a79c0fa 100644 --- a/hw/i386/pc_piix.c +++ b/hw/i386/pc_piix.c @@ -439,7 +439,6 @@ static void pc_i440fx_7_2_machine_options(MachineClass *m) m->alias = "pc"; m->is_default = true; pcmc->default_cpu_version = 1; - pcmc->legacy_no_rng_seed = true; } DEFINE_I440FX_MACHINE(v7_2, "pc-i440fx-7.2", NULL, @@ -447,9 +446,11 @@ DEFINE_I440FX_MACHINE(v7_2, "pc-i440fx-7.2", NULL, static void pc_i440fx_7_1_machine_options(MachineClass *m) { + PCMachineClass *pcmc = PC_MACHINE_CLASS(m); pc_i440fx_7_2_machine_options(m); m->alias = NULL; m->is_default = false; + pcmc->legacy_no_rng_seed = true; compat_props_add(m->compat_props, hw_compat_7_1, hw_compat_7_1_len); compat_props_add(m->compat_props, pc_compat_7_1, pc_compat_7_1_len); } diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c index 53eda50e81..a496bd6e74 100644 --- a/hw/i386/pc_q35.c +++ b/hw/i386/pc_q35.c @@ -376,7 +376,6 @@ static void pc_q35_7_2_machine_options(MachineClass *m) pc_q35_machine_options(m); m->alias = "q35"; pcmc->default_cpu_version = 1; - pcmc->legacy_no_rng_seed = true; } DEFINE_Q35_MACHINE(v7_2, "pc-q35-7.2", NULL, @@ -384,8 +383,10 @@ DEFINE_Q35_MACHINE(v7_2, "pc-q35-7.2", NULL, static void pc_q35_7_1_machine_options(MachineClass *m) { + PCMachineClass *pcmc = PC_MACHINE_CLASS(m); pc_q35_7_2_machine_options(m); m->alias = NULL; + pcmc->legacy_no_rng_seed = true; compat_props_add(m->compat_props, hw_compat_7_1, hw_compat_7_1_len); compat_props_add(m->compat_props, pc_compat_7_1, pc_compat_7_1_len); }