From patchwork Sun Sep 4 16:50:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 12965213 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3CDDAC6FA82 for ; Sun, 4 Sep 2022 16:53:11 +0000 (UTC) Received: from localhost ([::1]:37220 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oUsru-00066O-7U for qemu-devel@archiver.kernel.org; Sun, 04 Sep 2022 12:53:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37540) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oUsqK-0005Bl-QR for qemu-devel@nongnu.org; Sun, 04 Sep 2022 12:51:32 -0400 Received: from ams.source.kernel.org ([2604:1380:4601:e00::1]:37894) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oUsqI-0007f9-OU for qemu-devel@nongnu.org; Sun, 04 Sep 2022 12:51:32 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 9F880B80C03; Sun, 4 Sep 2022 16:51:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 41CB1C433D6; Sun, 4 Sep 2022 16:51:17 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="m6449jzK" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1662310274; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=90ard9Q75iO70JBGFmxJJQTwtEJYk6j71dIXYDXgkP4=; b=m6449jzKO6H6NG5sbYGmYmFYYncSIUAoLcqvKe7LIBUaYt5J6+HHGhfxN6EsJnLdmH9LAr 9bMGUHmPZTyoRhToT9DH9O8pfkvB9QgNHw/p9sGaGXadBKEQRrbCSUaTyrdwQvRzvYBDH3 KoKIjbVtuPThLEGZaGybTP0VORjLICw= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id c2591b19 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Sun, 4 Sep 2022 16:51:13 +0000 (UTC) From: "Jason A. Donenfeld" To: qemu-devel@nongnu.org Cc: "Jason A. Donenfeld" , Gerd Hoffmann , Laurent Vivier , "Michael S . Tsirkin" , Paolo Bonzini , Peter Maydell , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , Richard Henderson , Ard Biesheuvel Subject: [PATCH] x86: only modify setup_data if the boot protocol indicates safety Date: Sun, 4 Sep 2022 18:50:58 +0200 Message-Id: <20220904165058.1140503-1-Jason@zx2c4.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2604:1380:4601:e00::1; envelope-from=SRS0=xLks=ZH=zx2c4.com=Jason@kernel.org; helo=ams.source.kernel.org X-Spam_score_int: -67 X-Spam_score: -6.8 X-Spam_bar: ------ X-Spam_report: (-6.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" This reverts 3824e25db1 ("x86: disable rng seeding via setup_data"), and then makes the use of setup_data safe. It does so by checking the boot protocol version. If it's sufficient, then it means EFI boots won't crash. While we're at it, gate this on SEV too. Cc: Gerd Hoffmann Cc: Laurent Vivier Cc: Michael S. Tsirkin Cc: Paolo Bonzini Cc: Peter Maydell Cc: Philippe Mathieu-Daudé Cc: Richard Henderson Cc: Ard Biesheuvel Signed-off-by: Jason A. Donenfeld --- hw/i386/microvm.c | 2 +- hw/i386/pc_piix.c | 2 +- hw/i386/pc_q35.c | 2 +- hw/i386/x86.c | 11 +++++++++-- 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/hw/i386/microvm.c b/hw/i386/microvm.c index 52cafa003d..7fe8cce03e 100644 --- a/hw/i386/microvm.c +++ b/hw/i386/microvm.c @@ -332,7 +332,7 @@ static void microvm_memory_init(MicrovmMachineState *mms) rom_set_fw(fw_cfg); if (machine->kernel_filename != NULL) { - x86_load_linux(x86ms, fw_cfg, 0, true, true); + x86_load_linux(x86ms, fw_cfg, 0, true, false); } if (mms->option_roms) { diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c index 8043a250ad..ed7007672b 100644 --- a/hw/i386/pc_piix.c +++ b/hw/i386/pc_piix.c @@ -439,7 +439,6 @@ static void pc_i440fx_7_2_machine_options(MachineClass *m) m->alias = "pc"; m->is_default = true; pcmc->default_cpu_version = 1; - pcmc->legacy_no_rng_seed = true; } DEFINE_I440FX_MACHINE(v7_2, "pc-i440fx-7.2", NULL, @@ -463,6 +462,7 @@ static void pc_i440fx_7_0_machine_options(MachineClass *m) pc_i440fx_7_1_machine_options(m); m->alias = NULL; m->is_default = false; + pcmc->legacy_no_rng_seed = true; pcmc->enforce_amd_1tb_hole = false; compat_props_add(m->compat_props, hw_compat_7_0, hw_compat_7_0_len); compat_props_add(m->compat_props, pc_compat_7_0, pc_compat_7_0_len); diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c index 53eda50e81..3ffb40f8f0 100644 --- a/hw/i386/pc_q35.c +++ b/hw/i386/pc_q35.c @@ -376,7 +376,6 @@ static void pc_q35_7_2_machine_options(MachineClass *m) pc_q35_machine_options(m); m->alias = "q35"; pcmc->default_cpu_version = 1; - pcmc->legacy_no_rng_seed = true; } DEFINE_Q35_MACHINE(v7_2, "pc-q35-7.2", NULL, @@ -398,6 +397,7 @@ static void pc_q35_7_0_machine_options(MachineClass *m) PCMachineClass *pcmc = PC_MACHINE_CLASS(m); pc_q35_7_1_machine_options(m); m->alias = NULL; + pcmc->legacy_no_rng_seed = true; pcmc->enforce_amd_1tb_hole = false; compat_props_add(m->compat_props, hw_compat_7_0, hw_compat_7_0_len); compat_props_add(m->compat_props, pc_compat_7_0, pc_compat_7_0_len); diff --git a/hw/i386/x86.c b/hw/i386/x86.c index 050eedc0c8..fddc20df03 100644 --- a/hw/i386/x86.c +++ b/hw/i386/x86.c @@ -1088,8 +1088,15 @@ void x86_load_linux(X86MachineState *x86ms, qemu_guest_getrandom_nofail(setup_data->data, RNG_SEED_LENGTH); } - /* Offset 0x250 is a pointer to the first setup_data link. */ - stq_p(header + 0x250, first_setup_data); + /* + * Only modify the header if doing so won't crash EFI boot, which is the + * case only for newer boot protocols, and don't do so either if SEV is + * enabled. + */ + if (protocol >= 0x210 && !sev_enabled()) { + /* Offset 0x250 is a pointer to the first setup_data link. */ + stq_p(header + 0x250, first_setup_data); + } /* * If we're starting an encrypted VM, it will be OVMF based, which uses the