From patchwork Thu Nov 18 13:35:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 12627019 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7EFCBC433EF for ; Thu, 18 Nov 2021 13:36:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 63F92619E1 for ; Thu, 18 Nov 2021 13:36:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231240AbhKRNjC (ORCPT ); Thu, 18 Nov 2021 08:39:02 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:34996 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231127AbhKRNjC (ORCPT ); Thu, 18 Nov 2021 08:39:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1637242562; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sC2/GhPsa55zwleyfZCLuH4QLV2IrFnSorCZ7OtK/E8=; b=BlraxYAUlAZQuX98Yy5WKWpLQbuAeTK5Bq9l+MxmI0qU07wKPSYSARQIGWNaBoU8NfXVVy /29xbqLwSg/BIUwefnyoN7tMItmckLga/WtsNlUsKiTdk4oQttSg2hQ5cL4njdLrJs4tQP XJ3Qddw11ROvuV+M+iAc1JWiTVuza8I= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-474-FbknGE8nP2Wazk_YUFwJSw-1; Thu, 18 Nov 2021 08:35:58 -0500 X-MC-Unique: FbknGE8nP2Wazk_YUFwJSw-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 93808E76A; Thu, 18 Nov 2021 13:35:57 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.247]) by smtp.corp.redhat.com (Postfix) with ESMTP id CA59F62A41; Thu, 18 Nov 2021 13:35:55 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Paolo Bonzini , Eduardo Habkost , Eric Blake , Markus Armbruster , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Marcelo Tosatti , kvm@vger.kernel.org, Dov Murik , Brijesh Singh Subject: [PULL 1/6] qapi/qom,target/i386: sev-guest: Introduce kernel-hashes=on|off option Date: Thu, 18 Nov 2021 13:35:27 +0000 Message-Id: <20211118133532.2029166-2-berrange@redhat.com> In-Reply-To: <20211118133532.2029166-1-berrange@redhat.com> References: <20211118133532.2029166-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Dov Murik Introduce new boolean 'kernel-hashes' option on the sev-guest object. It will be used to to decide whether to add the hashes of kernel/initrd/cmdline to SEV guest memory when booting with -kernel. The default value is 'off'. Signed-off-by: Dov Murik Acked-by: Brijesh Singh Signed-off-by: Daniel P. Berrangé --- qapi/qom.json | 7 ++++++- qemu-options.hx | 6 +++++- target/i386/sev.c | 20 ++++++++++++++++++++ 3 files changed, 31 insertions(+), 2 deletions(-) diff --git a/qapi/qom.json b/qapi/qom.json index ccd1167808..eeb5395ff3 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -769,6 +769,10 @@ # @reduced-phys-bits: number of bits in physical addresses that become # unavailable when SEV is enabled # +# @kernel-hashes: if true, add hashes of kernel/initrd/cmdline to a +# designated guest firmware page for measured boot +# with -kernel (default: false) (since 6.2) +# # Since: 2.12 ## { 'struct': 'SevGuestProperties', @@ -778,7 +782,8 @@ '*policy': 'uint32', '*handle': 'uint32', '*cbitpos': 'uint32', - 'reduced-phys-bits': 'uint32' } } + 'reduced-phys-bits': 'uint32', + '*kernel-hashes': 'bool' } } ## # @ObjectType: diff --git a/qemu-options.hx b/qemu-options.hx index 7749f59300..ae2c6dbbfc 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -5189,7 +5189,7 @@ SRST -object secret,id=sec0,keyid=secmaster0,format=base64,\\ data=$SECRET,iv=$(sev_device = g_strdup(value); } +static bool sev_guest_get_kernel_hashes(Object *obj, Error **errp) +{ + SevGuestState *sev = SEV_GUEST(obj); + + return sev->kernel_hashes; +} + +static void sev_guest_set_kernel_hashes(Object *obj, bool value, Error **errp) +{ + SevGuestState *sev = SEV_GUEST(obj); + + sev->kernel_hashes = value; +} + static void sev_guest_class_init(ObjectClass *oc, void *data) { @@ -345,6 +360,11 @@ sev_guest_class_init(ObjectClass *oc, void *data) sev_guest_set_session_file); object_class_property_set_description(oc, "session-file", "guest owners session parameters (encoded with base64)"); + object_class_property_add_bool(oc, "kernel-hashes", + sev_guest_get_kernel_hashes, + sev_guest_set_kernel_hashes); + object_class_property_set_description(oc, "kernel-hashes", + "add kernel hashes to guest firmware for measured Linux boot"); } static void From patchwork Thu Nov 18 13:35:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 12627021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 78096C433FE for ; Thu, 18 Nov 2021 13:36:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 60C7461548 for ; Thu, 18 Nov 2021 13:36:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231372AbhKRNjD (ORCPT ); Thu, 18 Nov 2021 08:39:03 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:23607 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231260AbhKRNjD (ORCPT ); Thu, 18 Nov 2021 08:39:03 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1637242562; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uIRPYc+XbbN/gDdZNFNpMojMoOex7CBq55PiFFzw3r8=; b=h2EP7Z7agh9+Bki1CgVVrEaJgGAlmy0y1pzZUAeQyaVu8JfsdI520vT+PkGn78e60wyKd0 +OGtucTUzOeRXx5ahGZknB/tB8e9fC7DCvH/WLob46ASYtCWQ3EF8AiuYIaQ/NLbMnwEkb Bdazpj+MkJQylSSHeXVfaW/Ds8vYpRQ= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-580-3KTXJAtrMM6N6AzudDP1nQ-1; Thu, 18 Nov 2021 08:36:01 -0500 X-MC-Unique: 3KTXJAtrMM6N6AzudDP1nQ-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E21E487D545; Thu, 18 Nov 2021 13:35:59 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.247]) by smtp.corp.redhat.com (Postfix) with ESMTP id D5FE162A41; Thu, 18 Nov 2021 13:35:57 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Paolo Bonzini , Eduardo Habkost , Eric Blake , Markus Armbruster , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Marcelo Tosatti , kvm@vger.kernel.org, Dov Murik , Tom Lendacky , Brijesh Singh Subject: [PULL 2/6] target/i386/sev: Add kernel hashes only if sev-guest.kernel-hashes=on Date: Thu, 18 Nov 2021 13:35:28 +0000 Message-Id: <20211118133532.2029166-3-berrange@redhat.com> In-Reply-To: <20211118133532.2029166-1-berrange@redhat.com> References: <20211118133532.2029166-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Dov Murik Commit cff03145ed3c ("sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux boot", 2021-09-30) introduced measured direct boot with -kernel, using an OVMF-designated hashes table which QEMU fills. However, if OVMF doesn't designate such an area, QEMU would completely abort the VM launch. This breaks launching with -kernel using older OVMF images which don't publish the SEV_HASH_TABLE_RV_GUID. Fix that so QEMU will only look for the hashes table if the sev-guest kernel-hashes option is set to on. Otherwise, QEMU won't look for the designated area in OVMF and won't fill that area. To enable addition of kernel hashes, launch the guest with: -object sev-guest,...,kernel-hashes=on Signed-off-by: Dov Murik Reported-by: Tom Lendacky Acked-by: Brijesh Singh Signed-off-by: Daniel P. Berrangé --- target/i386/sev.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index cad32812f5..e3abbeef68 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -1223,6 +1223,14 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) size_t hash_len = HASH_SIZE; int aligned_len; + /* + * Only add the kernel hashes if the sev-guest configuration explicitly + * stated kernel-hashes=on. + */ + if (!sev_guest->kernel_hashes) { + return false; + } + if (!pc_system_ovmf_table_find(SEV_HASH_TABLE_RV_GUID, &data, NULL)) { error_setg(errp, "SEV: kernel specified but OVMF has no hash table guid"); return false; From patchwork Thu Nov 18 13:35:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 12627023 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3ADB6C433F5 for ; Thu, 18 Nov 2021 13:36:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1B27E619E1 for ; Thu, 18 Nov 2021 13:36:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231360AbhKRNjH (ORCPT ); Thu, 18 Nov 2021 08:39:07 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:35769 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231387AbhKRNjH (ORCPT ); Thu, 18 Nov 2021 08:39:07 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1637242566; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lQ5oXvhqw9hdRHdCcKmp06nROVN+IC9bdmFBmULq+6M=; b=i9toZx6a4vWdVIoveLp1GJ+JRe41+g0sh9NyRhpb3WgwT20w2QRVPUxbU2LHsEkSsPtUj8 CBGXvuTlQkg0SL0CNpWGD1ElhRMJuix5s41J2bFiTMc9xdMxJ3xh0lkhl5FXR9dunFbc4L U4vIJP9Licjs7xNjhKE3ZJPSF6zkDtA= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-324-Ce2K8_grNnSEbbpNPmktPA-1; Thu, 18 Nov 2021 08:36:03 -0500 X-MC-Unique: Ce2K8_grNnSEbbpNPmktPA-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 11834100E32B; Thu, 18 Nov 2021 13:36:02 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.247]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3042462A44; Thu, 18 Nov 2021 13:36:00 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Paolo Bonzini , Eduardo Habkost , Eric Blake , Markus Armbruster , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Marcelo Tosatti , kvm@vger.kernel.org, Dov Murik , Brijesh Singh Subject: [PULL 3/6] target/i386/sev: Rephrase error message when no hashes table in guest firmware Date: Thu, 18 Nov 2021 13:35:29 +0000 Message-Id: <20211118133532.2029166-4-berrange@redhat.com> In-Reply-To: <20211118133532.2029166-1-berrange@redhat.com> References: <20211118133532.2029166-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Dov Murik Signed-off-by: Dov Murik Acked-by: Brijesh Singh Signed-off-by: Daniel P. Berrangé --- target/i386/sev.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index e3abbeef68..6ff196f7ad 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -1232,7 +1232,8 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) } if (!pc_system_ovmf_table_find(SEV_HASH_TABLE_RV_GUID, &data, NULL)) { - error_setg(errp, "SEV: kernel specified but OVMF has no hash table guid"); + error_setg(errp, "SEV: kernel specified but guest firmware " + "has no hashes table GUID"); return false; } area = (SevHashTableDescriptor *)data; From patchwork Thu Nov 18 13:35:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 12627025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0DA69C433EF for ; Thu, 18 Nov 2021 13:36:11 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E3A8D61548 for ; Thu, 18 Nov 2021 13:36:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231442AbhKRNjJ (ORCPT ); Thu, 18 Nov 2021 08:39:09 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:26574 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231420AbhKRNjJ (ORCPT ); Thu, 18 Nov 2021 08:39:09 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1637242569; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=i0jWfCVy5hsGWWk378HfV5JQITTylC4Ln+G643a7bz0=; b=d7NPpS1y/M7g9qfDXvElc25uxDn8zhKm3cIiwZHPn0PWnEoRwDqmdbUZLXZ2W3jO0+JvPK VBJR/YCkqIq/rcSjtRmAWx/WPeFIQGDRRewUEnEOdRrIEMlG1je49kFjkCg742XsQDhQXW Ga5OUGYooZ9lGpazJFyjBJtYLsC3j/g= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-601-hUyKkSDmOT6NqcLCvhAdkA-1; Thu, 18 Nov 2021 08:36:05 -0500 X-MC-Unique: hUyKkSDmOT6NqcLCvhAdkA-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 03DBE100E320; Thu, 18 Nov 2021 13:36:04 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.247]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3ECC756A90; Thu, 18 Nov 2021 13:36:02 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Paolo Bonzini , Eduardo Habkost , Eric Blake , Markus Armbruster , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Marcelo Tosatti , kvm@vger.kernel.org, Dov Murik , Brijesh Singh Subject: [PULL 4/6] target/i386/sev: Fail when invalid hashes table area detected Date: Thu, 18 Nov 2021 13:35:30 +0000 Message-Id: <20211118133532.2029166-5-berrange@redhat.com> In-Reply-To: <20211118133532.2029166-1-berrange@redhat.com> References: <20211118133532.2029166-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Dov Murik Commit cff03145ed3c ("sev/i386: Introduce sev_add_kernel_loader_hashes for measured linux boot", 2021-09-30) introduced measured direct boot with -kernel, using an OVMF-designated hashes table which QEMU fills. However, no checks are performed on the validity of the hashes area designated by OVMF. Specifically, if OVMF publishes the SEV_HASH_TABLE_RV_GUID entry but it is filled with zeroes, this will cause QEMU to write the hashes entries over the first page of the guest's memory (GPA 0). Add validity checks to the published area. If the hashes table area's base address is zero, or its size is too small to fit the aligned hashes table, display an error and stop the guest launch. In such case, the following error will be displayed: qemu-system-x86_64: SEV: guest firmware hashes table area is invalid (base=0x0 size=0x0) Signed-off-by: Dov Murik Reported-by: Brijesh Singh Acked-by: Brijesh Singh Signed-off-by: Daniel P. Berrangé --- target/i386/sev.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 6ff196f7ad..d11b512361 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -1221,7 +1221,7 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) uint8_t kernel_hash[HASH_SIZE]; uint8_t *hashp; size_t hash_len = HASH_SIZE; - int aligned_len; + int aligned_len = ROUND_UP(sizeof(SevHashTable), 16); /* * Only add the kernel hashes if the sev-guest configuration explicitly @@ -1237,6 +1237,11 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) return false; } area = (SevHashTableDescriptor *)data; + if (!area->base || area->size < aligned_len) { + error_setg(errp, "SEV: guest firmware hashes table area is invalid " + "(base=0x%x size=0x%x)", area->base, area->size); + return false; + } /* * Calculate hash of kernel command-line with the terminating null byte. If @@ -1295,7 +1300,6 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) memcpy(ht->kernel.hash, kernel_hash, sizeof(ht->kernel.hash)); /* When calling sev_encrypt_flash, the length has to be 16 byte aligned */ - aligned_len = ROUND_UP(ht->len, 16); if (aligned_len != ht->len) { /* zero the excess data so the measurement can be reliably calculated */ memset(ht->padding, 0, aligned_len - ht->len); From patchwork Thu Nov 18 13:35:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 12627027 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C2092C433EF for ; Thu, 18 Nov 2021 13:36:22 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A63CC61548 for ; Thu, 18 Nov 2021 13:36:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231455AbhKRNjV (ORCPT ); Thu, 18 Nov 2021 08:39:21 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:53443 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231420AbhKRNjV (ORCPT ); Thu, 18 Nov 2021 08:39:21 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1637242580; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Uo8I2c5dBIybD98Va+nuEDj8eGhYueQwVlnbeu2P2bM=; b=K2CcSQ/7gnSBUnvpfXQ/u/YXXNVCVbEh63JOCHdkjcjdm4ZUsoLTlk9pv/A3kphJM8JZit qUU8qZTY8sG4NYK7noJt810TlaYBKlbonwQN8nNxGhJfPyQRp2uOsiEO5dj/yr/Hk3U9p2 Pl/PLEQYy7vW2ry5iyXWsuMrBUR/HyY= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-71-BxsWHeKaMvKwOhrraaIk3Q-1; Thu, 18 Nov 2021 08:36:17 -0500 X-MC-Unique: BxsWHeKaMvKwOhrraaIk3Q-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 0A80D100E325; Thu, 18 Nov 2021 13:36:16 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.247]) by smtp.corp.redhat.com (Postfix) with ESMTP id 476595F4ED; Thu, 18 Nov 2021 13:36:04 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Paolo Bonzini , Eduardo Habkost , Eric Blake , Markus Armbruster , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Marcelo Tosatti , kvm@vger.kernel.org, Dov Murik , "Dr . David Alan Gilbert" , =?utf-8?q?Philippe_Mathieu?= =?utf-8?q?-Daud=C3=A9?= , Brijesh Singh Subject: [PULL 5/6] target/i386/sev: Perform padding calculations at compile-time Date: Thu, 18 Nov 2021 13:35:31 +0000 Message-Id: <20211118133532.2029166-6-berrange@redhat.com> In-Reply-To: <20211118133532.2029166-1-berrange@redhat.com> References: <20211118133532.2029166-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Dov Murik In sev_add_kernel_loader_hashes, the sizes of structs are known at compile-time, so calculate needed padding at compile-time. No functional change intended. Signed-off-by: Dov Murik Reviewed-by: Dr. David Alan Gilbert Reviewed-by: Philippe Mathieu-Daudé Acked-by: Brijesh Singh Signed-off-by: Daniel P. Berrangé --- target/i386/sev.c | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index d11b512361..4fd258a570 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -110,9 +110,19 @@ typedef struct QEMU_PACKED SevHashTable { SevHashTableEntry cmdline; SevHashTableEntry initrd; SevHashTableEntry kernel; - uint8_t padding[]; } SevHashTable; +/* + * Data encrypted by sev_encrypt_flash() must be padded to a multiple of + * 16 bytes. + */ +typedef struct QEMU_PACKED PaddedSevHashTable { + SevHashTable ht; + uint8_t padding[ROUND_UP(sizeof(SevHashTable), 16) - sizeof(SevHashTable)]; +} PaddedSevHashTable; + +QEMU_BUILD_BUG_ON(sizeof(PaddedSevHashTable) % 16 != 0); + static SevGuestState *sev_guest; static Error *sev_mig_blocker; @@ -1216,12 +1226,12 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) uint8_t *data; SevHashTableDescriptor *area; SevHashTable *ht; + PaddedSevHashTable *padded_ht; uint8_t cmdline_hash[HASH_SIZE]; uint8_t initrd_hash[HASH_SIZE]; uint8_t kernel_hash[HASH_SIZE]; uint8_t *hashp; size_t hash_len = HASH_SIZE; - int aligned_len = ROUND_UP(sizeof(SevHashTable), 16); /* * Only add the kernel hashes if the sev-guest configuration explicitly @@ -1237,7 +1247,7 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) return false; } area = (SevHashTableDescriptor *)data; - if (!area->base || area->size < aligned_len) { + if (!area->base || area->size < sizeof(PaddedSevHashTable)) { error_setg(errp, "SEV: guest firmware hashes table area is invalid " "(base=0x%x size=0x%x)", area->base, area->size); return false; @@ -1282,7 +1292,8 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) * Populate the hashes table in the guest's memory at the OVMF-designated * area for the SEV hashes table */ - ht = qemu_map_ram_ptr(NULL, area->base); + padded_ht = qemu_map_ram_ptr(NULL, area->base); + ht = &padded_ht->ht; ht->guid = sev_hash_table_header_guid; ht->len = sizeof(*ht); @@ -1299,13 +1310,10 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) ht->kernel.len = sizeof(ht->kernel); memcpy(ht->kernel.hash, kernel_hash, sizeof(ht->kernel.hash)); - /* When calling sev_encrypt_flash, the length has to be 16 byte aligned */ - if (aligned_len != ht->len) { - /* zero the excess data so the measurement can be reliably calculated */ - memset(ht->padding, 0, aligned_len - ht->len); - } + /* zero the excess data so the measurement can be reliably calculated */ + memset(padded_ht->padding, 0, sizeof(padded_ht->padding)); - if (sev_encrypt_flash((uint8_t *)ht, aligned_len, errp) < 0) { + if (sev_encrypt_flash((uint8_t *)padded_ht, sizeof(*padded_ht), errp) < 0) { return false; } From patchwork Thu Nov 18 13:35:32 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 12627029 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 33084C433F5 for ; Thu, 18 Nov 2021 13:36:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1A950617E5 for ; Thu, 18 Nov 2021 13:36:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231404AbhKRNjW (ORCPT ); Thu, 18 Nov 2021 08:39:22 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:41071 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231260AbhKRNjV (ORCPT ); Thu, 18 Nov 2021 08:39:21 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1637242581; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ytnUUif25oYMkqa8jMsmzRzFU3UWIYFhkH5hBybYE+I=; b=R30S1IRBDgwSpPYLVIYwTo2lq/D4XVre7ZMxRYZ1d7qM4zv70RvSTgKReBPc3Uwai83jgj GUM7G0OzoWU77V+76xa/CAOcxylQpEjA9QwFowz6POvSYu9Aj1pw//IC/ETX44iwlfFHJv KdVE29hpHqUn7tQ3IWVYBsQmIq6NdQw= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-413-fe5sf_YwNa6xoEFepYn9eA-1; Thu, 18 Nov 2021 08:36:19 -0500 X-MC-Unique: fe5sf_YwNa6xoEFepYn9eA-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 141CD100E320; Thu, 18 Nov 2021 13:36:18 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.247]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4BB6A62A41; Thu, 18 Nov 2021 13:36:16 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Paolo Bonzini , Eduardo Habkost , Eric Blake , Markus Armbruster , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Marcelo Tosatti , kvm@vger.kernel.org, Dov Murik , Brijesh Singh Subject: [PULL 6/6] target/i386/sev: Replace qemu_map_ram_ptr with address_space_map Date: Thu, 18 Nov 2021 13:35:32 +0000 Message-Id: <20211118133532.2029166-7-berrange@redhat.com> In-Reply-To: <20211118133532.2029166-1-berrange@redhat.com> References: <20211118133532.2029166-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Dov Murik Use address_space_map/unmap and check for errors. Signed-off-by: Dov Murik Acked-by: Brijesh Singh [Two lines wrapped for length - Daniel] Signed-off-by: Daniel P. Berrangé --- target/i386/sev.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 4fd258a570..025ff7a6f8 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -37,6 +37,7 @@ #include "qapi/qmp/qerror.h" #include "exec/confidential-guest-support.h" #include "hw/i386/pc.h" +#include "exec/address-spaces.h" #define TYPE_SEV_GUEST "sev-guest" OBJECT_DECLARE_SIMPLE_TYPE(SevGuestState, SEV_GUEST) @@ -1232,6 +1233,9 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) uint8_t kernel_hash[HASH_SIZE]; uint8_t *hashp; size_t hash_len = HASH_SIZE; + hwaddr mapped_len = sizeof(*padded_ht); + MemTxAttrs attrs = { 0 }; + bool ret = true; /* * Only add the kernel hashes if the sev-guest configuration explicitly @@ -1292,7 +1296,12 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) * Populate the hashes table in the guest's memory at the OVMF-designated * area for the SEV hashes table */ - padded_ht = qemu_map_ram_ptr(NULL, area->base); + padded_ht = address_space_map(&address_space_memory, area->base, + &mapped_len, true, attrs); + if (!padded_ht || mapped_len != sizeof(*padded_ht)) { + error_setg(errp, "SEV: cannot map hashes table guest memory area"); + return false; + } ht = &padded_ht->ht; ht->guid = sev_hash_table_header_guid; @@ -1314,10 +1323,13 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) memset(padded_ht->padding, 0, sizeof(padded_ht->padding)); if (sev_encrypt_flash((uint8_t *)padded_ht, sizeof(*padded_ht), errp) < 0) { - return false; + ret = false; } - return true; + address_space_unmap(&address_space_memory, padded_ht, + mapped_len, true, mapped_len); + + return ret; } static void