From patchwork Wed Sep 21 09:31:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 12983505 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1DB05ECAAD8 for ; Wed, 21 Sep 2022 09:37:59 +0000 (UTC) Received: from localhost ([::1]:57278 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oawB3-0008TZ-Tl for qemu-devel@archiver.kernel.org; Wed, 21 Sep 2022 05:37:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39118) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oaw58-0005fv-SG for qemu-devel@nongnu.org; Wed, 21 Sep 2022 05:31:50 -0400 Received: from dfw.source.kernel.org ([139.178.84.217]:39756) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oaw56-00018S-HM for qemu-devel@nongnu.org; Wed, 21 Sep 2022 05:31:50 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 24A5F62FBC; Wed, 21 Sep 2022 09:31:47 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8782AC433D6; Wed, 21 Sep 2022 09:31:45 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="m0RQuqqF" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1663752703; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=uX0shotiqjytMPNgE2hEorWHBh3w0UTEi07Hek986vs=; b=m0RQuqqFLn5iu+oaRZ8TkSVPrMPbnzu77aX64IvlKVN7WT2Cb0zrYA5BOXUhquzUuqvIjp 11xiqUPu9bopuKokwAM8P5yGfG5Io/7bobhq9NFphk7Gb2S2iJkVLiZ2OSRtcELi7KFBSQ OlP/R2xHIYXPcGb/tEueFwmuLIA8LdQ= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 56715e08 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Wed, 21 Sep 2022 09:31:43 +0000 (UTC) From: "Jason A. Donenfeld" To: pbonzini@redhat.com, qemu-devel@nongnu.org Cc: "Jason A. Donenfeld" , Gerd Hoffmann , Laurent Vivier , "Michael S . Tsirkin" , Peter Maydell , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , Richard Henderson , Ard Biesheuvel Subject: [PATCH v5 1/4] x86: return modified setup_data only if read as memory, not as file Date: Wed, 21 Sep 2022 11:31:31 +0200 Message-Id: <20220921093134.2936487-1-Jason@zx2c4.com> MIME-Version: 1.0 Received-SPF: pass client-ip=139.178.84.217; envelope-from=SRS0=I7lL=ZY=zx2c4.com=Jason@kernel.org; helo=dfw.source.kernel.org X-Spam_score_int: -67 X-Spam_score: -6.8 X-Spam_bar: ------ X-Spam_report: (-6.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" If setup_data is being read into a specific memory location, then generally the setup_data address parameter is read first, so that the caller knows where to read it into. In that case, we should return setup_data containing the absolute addresses that are hard coded and determined a priori. This is the case when kernels are loaded by BIOS, for example. In contrast, when setup_data is read as a file, then we shouldn't modify setup_data, since the absolute address will be wrong by definition. This is the case when OVMF loads the image. This allows setup_data to be used like normal, without crashing when EFI tries to use it. (As a small development note, strangely, fw_cfg_add_file_callback() was exported but fw_cfg_add_bytes_callback() wasn't, so this makes that consistent.) Cc: Gerd Hoffmann Cc: Laurent Vivier Cc: Michael S. Tsirkin Cc: Paolo Bonzini Cc: Peter Maydell Cc: Philippe Mathieu-Daudé Cc: Richard Henderson Suggested-by: Ard Biesheuvel Reviewed-by: Ard Biesheuvel Signed-off-by: Jason A. Donenfeld --- hw/i386/x86.c | 46 ++++++++++++++++++++++++++++++--------- hw/nvram/fw_cfg.c | 12 +++++----- include/hw/nvram/fw_cfg.h | 22 +++++++++++++++++++ 3 files changed, 64 insertions(+), 16 deletions(-) diff --git a/hw/i386/x86.c b/hw/i386/x86.c index 050eedc0c8..96d205927e 100644 --- a/hw/i386/x86.c +++ b/hw/i386/x86.c @@ -37,6 +37,7 @@ #include "sysemu/whpx.h" #include "sysemu/numa.h" #include "sysemu/replay.h" +#include "sysemu/reset.h" #include "sysemu/sysemu.h" #include "sysemu/cpu-timers.h" #include "sysemu/xen.h" @@ -764,6 +765,24 @@ static bool load_elfboot(const char *kernel_filename, return true; } +typedef struct SetupDataFixup { + void *pos; + hwaddr orig_val, new_val; + uint32_t addr; +} SetupDataFixup; + +static void fixup_setup_data(void *opaque) +{ + SetupDataFixup *fixup = opaque; + stq_p(fixup->pos, fixup->new_val); +} + +static void reset_setup_data(void *opaque) +{ + SetupDataFixup *fixup = opaque; + stq_p(fixup->pos, fixup->orig_val); +} + void x86_load_linux(X86MachineState *x86ms, FWCfgState *fw_cfg, int acpi_data_size, @@ -1088,8 +1107,11 @@ void x86_load_linux(X86MachineState *x86ms, qemu_guest_getrandom_nofail(setup_data->data, RNG_SEED_LENGTH); } - /* Offset 0x250 is a pointer to the first setup_data link. */ - stq_p(header + 0x250, first_setup_data); + fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, prot_addr); + fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size); + fw_cfg_add_bytes(fw_cfg, FW_CFG_KERNEL_DATA, kernel, kernel_size); + sev_load_ctx.kernel_data = (char *)kernel; + sev_load_ctx.kernel_size = kernel_size; /* * If we're starting an encrypted VM, it will be OVMF based, which uses the @@ -1099,16 +1121,20 @@ void x86_load_linux(X86MachineState *x86ms, * file the user passed in. */ if (!sev_enabled()) { + SetupDataFixup *fixup = g_malloc(sizeof(*fixup)); + memcpy(setup, header, MIN(sizeof(header), setup_size)); + /* Offset 0x250 is a pointer to the first setup_data link. */ + fixup->pos = setup + 0x250; + fixup->orig_val = ldq_p(fixup->pos); + fixup->new_val = first_setup_data; + fixup->addr = cpu_to_le32(real_addr); + fw_cfg_add_bytes_callback(fw_cfg, FW_CFG_SETUP_ADDR, fixup_setup_data, NULL, + fixup, &fixup->addr, sizeof(fixup->addr), true); + qemu_register_reset(reset_setup_data, fixup); + } else { + fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_ADDR, real_addr); } - - fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, prot_addr); - fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size); - fw_cfg_add_bytes(fw_cfg, FW_CFG_KERNEL_DATA, kernel, kernel_size); - sev_load_ctx.kernel_data = (char *)kernel; - sev_load_ctx.kernel_size = kernel_size; - - fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_ADDR, real_addr); fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_SIZE, setup_size); fw_cfg_add_bytes(fw_cfg, FW_CFG_SETUP_DATA, setup, setup_size); sev_load_ctx.setup_data = (char *)setup; diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c index d605f3f45a..564bda3395 100644 --- a/hw/nvram/fw_cfg.c +++ b/hw/nvram/fw_cfg.c @@ -692,12 +692,12 @@ static const VMStateDescription vmstate_fw_cfg = { } }; -static void fw_cfg_add_bytes_callback(FWCfgState *s, uint16_t key, - FWCfgCallback select_cb, - FWCfgWriteCallback write_cb, - void *callback_opaque, - void *data, size_t len, - bool read_only) +void fw_cfg_add_bytes_callback(FWCfgState *s, uint16_t key, + FWCfgCallback select_cb, + FWCfgWriteCallback write_cb, + void *callback_opaque, + void *data, size_t len, + bool read_only) { int arch = !!(key & FW_CFG_ARCH_LOCAL); diff --git a/include/hw/nvram/fw_cfg.h b/include/hw/nvram/fw_cfg.h index 0e7a8bc7af..e4fef393be 100644 --- a/include/hw/nvram/fw_cfg.h +++ b/include/hw/nvram/fw_cfg.h @@ -117,6 +117,28 @@ struct FWCfgMemState { */ void fw_cfg_add_bytes(FWCfgState *s, uint16_t key, void *data, size_t len); +/** + * fw_cfg_add_bytes_callback: + * @s: fw_cfg device being modified + * @key: selector key value for new fw_cfg item + * @select_cb: callback function when selecting + * @write_cb: callback function after a write + * @callback_opaque: argument to be passed into callback function + * @data: pointer to start of item data + * @len: size of item data + * @read_only: is file read only + * + * Add a new fw_cfg item, available by selecting the given key, as a raw + * "blob" of the given size. The data referenced by the starting pointer + * is only linked, NOT copied, into the data structure of the fw_cfg device. + */ +void fw_cfg_add_bytes_callback(FWCfgState *s, uint16_t key, + FWCfgCallback select_cb, + FWCfgWriteCallback write_cb, + void *callback_opaque, + void *data, size_t len, + bool read_only); + /** * fw_cfg_add_string: * @s: fw_cfg device being modified From patchwork Wed Sep 21 09:31:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 12983506 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 864F4C32771 for ; Wed, 21 Sep 2022 09:38:01 +0000 (UTC) Received: from localhost ([::1]:57280 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oawB5-00006a-T4 for qemu-devel@archiver.kernel.org; Wed, 21 Sep 2022 05:37:59 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39116) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oaw58-0005fp-SN for qemu-devel@nongnu.org; Wed, 21 Sep 2022 05:31:50 -0400 Received: from dfw.source.kernel.org ([139.178.84.217]:39764) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oaw57-00018W-62 for qemu-devel@nongnu.org; Wed, 21 Sep 2022 05:31:50 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id ED30663052; Wed, 21 Sep 2022 09:31:47 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C6B32C433C1; Wed, 21 Sep 2022 09:31:46 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="NHv7rwQ4" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1663752706; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WL6TCD+Z2AXHZG7hutHMl0bxbs3fuwXVzrM5TbfCh1Y=; b=NHv7rwQ4zV3d8+LuwAd+k8hz6BlG4jUKih0kQI1vRztKrLqoc3+w69TOPmtSDsTBunGlJa lqvO5yiPBErvPADYfYOv3NBfTlTUh9uEkR8toAefV4q2QnamnT+xlZVPlmBr017M1VsgSc +l1/egQvXHuC+oU5pXkKQlhlkT9LTsY= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id a73d1816 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Wed, 21 Sep 2022 09:31:46 +0000 (UTC) From: "Jason A. Donenfeld" To: pbonzini@redhat.com, qemu-devel@nongnu.org Cc: "Jason A. Donenfeld" , Ard Biesheuvel , "Michael S . Tsirkin" Subject: [PATCH v5 2/4] x86: use typedef for SetupData struct Date: Wed, 21 Sep 2022 11:31:32 +0200 Message-Id: <20220921093134.2936487-2-Jason@zx2c4.com> In-Reply-To: <20220921093134.2936487-1-Jason@zx2c4.com> References: <20220921093134.2936487-1-Jason@zx2c4.com> MIME-Version: 1.0 Received-SPF: pass client-ip=139.178.84.217; envelope-from=SRS0=I7lL=ZY=zx2c4.com=Jason@kernel.org; helo=dfw.source.kernel.org X-Spam_score_int: -67 X-Spam_score: -6.8 X-Spam_bar: ------ X-Spam_report: (-6.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" The preferred style is SetupData as a typedef, not setup_data as a plain struct. Cc: Paolo Bonzini Cc: Ard Biesheuvel Suggested-by: Michael S. Tsirkin Signed-off-by: Jason A. Donenfeld --- hw/i386/x86.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/hw/i386/x86.c b/hw/i386/x86.c index 96d205927e..1ee0b1b413 100644 --- a/hw/i386/x86.c +++ b/hw/i386/x86.c @@ -653,12 +653,12 @@ DeviceState *ioapic_init_secondary(GSIState *gsi_state) return dev; } -struct setup_data { +typedef struct SetupData { uint64_t next; uint32_t type; uint32_t len; uint8_t data[]; -} __attribute__((packed)); +} __attribute__((packed)) SetupData; /* @@ -799,7 +799,7 @@ void x86_load_linux(X86MachineState *x86ms, FILE *f; char *vmode; MachineState *machine = MACHINE(x86ms); - struct setup_data *setup_data; + SetupData *setup_data; const char *kernel_filename = machine->kernel_filename; const char *initrd_filename = machine->initrd_filename; const char *dtb_filename = machine->dtb; @@ -1082,11 +1082,11 @@ void x86_load_linux(X86MachineState *x86ms, } setup_data_offset = QEMU_ALIGN_UP(kernel_size, 16); - kernel_size = setup_data_offset + sizeof(struct setup_data) + dtb_size; + kernel_size = setup_data_offset + sizeof(SetupData) + dtb_size; kernel = g_realloc(kernel, kernel_size); - setup_data = (struct setup_data *)(kernel + setup_data_offset); + setup_data = (SetupData *)(kernel + setup_data_offset); setup_data->next = cpu_to_le64(first_setup_data); first_setup_data = prot_addr + setup_data_offset; setup_data->type = cpu_to_le32(SETUP_DTB); @@ -1097,9 +1097,9 @@ void x86_load_linux(X86MachineState *x86ms, if (!legacy_no_rng_seed) { setup_data_offset = QEMU_ALIGN_UP(kernel_size, 16); - kernel_size = setup_data_offset + sizeof(struct setup_data) + RNG_SEED_LENGTH; + kernel_size = setup_data_offset + sizeof(SetupData) + RNG_SEED_LENGTH; kernel = g_realloc(kernel, kernel_size); - setup_data = (struct setup_data *)(kernel + setup_data_offset); + setup_data = (SetupData *)(kernel + setup_data_offset); setup_data->next = cpu_to_le64(first_setup_data); first_setup_data = prot_addr + setup_data_offset; setup_data->type = cpu_to_le32(SETUP_RNG_SEED); From patchwork Wed Sep 21 09:31:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 12983507 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 87D34ECAAD8 for ; Wed, 21 Sep 2022 09:38:05 +0000 (UTC) Received: from localhost ([::1]:56716 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oawBA-0000IE-Dz for qemu-devel@archiver.kernel.org; Wed, 21 Sep 2022 05:38:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39120) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oaw5B-0005jY-Mc for qemu-devel@nongnu.org; Wed, 21 Sep 2022 05:31:53 -0400 Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]:56590) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oaw5A-00018l-5c for qemu-devel@nongnu.org; Wed, 21 Sep 2022 05:31:53 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 8A2526303D; Wed, 21 Sep 2022 09:31:50 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9DA97C433C1; Wed, 21 Sep 2022 09:31:49 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="JJt/0WYi" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1663752708; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mVCAkXlRlp3gruLyM+FFF5K4RDo3j6oaXFh9SSxTcSY=; b=JJt/0WYiYs3oqu1R/P+VoIJwx5DwUKApMMINGrQvqLflwlEbX0afmKAUeVCudjdxa/vV0X juwHgKpSvveIjCA7T4ivSAHP6n9+gCLlX0nBPfTjDbAOxa5InHwKieYl85sFiyzG77PDU+ a4RQXROReWhF7J0Vb/O/wLrlb3xbL4w= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id d16651ef (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Wed, 21 Sep 2022 09:31:48 +0000 (UTC) From: "Jason A. Donenfeld" To: pbonzini@redhat.com, qemu-devel@nongnu.org Cc: "Jason A. Donenfeld" Subject: [PATCH v5 3/4] x86: reinitialize RNG seed on system reboot Date: Wed, 21 Sep 2022 11:31:33 +0200 Message-Id: <20220921093134.2936487-3-Jason@zx2c4.com> In-Reply-To: <20220921093134.2936487-1-Jason@zx2c4.com> References: <20220921093134.2936487-1-Jason@zx2c4.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2604:1380:4641:c500::1; envelope-from=SRS0=I7lL=ZY=zx2c4.com=Jason@kernel.org; helo=dfw.source.kernel.org X-Spam_score_int: -67 X-Spam_score: -6.8 X-Spam_bar: ------ X-Spam_report: (-6.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Since this is read from fw_cfg on each boot, the kernel zeroing it out alone is insufficient to prevent it from being used twice. And indeed on reboot we always want a new seed, not the old one. So re-fill it in this circumstance. Cc: Paolo Bonzini Signed-off-by: Jason A. Donenfeld --- hw/i386/x86.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hw/i386/x86.c b/hw/i386/x86.c index 1ee0b1b413..f9a4ddaa4a 100644 --- a/hw/i386/x86.c +++ b/hw/i386/x86.c @@ -783,6 +783,12 @@ static void reset_setup_data(void *opaque) stq_p(fixup->pos, fixup->orig_val); } +static void reset_rng_seed(void *opaque) +{ + SetupData *setup_data = opaque; + qemu_guest_getrandom_nofail(setup_data->data, le32_to_cpu(setup_data->len)); +} + void x86_load_linux(X86MachineState *x86ms, FWCfgState *fw_cfg, int acpi_data_size, @@ -1105,6 +1111,7 @@ void x86_load_linux(X86MachineState *x86ms, setup_data->type = cpu_to_le32(SETUP_RNG_SEED); setup_data->len = cpu_to_le32(RNG_SEED_LENGTH); qemu_guest_getrandom_nofail(setup_data->data, RNG_SEED_LENGTH); + qemu_register_reset(reset_rng_seed, setup_data); } fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, prot_addr); From patchwork Wed Sep 21 09:31:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 12983508 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 365D4C32771 for ; Wed, 21 Sep 2022 09:41:40 +0000 (UTC) Received: from localhost ([::1]:45312 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oawEd-0004qP-7v for qemu-devel@archiver.kernel.org; Wed, 21 Sep 2022 05:41:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:53822) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oaw5G-0005sI-Lc for qemu-devel@nongnu.org; Wed, 21 Sep 2022 05:31:58 -0400 Received: from ams.source.kernel.org ([145.40.68.75]:43990) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oaw5D-000198-Uc for qemu-devel@nongnu.org; Wed, 21 Sep 2022 05:31:58 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 7A400B82378; Wed, 21 Sep 2022 09:31:54 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3F982C433C1; Wed, 21 Sep 2022 09:31:52 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="VVsfxGv/" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1663752711; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=S0NdGTedj2Uwu3hKr/q8XtZuSVdOKgVx5ePIUIFlf4g=; b=VVsfxGv/B5NMw+XqhWFLyzCXrXk34LhzNsZPBh5CfdPTEPI36FulCgJetVCUObeRgUV513 9K1naFVSZNXqu+XxaJQUHs90g3EgOxMM/AFYlpf0B25YsMg2CUntYP/3wMb0TCluAM1IFf /k1+n1w4z9rR1uLjPLWNj3r/wZXqsOE= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id c2038a06 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Wed, 21 Sep 2022 09:31:50 +0000 (UTC) From: "Jason A. Donenfeld" To: pbonzini@redhat.com, qemu-devel@nongnu.org Cc: "Jason A. Donenfeld" , Laurent Vivier , "Michael S . Tsirkin" , Peter Maydell , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , Richard Henderson , Ard Biesheuvel , Gerd Hoffmann Subject: [PATCH v5 4/4] x86: re-enable rng seeding via SetupData Date: Wed, 21 Sep 2022 11:31:34 +0200 Message-Id: <20220921093134.2936487-4-Jason@zx2c4.com> In-Reply-To: <20220921093134.2936487-1-Jason@zx2c4.com> References: <20220921093134.2936487-1-Jason@zx2c4.com> MIME-Version: 1.0 Received-SPF: pass client-ip=145.40.68.75; envelope-from=SRS0=I7lL=ZY=zx2c4.com=Jason@kernel.org; helo=ams.source.kernel.org X-Spam_score_int: -67 X-Spam_score: -6.8 X-Spam_bar: ------ X-Spam_report: (-6.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" This reverts 3824e25db1 ("x86: disable rng seeding via setup_data"), but for 7.2 rather than 7.1, now that modifying setup_data is safe to do. Cc: Laurent Vivier Cc: Michael S. Tsirkin Cc: Paolo Bonzini Cc: Peter Maydell Cc: Philippe Mathieu-Daudé Cc: Richard Henderson Cc: Ard Biesheuvel Acked-by: Gerd Hoffmann Signed-off-by: Jason A. Donenfeld --- hw/i386/microvm.c | 2 +- hw/i386/pc_piix.c | 3 ++- hw/i386/pc_q35.c | 3 ++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/hw/i386/microvm.c b/hw/i386/microvm.c index 52cafa003d..7fe8cce03e 100644 --- a/hw/i386/microvm.c +++ b/hw/i386/microvm.c @@ -332,7 +332,7 @@ static void microvm_memory_init(MicrovmMachineState *mms) rom_set_fw(fw_cfg); if (machine->kernel_filename != NULL) { - x86_load_linux(x86ms, fw_cfg, 0, true, true); + x86_load_linux(x86ms, fw_cfg, 0, true, false); } if (mms->option_roms) { diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c index 8043a250ad..0b1a79c0fa 100644 --- a/hw/i386/pc_piix.c +++ b/hw/i386/pc_piix.c @@ -439,7 +439,6 @@ static void pc_i440fx_7_2_machine_options(MachineClass *m) m->alias = "pc"; m->is_default = true; pcmc->default_cpu_version = 1; - pcmc->legacy_no_rng_seed = true; } DEFINE_I440FX_MACHINE(v7_2, "pc-i440fx-7.2", NULL, @@ -447,9 +446,11 @@ DEFINE_I440FX_MACHINE(v7_2, "pc-i440fx-7.2", NULL, static void pc_i440fx_7_1_machine_options(MachineClass *m) { + PCMachineClass *pcmc = PC_MACHINE_CLASS(m); pc_i440fx_7_2_machine_options(m); m->alias = NULL; m->is_default = false; + pcmc->legacy_no_rng_seed = true; compat_props_add(m->compat_props, hw_compat_7_1, hw_compat_7_1_len); compat_props_add(m->compat_props, pc_compat_7_1, pc_compat_7_1_len); } diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c index 53eda50e81..a496bd6e74 100644 --- a/hw/i386/pc_q35.c +++ b/hw/i386/pc_q35.c @@ -376,7 +376,6 @@ static void pc_q35_7_2_machine_options(MachineClass *m) pc_q35_machine_options(m); m->alias = "q35"; pcmc->default_cpu_version = 1; - pcmc->legacy_no_rng_seed = true; } DEFINE_Q35_MACHINE(v7_2, "pc-q35-7.2", NULL, @@ -384,8 +383,10 @@ DEFINE_Q35_MACHINE(v7_2, "pc-q35-7.2", NULL, static void pc_q35_7_1_machine_options(MachineClass *m) { + PCMachineClass *pcmc = PC_MACHINE_CLASS(m); pc_q35_7_2_machine_options(m); m->alias = NULL; + pcmc->legacy_no_rng_seed = true; compat_props_add(m->compat_props, hw_compat_7_1, hw_compat_7_1_len); compat_props_add(m->compat_props, pc_compat_7_1, pc_compat_7_1_len); }