Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp7480793rwb; Wed, 23 Nov 2022 07:05:37 -0800 (PST) X-Google-Smtp-Source: AA0mqf7S6/UAuoeYHspUEgVpBZDIW9qjZsy7y4zPR/ATLGh9YhOFQxTlYzA1S8V+T3cvvY1uPr6H X-Received: by 2002:a50:ee87:0:b0:469:a893:534d with SMTP id f7-20020a50ee87000000b00469a893534dmr12975796edr.213.1669215937432; Wed, 23 Nov 2022 07:05:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669215937; cv=none; d=google.com; s=arc-20160816; b=DwYVsdp3jFUy0hP0AEgRzfP09RvQj2RwVKgGgHYAAScQsO/JLSBKAC3hSxrkqMiTgE 3vx7CDhN1XYRxmAwJOm+MHY3zp6F4zKT9x2+qClLkhTdXw/lMkR7UoUPLo0y0IX3cVLl +G/gr5hHkCkNNp2ennaGLzwjOBZsiIQXtMoWkwEkoyGHvVM5+/6Lorb126cUpsZp6Tea bBuPRrpdEhH4i7SmlogoloNWoDtXEwUuoVNw0SjdJoO87mbU5Gtv09KgIlMdCiHsYThz VkDfT3ADOLfHnM4JQLLFfsPLvMCpxeJGtj0h0bo0Al2KEuFh3ziNmL5o9lVOGdZKSUK2 bPKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=xP/Oi35L/ugSl4yP3DYdEeYz5fS3KM0ZOpGbvb63heY=; b=QLW1nxSauJDd0E6+2ct7j/sw2YjL4BtGHeqGtT66Ot+eMAdAFBdi01ukq4nOdQ/9eM Efr6DAVadziPOfjG+9/BHuTctG8JZzR/n9U0DXfPkxx8Ti4JXCE2QzcM6ZicdCKjPlbF sxXXKSpIvqivytA5CRUctYJyzWpA4mOlsCxJmoec0iF8kq6Oaz9GNIsimHxima+LGe3y ELT3osEacfJoMg6aJogZRLP5LS/B5zgMcetRq+2uj58tSj8ViWRNlqYUfdTvhoOV1t5l uLXffeaMIgmtumk7uZv4j62LP4FUiLRJXUpvBkGjb2G5iUatzzl01msDzRyIcu29HWjV /Z+g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=arsDZavR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id qf16-20020a1709077f1000b007b790c183cdsi6149174ejc.266.2022.11.23.07.05.15; Wed, 23 Nov 2022 07:05:37 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=arsDZavR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237108AbiKWOeI (ORCPT + 89 others); Wed, 23 Nov 2022 09:34:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34822 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238275AbiKWOeH (ORCPT ); Wed, 23 Nov 2022 09:34:07 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3AE7A12753; Wed, 23 Nov 2022 06:34:06 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id D7D23B8201D; Wed, 23 Nov 2022 14:34:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 89E67C433D7; Wed, 23 Nov 2022 14:34:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1669214043; bh=CL6uXIKxo5TjSgBVdPejsMhade/mRjxvbEKqv49l560=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=arsDZavRT9hnzeYLFHylffVKtGAumwnEWQFaXwxNbIAohlJzPm6i7uIZzY3RmgkX0 GoNx472dnZmIcDm3jKRXKGgsmyOv0chslLRYWnjaAa/ufpWUItMLj6Uwji6qFHZk9O xVpO+Fr4Ayrf6avo901T0ejTbsr9sDJvxa9ZZ3pCTqpQPo+J1/IkKXC9bJxTva61Ur H89GrDm6TyCh+JiP6/eTP5ZC2AWzppxCXfSufPRRCRcBUDy9k5CQXo7Q/akQXHXCch aOZHtyJoKW3wP7mBFcnI5MDsftrxH5HaqlXse6QkFpzM/oCZ3IxNA5H/maIeIsYe0t nszXYeBNbQ6Yw== Received: by mail-lj1-f178.google.com with SMTP id d3so21634889ljl.1; Wed, 23 Nov 2022 06:34:03 -0800 (PST) X-Gm-Message-State: ANoB5pkYhbEMnpNoJg+Vwp65pFIprYO+HQVDcwLCxrVlI6/ile+U1J6l XnCfi8UxGkI+c6wUqr8W40G/y2mNYRHjqmiXe60= X-Received: by 2002:a2e:88d3:0:b0:277:72a:41a5 with SMTP id a19-20020a2e88d3000000b00277072a41a5mr10030835ljk.352.1669214041602; Wed, 23 Nov 2022 06:34:01 -0800 (PST) MIME-Version: 1.0 References: <20221122161017.2426828-1-ardb@kernel.org> <5750d157-43dd-6f3d-1407-f41af3cff207@amd.com> <26c34f9e-3b09-7b10-09a2-993a50790447@amd.com> <66416f08-1daf-63c9-8ecc-47f4e2e09ba7@amd.com> In-Reply-To: <66416f08-1daf-63c9-8ecc-47f4e2e09ba7@amd.com> From: Ard Biesheuvel Date: Wed, 23 Nov 2022 15:33:50 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v3 00/17] x86: head_64.S spring cleaning To: Tom Lendacky Cc: Borislav Petkov , linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, Thomas Gleixner , Ingo Molnar , Dave Hansen , Michael Roth Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 23 Nov 2022 at 15:16, Tom Lendacky wrote: > > On 11/23/22 04:52, Ard Biesheuvel wrote: > > On Wed, 23 Nov 2022 at 11:49, Borislav Petkov wrote: > >> > >> On Tue, Nov 22, 2022 at 03:49:29PM -0600, Tom Lendacky wrote: > >>> diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c > >>> index cb5f0befee57..a0bfd31358ba 100644 > >>> --- a/drivers/firmware/efi/libstub/x86-stub.c > >>> +++ b/drivers/firmware/efi/libstub/x86-stub.c > >>> @@ -23,7 +23,7 @@ > >>> const efi_system_table_t *efi_system_table; > >>> const efi_dxe_services_table_t *efi_dxe_table; > >>> -u32 image_offset; > >>> +u32 image_offset __section(".data"); > >>> static efi_loaded_image_t *image = NULL; > >>> static efi_status_t > >>> > >>> I assume it has to do with being in .data vs .bss and not being explicitly > >>> cleared with the encryption bit set. With the change to put image_offset in > >>> the .data section, it is read as zero, where as when it was in the .bss > >>> section it was reading "ciphertext". > >> > >> Hmm, two points about this: > >> > >> 1. Can we do > >> > >> u32 image_offset __bss_decrypted; > >> > >> here instead? We have this special section just for that fun and it > >> self-documents this way. > >> > > > > The patch moves it from .data to .bss inadvertently, and I am not > > convinced Tom's analysis is entirely accurate: we may simply have > > garbage in image_offset if we access it before .bss gets cleared. > > When running non-encrypted, I imagine all the memory is cleared to zero as > part of Qemu allocating it. As soon as you put an SEV guest on top of > that, host made zeroes will not appear as zeroes to the SEV guest, rather > they will be decrypted and end up looking like ciphertext (hence the > random values I kept seeing in image_offset). The SEV guest must > explicitly clear it, which is why having it in .bss doesn't work for SEV. > Yes, QEMU will probably clear it, but GRUB, shim, etc do a terrible job at implementing image loading correctly, i.e., not bothering to parse the PE/COFF header at all, but just copying the image into memory and invoke it at a fixed offset of 0x290 bytes into the image (the famous EFI handover protocol, see the last patch in this series if you want to know more :-)) This also means that the balance of the file size vs the image size (where BSS lives) is completely ignored, and we actually have to relocate the image from the EFI stub in such cases, because we cannot be sure that the BSS does not overlap with memory that is already in use, given the top down allocation strategy the EFI usually employs. In summary, I guess there are multiple way how we might end up in this situation, and simply putting the variable back into .data where it came from is probably the best approach here.