Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp8737012rwl; Sat, 31 Dec 2022 10:52:14 -0800 (PST) X-Google-Smtp-Source: AMrXdXt98Xbv8jpZHt2XrlTl8Qp+o8yE4H8Q/wTC6d6ug+p8pTn1LvlWEFTO1T1fVtWeGdnjC6kn X-Received: by 2002:a17:906:99c7:b0:7b5:860d:7039 with SMTP id s7-20020a17090699c700b007b5860d7039mr30531156ejn.10.1672512734698; Sat, 31 Dec 2022 10:52:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672512734; cv=none; d=google.com; s=arc-20160816; b=Q5/Ujkn/MLRnoomBUAyYTXy4y++ggeNAivynkoM50/XtAyPY/2he7CQXVHP+4eQSXl wI933DmiJ2PgC2bwxDFaxSAoM7Pv2NpA7WEmdYuYT9U6dZhufAmMJlZ+IlkGil2qtlOP flXm+fdy87v3CHkys9qPvWVEW8KYf1ykXenCUqYWBh3UWbqhQBunN3ax2z+wpG7SLDP/ wQ91Y/CcrLwjbu1WWwpCrD7NBCR4M10WCe4FYL6Q3W6e4vmRpaZ7xcgSdvGfA7NIe9OP M9tLD8Y97bzlUhCD0ANdln9jgQkTX9ZbJYOcaz+3QZJbY3KiPbXSMsyMi780p01W75Vj tt2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=KstZBdcZcqbHkQ2CxwtPc1Y6fLGICRufWpnz600OBT4=; b=qr2NV8zCGFwN58kfn+DUF7b4uGenR5wWCFV1DK9zPbmeZ0dVFICRYkB+UK70D2/zRK hK/TblOA8sb3Ig3vSa8FVq41RA4AMwxF7yao9Kpc/JFncRYfp8kdXi2qqtiLOCMuTbzl Ve/EmOGxJD3UaNxpMc+TwQY92+ZnNZMbg2nHSK9g42+6+5hfiap6Iz5whU6u2MBOnuJZ webtSovUHUbz2mMk6RyM57CUvWxrJmCWYi/bD3vGyphY01X2Edyx0sbW8RnUUK6LTfyN x9eKc1IXZUqfBN6XMU+oYhJDB4V1eTuDq8Ki6rlT/bfmF6wvOvz+ybUehg9nJMvxgMBA paLA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=Zbi0+zXE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id dm22-20020a170907949600b007c1600359d9si22164381ejc.451.2022.12.31.10.51.56; Sat, 31 Dec 2022 10:52:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=Zbi0+zXE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232169AbiLaSW7 (ORCPT + 62 others); Sat, 31 Dec 2022 13:22:59 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44162 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229628AbiLaSW6 (ORCPT ); Sat, 31 Dec 2022 13:22:58 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 596E4E9E for ; Sat, 31 Dec 2022 10:22:57 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id CD466B808C6 for ; Sat, 31 Dec 2022 18:22:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3627DC433D2; Sat, 31 Dec 2022 18:22:53 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="Zbi0+zXE" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1672510970; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=KstZBdcZcqbHkQ2CxwtPc1Y6fLGICRufWpnz600OBT4=; b=Zbi0+zXEV/ee3LPUBCqdMKlQr8LNUJlwOflP3uriV2i5PKPGOGXCFqDh1mr+tcJcUpSYBA 9SChpE00VU5jNJokTJrAOAgb4B9McJdrzcmggb6HFsqcDcxSx6ZN96cvVeyMdFEIlPycHJ BR2AIN6LhrSrmZMcTtXDixHLBfLZ1dc= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 3f12f758 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Sat, 31 Dec 2022 18:22:49 +0000 (UTC) Date: Sat, 31 Dec 2022 19:22:47 +0100 From: "Jason A. Donenfeld" To: Borislav Petkov Cc: "H. Peter Anvin" , pbonzini@redhat.com, ebiggers@kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, qemu-devel@nongnu.org, ardb@kernel.org, kraxel@redhat.com, philmd@linaro.org Subject: Re: [PATCH qemu] x86: don't let decompressed kernel image clobber setup_data Message-ID: References: <46466e54-25c3-3194-8546-a57cd4a80d9d@zytor.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Dec 31, 2022 at 03:24:32PM +0100, Borislav Petkov wrote: > On Sat, Dec 31, 2022 at 02:51:28PM +0100, Jason A. Donenfeld wrote: > > That failure is unrelated to the ident mapping issue Peter and > > I discussed. The original failure is described in the commit message: > > decompression clobbers the data, so sd->next points to garbage. > > Right So with that understanding confirmed, I'm confused at your surprise that hpa's unrelated fix to the different issue didn't fix this issue. > and the fact that the kernel overwrites it still feels kinda wrong: the > kernel knows where setup_data is - the address is in the setup header so > *actually*, it should take care of not to clobber it. Yea, technically the bootloader could relocate all the setup_data links by copying them and updating ->next. This wouldn't be so hard to do. (Special care would have to be taken, though, to zero out SETUP_RNG_SEED, though, for forward secrecy and such.) But since the kernel doesn't do this now, and the 62MiB bug also seems to apply to existing kernels, for the purposes of QEMU for now, I think the v3 patch is probably best, since it'll handle existing kernels. Alternatively, setup_data could be relocated, the boot param protocol could be bumped, and then QEMU could conditionalized it's use of setup_data based on that protocol version. That'd work, but seems a bit more involved. So maybe for now, v3 works? Hopefully that looks like a correct approach to hpa, anyhow: https://lore.kernel.org/lkml/20221230220725.618763-1-Jason@zx2c4.com/ I think it should fit with what he described would work. Jason