Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Message-ID: <e8008fda-4347-41dc-d2d5-b24ad483ad32@mbosol.com>
Date:   Sun, 1 Jan 2023 06:55:42 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.4.2
Subject: Re: [PATCH qemu] x86: don't let decompressed kernel image clobber
 setup_data
Content-Language: en-US
To:     "H. Peter Anvin" <hpa@zytor.com>,
        "Jason A. Donenfeld" <Jason@zx2c4.com>,
        Borislav Petkov <bp@alien8.de>
Cc:     pbonzini@redhat.com, ebiggers@kernel.org, x86@kernel.org,
        linux-kernel@vger.kernel.org, qemu-devel@nongnu.org,
        ardb@kernel.org, kraxel@redhat.com, philmd@linaro.org
References: <CAHmME9oPUJemVRvO3HX0q4BJGTFuzbLYANeizuRcNq2=Ykk1Gg@mail.gmail.com>
 <Y69B40T9kWfxZpmf@zn.tnic> <E5D0A77E-5ABC-4978-9A66-37B60DA43869@zytor.com>
 <Y69h6ur79SMhu61F@zx2c4.com> <46466e54-25c3-3194-8546-a57cd4a80d9d@zytor.com>
 <Y7A76+IBS4fnucrW@zn.tnic> <Y7A8qP05B0YRbQIN@zx2c4.com>
 <Y7A9nBud6UeH+wYd@zn.tnic> <Y7A+YELM7m5E2PUQ@zx2c4.com>
 <Y7BGIAL4z6o6FEI5@zn.tnic> <Y7B993P1+jYB/etX@zx2c4.com>
 <24908710-09f6-da2a-d821-58a81c572f6c@zytor.com>
From:   =?UTF-8?Q?Mika_Penttil=c3=a4?= <mika.penttila@mbosol.com>
In-Reply-To: <24908710-09f6-da2a-d821-58a81c572f6c@zytor.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?NUNTbTdEWm84UzZvdVdjZWRvVWJaRFZ4OUZqWVNkVzc0L0NrLzlRSlUyR1d1?=
 =?utf-8?B?KzFQSGxZSkNPVVZ5RHQwRTlVQUxSbWk2SXlZMFg4YUV2ak1zMm5sb3RYNTFH?=
 =?utf-8?B?M2ZsQmNTZFZGeXM4dlpHZVJzV29hbUNxU3gzRzJWVlViSFVYMlRnekZkTnY1?=
 =?utf-8?B?dlpxbDhYdzkrUitlOXZkZGc1Q2NPdmNYODV6T0hzY2QxeG51ODhjNjRHSXp0?=
 =?utf-8?B?cW5qcUVpSFRjTk1JSW1tOEtYcCt5OFVTdnFuWUwweDZxOW9RbFJ3RmxzTkhO?=
 =?utf-8?B?YVhqSWIzdWg0L0tLTHJFNllYUDN0YVlHYjBlOVJFS29vYmxDcmRNNmxRc3BU?=
 =?utf-8?B?VnIvakppVitSTWdBSk9JMkdsVGQzcklmenNVY0Y0NnBGOEcxaG1qcHFRREdv?=
 =?utf-8?B?MmIvRzlWczhCYmlYaS9maVU0N2dXZE1zdnJRQTJ5cEprREVTaDU1NFRldys1?=
 =?utf-8?B?VndlN0NpQ1IydGhsUEVkKzQzOHV1Ky9NbnJ1RjlWQmJ4V0Z1R2M1U3VsUTZY?=
 =?utf-8?B?L3hlMmtoUFJOWHp2WVBjaGRrUmh6WUN3L1cyZGNMOFNDc2M1YW9tTStXUUFI?=
 =?utf-8?B?eFllZWt0THRuVk5OY3gzTkIrYmRoMUpqcitWeUJaUGtSNjhMdjJGWDNSWU10?=
 =?utf-8?B?NFZ1MUdNSHA1ME5OZ3BtbGp2d3FpNElMcEhlNmdtb3cyUHNBaUxNcS9OR1VI?=
 =?utf-8?B?MzdGdHJjdWN5eG9yNlo5K0szZXhCTmZkVFhRekpmOFMrZzNscUZYd3Q5dUFT?=
 =?utf-8?B?NkcyaU9RanBzMnNQMUh2Rm5yZXZvalRibTZXRk0rdTFCM0VRV1d6NUVXclI2?=
 =?utf-8?B?YVpnUHJVbmkwKzVMdFJXSE5mTy82dGg3d292c0NUZWNiUW5wRUlRSjlyS0hJ?=
 =?utf-8?B?ZTR6c21OVWpMWS94a25xMjV5eUNtSHQ0SUVqWHFoQ29icnFOeTMzVDJDQ3NW?=
 =?utf-8?B?Y1lCWTRXM0xoelhFY051cEIwRktkTmtmY1lYeDNRWHdEdzB1Y2orbnB1RmhH?=
 =?utf-8?B?MnpLb0RLbm05aUJXdjUrSXh3VXpaOFljQWhVc083WkkzY1dtb2draENNVTRi?=
 =?utf-8?B?dGJkcUZ6TlY0TDJOVTdoMkt0RFIyVkptWkV6Uy9RWnQ0dmV1enlPWmh3Y2N6?=
 =?utf-8?B?Tys3RFlncmpzZDZJZUlVQ2NQSGJpcVpodkpRRE0vMjA3dEZHQklUOGZ6VlFq?=
 =?utf-8?B?b0ZZYlJQWVdlU0lTc0JRVFpKR0tTVzhNZXBRZVlURXpyREFVcU5ZOUNxaUJB?=
 =?utf-8?B?bXZGYXRVSUg0Z2ZXWUpueUlCYWpUUy80ek5HcjhSZ2VsVDZkSmNocElGZWdR?=
 =?utf-8?B?UUFodWw3UzFVa1V2THYwVHpMMFJodkVETEtkQzBHMTFFWjlvcnRQU1MwdmUv?=
 =?utf-8?B?K1NJMkxqK3FUam10M2RwaTkvUjFqQzJDaDNmczh5Zzd6VU1WaXNPSzJ6anpD?=
 =?utf-8?B?K2RFd0RRa21zTHhZRUtRQ01OMDQrT213YzAxVnB4QmFRQ2k2OFBub01kTXBW?=
 =?utf-8?B?WXYxV2RjalYyL0dCd2FkU0dMcHlJa256eXFlcERTbjlXR1J3Sk00cEc0SEp4?=
 =?utf-8?B?S2k2ZDRPMEppMTc2Vis3K2ZmeE40cjEwWGZZQ2YrYmxzZTR0RkFQM1d0WVo2?=
 =?utf-8?B?ckFqK1RBd0NtemNvMmdOaXgrZWF1M3ZyYU1hbFFrak1HcnpVQkxSMVNFWnVE?=
 =?utf-8?B?RjJjZlJBd2FSd0N2NzNReWpUUUFhcStBTk91RnZhYStTUnBCMUtkQXFEdzJP?=
 =?utf-8?B?WTFQVUpLSldEaFBiYUExTjVka3piTXAxSmlraFBIVjlPTW0reHRBekhnNlh0?=
 =?utf-8?B?ZGtqN3FxV2JwcEpjdjdrUGplVDk2TmREUVZMdWtQb1NpRjlyK0dOTDZkVXlD?=
 =?utf-8?B?K2VFM2RyaElFYlptRzc0NHF2YVFZUVJQMXR1N05Bd1dJdjMvdXp2WHhvV1VU?=
 =?utf-8?B?cEFwQ08yL2ZrRUEwTUlsQ0xmSmw0dzZTTCtBRk5LRGh0aXdsejBYcTFyaHJ0?=
 =?utf-8?B?M2F3OStibDM1RVM0UnN2V3VreEdzK2pWUDZQMndobnNjSFFnRWZHT1dJaGhs?=
 =?utf-8?B?YmR5ekk2eS9qQWRhNFVuVXN3MEZoNVhmMGhiRDJPWHk3dlA5ZmdJL2JrOUk5?=
 =?utf-8?B?a0Q5MkxOZ0xXQm9SdEdHUlppYlNlUzhscG0yVDZnM0JaMTc3VlR3Q21HMlJP?=
 =?utf-8?B?c2c9PQ==?=
X-OriginatorOrg: mbosol.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f7a0e93b-0c56-4901-ab5a-08daebb47162
X-MS-Exchange-CrossTenant-AuthSource: DB8P192MB0533.EURP192.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jan 2023 04:55:45.7152
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 571b6760-44e0-4aae-b783-84984ac780c0
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 1gIi99T4a8q9EG7VAUIzZtya6Mq1JjFFH7DWWKTQWg7JF3mpx3zTInoQhFNi5+YgB087naZ6KzlVvrFeCa9N9TNPpdE1jFTlPfXhwqqAa44=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9P192MB0871
X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,NICE_REPLY_A,
        RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


On 1.1.2023 6.33, H. Peter Anvin wrote:
> 
> 
> On 12/31/22 10:22, Jason A. Donenfeld wrote:
>> On Sat, Dec 31, 2022 at 03:24:32PM +0100, Borislav Petkov wrote:
>>> On Sat, Dec 31, 2022 at 02:51:28PM +0100, Jason A. Donenfeld wrote:
>>>> That failure is unrelated to the ident mapping issue Peter and
>>>> I discussed. The original failure is described in the commit message:
>>>> decompression clobbers the data, so sd->next points to garbage.
>>>
>>> Right
>>
>> So with that understanding confirmed, I'm confused at your surprise that
>> hpa's unrelated fix to the different issue didn't fix this issue.
>>
> 
> If decompression does clobber the data, then we *also* need to figure 
> out why that is. There are basically three possibilities:
> 
> 1. If physical KASLR is NOT used:
> 
>      a. The boot loader doesn't honor the kernel safe area properly;
>      b. Somewhere in the process a bug in the calculation of the
>         kernel safe area has crept in.
> 
> 2. If physical KASLR IS used:
> 
>      The decompressor doesn't correctly keep track of nor relocate
>      all the keep-out zones before picking a target address.

Seems setup_data is not included in those mem_avoid regions.

> 
> One is a bootloader bug, two is a kernel bug. My guess is (2) is the 
> culprit, but (1b) should be checked, too.
> 
>      -hpa
> 


--Mika