Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp10618080rwl; Mon, 2 Jan 2023 05:41:15 -0800 (PST) X-Google-Smtp-Source: AMrXdXuGvapOW+REC+klCVT5xruuNKJ0rEK1RY8GAiUzsRa1zTGNAyWvO/4F7EHQMV5hLTPJ+HhN X-Received: by 2002:a17:902:ab8f:b0:192:ce7c:dc43 with SMTP id f15-20020a170902ab8f00b00192ce7cdc43mr2823486plr.40.1672666875252; Mon, 02 Jan 2023 05:41:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672666875; cv=none; d=google.com; s=arc-20160816; b=eVg9fqMSSzPhBJYa5b6LKQ7Me/qEMmefR65ihluglAfIbyRoB+JYJ8luREZeZ5YALi yIa7CEaP2lS2VEQqbl9rO7e/7uu9PXgTMYuwDpvtQNGh1GqmJqp3oGAh/ChiWz1mdZhd NCdqJvlppGG1TA2KJYEEYDK3sfLIy1tEsG7tD6IOySArHaCymKsBycJnuWaffSW1Tg2m 60b30g+VCIaNgXxxZuw67q+USV4hyR2GHZ5R37OKNh4BKXUA4uswc9aQuhF6OXMbXfxL nTee1zzIJn3lVDiDSXAFvDjtzBMhoSjAfcz+MAOwbmRdQRZeUlrzqtaC+QWFkpLQ4omI H+Yw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=pN93SdFoWRjgufplLvovHBgkU18si3SSvteu6HEOv7w=; b=xZq18aRxg4f1Cw5ZWYqlBPp5t91Svg3GqjoNaUq78Aa6sTyITjI/fTPoLt5TExPllO BFvpT6TIwM7y0CNlgKbsev7gZLgxAlAkdzOxHJh18rghq0xBMQ25z0e78VNmbXdpS6vr 2Cp0ntnrvIG8qpA7Rc8TLG8pDthuZqMEXVIpKg25BTHdqpa/622DSz9zZFnSc9JddHha Bf1keOxMlnHXPa9lVFNioa/8PVYS5QC3ioJqa7Io1Lny/hL4Ypa5uD/Yvj9fvylG8uKh 5+zsIQq8tvmQLXMR7rZwrLunPBrH+EyRl7bq/KwCojYCidQ0HsCDv4U/5tl1yRNjJpn+ Si2w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=SQPDA0DL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n1-20020a170902f60100b001928c9d771asi17587658plg.517.2023.01.02.05.41.07; Mon, 02 Jan 2023 05:41:15 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=SQPDA0DL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232479AbjABNhB (ORCPT + 61 others); Mon, 2 Jan 2023 08:37:01 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38698 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232947AbjABNg7 (ORCPT ); Mon, 2 Jan 2023 08:36:59 -0500 Received: from mail.skyhub.de (mail.skyhub.de [5.9.137.197]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 52630F2 for ; Mon, 2 Jan 2023 05:36:58 -0800 (PST) Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id D33F81EC050D; Mon, 2 Jan 2023 14:36:56 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1672666616; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=pN93SdFoWRjgufplLvovHBgkU18si3SSvteu6HEOv7w=; b=SQPDA0DLFhtzjyX2dAb8R034c9ZqeVlusKHWUArsNmWBQtJqJnx9PDXVPtNpMJa1fad3+L x6BaxUaPpN1MHbzF015TN3izC0amQRNJFXD39W8zKd86Anp3WRftYxvrnbdkCSBPwFNdBV 3RhZajVD6cZbp5VPzAsQWwgnd+TpQ38= Date: Mon, 2 Jan 2023 14:36:52 +0100 From: Borislav Petkov To: Ard Biesheuvel Cc: "H. Peter Anvin" , "Jason A. Donenfeld" , pbonzini@redhat.com, ebiggers@kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, qemu-devel@nongnu.org, kraxel@redhat.com, philmd@linaro.org Subject: Re: [PATCH qemu] x86: don't let decompressed kernel image clobber setup_data Message-ID: References: <60566f8b-c90f-12e7-c13e-94e9829eee2d@zytor.com> <8f072588-7d66-0932-7486-ed9159ae93ae@zytor.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 02, 2023 at 10:32:03AM +0100, Ard Biesheuvel wrote: > So instead of appending data to the compressed image and assuming that > it will stay in place, create or extend a memory reservation > elsewhere, and refer to its absolute address in setup_data. From my limited experience with all those boot protocols, I'd say hardcoding stuff is always a bad idea. But, we already more or less hardcode, or rather codify through the setup header contract how stuff needs to get accessed. And yeah, maybe specifying an absolute address and size for a blob of data and putting that address and size in the setup header so that all the parties involved are where what is, is probably better. But WTH do I know... -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette