Hi Daniel,
On Thu, Aug 4, 2022 at 2:54 PM Daniel P. Berrangé <berrange@xxxxxxxxxx> wrote:
>
> On Thu, Aug 04, 2022 at 02:44:11AM +0200, Jason A. Donenfeld wrote:
> > The boot parameter header refers to setup_data at an absolute address,
> > and each setup_data refers to the next setup_data at an absolute address
> > too. Currently QEMU simply puts the setup_datas right after the kernel
> > image, and since the kernel_image is loaded at prot_addr -- a fixed
> > address knowable to QEMU apriori -- the setup_data absolute address
> > winds up being just `prot_addr + a_fixed_offset_into_kernel_image`.
> >
> > This mostly works fine, so long as the kernel image really is loaded at
> > prot_addr. However, OVMF doesn't load the kernel at prot_addr, and
> > generally EFI doesn't give a good way of predicting where it's going to
> > load the kernel. So when it loads it at some address != prot_addr, the
> > absolute addresses in setup_data now point somewhere bogus, causing
> > crashes when EFI stub tries to follow the next link.
> >
> > Fix this by placing setup_data at some fixed place in memory, relative
> > to real_addr, not as part of the kernel image, and then pointing the
> > setup_data absolute address to that fixed place in memory. This way,
> > even if OVMF or other chains relocate the kernel image, the boot
> > parameter still points to the correct absolute address.
> >
> > Fixes: 3cbeb52467 ("hw/i386: add device tree support")
> > Reported-by: Xiaoyao Li <xiaoyao.li@xxxxxxxxx>
> > Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> > Cc: Richard Henderson <richard.henderson@xxxxxxxxxx>
> > Cc: Peter Maydell <peter.maydell@xxxxxxxxxx>
> > Cc: Michael S. Tsirkin <mst@xxxxxxxxxx>
> > Cc: Daniel P. Berrangé <berrange@xxxxxxxxxx>
> > Cc: Gerd Hoffmann <kraxel@xxxxxxxxxx>
> > Cc: Ard Biesheuvel <ardb@xxxxxxxxxx>
> > Cc: linux-efi@xxxxxxxxxxxxxxx
> > Signed-off-by: Jason A. Donenfeld <Jason@xxxxxxxxx>
> > ---
> > hw/i386/x86.c | 38 ++++++++++++++++++++------------------
> > 1 file changed, 20 insertions(+), 18 deletions(-)
> >
> > diff --git a/hw/i386/x86.c b/hw/i386/x86.c
> > index 050eedc0c8..8b853abf38 100644
> > --- a/hw/i386/x86.c
> > +++ b/hw/i386/x86.c
>
>
> > if (!legacy_no_rng_seed) {
> > - setup_data_offset = QEMU_ALIGN_UP(kernel_size, 16);
> > - kernel_size = setup_data_offset + sizeof(struct setup_data) + RNG_SEED_LENGTH;
> > - kernel = g_realloc(kernel, kernel_size);
> > - setup_data = (struct setup_data *)(kernel + setup_data_offset);
> > + setup_data_item_len = sizeof(struct setup_data) + RNG_SEED_LENGTH;
> > + setup_datas = g_realloc(setup_datas, setup_data_total_len + setup_data_item_len);
> > + setup_data = (struct setup_data *)(setup_datas + setup_data_total_len);
> > setup_data->next = cpu_to_le64(first_setup_data);
> > - first_setup_data = prot_addr + setup_data_offset;
> > + first_setup_data = setup_data_base + setup_data_total_len;
> > + setup_data_total_len += setup_data_item_len;
> > setup_data->type = cpu_to_le32(SETUP_RNG_SEED);
> > setup_data->len = cpu_to_le32(RNG_SEED_LENGTH);
> > qemu_guest_getrandom_nofail(setup_data->data, RNG_SEED_LENGTH);
> > }
> >
> > - /* Offset 0x250 is a pointer to the first setup_data link. */
> > - stq_p(header + 0x250, first_setup_data);
> > + if (first_setup_data) {
> > + /* Offset 0x250 is a pointer to the first setup_data link. */
> > + stq_p(header + 0x250, first_setup_data);
> > + rom_add_blob("setup_data", setup_datas, setup_data_total_len, setup_data_total_len,
> > + setup_data_base, NULL, NULL, NULL, NULL, false);
> > + }
>
> The boot measurements with AMD SEV now succeed, but I'm a little
> worried about the implications of adding this ROM, when a few lines
> later here we're discarding the 'header' changes for AMD SEV. Is
> this still going to operate correctly in the guest OS if we've
> discarded the header changes below ?
I'll add a !sev_enabled() condition to that block too, so it also
skips adding the ROM, for v3.
Jason
