From: David Hildenbrand <david@redhat.com>
To: Janosch Frank <frankja@linux.ibm.com>, qemu-devel@nongnu.org
Cc: borntraeger@de.ibm.com, qemu-s390x@nongnu.org, cohuck@redhat.com
Subject: Re: [PATCH] pc-bios: s390x: Save iplb location in lowcore
Date: Tue, 3 Mar 2020 17:13:36 +0100 [thread overview]
Message-ID: <49294c6a-38f6-8358-b613-72d3c3c7cf4f@redhat.com> (raw)
In-Reply-To: <20200303155010.2519-1-frankja@linux.ibm.com>
On 03.03.20 16:50, Janosch Frank wrote:
> The POP states that for a list directed IPL the IPLB is stored into
> memory by the machine loader and its address is stored at offset 0x14
> of the lowcore.
>
> ZIPL currently uses the address in offset 0x14 to access the IPLB and
> acquire flags about secure boot. If the IPLB address points into
> memory which has an unsupported mix of flags set, ZIPL will panic
> instead of booting the OS.
>
> As the lowcore can have quite a high entropy for a guest that did drop
> out of protected mode (i.e. rebooted) we encountered the ZIPL panic
> quite often.
How did this ever work? Or does this only become relevant with secure boot?
Fixes: ? Or has this always been broken?
>
> Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
> Tested-by: Marc Hartmayer <mhartmay@linux.ibm.com>
> ---
> pc-bios/s390-ccw/jump2ipl.c | 1 +
> pc-bios/s390-ccw/main.c | 8 +++++++-
> pc-bios/s390-ccw/netmain.c | 1 +
> pc-bios/s390-ccw/s390-arch.h | 10 ++++++++--
> pc-bios/s390-ccw/s390-ccw.h | 1 +
> 5 files changed, 18 insertions(+), 3 deletions(-)
>
> diff --git a/pc-bios/s390-ccw/jump2ipl.c b/pc-bios/s390-ccw/jump2ipl.c
> index da13c43cc0..4eba2510b0 100644
> --- a/pc-bios/s390-ccw/jump2ipl.c
> +++ b/pc-bios/s390-ccw/jump2ipl.c
> @@ -35,6 +35,7 @@ void jump_to_IPL_code(uint64_t address)
> {
> /* store the subsystem information _after_ the bootmap was loaded */
> write_subsystem_identification();
> + write_iplb_location();
>
> /* prevent unknown IPL types in the guest */
> if (iplb.pbt == S390_IPL_TYPE_QEMU_SCSI) {
> diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c
> index a21b386280..4e65b411e1 100644
> --- a/pc-bios/s390-ccw/main.c
> +++ b/pc-bios/s390-ccw/main.c
> @@ -9,6 +9,7 @@
> */
>
> #include "libc.h"
> +#include "helper.h"
> #include "s390-arch.h"
> #include "s390-ccw.h"
> #include "cio.h"
> @@ -22,7 +23,7 @@ QemuIplParameters qipl;
> IplParameterBlock iplb __attribute__((__aligned__(PAGE_SIZE)));
> static bool have_iplb;
> static uint16_t cutype;
> -LowCore const *lowcore; /* Yes, this *is* a pointer to address 0 */
> +LowCore *lowcore; /* Yes, this *is* a pointer to address 0 */
>
> #define LOADPARM_PROMPT "PROMPT "
> #define LOADPARM_EMPTY " "
> @@ -42,6 +43,11 @@ void write_subsystem_identification(void)
> *zeroes = 0;
> }
>
> +void write_iplb_location(void)
> +{
> + lowcore->ptr_iplb = ptr2u32(&iplb);
> +}
> +
> void panic(const char *string)
> {
> sclp_print(string);
> diff --git a/pc-bios/s390-ccw/netmain.c b/pc-bios/s390-ccw/netmain.c
> index f2dcc01e27..309ffa30d9 100644
> --- a/pc-bios/s390-ccw/netmain.c
> +++ b/pc-bios/s390-ccw/netmain.c
> @@ -40,6 +40,7 @@
> #define DEFAULT_TFTP_RETRIES 20
>
> extern char _start[];
> +void write_iplb_location(void) {}
>
> #define KERNEL_ADDR ((void *)0L)
> #define KERNEL_MAX_SIZE ((long)_start)
> diff --git a/pc-bios/s390-ccw/s390-arch.h b/pc-bios/s390-ccw/s390-arch.h
> index 504fc7c2f0..5f36361c02 100644
> --- a/pc-bios/s390-ccw/s390-arch.h
> +++ b/pc-bios/s390-ccw/s390-arch.h
> @@ -36,7 +36,13 @@ typedef struct LowCore {
> /* prefix area: defined by architecture */
> PSWLegacy ipl_psw; /* 0x000 */
> uint32_t ccw1[2]; /* 0x008 */
> - uint32_t ccw2[2]; /* 0x010 */
> + union {
> + uint32_t ccw2[2]; /* 0x010 */
> + struct {
> + uint32_t reserved10;
> + uint32_t ptr_iplb;
> + };
> + };
> uint8_t pad1[0x80 - 0x18]; /* 0x018 */
> uint32_t ext_params; /* 0x080 */
> uint16_t cpu_addr; /* 0x084 */
> @@ -85,7 +91,7 @@ typedef struct LowCore {
> PSW io_new_psw; /* 0x1f0 */
> } __attribute__((packed, aligned(8192))) LowCore;
>
> -extern LowCore const *lowcore;
> +extern LowCore *lowcore;
>
> static inline void set_prefix(uint32_t address)
> {
> diff --git a/pc-bios/s390-ccw/s390-ccw.h b/pc-bios/s390-ccw/s390-ccw.h
> index 11bce7d73c..21f27e7990 100644
> --- a/pc-bios/s390-ccw/s390-ccw.h
> +++ b/pc-bios/s390-ccw/s390-ccw.h
> @@ -57,6 +57,7 @@ void consume_io_int(void);
> /* main.c */
> void panic(const char *string);
> void write_subsystem_identification(void);
> +void write_iplb_location(void);
> extern char stack[PAGE_SIZE * 8] __attribute__((__aligned__(PAGE_SIZE)));
> unsigned int get_loadparm_index(void);
In general LGTM.
Side note: I wonder if the assert in ptr2u32() should actually be
IPL_assert((uint64_t)ptr <= 0xfffffffful, "ptr2u32: ptr too large");
^
or even better
IPL_assert((uint64_t)ptr != (uint32_t)ptr, "ptr2u32: ptr too large");
Otherwise, sign extension will simply always make this pass.
--
Thanks,
David / dhildenb
next prev parent reply other threads:[~2020-03-03 16:14 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-26 12:20 [PATCH v5 00/18] s390x: Protected Virtualization support Janosch Frank
2020-02-26 12:20 ` [PATCH v5 01/18] s390x: Use constant for ESA PSW address Janosch Frank
2020-02-26 13:46 ` Christian Borntraeger
2020-02-26 13:47 ` Janosch Frank
2020-02-26 14:27 ` David Hildenbrand
2020-02-26 17:51 ` Cornelia Huck
2020-02-26 17:52 ` David Hildenbrand
2020-02-27 7:53 ` Janosch Frank
2020-02-27 8:09 ` Janosch Frank
2020-02-27 9:06 ` Cornelia Huck
2020-02-27 9:23 ` [PATCH v6] s390x: Rename and use constants for short PSW address and mask Janosch Frank
2020-02-27 9:27 ` David Hildenbrand
2020-02-27 10:36 ` Cornelia Huck
2020-02-26 12:20 ` [PATCH v5 02/18] Sync pv Janosch Frank
2020-02-26 12:20 ` [PATCH v5 03/18] s390x: protvirt: Add diag308 subcodes 8 - 10 Janosch Frank
2020-02-26 12:20 ` [PATCH v5 04/18] s390x: protvirt: Support unpack facility Janosch Frank
2020-02-26 12:20 ` [PATCH v5 05/18] s390x: protvirt: Add migration blocker Janosch Frank
2020-02-26 14:05 ` Christian Borntraeger
2020-02-26 14:08 ` Janosch Frank
2020-02-26 12:20 ` [PATCH v5 06/18] s390x: protvirt: Handle diag 308 subcodes 0,1,3,4 Janosch Frank
2020-02-26 15:00 ` Christian Borntraeger
2020-02-26 15:11 ` Janosch Frank
2020-02-26 12:20 ` [PATCH v5 07/18] s390x: protvirt: Inhibit balloon when switching to protected mode Janosch Frank
2020-02-26 14:59 ` David Hildenbrand
2020-02-26 15:06 ` Christian Borntraeger
2020-02-26 15:16 ` David Hildenbrand
2020-02-26 15:30 ` Janosch Frank
2020-02-26 15:31 ` David Hildenbrand
2020-02-26 18:24 ` Cornelia Huck
2020-03-03 12:42 ` Christian Borntraeger
2020-02-26 15:11 ` Janosch Frank
2020-02-26 15:13 ` Christian Borntraeger
2020-02-26 15:15 ` David Hildenbrand
2020-02-27 12:24 ` Halil Pasic
2020-03-19 13:42 ` Halil Pasic
2020-03-19 13:54 ` David Hildenbrand
2020-03-19 15:40 ` Halil Pasic
2020-03-19 17:31 ` David Hildenbrand
2020-03-20 18:43 ` Halil Pasic
2020-03-24 21:07 ` Brijesh Singh
2020-03-27 10:50 ` David Hildenbrand
2020-03-19 17:45 ` Michael S. Tsirkin
2020-03-20 9:36 ` David Hildenbrand
2020-03-29 14:48 ` Michael S. Tsirkin
2020-03-31 8:59 ` David Hildenbrand
2020-02-26 12:20 ` [PATCH v5 08/18] s390x: protvirt: KVM intercept changes Janosch Frank
2020-02-26 12:20 ` [PATCH v5 09/18] s390x: Add SIDA memory ops Janosch Frank
2020-02-26 12:20 ` [PATCH v5 10/18] s390x: protvirt: Move STSI data over SIDAD Janosch Frank
2020-02-26 12:20 ` [PATCH v5 11/18] s390x: protvirt: SCLP interpretation Janosch Frank
2020-02-26 12:20 ` [PATCH v5 12/18] s390x: protvirt: Set guest IPL PSW Janosch Frank
2020-02-26 12:20 ` [PATCH v5 13/18] s390x: protvirt: Move diag 308 data over SIDAD Janosch Frank
2020-02-26 12:20 ` [PATCH v5 14/18] s390x: protvirt: Disable address checks for PV guest IO emulation Janosch Frank
2020-02-26 12:20 ` [PATCH v5 15/18] s390x: protvirt: Move IO control structures over SIDA Janosch Frank
2020-02-26 12:20 ` [PATCH v5 16/18] s390x: protvirt: Handle SIGP store status correctly Janosch Frank
2020-02-26 12:20 ` [PATCH v5 17/18] s390x: Add unpack facility feature to GA1 Janosch Frank
2020-02-26 12:20 ` [PATCH v5 18/18] docs: Add protvirt docs Janosch Frank
2020-02-26 20:09 ` [PATCH v5 00/18] s390x: Protected Virtualization support Cornelia Huck
2020-02-27 8:32 ` Janosch Frank
2020-03-03 15:50 ` [PATCH] pc-bios: s390x: Save iplb location in lowcore Janosch Frank
2020-03-03 16:13 ` David Hildenbrand [this message]
2020-03-04 8:59 ` Janosch Frank
2020-03-04 9:05 ` David Hildenbrand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49294c6a-38f6-8358-b613-72d3c3c7cf4f@redhat.com \
--to=david@redhat.com \
--cc=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=frankja@linux.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.