From: Laszlo Ersek <lersek@redhat.com>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: "Ard Biesheuvel" <ardb@kernel.org>,
"Daniel P. Berrangé" <berrange@redhat.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
"QEMU Developers" <qemu-devel@nongnu.org>,
"Xiaoyao Li" <xiaoyao.li@intel.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Peter Maydell" <peter.maydell@linaro.org>,
"Gerd Hoffmann" <kraxel@redhat.com>,
linux-efi <linux-efi@vger.kernel.org>
Subject: Re: [PATCH v2] hw/i386: place setup_data at fixed place in memory
Date: Thu, 4 Aug 2022 15:29:19 +0200 [thread overview]
Message-ID: <5f947ca6-b178-9943-ece6-d6844285f8ee@redhat.com> (raw)
In-Reply-To: <5528ca40-50fb-8e92-7f24-80e20c4c983e@redhat.com>
On 08/04/22 15:16, Laszlo Ersek wrote:
> On 08/04/22 14:47, Jason A. Donenfeld wrote:
>> On Thu, Aug 4, 2022 at 2:11 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>>>
>>> Hi Laszlo,
>>>
>>> On Thu, Aug 04, 2022 at 01:31:36PM +0200, Laszlo Ersek wrote:
>>>> None of the existing info passing methods seem early enough, generic
>>>> enough, and secure enough (at the same time)...
>>>
>>> Can you look at the v2 patch? It seems to work on every configuration I
>>> throw at it. Keep in mind that setup_data is only used very, very early.
>>> I can think of a few other places to put it too, looking at the x86
>>> memory map, that will survive long enough.
>>>
>>> I think this might actually be a straightforwardly solvable problem if
>>> you think about it more basically.
>>
>> And just to put things in perspective here... We only need like 48
>> bytes or something at some easy fixed address. That's not much. That's
>> *got* to be a fairly tractable problem. If v2 has issues, I can't see
>> why there wouldn't be a different easy place to put a meger 48 bytes
>> of stuff that then is allowed to be wiped out after early boot.
>
> I've looked at v2. It still relies on passing information from QEMU to
> the guest kernel through guest RAM such that the whole firmware
> execution takes place in-between, without the firmware knowing anything
> about that particular area -- effectively treating it as free system
> RAM. Such exceptions are time bombs.
>
> We *have* used hard-coded addresses, sometimes they are unavoidable, but
> then they are open-coded in both QEMU and the firmware, and some early
> part of the firmware takes care to either move the data to a "safe"
> place, or to cover it in-place with a kind of reservation that prevents
> other parts of the firmware from trampling over it. I've debugged
> mistakes (memory corruption) when such reservation was forgotten; it's
> not fun.
Reference:
https://github.com/tianocore/edk2/commit/ad43bc6b2e
>
> In short, I have nothing against the QEMU patch, but then the current
> OvmfPkg maintainers should accept a patch for the firmware too, for
> protecting the area from later firmware components, as early as possible.
>
> Laszlo
>
next prev parent reply other threads:[~2022-08-04 13:38 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-03 17:02 [PATCH RFC v1] hw/i386: place setup_data at fixed place in memory Jason A. Donenfeld
2022-08-03 22:25 ` Michael S. Tsirkin
2022-08-03 22:50 ` Jason A. Donenfeld
2022-08-04 0:39 ` Jason A. Donenfeld
2022-08-04 0:44 ` [PATCH v2] " Jason A. Donenfeld
2022-08-04 7:03 ` Michael S. Tsirkin
2022-08-04 8:58 ` Laszlo Ersek
2022-08-04 9:25 ` Daniel P. Berrangé
2022-08-04 10:26 ` Ard Biesheuvel
2022-08-04 11:31 ` Laszlo Ersek
2022-08-04 12:11 ` Jason A. Donenfeld
2022-08-04 12:47 ` Jason A. Donenfeld
2022-08-04 13:16 ` Laszlo Ersek
2022-08-04 13:25 ` Jason A. Donenfeld
2022-08-04 13:29 ` Laszlo Ersek [this message]
2022-08-04 12:03 ` Jason A. Donenfeld
2022-08-04 12:11 ` Daniel P. Berrangé
2022-08-04 12:16 ` Ard Biesheuvel
2022-08-04 12:17 ` Jason A. Donenfeld
2022-08-04 12:28 ` Jason A. Donenfeld
2022-08-04 13:25 ` Laszlo Ersek
2022-08-04 13:28 ` Jason A. Donenfeld
2022-08-04 13:56 ` Laszlo Ersek
2022-08-04 14:03 ` Daniel P. Berrangé
2022-08-04 14:04 ` Laszlo Ersek
2022-08-04 22:56 ` Jason A. Donenfeld
2022-08-04 23:04 ` [PATCH v3] " Jason A. Donenfeld
2022-08-05 8:10 ` Paolo Bonzini
2022-08-05 11:08 ` Ard Biesheuvel
2022-08-05 17:29 ` Paolo Bonzini
2022-08-05 17:56 ` Ard Biesheuvel
2022-08-09 9:17 ` Michael S. Tsirkin
2022-08-09 14:19 ` Paolo Bonzini
2022-08-05 12:47 ` Jason A. Donenfeld
2022-08-05 13:34 ` Laszlo Ersek
2022-08-09 12:17 ` Jason A. Donenfeld
2022-08-09 14:07 ` Michael S. Tsirkin
2022-08-09 14:15 ` Daniel P. Berrangé
2022-08-05 6:26 ` [PATCH v2] " Laszlo Ersek
2022-08-16 8:55 ` Gerd Hoffmann
2022-08-18 15:38 ` Jason A. Donenfeld
2022-08-19 6:40 ` Gerd Hoffmann
2022-08-19 7:16 ` Ard Biesheuvel
2022-08-04 12:54 ` Daniel P. Berrangé
2022-08-04 13:07 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5f947ca6-b178-9943-ece6-d6844285f8ee@redhat.com \
--to=lersek@redhat.com \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=berrange@redhat.com \
--cc=kraxel@redhat.com \
--cc=linux-efi@vger.kernel.org \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.