All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Alex Bennée" <alex.bennee@linaro.org>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>, qemu-devel@nongnu.org
Subject: Re: [PULL 7/9] hw/guest-loader: pass random seed to fdt
Date: Fri, 22 Jul 2022 15:27:38 +0100	[thread overview]
Message-ID: <87k085rz6b.fsf@linaro.org> (raw)
In-Reply-To: <YtqJaf5gSyj9cVt6@zx2c4.com>


"Jason A. Donenfeld" <Jason@zx2c4.com> writes:

> Hey Alex,
>
> On Fri, Jul 22, 2022 at 10:45:19AM +0100, Alex Bennée wrote:
>> All the guest-loader does is add the information about where in memory a
>> guest and/or it's initrd have been placed in memory to the DTB. It's
>> entirely up to the initial booted code (usually a hypervisor in this
>> case) to decide what gets passed up the chain to any subsequent guests.
>
> I think that's also my understanding, but let me tell you what I was
> thinking with regards to rng-seed there, and you can tell me if I'm way
> off.
>
> The guest-loader puts in memory various loaders in a multistage boot.
> Let's call it stage0, stage1, stage2, and finally the kernel. Normally,
> rng-seed is only given to one of these stages. That stage may or may not
> pass it to the next one, and it most probably does not. And why should
> it? The host is in a better position to generate these seeds, rather
> than adding finicky and fragile crypto ratcheting code into each stage
> bootloader. So, instead, QEMU can just give each stage its own seed, for
> it to do whatever with. This way, if stage1 does nothing, at least
> there's a fresh unused one available for the kernel when it finally gets
> there.

That sounds suspiciously like inventing a new ABI between QEMU and
guests which we generally try to avoid. The DTB exposed to the first
stage may never be made visible to the following stages or more likely a
sanitised version is prepared by the previous stage. Generally QEMU just
tries to get the emulation right so the firmware/software can get on
with it's thing. Indeed the dynamic DTB for -M virt and friends is an
oddity compared to most of the other machine types which assume the user
has a valid DTB.

Either way given how close to release we are I'd rather drop this patch.

> Does what I describe correspond at all with the use of guest-loader? If
> so, maybe this patch should stay? If not, discard it as rubbish.

The original intent of the guest-loader was to make testing of
hypervisors easier because the alternative is getting a multi-stage boot
chain of firmware, boot-loaders and distro specific integration working
which can be quite opaque to debug (c.f. why -kernel/-initrd exist and
not everyone boots via -bios/-pflash).

>
> Jason


-- 
Alex Bennée


  reply	other threads:[~2022-07-22 14:41 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-21 16:36 [PULL 0/9] More fixes + random seed patches for QEMU 7.1 Paolo Bonzini
2022-07-21 16:36 ` [PULL 1/9] docs: Add caveats for Windows as the build platform Paolo Bonzini
2022-07-21 16:36 ` [PULL 2/9] accel/kvm: Avoid Coverity warning in query_stats() Paolo Bonzini
2022-07-21 16:36 ` [PULL 3/9] oss-fuzz: remove binaries from qemu-bundle tree Paolo Bonzini
2022-07-21 16:36 ` [PULL 4/9] oss-fuzz: ensure base_copy is a generic-fuzzer Paolo Bonzini
2022-07-21 16:36 ` [PULL 5/9] hw/nios2: virt: pass random seed to fdt Paolo Bonzini
2022-07-21 16:36 ` [PULL 6/9] hw/mips: boston: " Paolo Bonzini
2022-07-21 16:36 ` [PULL 7/9] hw/guest-loader: " Paolo Bonzini
2022-07-21 19:36   ` Alex Bennée
2022-07-21 20:20     ` Jason A. Donenfeld
2022-07-22  9:45       ` Alex Bennée
2022-07-22 11:26         ` Jason A. Donenfeld
2022-07-22 14:27           ` Alex Bennée [this message]
2022-07-22 16:32             ` Paolo Bonzini
2022-07-22 19:07             ` Jason A. Donenfeld
2022-07-22 12:04       ` Paolo Bonzini
2022-07-22 12:21         ` Jason A. Donenfeld
2022-07-21 16:36 ` [PULL 8/9] hw/rx: " Paolo Bonzini
2022-07-21 16:36 ` [PULL 9/9] hw/i386: pass RNG seed via setup_data entry Paolo Bonzini
2022-08-02  3:28   ` Xiaoyao Li
2022-08-02 13:21     ` Jason A. Donenfeld
2022-08-02 14:53       ` Xiaoyao Li
2022-08-02 15:06         ` Jason A. Donenfeld
2022-08-02 15:13           ` Jason A. Donenfeld
2022-08-03  1:34             ` Xiaoyao Li
2022-08-03 10:52             ` Daniel P. Berrangé
2022-08-03 13:11               ` Jason A. Donenfeld
2022-08-03 13:34                 ` Jason A. Donenfeld
2022-08-03 17:07                   ` Jason A. Donenfeld
2022-08-03 22:03                     ` Michael S. Tsirkin
2022-08-03 22:08                       ` Jason A. Donenfeld
2022-08-03 22:23                         ` Michael S. Tsirkin
2022-08-04  5:40                           ` Laszlo Ersek
2022-08-04 12:01   ` Daniel P. Berrangé
2022-08-04 12:13     ` Jason A. Donenfeld
2022-08-04 12:48       ` Daniel P. Berrangé
2022-08-04 16:56     ` Alex Bennée

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87k085rz6b.fsf@linaro.org \
    --to=alex.bennee@linaro.org \
    --cc=Jason@zx2c4.com \
    --cc=pbonzini@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.