| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <42195460-8086-ce7b-fd8f-2017bad36d47@gmail.com>
Date: Thu, 10 Nov 2022 23:01:17 +0800
From: Tianyu Lan <ltykernel@...il.com>
To: Michael Roth <michael.roth@....com>
Cc: luto@...nel.org, tglx@...utronix.de, mingo@...hat.com,
bp@...en8.de, dave.hansen@...ux.intel.com, x86@...nel.org,
hpa@...or.com, seanjc@...gle.com, pbonzini@...hat.com,
jgross@...e.com, tiala@...rosoft.com, kirill@...temov.name,
jiangshan.ljs@...group.com, peterz@...radead.org,
ashish.kalra@....com, srutherford@...gle.com,
akpm@...ux-foundation.org, anshuman.khandual@....com,
pawan.kumar.gupta@...ux.intel.com, adrian.hunter@...el.com,
daniel.sneddon@...ux.intel.com, alexander.shishkin@...ux.intel.com,
sandipan.das@....com, ray.huang@....com, brijesh.singh@....com,
thomas.lendacky@....com, venu.busireddy@...cle.com,
sterritt@...gle.com, tony.luck@...el.com, samitolvanen@...gle.com,
fenghua.yu@...el.com, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org, linux-hyperv@...r.kernel.org,
linux-arch@...r.kernel.org
Subject: Re: [RFC PATCH 01/17] x86/boot: Check boot param's cc_blob_address
for direct boot mode
On 11/10/2022 7:39 AM, Michael Roth wrote:
>> - * bp->cc_blob_address should only be set by boot/compressed kernel.
>> - * Initialize it to 0 to ensure that uninitialized values from
>> - * buggy bootloaders aren't propagated.
>> + * bp->cc_blob_address should only be set by boot/compressed
>> + * kernel and hypervisor with direct boot mode. Initialize it
>> + * to 0 after checking in order to ensure that uninitialized
>> + * values from buggy bootloaders aren't propagated.
>> */
>> - if (bp)
>> - bp->cc_blob_address = 0;
>> + if (bp) {
>> + cc_info = (struct cc_blob_sev_info *)(unsigned long)
>> + bp->cc_blob_address;
>> +
>> + if (cc_info->magic != CC_BLOB_SEV_HDR_MAGIC)
>> + bp->cc_blob_address = 0;
> It doesn't seem great to rely on SEV_HDR_MAGIC to determine whether
> bp->cc_blob_address is valid or not since it is only a 32-bit value.
>
> Would it be possible to use a setup_data entry of type SETUP_CC_BLOB
> in bp->hdr.setup_data instead? There's already handling for that in
> find_cc_blob_setup_data() so it should "just work".
Hi Michael:
Thanks for your review. I will have a try. Hypervisor may set
cc_blob_address directly and so propose this.
Powered by blists - more mailing lists