From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.groups.io with SMTP id smtpd.web08.7514.1624971279483611877 for ; Tue, 29 Jun 2021 05:54:40 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=H9KPZuEP; spf=pass (domain: redhat.com, ip: 216.205.24.124, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1624971278; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+h2kYFPRyGVrc8Bdpw++7b5EW7cenAPc4Owflv/t1EE=; b=H9KPZuEPXXIgr4LPTESgm6cznBMgloq3x38qoIA0RmlSIaNdH/3zp532dE3oZ/H1UxMjF9 4y6Op04OG9i+opOfzPJHb/SNEuqzNkWSxDMRmzgv8m9NKBKzSrqJtNIRepUdXEaIV/p6JK n1o2xFS2CdIBVAzw9yITCN9Jq54aZaA= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-53-hNqa6mNjN2aKb0_k00C3uA-1; Tue, 29 Jun 2021 08:54:34 -0400 X-MC-Unique: hNqa6mNjN2aKb0_k00C3uA-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1FBEC804147; Tue, 29 Jun 2021 12:54:32 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-114-158.ams2.redhat.com [10.36.114.158]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8F49610016F8; Tue, 29 Jun 2021 12:54:30 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH v3 0/5] OvmfPkg: Use QemuKernelLoaderFs to read cmdline/initrd To: devel@edk2.groups.io, dovmurik@linux.ibm.com Cc: Ard Biesheuvel , Jordan Justen , James Bottomley , Tobin Feldman-Fitzthum References: <20210628105110.379951-1-dovmurik@linux.ibm.com> From: "Laszlo Ersek" Message-ID: <65d9fc4d-998f-1b94-4d79-1ff9df26c93f@redhat.com> Date: Tue, 29 Jun 2021 14:54:29 +0200 MIME-Version: 1.0 In-Reply-To: <20210628105110.379951-1-dovmurik@linux.ibm.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 06/28/21 12:51, Dov Murik wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3457 > > In order to support measured SEV boot with kernel/initrd/cmdline, we'd > like to have one place that reads those blobs; in the future we'll add > the measurement and verification in that place. > > We already have a synthetic filesystem (QemuKernelLoaderFs) which holds > three files: "kernel", "initrd", and "cmdline". The kernel is indeed > read from this filesystem in LoadImage; but the cmdline (and the length > of initrd) are read from QemuFwCfgLib items. > > This patch series first fixes two identical memory leak bugs in > GenericQemuLoadImageLib and X86QemuLoadImageLib; then modifies > GenericQemuLoadImageLib to read cmdline (and the initrd size) from the > QemuKernelLoaderFs synthetic filesystem, thus removing the dependency on > QemuFwCfgLib. > > Note that X86QemuLoadImageLib is not modified, because it contains a > QemuLoadLegacyImage() which reads other items of the QemuFwCfg which are > not available in QemuKernelLoaderFs. Since we don't want to support the > legacy boot path in the future measured SEV boot, we leave > X86QemuLoadImageLib as-is (except for a comment addition in patch 3) and > will force use for GenericQemuLoadImageLib in the measured SEV boot > implementation. > > Relevant discussion threads start in: > https://edk2.groups.io/g/devel/message/76069 > > To test this on x86_64, I forced the use of GenericQemuLoadImageLib > using the following local patch: > > > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc > index 0a237a905866..46442b543bcf 100644 > --- a/OvmfPkg/OvmfPkgX64.dsc > +++ b/OvmfPkg/OvmfPkgX64.dsc > @@ -404,7 +404,7 @@ [LibraryClasses.common.DXE_DRIVER] > PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf > MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf > QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf > - QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf > + QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf # XXX don't commit this or someone will be mad > !if $(TPM_ENABLE) == TRUE > Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf > Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf > > > I tested boot with QEMU and OVMF with the following QEMU arguments: > > -kernel a > -kernel a -initrd b > -kernel a -cmdline c > -kernel a -initrd b -cmdline c > > (and also without -kernel) > > > Code is at > https://github.com/confidential-containers-demo/edk2/tree/use-synthetic-fs-for-cmdline-v3 > > v3 changes: > - Insert patches 1+2 at the top of the series to fix cmdline leak bugs > - Organize #include and .inf > - Add UINTN overflow check > - Fix error paths and function epilogue to properly release all resources > - Clarity: rename long variables, reword comments > > v2: https://edk2.groups.io/g/devel/message/76664 > v2 changes: > - Add comment to header of X86QemuLoadImageLib.inf > - Clearer function names in GenericQemuLoadImageLib.c > - Fix coding style issues > > v1: https://edk2.groups.io/g/devel/message/76265 > > > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Cc: Jordan Justen > Cc: James Bottomley > Cc: Tobin Feldman-Fitzthum > > > Dov Murik (5): > OvmfPkg/GenericQemuLoadImageLib: plug cmdline blob leak on success > OvmfPkg/X86QemuLoadImageLib: plug cmdline blob leak on success > Revert "OvmfPkg/QemuKernelLoaderFsDxe: don't expose kernel command > line" > OvmfPkg/GenericQemuLoadImageLib: Read cmdline from QemuKernelLoaderFs > OvmfPkg/X86QemuLoadImageLib: State fw_cfg dependency in file header > > OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf | 3 +- > OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf | 3 + > OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c | 157 ++++++++++++++++++-- > OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c | 9 +- > OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c | 11 +- > 5 files changed, 161 insertions(+), 22 deletions(-) > Merged as commit range d1fc3d7ef3cb..9421f5ab8d1e, via . (The BZ remains open for the upcoming (related) patch sets.) Thanks Laszlo