[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH RFC 6/7] xen/x86/efi: Verify dom0 kernel with SHIM_LOCK protocol in efi_multiboot2()

On Mon, May 14, 2018 at 04:43:13AM -0600, Jan Beulich wrote:
> >>> On 08.05.18 at 15:09, <daniel.kiper@xxxxxxxxxx> wrote:
> > On Fri, May 04, 2018 at 09:46:33AM -0600, Jan Beulich wrote:
> >> >>> On 08.07.17 at 23:53, <daniel.kiper@xxxxxxxxxx> wrote:
> >> > --- a/xen/arch/x86/boot/head.S
> >> > +++ b/xen/arch/x86/boot/head.S
> >> > @@ -383,9 +383,13 @@ __efi64_mb2_start:
> >> >          jmp     x86_32_switch
> >> >
> >> >  .Lefi_multiboot2_proto:
> >> > -        /* Zero EFI SystemTable and EFI ImageHandle addresses. */
> >> > +        /*
> >> > +         * Zero EFI SystemTable, EFI ImageHandle and
> >> > +         * dom0 kernel module struct addresses.
> >> > +         */
> >> >          xor     %esi,%esi
> >> >          xor     %edi,%edi
> >> > +        xor     %r14d,%r14d
> >> >
> >> >          /* Skip Multiboot2 information fixed part. */
> >> >          lea     (MB2_fixed_sizeof+MULTIBOOT2_TAG_ALIGN-1)(%rbx),%ecx
> >> > @@ -423,6 +427,15 @@ __efi64_mb2_start:
> >> >          cmove   MB2_efi64_ih(%rcx),%rdi
> >> >          je      .Lefi_mb2_next_tag
> >> >
> >> > +        /* Get dom0 kernel module struct address from Multiboot2 
> >> > information. */
> >> > +        cmpl    $MULTIBOOT2_TAG_TYPE_MODULE,MB2_tag_type(%rcx)
> >> > +        jne     .Lefi_mb2_end
> >> > +
> >> > +        test    %r14d,%r14d
> >> > +        cmovz   %ecx,%r14d
> >> > +        jmp     .Lefi_mb2_next_tag
> >> > +
> >> > +.Lefi_mb2_end:
> >> >          /* Is it the end of Multiboot2 information? */
> >> >          cmpl    $MULTIBOOT2_TAG_TYPE_END,MB2_tag_type(%rcx)
> >> >          je      .Lrun_bs
> >> > @@ -484,9 +497,12 @@ __efi64_mb2_start:
> >> >          /* Keep the stack aligned. Do not pop a single item off it. */
> >> >          mov     (%rsp),%rdi
> >> >
> >> > +        mov     %r14d,%edx
> >> > +
> >> >          /*
> >> >           * efi_multiboot2() is called according to System V AMD64 ABI:
> >> > -         *   - IN:  %rdi - EFI ImageHandle, %rsi - EFI SystemTable.
> >> > +         *   - IN: %rdi - EFI ImageHandle, %rsi - EFI SystemTable,
> >> > +         *         %rdx - dom0 kernel module struct address.
> >>
> >> How come everything further up treats this as a 32-bit quantity only?
> >
> > According to the Multiboot2 spec the bootloader is not allowed to
> > put the kernel (xen.gz) and the modules above 4 GiB boundary.
>
> Interesting - how would they load a 1Gb initrd on a system with just 1Gb
> RAM below 4Gb? Not to speak of a 4Gb initrd ...

That is not possible right now. This requires changes in the boot protocol.
Anyway, have you seen such setups in the wild today?

Daniel

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.