Page MenuHomeFreeBSD

bhyve: allow reading of fwctl signature multiple times
ClosedPublic

Authored by corvink on Sep 16 2021, 6:49 AM.
Tags
Referenced Files
F133249790: D31981.id99211.diff
Fri, Oct 24, 7:55 AM
Unknown Object (File)
Wed, Oct 22, 6:48 PM
Unknown Object (File)
Mon, Oct 20, 6:23 AM
Unknown Object (File)
Wed, Oct 15, 6:00 AM
Unknown Object (File)
Wed, Oct 15, 5:57 AM
Unknown Object (File)
Wed, Oct 15, 5:57 AM
Unknown Object (File)
Wed, Oct 15, 5:57 AM
Unknown Object (File)
Wed, Oct 15, 5:56 AM
Subscribers

Details

Summary

At the moment, you only have one single chance to read the fwctl
signature. At boot bhyve is in the state IDENT_WAIT. It's then
possible to switch to IDENT_SEND. After bhyve sends the signature,
it switches to REQ. From now on it's impossible to switch back to
IDENT_SEND to read the signature. For that reason, only a single
driver can read the signature. A guest can't use two drivers to
identify that fwctl is present. It gets even worse when using
OVMF. OVMF uses a library to access fwctl. Therefore, every single
OVMF driver would try to read the signature. Currently, only a
single OVMF driver accesses the fwctl. So, there's no issue with
it yet. However, no OS driver would have a chance to detect fwctl when
using OVMF because it's signature was already consumed by OVMF.

Signed-off-by: Corvin Köhne <c.koehne@beckhoff.com>

Note: You can have a look at https://github.com/Beckhoff/freebsd-src/commits/phab/corvink/fwctl-signature

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

corvink added reviewers: manu, markj.

Is it sufficient to instead set be_state = IDENT_WAIT in fwctl_inl(), or handle be_state == REQ the same as be_state == IDENT_WAIT in fwctl_outw()?

usr.sbin/bhyve/fwctl.c
475

Presumably we should still ignore the write if be_state == DORMANT, or perhaps assert that that's not the case.

Is it sufficient to instead set be_state = IDENT_WAIT in fwctl_inl(), or handle be_state == REQ the same as be_state == IDENT_WAIT in fwctl_outw()?

When the guest checks the signature, the current state of fwctl is unknown. Additionally, bhyve's fwctl uses the same ports as qemu's fwcfg. When the guest checks the presence of qemu's fwcfg, he could misconfigure bhyve's fwctl. We should be able to recover from this situation. For that reason, I'd prefer to unconditionally switch to IDENT_SEND on outw.

markj added inline comments.
usr.sbin/bhyve/fwctl.c
479

I think some comment along the lines of, "resets the state machine," would be helpful.

This revision is now accepted and ready to land.Nov 29 2021, 4:36 PM
This revision now requires review to proceed.Nov 30 2021, 7:13 AM
This revision was not accepted when it landed; it landed in state Needs Review.Jan 3 2022, 4:02 PM
This revision was automatically updated to reflect the committed changes.