From nobody Fri Mar 29 12:48:31 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+92119+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92119+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1659629493; cv=none; d=zohomail.com; s=zohoarc; b=ShAtYHkfBs2NOrzVVzqux+U8upRzEjC5ufyZI4Fir/7aAfxZGzHdQt3dVPd8UNR/Du3uvY+yJh9FA6icKuwCIGrWxQD0JCBL7XxQuv4zV96Z85ZJFx/0YwD62O2kUJwrG5KOuSv87BExHKKLm4yb5xYZEMAGqc2gGNEuaZV0uSw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1659629493; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=MIG9q6CGake57GNvp67/tlH1Sx+KzxvXTYs6HukEwgo=; b=jTPeUyumiMCHuAazn2S8EBgMO0hkUlQd5zpBljaUuWQYHnTl3DIi6w+QBBjGv3zkYVydD39CgUmPW4KnZKnwlN8/k+0VGqZUx1LD6QwerFpZ4kn8npWT9h5cpM3QKT/HbEarLjherq375+dKgPiRgH7IZhXmmLNTLbOzF3B4F7w= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92119+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1659629492995898.5510633559343; Thu, 4 Aug 2022 09:11:32 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id YyULYY1788612xpemSOoeUGR; Thu, 04 Aug 2022 09:11:32 -0700 X-Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) by mx.groups.io with SMTP id smtpd.web10.531.1659581564348918542 for ; Wed, 03 Aug 2022 19:52:44 -0700 X-Received: by mail-pf1-f202.google.com with SMTP id j10-20020a62b60a000000b0052b30f6626bso7310570pff.17 for ; Wed, 03 Aug 2022 19:52:44 -0700 (PDT) X-Gm-Message-State: eTaYPEnEaUYFNr6H7GNjQy3cx1787277AA= X-Google-Smtp-Source: AGRyM1v04eBjCcmYdYHya/RuPGGaD+030f6svw2yiP360BmcmTZzovM3Uc7mCfHjrmVVnmT0yjAOa/7kpwQ= X-Received: from yuanyu.kir.corp.google.com ([2620:15c:29:204:5484:86bb:f3b4:5636]) (user=yuanyu job=sendgmr) by 2002:a05:6a00:1ac8:b0:52b:a671:2ea8 with SMTP id f8-20020a056a001ac800b0052ba6712ea8mr29457890pfv.16.1659581563758; Wed, 03 Aug 2022 19:52:43 -0700 (PDT) Date: Wed, 3 Aug 2022 19:52:38 -0700 In-Reply-To: <20220804025239.918263-1-yuanyu@google.com> Message-Id: <20220804025239.918263-2-yuanyu@google.com> Mime-Version: 1.0 References: <20220804025239.918263-1-yuanyu@google.com> Subject: [edk2-devel] [PATCH v1 1/2] OvmfPkg: Introduce NetworkCfgLib From: "Yuan Yu via groups.io" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Jordan Justen , Laszlo Ersek , Anthony Perard , Julien Grall Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,yuanyu@google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1659629492; bh=uN+mz/tAdlGS8gbIDCnF+V8tK7jcfJmVMs8L/xhNkaQ=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=lr2rm5OMCQiEnAWQW0ZFr8TUVL+eEYcg67quTY7bBLMjBfxpFHIQhkUF+4g+SS9EYcv B5F605gB1+RkbFtDriRNSawriLDcUFhFWzarPMD/qV559upOec3No3yBI/rypHqkte5VF WsTNAWGi0TxiVUJosYHF3Z3ZYBuM4u+xZMY= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1659629494394100003 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Introduce NetworkCfgLib which will set PcdNetworkSupport based on "etc/networking" qemu file. If "etc/networking" (type bool) is TRUE, then PcdNetworkSupport will be TRUE and vice versa. In the following patch, PcdNetworkSupport will be used to enable/disable VirtIo net driver so that VMM will have control over networking functionality in runtime. The default value of PcdNetworkSupport is TRUE, which means if network support is turned on at compile time and VMM doesn't do anything, the VirtIo driver will be enabled. This is to make it consistent with the behavior before this patch. Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Laszlo Ersek Cc: Anthony Perard Cc: Julien Grall Signed-off-by: Yuan Yu --- OvmfPkg/OvmfPkg.dec | 3 ++ OvmfPkg/Library/NetworkCfgLib/NetworkCfgLib.inf | 29 ++++++++++++++++++ OvmfPkg/Library/NetworkCfgLib/NetworkCfgLib.c | 32 ++++++++++++++++++++ 3 files changed, 64 insertions(+) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 5af76a540529..5dced0568f6c 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -451,6 +451,9 @@ [PcdsDynamic, PcdsDynamicEx] ## This PCD records LASA field in CC EVENTLOG ACPI table. gUefiOvmfPkgTokenSpaceGuid.PcdCcEventlogAcpiTableLasa|0|UINT64|0x67 =20 + ## This PCD controls if network support should be turned on at runtime. + gUefiOvmfPkgTokenSpaceGuid.PcdNetworkSupport|TRUE|BOOLEAN|0x72 + [PcdsFeatureFlag] gUefiOvmfPkgTokenSpaceGuid.PcdQemuBootOrderPciTranslation|TRUE|BOOLEAN|0= x1c gUefiOvmfPkgTokenSpaceGuid.PcdQemuBootOrderMmioTranslation|FALSE|BOOLEAN= |0x1d diff --git a/OvmfPkg/Library/NetworkCfgLib/NetworkCfgLib.inf b/OvmfPkg/Libr= ary/NetworkCfgLib/NetworkCfgLib.inf new file mode 100644 index 000000000000..44be171ccc7a --- /dev/null +++ b/OvmfPkg/Library/NetworkCfgLib/NetworkCfgLib.inf @@ -0,0 +1,29 @@ +## @file +# Configure some PCDs dynamically +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION =3D 1.27 + BASE_NAME =3D NetworkCfgLib + FILE_GUID =3D c81bfcf9-7dce-44f7-a9cb-be607f481a86 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D NULL + CONSTRUCTOR =3D SetNetworkingSupportPcds + +[Sources] + NetworkCfgLib.c + +[Packages] + MdePkg/MdePkg.dec + OvmfPkg/OvmfPkg.dec + +[LibraryClasses] + PcdLib + DebugLib + QemuFwCfgSimpleParserLib + +[Pcd] + gUefiOvmfPkgTokenSpaceGuid.PcdNetworkSupport ## SOMETIMES_PRODUCES diff --git a/OvmfPkg/Library/NetworkCfgLib/NetworkCfgLib.c b/OvmfPkg/Librar= y/NetworkCfgLib/NetworkCfgLib.c new file mode 100644 index 000000000000..e77198dbd4e4 --- /dev/null +++ b/OvmfPkg/Library/NetworkCfgLib/NetworkCfgLib.c @@ -0,0 +1,32 @@ +#include +#include +#include + +RETURN_STATUS +EFIAPI +SetNetworkingSupportPcds ( + VOID + ) +{ + BOOLEAN FwCfgBool; + RETURN_STATUS Status; + + DEBUG ((DEBUG_INFO, "[network] %a\n", __FUNCTION__)); + + Status =3D QemuFwCfgParseBool ("etc/networking", &FwCfgBool); + if (RETURN_ERROR (Status)) { + DEBUG ((DEBUG_INFO, + "[network] QemuFwCfgParseBool('etc/networking') failed, will re= turn " + "SUCCESS and continue without overriding PcdNetworkSupport.\n")= ); + return RETURN_SUCCESS; + } + DEBUG ((DEBUG_INFO, "[network] etc/networking =3D %d\n", FwCfgBool)); + + Status =3D PcdSetBoolS (PcdNetworkSupport, FwCfgBool); + if (RETURN_ERROR (Status)) { + return Status; + } + DEBUG ((DEBUG_INFO, "[network] PcdNetworkSupport was set to %d\n", FwCfg= Bool)); + + return RETURN_SUCCESS; +} --=20 2.37.1.559.g78731f0fdb-goog -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#92119): https://edk2.groups.io/g/devel/message/92119 Mute This Topic: https://groups.io/mt/92816625/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri Mar 29 12:48:31 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+92120+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92120+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1659629493; cv=none; d=zohomail.com; s=zohoarc; b=QotBwb1U9RB3T5d9u+LWanRlh1s7YzIE8WMiXz4fnJJoiJSSq7si95i9ANRD03cIYOWz6Pj+HcGCxTsyAxI7LZGuP0JoillpsQbbjWCdVkss4/5HoV5uaAqy2oaxNskiXrXzqsiXaJhTMnjgJWcq+Ho1+KRZxG4AuIAEaqGIw68= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1659629493; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=IwgDw+ilMKQVihQ2oBlcTJF/AZfJqV8SQ9s1fJ13Bac=; b=X7GQv1I6UV42wZ3a2yQ28Fz49DmxE3zbt1aVUdLsDHjRyCfAdpBB3LiZ+Qv+uP/nGRHAAc/e85zDT/M/V1/X5JUHectHSe/M7X4hwkGrmhrDMuxyUj6SX6Qv8Jc0/TG2Cd+gfef8A8jmFZZqJyf9yQaKPrF7F9OMzIbJVEblhvc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92120+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1659629493112143.50046086405348; Thu, 4 Aug 2022 09:11:33 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id MPHQYY1788612xyVsWWlMTVA; Thu, 04 Aug 2022 09:11:32 -0700 X-Received: from mail-oo1-f74.google.com (mail-oo1-f74.google.com [209.85.161.74]) by mx.groups.io with SMTP id smtpd.web08.536.1659581566529583241 for ; Wed, 03 Aug 2022 19:52:46 -0700 X-Received: by mail-oo1-f74.google.com with SMTP id n13-20020a4a610d000000b00440b0c214edso3013410ooc.6 for ; Wed, 03 Aug 2022 19:52:46 -0700 (PDT) X-Gm-Message-State: 7Qv3Gjuyaw9QSberTmF5zNFex1787277AA= X-Google-Smtp-Source: AA6agR7QTH8zyHpIU0w/L6vnEzvGH3NtQHvYjUfBUxi6IY8XaRPVVVNyPfrGcAZI1stBHwuF9L54zYVuRRY= X-Received: from yuanyu.kir.corp.google.com ([2620:15c:29:204:5484:86bb:f3b4:5636]) (user=yuanyu job=sendgmr) by 2002:a05:6870:d208:b0:10f:72d:4ee0 with SMTP id g8-20020a056870d20800b0010f072d4ee0mr3334400oac.227.1659581565886; Wed, 03 Aug 2022 19:52:45 -0700 (PDT) Date: Wed, 3 Aug 2022 19:52:39 -0700 In-Reply-To: <20220804025239.918263-1-yuanyu@google.com> Message-Id: <20220804025239.918263-3-yuanyu@google.com> Mime-Version: 1.0 References: <20220804025239.918263-1-yuanyu@google.com> Subject: [edk2-devel] [PATCH v1 2/2] OvmfPkg: Use PcdNetworkSupport to enable/disable VirtIo net From: "Yuan Yu via groups.io" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Jordan Justen , Laszlo Ersek , Anthony Perard , Julien Grall Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,yuanyu@google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1659629492; bh=CnLmh1a5LjH0o6tb/PPyZQx7IeCNDJj06IUdOXBh0nM=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=aoMwjx121zoQlGZBEXoR/v+IdqD3cKtd2CNtEcNCV5qKNNEezql2GNLekxHZPnkxhof uEWhMkkqZr0i23Fn6EdUkljNTl30Y3QYiUurF/Rfb1MW+8uT2Jtdxg3WBFJrB/ch4e/3w f+J/AQY2zONLRTUA3ppyNwzTWVkz/RZVZVE= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1659629494385100002 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Enable/Disable VirtIo net based on the value of PcdNetworkSupport which is controlled in NetworkCfgLib, which sets the PCD based on "etc/networking" qemu file. With this change, VMM can disable networking even if it is enabled at compile time. This will allow to reduce attack surface by simply providing an "etc/networking" value without having to recompile EDK2 completely. Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Laszlo Ersek Cc: Anthony Perard Cc: Julien Grall Signed-off-by: Yuan Yu --- OvmfPkg/OvmfPkgX64.dsc | 7 ++++++- OvmfPkg/VirtioNetDxe/VirtioNet.inf | 3 +++ OvmfPkg/VirtioNetDxe/EntryPoint.c | 10 ++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 6e68f60dc90f..63cce9f65a95 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -686,6 +686,8 @@ [PcdsDynamicDefault] gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000 !endif =20 + gUefiOvmfPkgTokenSpaceGuid.PcdNetworkSupport|TRUE + [PcdsDynamicHii] !include OvmfPkg/OvmfTpmPcdsHii.dsc.inc =20 @@ -953,7 +955,10 @@ [Components] NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf } !endif - OvmfPkg/VirtioNetDxe/VirtioNet.inf + OvmfPkg/VirtioNetDxe/VirtioNet.inf { + + NULL|OvmfPkg/Library/NetworkCfgLib/NetworkCfgLib.inf + } =20 # # Usb Support diff --git a/OvmfPkg/VirtioNetDxe/VirtioNet.inf b/OvmfPkg/VirtioNetDxe/Virt= ioNet.inf index ada84ed5543b..37bcf13b7863 100644 --- a/OvmfPkg/VirtioNetDxe/VirtioNet.inf +++ b/OvmfPkg/VirtioNetDxe/VirtioNet.inf @@ -54,3 +54,6 @@ [Protocols] gEfiSimpleNetworkProtocolGuid ## BY_START gEfiDevicePathProtocolGuid ## BY_START gVirtioDeviceProtocolGuid ## TO_START + +[Pcd] + gUefiOvmfPkgTokenSpaceGuid.PcdNetworkSupport ## CONSUMES diff --git a/OvmfPkg/VirtioNetDxe/EntryPoint.c b/OvmfPkg/VirtioNetDxe/Entry= Point.c index c3f41dab57bd..9bf220b9ade5 100644 --- a/OvmfPkg/VirtioNetDxe/EntryPoint.c +++ b/OvmfPkg/VirtioNetDxe/EntryPoint.c @@ -9,6 +9,8 @@ =20 **/ =20 +#include + #include =20 #include "VirtioNet.h" @@ -32,6 +34,14 @@ VirtioNetEntryPoint ( IN EFI_SYSTEM_TABLE *SystemTable ) { + if (PcdGetBool (PcdNetworkSupport)) { + DEBUG ((DEBUG_INFO, "[network] %a - Networking enabled.\n", __FUNCTION= __)); + } else { + DEBUG ((DEBUG_INFO, "[network] %a - Networking disabled.\n", __FUNCTIO= N__)); + + return EFI_REQUEST_UNLOAD_IMAGE; + } + return EfiLibInstallDriverBindingComponentName2 ( ImageHandle, SystemTable, --=20 2.37.1.559.g78731f0fdb-goog -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#92120): https://edk2.groups.io/g/devel/message/92120 Mute This Topic: https://groups.io/mt/92816626/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-