From nobody Thu May 2 03:56:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+92523+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92523+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1660749134; cv=none; d=zohomail.com; s=zohoarc; b=arL1TKON6l1t6tGrccKtRDu4nVi5mTymn0lVdNNbxvyxzw9DkLFj2tOXQ0RM9wXwKFRJHmKEf7N2zs6gx+R2m0UNHdZc7lOG4uw0dUCiWMK9rZWrOjWXcOoxMWbympIKnn/s1HAErBmDIuYzS+aviZzU5R4fDcMRgBO3xduf5l0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1660749134; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=9hUCdG0FSh3k3SHQdM8UcuaA15f65x6HFIjdfCBUkFU=; b=YkoWBG3YwTPE+sFDMNLGiMQ73ZUe/llhpgDXlBKp7yiFkiwJXefGFzwwh30aGqemujfHutptjQOU155pCYKcmIaP4VDSkeAcmTCO8pU5IlnjC4Mh6Xs7eoHr/24yopdk55Ubb00VuW5XoUkIwS/9TwncP4zhvGNML0+GrALJpt0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92523+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1660749134515673.9072967085327; Wed, 17 Aug 2022 08:12:14 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id OgEKYY1788612xltz5ue2Hk8; Wed, 17 Aug 2022 08:12:13 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.29949.1660749132383406009 for ; Wed, 17 Aug 2022 08:12:12 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C7C9361567; Wed, 17 Aug 2022 15:12:11 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 537D0C433B5; Wed, 17 Aug 2022 15:12:09 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Yuan Yu , Laszlo Ersek , Gerd Hoffmann , Pawel Polawski , Oliver Steffen , Jiewen Yao , "Brian J . Johnson" Subject: [edk2-devel] [PATCH v2 1/2] OvmfPkg: Introduce alternate UefiDriverEntrypoint to inhibit driver load Date: Wed, 17 Aug 2022 17:11:56 +0200 Message-Id: <20220817151157.1941409-2-ardb@kernel.org> In-Reply-To: <20220817151157.1941409-1-ardb@kernel.org> References: <20220817151157.1941409-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: kkFwla07FBj5tj0Zl2ct2FhUx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1660749133; bh=NU/0D9Xw9S09YjUFerLqeq5QuEbBG3Po6CYGOw958tk=; h=Cc:Date:From:Reply-To:Subject:To; b=MtNQJrUGS0yoOdQCAAqAUyixz3b2DPu/nECT4ZUyyvkGpClJTF5Ye0vFHOEDzAGryHe ybAkyhwM+Uc4sDrPaDi4OUyoxIKkG7+FhkRE9kbIu7tJEJUsZCuEZmH4kpGZrMSqw9uCA UC1skQ993NbptpcXphYtRxEeNGKvRSeIVw0= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1660749135999100007 Content-Type: text/plain; charset="utf-8" Add a new library that can be incorporated into any driver built from source, and which permits loading of the driver to be inhibited based on the value of a QEMU fw_cfg boolean variable. This will be used in a subsequent patch to allow dispatch of the IPv6 and IPv6 network protocol driver to be controlled from the QEMU command line. This approach is based on the notion that all UEFI and DXE drivers share a single UefiDriverEntryPoint implementation, which we can easily swap out at build time with one that will abort execution based on the value of some QEMU fw_cfg variable. Signed-off-by: Ard Biesheuvel Reviewed-by: Laszlo Ersek --- OvmfPkg/Library/UefiDriverEntryPointFwCfgOverrideLib/UefiDriverEntryPointF= wCfgOverrideLib.c | 147 ++++++++++++++++++++ OvmfPkg/Library/UefiDriverEntryPointFwCfgOverrideLib/UefiDriverEntryPointF= wCfgOverrideLib.inf | 57 ++++++++ OvmfPkg/OvmfPkg.dec = | 4 + 3 files changed, 208 insertions(+) diff --git a/OvmfPkg/Library/UefiDriverEntryPointFwCfgOverrideLib/UefiDrive= rEntryPointFwCfgOverrideLib.c b/OvmfPkg/Library/UefiDriverEntryPointFwCfgOv= errideLib/UefiDriverEntryPointFwCfgOverrideLib.c new file mode 100644 index 000000000000..6eaf0cfd16ad --- /dev/null +++ b/OvmfPkg/Library/UefiDriverEntryPointFwCfgOverrideLib/UefiDriverEntryP= ointFwCfgOverrideLib.c @@ -0,0 +1,147 @@ +/** @file + Entry point to a EFI/DXE driver. This version is specific to QEMU, and t= ies + dispatch of the driver in question on the value of a QEMU fw_cfg boolean + variable which is referenced by name via a fixed pointer PCD. + +Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2022, Google LLC. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include + +#include +#include +#include +#include +#include + +/** + Unloads an image from memory. + + This function is a callback that a driver registers to do cleanup + when the UnloadImage boot service function is called. + + @param ImageHandle The handle to the image to unload. + + @return Status returned by all unload(). + +**/ +STATIC +EFI_STATUS +EFIAPI +_DriverUnloadHandler ( + EFI_HANDLE ImageHandle + ) +{ + EFI_STATUS Status; + + // + // If an UnloadImage() handler is specified, then call it + // + Status =3D ProcessModuleUnloadList (ImageHandle); + + // + // If the driver specific unload handler does not return an error, then = call + // all of the library destructors. If the unload handler returned an er= ror, + // then the driver can not be unloaded, and the library destructors shou= ld + // not be called + // + if (!EFI_ERROR (Status)) { + ProcessLibraryDestructorList (ImageHandle, gST); + } + + // + // Return the status from the driver specific unload handler + // + return Status; +} + +/** + The entry point of PE/COFF Image for a DXE Driver, DXE Runtime Driver, or + UEFI Driver. + + @param ImageHandle The image handle of the DXE Driver, D= XE + Runtime Driver, or UEFI Driver. + @param SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The DXE Driver, DXE Runtime Driver, or + UEFI Driver exited normally. + @retval EFI_INCOMPATIBLE_VERSION _gUefiDriverRevision is greater than + SystemTable->Hdr.Revision. + @retval Other Return value from + ProcessModuleEntryPointList(). + +**/ +EFI_STATUS +EFIAPI +_ModuleEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + EFI_LOADED_IMAGE_PROTOCOL *LoadedImage; + RETURN_STATUS RetStatus; + BOOLEAN Enabled; + + if (_gUefiDriverRevision !=3D 0) { + // + // Make sure that the EFI/UEFI spec revision of the platform is >=3D E= FI/UEFI + // spec revision of the driver + // + if (SystemTable->Hdr.Revision < _gUefiDriverRevision) { + return EFI_INCOMPATIBLE_VERSION; + } + } + + // + // Call constructor for all libraries + // + ProcessLibraryConstructorList (ImageHandle, SystemTable); + + // + // Install unload handler... + // + if (_gDriverUnloadImageCount !=3D 0) { + Status =3D gBS->HandleProtocol ( + ImageHandle, + &gEfiLoadedImageProtocolGuid, + (VOID **)&LoadedImage + ); + ASSERT_EFI_ERROR (Status); + LoadedImage->Unload =3D _DriverUnloadHandler; + } + + RetStatus =3D QemuFwCfgParseBool ( + FixedPcdGetPtr (PcdEntryPointOverrideFwCfgVarName), + &Enabled); + if (!RETURN_ERROR (RetStatus) && !Enabled) { + // + // The QEMU fw_cfg variable tells us not to load this image. So abort. + // + Status =3D EFI_ABORTED; + } else { + // + // Call the driver entry point + // + Status =3D ProcessModuleEntryPointList (ImageHandle, SystemTable); + } + + // + // If all of the drivers returned errors, or we if are aborting, then in= voke + // all of the library destructors + // + if (EFI_ERROR (Status)) { + ProcessLibraryDestructorList (ImageHandle, SystemTable); + } + + // + // Return the cumulative return status code from all of the driver entry + // points + // + return Status; +} diff --git a/OvmfPkg/Library/UefiDriverEntryPointFwCfgOverrideLib/UefiDrive= rEntryPointFwCfgOverrideLib.inf b/OvmfPkg/Library/UefiDriverEntryPointFwCfg= OverrideLib/UefiDriverEntryPointFwCfgOverrideLib.inf new file mode 100644 index 000000000000..263e00ceef66 --- /dev/null +++ b/OvmfPkg/Library/UefiDriverEntryPointFwCfgOverrideLib/UefiDriverEntryP= ointFwCfgOverrideLib.inf @@ -0,0 +1,57 @@ +## @file +# Entry point to a EFI/DXE driver. This version is specific to QEMU, and = ties +# dispatch of the driver in question on the value of a QEMU fw_cfg boolean +# variable which is referenced by name via a fixed pointer PCD. +# +# Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.
+# Copyright (c) 2022, Google LLC. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# +## + +[Defines] + INF_VERSION =3D 1.29 + BASE_NAME =3D UefiDriverEntryPointFwCfgOverrideLib + FILE_GUID =3D 73349b79-f148-43b8-b24e-9098a6f3e1db + MODULE_TYPE =3D UEFI_DRIVER + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D UefiDriverEntryPoint|DXE_DRIVER DXE_R= UNTIME_DRIVER UEFI_DRIVER + +[Sources] + UefiDriverEntryPointFwCfgOverrideLib.c + +[Packages] + MdePkg/MdePkg.dec + OvmfPkg/OvmfPkg.dec + +[LibraryClasses] + BaseLib + DebugLib + QemuFwCfgSimpleParserLib + UefiBootServicesTableLib + +[Protocols] + gEfiLoadedImageProtocolGuid ## SOMETIMES_CONSUMES + +[FixedPcd] + gUefiOvmfPkgTokenSpaceGuid.PcdEntryPointOverrideFwCfgVarName + +# +# For UEFI drivers, these architectural protocols defined in PI 1.0 spec n= eed +# to be appended and merged to the final dependency section. +# +[Depex.common.UEFI_DRIVER] + gEfiBdsArchProtocolGuid AND + gEfiCpuArchProtocolGuid AND + gEfiMetronomeArchProtocolGuid AND + gEfiMonotonicCounterArchProtocolGuid AND + gEfiRealTimeClockArchProtocolGuid AND + gEfiResetArchProtocolGuid AND + gEfiRuntimeArchProtocolGuid AND + gEfiSecurityArchProtocolGuid AND + gEfiTimerArchProtocolGuid AND + gEfiVariableWriteArchProtocolGuid AND + gEfiVariableArchProtocolGuid AND + gEfiWatchdogTimerArchProtocolGuid diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 5af76a540529..9816aa41377d 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -399,6 +399,10 @@ [PcdsFixedAtBuild] ## The Tdx accept page size. 0x1000(4k),0x200000(2M) gUefiOvmfPkgTokenSpaceGuid.PcdTdxAcceptPageSize|0x200000|UINT32|0x65 =20 + ## The QEMU fw_cfg variable that UefiDriverEntryPointFwCfgOverrideLib wi= ll + # check to decide whether to abort dispatch of the driver it is linked = into. + gUefiOvmfPkgTokenSpaceGuid.PcdEntryPointOverrideFwCfgVarName|""|VOID*|0x= 68 + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 --=20 2.35.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#92523): https://edk2.groups.io/g/devel/message/92523 Mute This Topic: https://groups.io/mt/93083118/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 03:56:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+92524+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92524+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1660749135; cv=none; d=zohomail.com; s=zohoarc; b=O5Q79upEowvgh6QMdL+vcLUVI6KR4m650QJVm0NSjV+aLok4ZdtBal2YCIK0l118Wf9sVnt3YVx0Tw7l25xdqUMLgJ21UCq1r9akqrC3s0ndSg9nP/Q5lzf4yhsOkmy7ehZMLBnzgDMg5cQT4oxMNfUUvhRfB5328gftySIMPQI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1660749135; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=LEDyMxtOh69e76wGkZWYGoj2K3chW3CmzfwOb1sZ/O0=; b=XNLeb2SdlVcpOnV2LAaazeJKSl24Y2Hq2YdM6ltfMeVPvxGdOP6KjBH+2+RDrh3v9oqoYpAr0iOt0zrATQAfDFkCILFjhHaS83rSCEdpbPgorJ6O+tyEzIc2sv6yf7IcvvqKEGNuPUeHGcPnh5eK4YX7iKOBNolMw2ksKK5Nk3E= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+92524+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1660749135902900.412244598616; Wed, 17 Aug 2022 08:12:15 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id gbcxYY1788612xYDiPiAvgK9; Wed, 17 Aug 2022 08:12:15 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.29806.1660749134713083279 for ; Wed, 17 Aug 2022 08:12:14 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 190E161561; Wed, 17 Aug 2022 15:12:14 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9A42AC4347C; Wed, 17 Aug 2022 15:12:11 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Yuan Yu , Laszlo Ersek , Gerd Hoffmann , Pawel Polawski , Oliver Steffen , Jiewen Yao , "Brian J . Johnson" Subject: [edk2-devel] [PATCH v2 2/2] OvmfPkg/OvmfPkgX64: Allow runtime control of IPv4 and IPv6 support Date: Wed, 17 Aug 2022 17:11:57 +0200 Message-Id: <20220817151157.1941409-3-ardb@kernel.org> In-Reply-To: <20220817151157.1941409-1-ardb@kernel.org> References: <20220817151157.1941409-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: Osg75cjlC7B6ONBnY6idR8wPx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1660749135; bh=ylWruBlAdTvprjII/OazQtma2UTLGYnDRbkho1WwnRY=; h=Cc:Date:From:Reply-To:Subject:To; b=InqxP5t0ruUMakzD9Vj/wdhufgIZ76JM6pGsiVoHejWOl5rWaS+E3eAFtB5jgkEVlhx IokoUqJgwCCiPj6+HdbDLvzFdEBs021uyqeWHoI3fgEyRG66pKE/9MmzIYxS4h+e7Yt0D E41bY1yRXJ/dG56OH2uVF251c+9QVoa3Svk= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1660749137806100009 Content-Type: text/plain; charset="utf-8" Wire up the newly added UefiDriverEntrypoint in a way that ties dispatch of the Ip4Dxe and Ip6Dxe drivers to QEMU fw_cfg variables 'opt/org.tianocore/IPv4Support' and 'opt/org.tianocore/IPv6Support' respectively. Setting both variables to 'n' disables IP based networking entirely, without the need for additional code changes at the NIC driver or network boot protocol level. Signed-off-by: Ard Biesheuvel --- OvmfPkg/OvmfPkgX64.dsc | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 6e68f60dc90f..2cbe35c95824 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -947,6 +947,20 @@ [Components] NULL|OvmfPkg/Library/PxeBcPcdProducerLib/PxeBcPcdProducerLib.inf } =20 + NetworkPkg/Ip4Dxe/Ip4Dxe.inf { + + UefiDriverEntryPoint|OvmfPkg/Library/UefiDriverEntryPointFwCfgOverri= deLib/UefiDriverEntryPointFwCfgOverrideLib.inf + + gUefiOvmfPkgTokenSpaceGuid.PcdEntryPointOverrideFwCfgVarName|"opt/or= g.tianocore/IPv4Support" + } + + NetworkPkg/Ip6Dxe/Ip6Dxe.inf { + + UefiDriverEntryPoint|OvmfPkg/Library/UefiDriverEntryPointFwCfgOverri= deLib/UefiDriverEntryPointFwCfgOverrideLib.inf + + gUefiOvmfPkgTokenSpaceGuid.PcdEntryPointOverrideFwCfgVarName|"opt/or= g.tianocore/IPv6Support" + } + !if $(NETWORK_TLS_ENABLE) =3D=3D TRUE NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf { --=20 2.35.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#92524): https://edk2.groups.io/g/devel/message/92524 Mute This Topic: https://groups.io/mt/93083126/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-