[v5] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices

[PATCH v5 16/29] hw/s390x/ipl: Set iplb->len to maximum length of IPL Parameter Block

Posted by Zhuoying Cai 2 months, 4 weeks ago

The IPL Information Report Block (IIRB) immediately follows the IPL
Parameter Block (IPLB).

The IPLB struct is allocated 4KB in memory, and iplb->len indicates
the amount of memory currently used by the IPLB.

To ensure proper alignment of the IIRB and prevent overlap, set
iplb->len to the maximum length of the IPLB, allowing alignment
constraints to be determined based on its size.

Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
---
 hw/s390x/ipl.c | 6 +++---
 hw/s390x/ipl.h | 1 +
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
index 8ac0cee73d..d1a972ac8d 100644
--- a/hw/s390x/ipl.c
+++ b/hw/s390x/ipl.c
@@ -459,7 +459,7 @@ static bool s390_build_iplb(DeviceState *dev_st, IplParameterBlock *iplb)
             if (scsi_lp && strlen(scsi_lp) > 0) {
                 lp = scsi_lp;
             }
-            iplb->len = cpu_to_be32(S390_IPLB_MIN_QEMU_SCSI_LEN);
+            iplb->len = cpu_to_be32(S390_IPLB_MAX_LEN);
             iplb->blk0_len =
                 cpu_to_be32(S390_IPLB_MIN_QEMU_SCSI_LEN - S390_IPLB_HEADER_LEN);
             iplb->pbt = S390_IPL_TYPE_QEMU_SCSI;
@@ -470,14 +470,14 @@ static bool s390_build_iplb(DeviceState *dev_st, IplParameterBlock *iplb)
             iplb->scsi.ssid = ccw_dev->sch->ssid & 3;
             break;
         case CCW_DEVTYPE_VFIO:
-            iplb->len = cpu_to_be32(S390_IPLB_MIN_CCW_LEN);
+            iplb->len = cpu_to_be32(S390_IPLB_MAX_LEN);
             iplb->pbt = S390_IPL_TYPE_CCW;
             iplb->ccw.devno = cpu_to_be16(ccw_dev->sch->devno);
             iplb->ccw.ssid = ccw_dev->sch->ssid & 3;
             break;
         case CCW_DEVTYPE_VIRTIO_NET:
         case CCW_DEVTYPE_VIRTIO:
-            iplb->len = cpu_to_be32(S390_IPLB_MIN_CCW_LEN);
+            iplb->len = cpu_to_be32(S390_IPLB_MAX_LEN);
             iplb->blk0_len =
                 cpu_to_be32(S390_IPLB_MIN_CCW_LEN - S390_IPLB_HEADER_LEN);
             iplb->pbt = S390_IPL_TYPE_CCW;
diff --git a/hw/s390x/ipl.h b/hw/s390x/ipl.h
index 3b8cc5474e..01922d80c4 100644
--- a/hw/s390x/ipl.h
+++ b/hw/s390x/ipl.h
@@ -100,6 +100,7 @@ QEMU_BUILD_BUG_MSG(offsetof(S390IPLState, iplb) & 3, "alignment of iplb wrong");
 #define S390_IPLB_MIN_CCW_LEN 200
 #define S390_IPLB_MIN_FCP_LEN 384
 #define S390_IPLB_MIN_QEMU_SCSI_LEN 200
+#define S390_IPLB_MAX_LEN 4096
 
 static inline bool diag_parm_addr_valid(uint64_t addr, size_t size, bool write)
 {
-- 
2.50.1

Re: [PATCH v5 16/29] hw/s390x/ipl: Set iplb->len to maximum length of IPL Parameter Block

Posted by Jared Rossi 2 months, 2 weeks ago


On 8/18/25 5:43 PM, Zhuoying Cai wrote:
> The IPL Information Report Block (IIRB) immediately follows the IPL
> Parameter Block (IPLB).
>
> The IPLB struct is allocated 4KB in memory, and iplb->len indicates
> the amount of memory currently used by the IPLB.
>
> To ensure proper alignment of the IIRB and prevent overlap, set
> iplb->len to the maximum length of the IPLB, allowing alignment
> constraints to be determined based on its size.
>
> Signed-off-by: Zhuoying Cai <zycai@linux.ibm.com>
> ---
>   hw/s390x/ipl.c | 6 +++---
>   hw/s390x/ipl.h | 1 +
>   2 files changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
> index 8ac0cee73d..d1a972ac8d 100644
> --- a/hw/s390x/ipl.c
> +++ b/hw/s390x/ipl.c
> @@ -459,7 +459,7 @@ static bool s390_build_iplb(DeviceState *dev_st, IplParameterBlock *iplb)
>               if (scsi_lp && strlen(scsi_lp) > 0) {
>                   lp = scsi_lp;
>               }
> -            iplb->len = cpu_to_be32(S390_IPLB_MIN_QEMU_SCSI_LEN);
> +            iplb->len = cpu_to_be32(S390_IPLB_MAX_LEN);
>               iplb->blk0_len =
>                   cpu_to_be32(S390_IPLB_MIN_QEMU_SCSI_LEN - S390_IPLB_HEADER_LEN);
>               iplb->pbt = S390_IPL_TYPE_QEMU_SCSI;
> @@ -470,14 +470,14 @@ static bool s390_build_iplb(DeviceState *dev_st, IplParameterBlock *iplb)
>               iplb->scsi.ssid = ccw_dev->sch->ssid & 3;
>               break;
>           case CCW_DEVTYPE_VFIO:
> -            iplb->len = cpu_to_be32(S390_IPLB_MIN_CCW_LEN);
> +            iplb->len = cpu_to_be32(S390_IPLB_MAX_LEN);
>               iplb->pbt = S390_IPL_TYPE_CCW;
>               iplb->ccw.devno = cpu_to_be16(ccw_dev->sch->devno);
>               iplb->ccw.ssid = ccw_dev->sch->ssid & 3;
>               break;
>           case CCW_DEVTYPE_VIRTIO_NET:
>           case CCW_DEVTYPE_VIRTIO:
> -            iplb->len = cpu_to_be32(S390_IPLB_MIN_CCW_LEN);
> +            iplb->len = cpu_to_be32(S390_IPLB_MAX_LEN);
>               iplb->blk0_len =
>                   cpu_to_be32(S390_IPLB_MIN_CCW_LEN - S390_IPLB_HEADER_LEN);
>               iplb->pbt = S390_IPL_TYPE_CCW;
> diff --git a/hw/s390x/ipl.h b/hw/s390x/ipl.h
> index 3b8cc5474e..01922d80c4 100644
> --- a/hw/s390x/ipl.h
> +++ b/hw/s390x/ipl.h
> @@ -100,6 +100,7 @@ QEMU_BUILD_BUG_MSG(offsetof(S390IPLState, iplb) & 3, "alignment of iplb wrong");
>   #define S390_IPLB_MIN_CCW_LEN 200
>   #define S390_IPLB_MIN_FCP_LEN 384
>   #define S390_IPLB_MIN_QEMU_SCSI_LEN 200
> +#define S390_IPLB_MAX_LEN 4096
>   
>   static inline bool diag_parm_addr_valid(uint64_t addr, size_t size, bool write)
>   {
This only needs to be done if the IIRB exists.  See comments on patch 15.

Regards,
Jared Rossi