1. Patchew
  2. Xen
  3. View series

[PATCH v4 0/3] hvmloader: add new SMBIOS tables (7,8,9,26,27,28)

Petr Beneš posted 3 patches 3 months ago
Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/cover.1753869323.git.w1benny@gmail.com
There is a newer version of this series
tools/firmware/hvmloader/smbios.c       | 290 ++++++++++++++++++------
tools/firmware/hvmloader/smbios_types.h | 109 +++++++--
tools/include/xen-tools/common-macros.h |   5 +
3 files changed, 317 insertions(+), 87 deletions(-)
[PATCH v4 0/3] hvmloader: add new SMBIOS tables (7,8,9,26,27,28)
Posted by Petr Beneš 3 months ago 
From: Petr Beneš <w1benny@gmail.com>

Changes since v3:
- Renamed offsetofend macro to offsetof_end.

Changes since v2:
- Added sizeof_field and offsetofend macros to common-macros.h.
- Used offsetofend macro everywhere to make semantically sense.
- Added BUILD_BUG_ON to ensure offsets are correct based on the SMBIOS
  specification (with explanation in the comments).
- Fixed commit message of the second patch to mention the new smbios_pt_copy
  function.
- Fixed nits (empty lines, misplaced *).
- Retained the original comment "Only present when passed in" + added it to
  the new tables where applicable.
- Replaced hardcoded offset for chassis_handle in smbios_type_2_init.

Changes since v1:
- Swapped the order of S-o-b in the last commit message.

Resubmitting patch from Anton Belousov and addressing review comments
from Jan: https://old-list-archives.xen.org/archives/html/xen-devel/2022-01/msg00725.html

Original message:
> SMBIOS tables like 7,8,9,26,27,28 are neccessary to prevent sandbox detection
> by malware using WMI-queries. New tables can be mapped to memory from binary
> file specified in "smbios_firmware" parameter of domain configuration.
> If particular table is absent in binary file, then it will not be mapped to
> memory. This method works for Windows domains as tables 7,8,9,26,27,28 are not
> critical for OS boot and runtime. Also if "smbios_firmware" parameter is not
> provided, these tables will be skipped in write_smbios_tables function.

Further explanation:
Some malware samples are known to check presence of various hardware components
(like CPU fan, CPU temperature sensor, etc.) by WMI queries. If these components
are not present, then malware can assume that it is running in a sandbox and
will not execute its payload.

This patch will allow security researchers to create a custom SMBIOS
firmware binary file that contains these tables.

Petr Beneš (3):
  tools: add sizeof_field and offsetof_end macros
  hvmloader: fix SMBIOS table length checks
  hvmloader: add new SMBIOS tables (7, 8, 9, 26, 27, 28)

 tools/firmware/hvmloader/smbios.c       | 290 ++++++++++++++++++------
 tools/firmware/hvmloader/smbios_types.h | 109 +++++++--
 tools/include/xen-tools/common-macros.h |   5 +
 3 files changed, 317 insertions(+), 87 deletions(-)

-- 
2.34.1
Re: [PATCH v4 0/3] hvmloader: add new SMBIOS tables (7,8,9,26,27,28)
Posted by Jan Beulich 2 months, 1 week ago 
On 30.07.2025 11:56, Petr Beneš wrote:
> Petr Beneš (3):
>   tools: add sizeof_field and offsetof_end macros
>   hvmloader: fix SMBIOS table length checks
>   hvmloader: add new SMBIOS tables (7, 8, 9, 26, 27, 28)
> 
>  tools/firmware/hvmloader/smbios.c       | 290 ++++++++++++++++++------
>  tools/firmware/hvmloader/smbios_types.h | 109 +++++++--
>  tools/include/xen-tools/common-macros.h |   5 +
>  3 files changed, 317 insertions(+), 87 deletions(-)

Just to mention, also affecting your MAX_ALTP2M series: It is on you to chase
missing acks. It would of course be nice for this work of yours to not go in
only at the last minute, or even miss 4.21.

Jan
Re: [PATCH v4 0/3] hvmloader: add new SMBIOS tables (7,8,9,26,27,28)
Posted by Petr Beneš 2 months, 1 week ago 
On Tue, Aug 19, 2025 at 8:45 AM Jan Beulich <jbeulich@suse.com> wrote:
> Just to mention, also affecting your MAX_ALTP2M series: It is on you to chase
> missing acks. It would of course be nice for this work of yours to not go in
> only at the last minute, or even miss 4.21.

Thank you, I've been watching the timeline and wondering, what could I
do to pursue this. Which... I still don't know how to do it.

How exactly can I chase the missing acks? The Submitting Xen Project
Patches wiki page mentions that I should re-send the patch with
[RESEND] in the subject. Should I do just that?

P.
Re: [PATCH v4 0/3] hvmloader: add new SMBIOS tables (7,8,9,26,27,28)
Posted by Jan Beulich 2 months, 1 week ago 
On 19.08.2025 12:26, Petr Beneš wrote:
> On Tue, Aug 19, 2025 at 8:45 AM Jan Beulich <jbeulich@suse.com> wrote:
>> Just to mention, also affecting your MAX_ALTP2M series: It is on you to chase
>> missing acks. It would of course be nice for this work of yours to not go in
>> only at the last minute, or even miss 4.21.
> 
> Thank you, I've been watching the timeline and wondering, what could I
> do to pursue this. Which... I still don't know how to do it.
> 
> How exactly can I chase the missing acks? The Submitting Xen Project
> Patches wiki page mentions that I should re-send the patch with
> [RESEND] in the subject. Should I do just that?

Or, less spammy, simply reply to the respective patches with e.g. a Ping: subject
prefix. Or ping people on Matrix.

Jan
Ping: [PATCH v4 0/3] hvmloader: add new SMBIOS tables (7,8,9,26,27,28)
Posted by Petr Beneš 2 months, 1 week ago 
On Wed, Jul 30, 2025 at 11:56 AM Petr Beneš <w1benny@gmail.com> wrote:
>
> From: Petr Beneš <w1benny@gmail.com>
>
> Changes since v3:
> - Renamed offsetofend macro to offsetof_end.
>
> Changes since v2:
> - Added sizeof_field and offsetofend macros to common-macros.h.
> - Used offsetofend macro everywhere to make semantically sense.
> - Added BUILD_BUG_ON to ensure offsets are correct based on the SMBIOS
>   specification (with explanation in the comments).
> - Fixed commit message of the second patch to mention the new smbios_pt_copy
>   function.
> - Fixed nits (empty lines, misplaced *).
> - Retained the original comment "Only present when passed in" + added it to
>   the new tables where applicable.
> - Replaced hardcoded offset for chassis_handle in smbios_type_2_init.
>
> Changes since v1:
> - Swapped the order of S-o-b in the last commit message.
>
> Resubmitting patch from Anton Belousov and addressing review comments
> from Jan: https://old-list-archives.xen.org/archives/html/xen-devel/2022-01/msg00725.html
>
> Original message:
> > SMBIOS tables like 7,8,9,26,27,28 are neccessary to prevent sandbox detection
> > by malware using WMI-queries. New tables can be mapped to memory from binary
> > file specified in "smbios_firmware" parameter of domain configuration.
> > If particular table is absent in binary file, then it will not be mapped to
> > memory. This method works for Windows domains as tables 7,8,9,26,27,28 are not
> > critical for OS boot and runtime. Also if "smbios_firmware" parameter is not
> > provided, these tables will be skipped in write_smbios_tables function.
>
> Further explanation:
> Some malware samples are known to check presence of various hardware components
> (like CPU fan, CPU temperature sensor, etc.) by WMI queries. If these components
> are not present, then malware can assume that it is running in a sandbox and
> will not execute its payload.
>
> This patch will allow security researchers to create a custom SMBIOS
> firmware binary file that contains these tables.
>
> Petr Beneš (3):
>   tools: add sizeof_field and offsetof_end macros
>   hvmloader: fix SMBIOS table length checks
>   hvmloader: add new SMBIOS tables (7, 8, 9, 26, 27, 28)
>
>  tools/firmware/hvmloader/smbios.c       | 290 ++++++++++++++++++------
>  tools/firmware/hvmloader/smbios_types.h | 109 +++++++--
>  tools/include/xen-tools/common-macros.h |   5 +
>  3 files changed, 317 insertions(+), 87 deletions(-)
>
> --
> 2.34.1
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.