Re: [RFC PATCH 01/17] x86/boot: Check boot param's cc_blob_address for direct boot mode

[Tianyu Lan]

On 11/10/2022 7:39 AM, Michael Roth wrote:
> > -	 * bp->cc_blob_address should only be set by boot/compressed kernel.
> > -	 * Initialize it to 0 to ensure that uninitialized values from
> > -	 * buggy bootloaders aren't propagated.
> > +	 * bp->cc_blob_address should only be set by boot/compressed
> > +	 * kernel and hypervisor with direct boot mode. Initialize it
> > +	 * to 0 after checking in order to ensure that uninitialized
> > +	 * values from buggy bootloaders aren't propagated.
> >   	 */
> > -	if (bp)
> > -		bp->cc_blob_address = 0;
> > +	if (bp) {
> > +		cc_info = (struct cc_blob_sev_info *)(unsigned long)
> > +			bp->cc_blob_address;
> > +
> > +		if (cc_info->magic != CC_BLOB_SEV_HDR_MAGIC)
> > +			bp->cc_blob_address = 0;
> It doesn't seem great to rely on SEV_HDR_MAGIC to determine whether
> bp->cc_blob_address is valid or not since it is only a 32-bit value.
>
> Would it be possible to use a setup_data entry of type SETUP_CC_BLOB
> in bp->hdr.setup_data instead? There's already handling for that in
> find_cc_blob_setup_data() so it should "just work".

Hi Michael:
	Thanks for your review. I will have a try. Hypervisor may set 
cc_blob_address directly and so propose this.