It's only safe to modify the setup_data pointer on newer kernels where the EFI stub loader will ignore it. So condition setting that offset on the newer boot protocol version. While we're at it, gate this on SEV too. This depends on the kernel commit linked below going upstream.
Cc: Gerd Hoffmann <[email protected]> Cc: Laurent Vivier <[email protected]> Cc: Michael S. Tsirkin <[email protected]> Cc: Paolo Bonzini <[email protected]> Cc: Peter Maydell <[email protected]> Cc: Philippe Mathieu-Daudé <[email protected]> Cc: Richard Henderson <[email protected]> Cc: Ard Biesheuvel <[email protected]> Link: https://lore.kernel.org/linux-efi/[email protected]/ Signed-off-by: Jason A. Donenfeld <[email protected]> --- hw/i386/x86.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/hw/i386/x86.c b/hw/i386/x86.c index 050eedc0c8..fddc20df03 100644 --- a/hw/i386/x86.c +++ b/hw/i386/x86.c @@ -1088,8 +1088,15 @@ void x86_load_linux(X86MachineState *x86ms, qemu_guest_getrandom_nofail(setup_data->data, RNG_SEED_LENGTH); } - /* Offset 0x250 is a pointer to the first setup_data link. */ - stq_p(header + 0x250, first_setup_data); + /* + * Only modify the header if doing so won't crash EFI boot, which is the + * case only for newer boot protocols, and don't do so either if SEV is + * enabled. + */ + if (protocol >= 0x210 && !sev_enabled()) { + /* Offset 0x250 is a pointer to the first setup_data link. */ + stq_p(header + 0x250, first_setup_data); + } /* * If we're starting an encrypted VM, it will be OVMF based, which uses the -- 2.37.3
