From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from a7-17.smtp-out.eu-west-1.amazonses.com (a7-17.smtp-out.eu-west-1.amazonses.com [54.240.7.17])
 by mx.groups.io with SMTP id smtpd.web10.71556.1673563742869455983
 for <devel@edk2.groups.io>;
 Thu, 12 Jan 2023 14:49:03 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@ipxe.org header.s=cphpx6z2rfcgehlykjjh3gknqe3hsoe2 header.b=K9GnnXTr;
 spf=pass (domain: eu-west-1.amazonses.com, ip: 54.240.7.17, mailfrom: 01020185a82c196c-fe02d570-030a-44d6-9b33-eaf574a229d5-000000@eu-west-1.amazonses.com)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
	s=cphpx6z2rfcgehlykjjh3gknqe3hsoe2; d=ipxe.org; t=1673563741;
	h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:In-Reply-To:Content-Type:Content-Transfer-Encoding;
	bh=YdeVIb/XwGaQJSjz+Knla81SJQB/LwkWXWkyJoG5JCI=;
	b=K9GnnXTrm0E3uItuL8+RbAukoWCzh5lWSxOmh5eHoce8fpkhYHy9oWdMho7xkScm
	UoVDPOaSkC1pj/jU7HrscQFpj38EnSdQ1qlEaY+V0HSYZ51E1QArUxcUe43TD6Q8s8I
	iMToej2cUOBWkaGidanS6O2wmPub6TBqFQvIGlPVr7/HnXlGosNF5V51vtLb/uKHwBl
	+VUjNiNfDwz07o9N56PGiENyvxgZIAjtrwyhm8V1j5ixYhjofFGJEY1LBpptL0Ng7oq
	ku+7G1LTcK6mFCvk7JRkaSe9NpgJ/LIbI8jDvftUC4z/vUzWla1L6uwQze/tyQbxpt1
	D90iIadjKQ==
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
	s=ihchhvubuqgjsxyuhssfvqohv7z3u4hn; d=amazonses.com; t=1673563741;
	h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:In-Reply-To:Content-Type:Content-Transfer-Encoding:Feedback-ID;
	bh=YdeVIb/XwGaQJSjz+Knla81SJQB/LwkWXWkyJoG5JCI=;
	b=cP/hIOEl2yXE62Y7EyVLiDswqaTfrz0bzTanE9G/rxOjE8QkDAVU+kHVpFchhkDf
	81AmOdHF8FltQeQBIhZOEIp3L7nQwzlRj7WIcY4yfTwSSSqICUHwVur04c41GXzlKZ5
	p6BY9a3gILryN92EOV45qr8nEkgQHkrFoMrh7EAI=
Message-ID: <01020185a82c196c-fe02d570-030a-44d6-9b33-eaf574a229d5-000000@eu-west-1.amazonses.com>
Date: Thu, 12 Jan 2023 22:49:00 +0000
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.6.0
Subject: Re: [edk2-devel] [PATCH v2] OvmfPkg/PlatformInitLib: catch QEMU's CPU hotplug reg block regression
To: devel@edk2.groups.io, lersek@redhat.com
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>,
 Brijesh Singh <brijesh.singh@amd.com>, Erdem Aktas <erdemaktas@google.com>,
 Gerd Hoffmann <kraxel@redhat.com>, James Bottomley <jejb@linux.ibm.com>,
 Jiewen Yao <jiewen.yao@intel.com>, Jordan Justen
 <jordan.l.justen@intel.com>, Min Xu <min.m.xu@intel.com>,
 Oliver Steffen <osteffen@redhat.com>,
 Sebastien Boeuf <sebastien.boeuf@intel.com>,
 Tom Lendacky <thomas.lendacky@amd.com>
References: <20230112082845.128463-1-lersek@redhat.com>
 <01020185a568604c-e16d8581-963a-4ff3-8566-bf0640ad327d-000000@eu-west-1.amazonses.com>
 <407c5cee-7a6c-cbc8-35cc-8f2c2724914c@redhat.com>
 <01020185a6bda78a-05d82180-4d1a-4af4-9a9b-ac78088d11ed-000000@eu-west-1.amazonses.com>
 <49e4e8bb-3bbd-0ca8-ee59-e75560deffa7@redhat.com>
 <ee050f45-420f-8dd9-1033-628011a61ba3@redhat.com>
From: "Michael Brown" <mcb30@ipxe.org>
In-Reply-To: <ee050f45-420f-8dd9-1033-628011a61ba3@redhat.com>
X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00
	autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
	blyat.fensystems.co.uk
Feedback-ID: 1.eu-west-1.fspj4M/5bzJ9NLRzJP0PaxRwxrpZqiDQJ1IF94CF2TA=:AmazonSES
X-SES-Outgoing: 2023.01.12-54.240.7.17
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

On 12/01/2023 17:58, Laszlo Ersek wrote:
> The case is that both QEMU and edk2 check for each other's supported 
> features. It's a complex interwoven feature set with security
> impact, which is exactly why we added feature negotiation at every
> step -- effectively mutual negotiation wherever necessary. I cannot
> claim I remember every part of it, and playing tricks around feature
> negotiation with SMM impact makes me *extremely uncomfortable*. I
> absolutely don't want to author an OVMF patch, briefly before I
> disappear again (for good!), that "looks good" now, and then becomes
> a horrible SMM CVE in a year or two. I want to go for "obviously no
> bug", rather than "no obvious bug".

I'm definitely not sufficiently familiar with all of the QEMU and OVMF
historical quirks to safely author or review a patch to cover all of 
this, so I will very definitely defer to your judgement on this.

On 12/01/2023 18:22, Laszlo Ersek wrote:
> There's got to be a limit to how far we try to compensate for broken
> (virtual) hardware. :( The right thing to do is to wait for the QEMU
> patch to reach as many as possible stable branches, let the distros
> pick up the new stable releases, and then merge the hardliner hang.

I concur.

Thanks for considering the suggestion!  :)

Michael