From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from a7-12.smtp-out.eu-west-1.amazonses.com (a7-12.smtp-out.eu-west-1.amazonses.com [54.240.7.12]) by mx.groups.io with SMTP id smtpd.web11.30244.1683634168005182742 for ; Tue, 09 May 2023 05:09:28 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ipxe.org header.s=cphpx6z2rfcgehlykjjh3gknqe3hsoe2 header.b=mG/Ke9/P; spf=pass (domain: eu-west-1.amazonses.com, ip: 54.240.7.12, mailfrom: 01020188006a98ab-43bff9af-a85f-4cc9-b044-69fc167b5982-000000@eu-west-1.amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=cphpx6z2rfcgehlykjjh3gknqe3hsoe2; d=ipxe.org; t=1683634166; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding; bh=GQAx2RVCU/rx7rN6nxOanN7fhX2J9ww20EroI92jNvY=; b=mG/Ke9/P5O9LfXeGOYmmVNCOQGBmmod0VyvD6s6xDcoFb0hW+q2mRhUJ1mEK0mxa 2pLib5Z9voHWvi4yorQ/1eVDIVrPyMYXH1oUfKe7c93iMAZxcdFVbPdIfq1jJ7TEaFw OP8MmsEkcgeH5LKqb8WLTcx/W8iyZqabHlKY+kd8PsCkSh4IsDZzkeisBj2c/naryG/ LwUn0nVgycuKFX3+xvyBHNmzTTaEfQaxkIPrwyfkpFhhpx//8Zv+4t7NvOqtxDcerxO bNO5tltkf2hVNIl9m3yBh8irGziM0IuoeV4KYojM6twhmsl4s0hxZIXhg7fQA71Nop8 IDA3RUBYMA== DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=shh3fegwg5fppqsuzphvschd53n6ihuv; d=amazonses.com; t=1683634166; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Feedback-ID; bh=GQAx2RVCU/rx7rN6nxOanN7fhX2J9ww20EroI92jNvY=; b=KekchLxChWSrdd3lQKETViUBMyx7iFi2c1Kn22+BdvigzOPsfGP6tTTzZtEp1CxQ 0WbZ3eo8F05iQAil2W+U/NUKM+McuGsU6oGPYUzX5e1mDWseSefGkEUQ2rzb0lbU6SJ RQmOrgkMGiS+/I66QdI6OEV0a9w/zDJE32hcAnk8= From: "Michael Brown" To: devel@edk2.groups.io Cc: lersek@redhat.com, Michael Brown , Gerd Hoffmann , Oliver Steffen , Pawel Polawski , Jiewen Yao , Ard Biesheuvel , Jordan Justen Subject: [PATCH v2 0/2] OvmfPkg: Relax assertion that interrupts do not occur at TPL_HIGH_LEVEL Date: Tue, 9 May 2023 12:09:26 +0000 Message-ID: <01020188006a98ab-43bff9af-a85f-4cc9-b044-69fc167b5982-000000@eu-west-1.amazonses.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <175D7813A02A6FCA.31428@groups.io> References: <175D7813A02A6FCA.31428@groups.io> MIME-Version: 1.0 X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00, URIBL_BLOCKED,URIBL_DBL_BLOCKED_OPENDNS,URIBL_ZEN_BLOCKED_OPENDNS autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on blyat.fensystems.co.uk Feedback-ID: 1.eu-west-1.fspj4M/5bzJ9NLRzJP0PaxRwxrpZqiDQJ1IF94CF2TA=:AmazonSES X-SES-Outgoing: 2023.05.09-54.240.7.12 Content-Transfer-Encoding: 8bit At TPL_HIGH_LEVEL, CPU interrupts are disabled (as per the UEFI specification) and so we should never encounter a situation in which an interrupt occurs at TPL_HIGH_LEVEL. The specification also restricts usage of TPL_HIGH_LEVEL to the firmware itself. However, nothing actually prevents a UEFI application from calling gBS->RaiseTPL(TPL_HIGH_LEVEL) and then violating the invariant by enabling interrupts via the STI or equivalent instruction. Some versions of the Microsoft Windows bootloader are known to do this. NestedInterruptTplLib maintains the invariant that interrupts are disabled at TPL_HIGH_LEVEL (even when performing the dark art of deliberately manipulating the stack so that IRET will return with interrupts still disabled), but does not itself rely on external code maintaining this invariant. Relax the assertion that the interrupted TPL is below TPL_HIGH_LEVEL to an error message, to allow UEFI applications such as these versions of the Microsoft Windows bootloader to continue to function. Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2189136 Cc: Laszlo Ersek Cc: Gerd Hoffmann Cc: Oliver Steffen Cc: Pawel Polawski Cc: Jiewen Yao Cc: Ard Biesheuvel Cc: Jordan Justen Michael Brown (2): OvmfPkg: Clarify invariants for NestedInterruptTplLib OvmfPkg: Relax assertion that interrupts do not occur at TPL_HIGH_LEVEL OvmfPkg/Library/NestedInterruptTplLib/Tpl.c | 31 +++++++++++++++++---- 1 file changed, 26 insertions(+), 5 deletions(-) -- 2.39.0