From: "Michael Brown" <mcb30@ipxe.org>
To: devel@edk2.groups.io, pbonzini@redhat.com, Ray Ni <ray.ni@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
Liming Gao <gaoliming@byosoft.com.cn>,
Laszlo Ersek <lersek@redhat.com>
Subject: Re: [edk2-devel] [PATCH 2/2] MdeModulePkg/DxeCore: Fix stack overflow issue due to nested interrupts
Date: Thu, 29 Feb 2024 19:22:07 +0000 [thread overview]
Message-ID: <0102018df6511d8e-aab48741-c939-4d11-b7f7-263f1b370444-000000@eu-west-1.amazonses.com> (raw)
In-Reply-To: <6ce2acb8-08a2-417c-9f4b-5f96befb412c@redhat.com>
On 29/02/2024 19:04, Paolo Bonzini wrote:
> On 2/29/24 14:02, Ray Ni wrote:
>> In the end, it will lower the TPL to TPL_APPLICATION with interrupt
>> enabled.
>>
>> However, it's possible that another timer interrupt happens just in
>> the end
>> of RestoreTPL() function when TPL is TPL_APPLICATION.
>
> How do non-OVMF platforms solve the issue? Do they just have the same
> bug as in https://bugzilla.tianocore.org/show_bug.cgi?id=4162 ?
Yes, they have that bug (or one of the bugs mentioned in that long
discussion, depending on which particular implementation choices have
been made).
> The design of NestedInterruptTplLib is that each nested interrupt must
> increase the TPL, but if I understand correctly there is a hole here:
>
> //
> // Call RestoreTPL() to allow event notifications to be
> // dispatched. This will implicitly re-enable interrupts.
> //
> gBS->RestoreTPL (InterruptedTPL);
>
> //
> // Re-disable interrupts after the call to RestoreTPL() to ensure
> // that we have exclusive access to the shared state.
> //
> DisableInterrupts ();
>
> because gBS->RestoreTPL will unconditionally enable interrupts if
> InterruptedTPL < TPL_HIGH_LEVEL.
There's no hole there.
Yes, interrupts will be temporarily reenabled, but the whole function of
NestedInterruptTplLib is to safely allow for this window in which
interrupts have been (annoyingly) enabled by RestoreTPL().
If another interrupt *does* occur within that window, the inner
interrupt handler will call NestedInterruptRestoreTPL(), which will take
the code path leading to the "DEFERRAL INVOCATION POINT", and will
therefore *not* call RestoreTPL() within that stack frame. The inner
interrupt returns at TPL_HIGH_LEVEL with interrupts still disabled, and
execution is therefore guaranteed to immediately reach the "DEFERRAL
RETURN POINT" in the outer interrupt handler. The deferred call to
RestoreTPL() is then safely executed in the context of the outer
interrupt handler (i.e. with zero increase in stack usage, hence a
guarantee of no stack overflow).
See the comments in the code for further details - I made them fairly
extensive. :)
> If possible, the easiest solution would be to merge
> NestedInterruptTplLib into Core DXE.
The question with that approach would be how to cleanly violate the
abstraction layer that separates the timer interrupt handler (existing
in a separate DXE driver executable) from the implementation of
CoreRestoreTplInternal() (existing in core DXE and not exposed via the
boot services table).
Thanks,
Michael
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116185): https://edk2.groups.io/g/devel/message/116185
Mute This Topic: https://groups.io/mt/104642317/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2024-02-29 19:22 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-29 13:02 [edk2-devel] [PATCH 0/2] Fix stack overflow issue due to nested interrupts Ni, Ray
2024-02-29 13:02 ` [edk2-devel] [PATCH 1/2] UefiCpuPkg/CpuDxe: Return correct interrupt state Ni, Ray
2024-02-29 13:02 ` [edk2-devel] [PATCH 2/2] MdeModulePkg/DxeCore: Fix stack overflow issue due to nested interrupts Ni, Ray
2024-02-29 13:23 ` Michael Brown
2024-02-29 16:43 ` Michael D Kinney
2024-02-29 17:39 ` Michael Brown
2024-02-29 19:09 ` Michael D Kinney
2024-02-29 19:41 ` Michael Brown
2024-02-29 17:39 ` Paolo Bonzini
2024-02-29 19:09 ` Michael D Kinney
2024-02-29 19:04 ` Paolo Bonzini
2024-02-29 19:16 ` Michael D Kinney
2024-02-29 20:08 ` Paolo Bonzini
2024-02-29 19:22 ` Michael Brown [this message]
2024-02-29 19:26 ` Michael D Kinney
2024-02-29 19:44 ` Michael Brown
2024-02-29 20:11 ` Paolo Bonzini
2024-03-01 0:14 ` Paolo Bonzini
2024-03-01 3:07 ` Ni, Ray
2024-03-01 8:37 ` Paolo Bonzini
2024-03-01 9:27 ` Michael Brown
2024-03-01 9:33 ` Paolo Bonzini
2024-03-01 11:10 ` Michael Brown
2024-03-01 12:09 ` Paolo Bonzini
2024-03-05 4:19 ` Ni, Ray
[not found] ` <17B9C3692B44139F.30946@groups.io>
2024-06-18 5:54 ` Ni, Ray
2024-03-01 8:44 ` Paolo Bonzini
2024-03-01 9:20 ` Ni, Ray
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0102018df6511d8e-aab48741-c939-4d11-b7f7-263f1b370444-000000@eu-west-1.amazonses.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox