From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+107049+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 5F8F77803CF
	for <rebecca@openfw.io>; Wed, 19 Jul 2023 11:33:25 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=A6IUktJF5rWbH4owPRBFLCCnlr0ryVsg4HOPIOlSpLM=;
 c=relaxed/simple; d=groups.io;
 h=X-Received:X-Received:X-Received:X-MC-Unique:X-Received:X-Received:X-Received:From:To:Cc:Subject:Date:Message-ID:MIME-Version:X-Scanned-By:X-Mimecast-Spam-Score:X-Mimecast-Originator:Precedence:List-Unsubscribe:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:X-Gm-Message-State:Content-Transfer-Encoding:Content-Type;
 s=20140610; t=1689766403; v=1;
 b=AkTsnOiTmL5P6o+1cYvkX42mg/cIwOBNxt/9XSXCPEZ/zyeUXVYu4/mQBrH2+BXlDwwEb5R9
 mrCcBaNNMP6PO011WNUM7XidrmZf7KMRR4HZqrDiqaYSy+JlB28jlTaNSXwee1MS/cb/5eYZvBe
 +3SyiQBaUbR/XVP19ZbqrOJk=
X-Received: by 127.0.0.2 with SMTP id iq4CYY7687511x2rWS0hOPTi; Wed, 19 Jul 2023 04:33:23 -0700
X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by mx.groups.io with SMTP id smtpd.web10.11542.1689766403136194578
 for <devel@edk2.groups.io>;
 Wed, 19 Jul 2023 04:33:23 -0700
X-Received: from mimecast-mx02.redhat.com (66.187.233.73 [66.187.233.73]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-542-cN8oG02WMJy9G-nzIDzrtg-1; Wed, 19 Jul 2023 07:33:20 -0400
X-MC-Unique: cN8oG02WMJy9G-nzIDzrtg-1
X-Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 89E94382C969;
	Wed, 19 Jul 2023 11:33:20 +0000 (UTC)
X-Received: from sirius.home.kraxel.org (unknown [10.39.193.116])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 3A2CB1454142;
	Wed, 19 Jul 2023 11:33:19 +0000 (UTC)
X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000)
	id 7DE431800D6A; Wed, 19 Jul 2023 13:33:17 +0200 (CEST)
From: "Gerd Hoffmann" <kraxel@redhat.com>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Gerd Hoffmann <kraxel@redhat.com>
Subject: [edk2-devel] [PATCH 1/1] OvmfPkg/IoMmuDxe: add locking to IoMmuAllocateBounceBuffer
Date: Wed, 19 Jul 2023 13:33:17 +0200
Message-ID: <20230719113317.276124-1-kraxel@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.7
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,kraxel@redhat.com
X-Gm-Message-State: aFcsLdcY8dLkl59Zw9U7EYfjx7686176AA=
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"; x-default=true
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=AkTsnOiT;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io

Searching for an unused bounce buffer in mReservedMemBitmap and
reserving the buffer by flipping the bit is a critical section
which must not be interrupted.  Raise the TPL level to ensure
that.

Without this fix it can happen that IoMmuDxe hands out the same
bounce buffer twice, causing trouble down the road.  Seen happening
in practice with VirtioNetDxe setting up the network interface (and
calling into IoMmuDxe from a polling timer callback) in parallel with
Boot Manager doing some disk I/O.  An ASSERT() in VirtioNet caught
the buffer inconsistency.

Full story with lots of details and discussions is available here:
https://bugzilla.redhat.com/show_bug.cgi?id=2211060

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 OvmfPkg/IoMmuDxe/IoMmuBuffer.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/OvmfPkg/IoMmuDxe/IoMmuBuffer.c b/OvmfPkg/IoMmuDxe/IoMmuBuffer.c
index c8f6cf4818e8..7f8a0368ab5d 100644
--- a/OvmfPkg/IoMmuDxe/IoMmuBuffer.c
+++ b/OvmfPkg/IoMmuDxe/IoMmuBuffer.c
@@ -367,7 +367,9 @@ IoMmuAllocateBounceBuffer (
 {
   EFI_STATUS  Status;
   UINT32      ReservedMemBitmap;
+  EFI_TPL     OldTpl;
 
+  OldTpl            = gBS->RaiseTPL (TPL_NOTIFY);
   ReservedMemBitmap = 0;
   Status            = InternalAllocateBuffer (
                         Type,
@@ -378,6 +380,7 @@ IoMmuAllocateBounceBuffer (
                         );
   MapInfo->ReservedMemBitmap = ReservedMemBitmap;
   mReservedMemBitmap        |= ReservedMemBitmap;
+  gBS->RestoreTPL (OldTpl);
 
   ASSERT (Status == EFI_SUCCESS);
 
-- 
2.41.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107049): https://edk2.groups.io/g/devel/message/107049
Mute This Topic: https://groups.io/mt/100233359/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-