From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+120710+7686176+12367111@groups.io>
Received: from mail05.groups.io (mail05.groups.io [45.79.224.7])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 8A2917803D9
	for <rebecca@openfw.io>; Mon,  4 Nov 2024 14:05:01 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=M3D0hV0PR4Z7qPvBmgtRThAQ5YyoRlk7pgmpkgaleyE=;
 c=relaxed/simple; d=groups.io;
 h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding;
 s=20240830; t=1730729101; v=1; x=1730988300;
 b=kqI8fYeJGfZ4CrXkyHYtV3v4FYTaFL5KA2ccmozuoeSA6aFU2MOxrZW9oXRWFwZFYXjn/XHq
 FyeIeJIyxmlSZADJN41mKMDsMt18L2w9CwF/9gXXYDytY1kmT4IHfbYtz8gibp90eCm0n7ja+SG
 JWraZU3fCAPtEKgsf07efdILqWeMPiqJqT9qe5xAMqvMlYigzPauEEZhFbjdrwiz1BsBJrJTM7N
 3sEAJZTO9A5vb6sv2IIpHSbxQRFOdsg57SU3c2cjPjA/2kdQquvfbMwd4KUJQ2Ma28Cayo8u1Ew
 t7Xop0Bu9KFqCX9FBCtvP+Fl9RbwP3XqByxfYO7zZZQvQ==
X-Received: by 127.0.0.2 with SMTP id 0wHEYY7687511xtiDGNgioAz; Mon, 04 Nov 2024 06:05:00 -0800
X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by mx.groups.io with SMTP id smtpd.web11.57436.1730727431431383076
 for <devel@edk2.groups.io>;
 Mon, 04 Nov 2024 05:37:11 -0800
X-Received: from mail-yb1-f200.google.com (mail-yb1-f200.google.com
 [209.85.219.200]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-564-tOowHAQRMuyRv4vnvQNVZw-1; Mon, 04 Nov 2024 08:37:09 -0500
X-MC-Unique: tOowHAQRMuyRv4vnvQNVZw-1
X-Received: by mail-yb1-f200.google.com with SMTP id 3f1490d57ef6-e30cd709b40so6757318276.1
        for <devel@edk2.groups.io>; Mon, 04 Nov 2024 05:37:09 -0800 (PST)
X-Forwarded-Encrypted: i=1; AJvYcCUNt5o6GxzjDVKr9zjJ9MX1rr9GtswfvrLznDRcH0Nxm5uEKgw34Wm7Ch5716/gUEl3PBRSAw==@edk2.groups.io
X-Gm-Message-State: NiNJrW2CMO1AXTOFMiQZgb5sx7686176AA=
X-Received: by 2002:a05:6902:1613:b0:e2b:a885:2e48 with SMTP id 3f1490d57ef6-e3087a6bb0cmr26028318276.18.1730727428781;
        Mon, 04 Nov 2024 05:37:08 -0800 (PST)
X-Google-Smtp-Source: AGHT+IEsscRgA1+ulAFByvC73FmRs0r6v3ai/H0SLGs3lcuxL2F8fuOm9E1PXIcsPJHek6cMh/p7BDOqNgMxRQHjgnk=
X-Received: by 2002:a05:6902:1613:b0:e2b:a885:2e48 with SMTP id
 3f1490d57ef6-e3087a6bb0cmr26028285276.18.1730727428311; Mon, 04 Nov 2024
 05:37:08 -0800 (PST)
MIME-Version: 1.0
References: <CA+bRGFrqWr86C0T7pwjpkH-7j3iVNH0UfY8=s5E7MGXmvqFB3Q@mail.gmail.com>
 <CAGxU2F7RLsH_tfAj4b1_F_7EJgXK7NvV3Tz5qSVVbEOk1NGy3A@mail.gmail.com>
 <mwrxwqqx4o7sveaurjibkrajjempk6525pvmllph4yzi5mewc2@dkmocmo6533r>
 <CAGxU2F6okO9nLo9YeTTB=aTEQcB3is9GdOchHHStYq_h+k2Y8g@mail.gmail.com> <r35jv77lyozax4lljsdxnm3x5kamm32bu5kknu7nsmzswbcmfr@h5fapnatjgnk>
In-Reply-To: <r35jv77lyozax4lljsdxnm3x5kamm32bu5kknu7nsmzswbcmfr@h5fapnatjgnk>
From: Stefano Garzarella <sgarzare@redhat.com>
Date: Mon, 4 Nov 2024 14:36:55 +0100
Message-ID: <CAGxU2F6__V=ME0OD7_RhU3pFf60GxafU-keiO77PYr8Lskbk2g@mail.gmail.com>
Subject: Re: [edk2-devel] OVMF Issue with Netboot, VirtioRng, and both COM1/COM2 configured
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: Oliver Steffen <osteffen@redhat.com>, devel@edk2.groups.io, 
	Jiewen Yao <jiewen.yao@intel.com>, 
	Zachary Clark-williams <zachary.clark-williams@intel.com>, 
	Saloni Kasbekar <saloni.kasbekar@intel.com>, Doug Flick <dougflick@microsoft.com>, 
	Daniel Berrange <berrange@redhat.com>, Cong Li <coli@redhat.com>
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Mon, 04 Nov 2024 06:04:59 -0800
Resent-From: sgarzare@redhat.com
Reply-To: devel@edk2.groups.io,sgarzare@redhat.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240830 header.b=kqI8fYeJ;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io

On Mon, Nov 4, 2024 at 10:41=E2=80=AFAM Gerd Hoffmann <kraxel@redhat.com> w=
rote:
>
> On Mon, Nov 04, 2024 at 10:14:47AM +0100, Stefano Garzarella wrote:
> > Hi Gerd,
> >
> > On Fri, Nov 1, 2024 at 10:31=E2=80=AFAM Gerd Hoffmann <kraxel@redhat.co=
m> wrote:
> > >
> > >   Hi,
> > >
> > > > By analyzing the calls to the dispatcher (`gDS->Dispatch ()`) I fou=
nd
> > > > that when we only have COM1, EfiBootManagerConnectDevicePath() at s=
ome
> > > > point invokes `gDS->Dispatch ()` after VirtioRng has started. This =
call
> > > > will then get DxeNetLib loaded.
> > >
> > > Ok, so it is probably a good idea to explicitly request a dispatch af=
ter
> > > activating virtio-rng, so we do not depend on this happening by pure
> > > luck for other reasons:
> > >
> > > --- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
> > > +++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
> > > @@ -670,6 +670,7 @@ ConnectVirtioPciRng (
> > >      if (EFI_ERROR (Status)) {
> > >        goto Error;
> > >      }
> > > +    gDS->Dispatch ();
> > >    }
> > >
> > >    return EFI_SUCCESS;
> > >
> > > [ untested patch, and we probably should do something similar for Arm=
Virt,
> > >   /me goes continue walking through my email backlog now ]
> > >
> >
> > Yep, that should work.

Should we include this fix also in ConnectVirtioPciRng() in
OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c ?

> >
> > Last week I went a little deeper into the problem and basically
> > starting with commit 4c4ceb2ceb ("NetworkPkg: SECURITY PATCH
> > CVE-2023-45237") the network stack is no longer initialized during
> > DXE, but in BDS (see
> > https://issues.redhat.com/browse/RHEL-58631?focusedId=3D25981655&page=
=3Dcom.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment=
-25981655).
> >
> > Is this intentional? Could there be other problems besides this one we =
just had?
>
> A lot of the more important stuff for network booting happens in the
> BDS phase anyway, i.e. OVMF checking the qemu boot order, connecting
> the devices configured as bootable devices (including the NICs),
> creating (if needed) and sorting the BootNNNN entries.
>
> So I don't expect any bad side effects from initializing the core
> network modules in the (early) BDS phase.

I see, thanks!
Stefano



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#120710): https://edk2.groups.io/g/devel/message/120710
Mute This Topic: https://groups.io/mt/109008158/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-