From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web10.10110.1683699144596365507
 for <devel@edk2.groups.io>;
 Tue, 09 May 2023 23:12:24 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=hBHXbaGH;
 spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 152FB63845
	for <devel@edk2.groups.io>; Wed, 10 May 2023 06:12:24 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3AD23C433D2
	for <devel@edk2.groups.io>; Wed, 10 May 2023 06:12:23 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1683699143;
	bh=IivnkRhPgwx+dDNwhtfByQ17ya9VYHaXfsFarmsD5rg=;
	h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
	b=hBHXbaGHdkIRU9tPkecc4vZidwsG3Z4tiyXnE5vm9kDzapyNcodWuvTaGjo0KbLoV
	 wDOBfnSWzY7RJb+NBB8lXM482AcFHkNBTedag28NevPIGEml4oC0IBEVLSPo9fzzhT
	 ZvpzYGcL0UQyyMv3WGgykjGqZ6q3xTnnHX3bEda4j0x2ffNwCOUGX+9GUl4VB+CzZt
	 q11o+8rqUvUVOapIbgbkbD0U/I3qZVxlXDljRkAq2eNqfCjqTaHn70Pa9CPGWU9gAv
	 JSCwgBqTtNyHkvBrE6JKhhQ03PlfpXHfw0enFXQHyofES6fsg6wOXpnxgh+KiyizGu
	 A0gx+J+Dz03JA==
Received: by mail-lf1-f43.google.com with SMTP id 2adb3069b0e04-4f25d79f6bfso1525289e87.2
        for <devel@edk2.groups.io>; Tue, 09 May 2023 23:12:23 -0700 (PDT)
X-Gm-Message-State: AC+VfDy7/jUIg3x5Ix9HxBlb6DVz3bh0zy+QZ9dGGnsoPY2V6GpPh6uw
	At16iE+9T+9QYkTY8ZZtHd0S9oebMcmGNT13bz0=
X-Google-Smtp-Source: ACHHUZ41ks4Wr4ZA8aC/OpiakHoWE3XwxPc/3ragIzl7xPyRLqI/LVTclu5LYQ8YPSYMoXIpE91k+ZHhRZh51dn9Puw=
X-Received: by 2002:ac2:597a:0:b0:4f0:441:71a4 with SMTP id
 h26-20020ac2597a000000b004f0044171a4mr1319682lfp.35.1683699141307; Tue, 09
 May 2023 23:12:21 -0700 (PDT)
MIME-Version: 1.0
References: <175D7813A02A6FCA.31428@groups.io> <01020188006a98ab-43bff9af-a85f-4cc9-b044-69fc167b5982-000000@eu-west-1.amazonses.com>
 <bb6edf7b-a0cf-ed7e-e7d2-d9afb2360ba9@redhat.com> <0102018800e55c15-06451e86-006c-45d0-91ee-106189471d0b-000000@eu-west-1.amazonses.com>
 <CAMj1kXFd_etBe_KT4WE-16nXW3oyFO22GjoB7UJE+t50JNezXA@mail.gmail.com>
In-Reply-To: <CAMj1kXFd_etBe_KT4WE-16nXW3oyFO22GjoB7UJE+t50JNezXA@mail.gmail.com>
From: "Ard Biesheuvel" <ardb@kernel.org>
Date: Wed, 10 May 2023 08:12:10 +0200
X-Gmail-Original-Message-ID: <CAMj1kXFZ3Uv6kO=Ov-RAMX4zd2G1PW+QT_Q-fF580Jr4qFR9kA@mail.gmail.com>
Message-ID: <CAMj1kXFZ3Uv6kO=Ov-RAMX4zd2G1PW+QT_Q-fF580Jr4qFR9kA@mail.gmail.com>
Subject: Re: [edk2-devel] [PATCH v2 0/2] OvmfPkg: Relax assertion that interrupts do not occur at TPL_HIGH_LEVEL
To: Michael Brown <mcb30@ipxe.org>, 
	"Liming Gao (Byosoft address)" <gaoliming@byosoft.com.cn>
Cc: devel@edk2.groups.io, lersek@redhat.com, Gerd Hoffmann <kraxel@redhat.com>, 
	Oliver Steffen <osteffen@redhat.com>, Pawel Polawski <ppolawsk@redhat.com>, 
	Jiewen Yao <jiewen.yao@intel.com>, Ard Biesheuvel <ardb+tianocore@kernel.org>, 
	Jordan Justen <jordan.l.justen@intel.com>
Content-Type: text/plain; charset="UTF-8"

On Tue, 9 May 2023 at 23:49, Ard Biesheuvel <ardb@kernel.org> wrote:
>
> (cc Liming)
>
> On Tue, 9 May 2023 at 16:23, Michael Brown <mcb30@ipxe.org> wrote:
> >
> > On 09/05/2023 14:31, Laszlo Ersek wrote:
> > > On 5/9/23 14:09, Michael Brown wrote:
> > >> At TPL_HIGH_LEVEL, CPU interrupts are disabled (as per the UEFI
> > >> specification) and so we should never encounter a situation in which
> > >> an interrupt occurs at TPL_HIGH_LEVEL. The specification also
> > >> restricts usage of TPL_HIGH_LEVEL to the firmware itself.
> > >>
> > >> However, nothing actually prevents a UEFI application from calling
> > >> gBS->RaiseTPL(TPL_HIGH_LEVEL) and then violating the invariant by
> > >> enabling interrupts via the STI or equivalent instruction. Some
> > >> versions of the Microsoft Windows bootloader are known to do this.
> > >>
> > >> NestedInterruptTplLib maintains the invariant that interrupts are
> > >> disabled at TPL_HIGH_LEVEL (even when performing the dark art of
> > >> deliberately manipulating the stack so that IRET will return with
> > >> interrupts still disabled), but does not itself rely on external code
> > >> maintaining this invariant.
> > >>
> > >> Relax the assertion that the interrupted TPL is below TPL_HIGH_LEVEL
> > >> to an error message, to allow UEFI applications such as these versions
> > >> of the Microsoft Windows bootloader to continue to function.
> > >>
> > >> Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2189136
> > >> Cc: Laszlo Ersek <lersek@redhat.com>
> > >> Cc: Gerd Hoffmann <kraxel@redhat.com>
> > >> Cc: Oliver Steffen <osteffen@redhat.com>
> > >> Cc: Pawel Polawski <ppolawsk@redhat.com>
> > >> Cc: Jiewen Yao <jiewen.yao@intel.com>
> > >> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> > >> Cc: Jordan Justen <jordan.l.justen@intel.com>
> > >>
> > >> Michael Brown (2):
> > >>    OvmfPkg: Clarify invariants for NestedInterruptTplLib
> > >>    OvmfPkg: Relax assertion that interrupts do not occur at
> > >>      TPL_HIGH_LEVEL
> > >>
> > >>   OvmfPkg/Library/NestedInterruptTplLib/Tpl.c | 31 +++++++++++++++++----
> > >>   1 file changed, 26 insertions(+), 5 deletions(-)
> > >>
> > >
> > > series
> > > Acked-by: Laszlo Ersek <lersek@redhat.com>
> >
> > Thank you!
> >
> > Gerd: are you happy for your Reviewed-by to stand, since the only
> > changes since v1 were to comment wording?
>
> I'll assume that it stands if that was the only difference.
>
> I've queued this up now - thanks all for the hard work.
>
> (Note to Liming - this is definitely a candidate for the stable tag,
> see the bugzilla link for details)
>

Merged as #4371