From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web10.2119.1683669013100531034
 for <devel@edk2.groups.io>;
 Tue, 09 May 2023 14:50:13 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Se92FPbD;
 spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 8D7AC62C08
	for <devel@edk2.groups.io>; Tue,  9 May 2023 21:50:12 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id C8D72C4339B
	for <devel@edk2.groups.io>; Tue,  9 May 2023 21:50:11 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1683669011;
	bh=waRtLKbwIEhsYOM94Zk01dnsPXB6yzx1cm6PmSTKCq0=;
	h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
	b=Se92FPbDYYI8sHKCOfNPHx2hkuq/vxfMwSiGdhN5xCK2Hchs7plVrwHvJo+kgRbL3
	 8ZC0dA7eXu3sujqwwaqlDtCQw5j7GUNa8U8iG6q2Ez8A2xIPt0fF0pbpEy0gER42TB
	 ZvDhLHt0+7FI/amLxHGLBqeyVCeVaYwRHNWC1MaDyMBvjZ0ZVEmEJMGWm1RsfR3KpW
	 3e/wdITVFx8xPRRCReyvPpwf/C/phETDwLHp8bEWqCqDA3U9YkVUWbpCvaAZ8GAhsD
	 QrSE45J44NMbNL5mR6zSVA2gyI6C3eauC90wUTzVH3An2et/R3mWY00d656pY9HWKR
	 Rvfb7kTazvmXw==
Received: by mail-lj1-f170.google.com with SMTP id 38308e7fff4ca-2ac80ed7f26so69804311fa.1
        for <devel@edk2.groups.io>; Tue, 09 May 2023 14:50:11 -0700 (PDT)
X-Gm-Message-State: AC+VfDzevIrKIZZ9TELPCJoK0VYr3qxlX2nB1jzbHS75JSVAcqF143M7
	VbWgtDseCiFaHhSS9X66cuNEBrRxwkry3omMa1c=
X-Google-Smtp-Source: ACHHUZ61plrsrazdXE4RhUwMOuYbqA6Y583qIpiZs4CClnLteSRYyPofSjr6q7tEvf0YKjJbvP1HTZnuFDizJK74Oew=
X-Received: by 2002:a2e:b60a:0:b0:2a7:748c:1eef with SMTP id
 r10-20020a2eb60a000000b002a7748c1eefmr1136083ljn.38.1683669009784; Tue, 09
 May 2023 14:50:09 -0700 (PDT)
MIME-Version: 1.0
References: <175D7813A02A6FCA.31428@groups.io> <01020188006a98ab-43bff9af-a85f-4cc9-b044-69fc167b5982-000000@eu-west-1.amazonses.com>
 <bb6edf7b-a0cf-ed7e-e7d2-d9afb2360ba9@redhat.com> <0102018800e55c15-06451e86-006c-45d0-91ee-106189471d0b-000000@eu-west-1.amazonses.com>
In-Reply-To: <0102018800e55c15-06451e86-006c-45d0-91ee-106189471d0b-000000@eu-west-1.amazonses.com>
From: "Ard Biesheuvel" <ardb@kernel.org>
Date: Tue, 9 May 2023 23:49:58 +0200
X-Gmail-Original-Message-ID: <CAMj1kXFd_etBe_KT4WE-16nXW3oyFO22GjoB7UJE+t50JNezXA@mail.gmail.com>
Message-ID: <CAMj1kXFd_etBe_KT4WE-16nXW3oyFO22GjoB7UJE+t50JNezXA@mail.gmail.com>
Subject: Re: [edk2-devel] [PATCH v2 0/2] OvmfPkg: Relax assertion that interrupts do not occur at TPL_HIGH_LEVEL
To: Michael Brown <mcb30@ipxe.org>, 
	"Liming Gao (Byosoft address)" <gaoliming@byosoft.com.cn>
Cc: devel@edk2.groups.io, lersek@redhat.com, Gerd Hoffmann <kraxel@redhat.com>, 
	Oliver Steffen <osteffen@redhat.com>, Pawel Polawski <ppolawsk@redhat.com>, 
	Jiewen Yao <jiewen.yao@intel.com>, Ard Biesheuvel <ardb+tianocore@kernel.org>, 
	Jordan Justen <jordan.l.justen@intel.com>
Content-Type: text/plain; charset="UTF-8"

(cc Liming)

On Tue, 9 May 2023 at 16:23, Michael Brown <mcb30@ipxe.org> wrote:
>
> On 09/05/2023 14:31, Laszlo Ersek wrote:
> > On 5/9/23 14:09, Michael Brown wrote:
> >> At TPL_HIGH_LEVEL, CPU interrupts are disabled (as per the UEFI
> >> specification) and so we should never encounter a situation in which
> >> an interrupt occurs at TPL_HIGH_LEVEL. The specification also
> >> restricts usage of TPL_HIGH_LEVEL to the firmware itself.
> >>
> >> However, nothing actually prevents a UEFI application from calling
> >> gBS->RaiseTPL(TPL_HIGH_LEVEL) and then violating the invariant by
> >> enabling interrupts via the STI or equivalent instruction. Some
> >> versions of the Microsoft Windows bootloader are known to do this.
> >>
> >> NestedInterruptTplLib maintains the invariant that interrupts are
> >> disabled at TPL_HIGH_LEVEL (even when performing the dark art of
> >> deliberately manipulating the stack so that IRET will return with
> >> interrupts still disabled), but does not itself rely on external code
> >> maintaining this invariant.
> >>
> >> Relax the assertion that the interrupted TPL is below TPL_HIGH_LEVEL
> >> to an error message, to allow UEFI applications such as these versions
> >> of the Microsoft Windows bootloader to continue to function.
> >>
> >> Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2189136
> >> Cc: Laszlo Ersek <lersek@redhat.com>
> >> Cc: Gerd Hoffmann <kraxel@redhat.com>
> >> Cc: Oliver Steffen <osteffen@redhat.com>
> >> Cc: Pawel Polawski <ppolawsk@redhat.com>
> >> Cc: Jiewen Yao <jiewen.yao@intel.com>
> >> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> >> Cc: Jordan Justen <jordan.l.justen@intel.com>
> >>
> >> Michael Brown (2):
> >>    OvmfPkg: Clarify invariants for NestedInterruptTplLib
> >>    OvmfPkg: Relax assertion that interrupts do not occur at
> >>      TPL_HIGH_LEVEL
> >>
> >>   OvmfPkg/Library/NestedInterruptTplLib/Tpl.c | 31 +++++++++++++++++----
> >>   1 file changed, 26 insertions(+), 5 deletions(-)
> >>
> >
> > series
> > Acked-by: Laszlo Ersek <lersek@redhat.com>
>
> Thank you!
>
> Gerd: are you happy for your Reviewed-by to stand, since the only
> changes since v1 were to comment wording?

I'll assume that it stands if that was the only difference.

I've queued this up now - thanks all for the hard work.

(Note to Liming - this is definitely a candidate for the stable tag,
see the bugzilla link for details)


>  (My apologies for forgetting
> to include a v2 description in the cover letter.)
>
> Thanks,
>
> Michael
>
>