From: "Dong, Eric" <eric.dong@intel.com>
To: "Yao, Jiewen" <jiewen.yao@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>,
"lersek@redhat.com" <lersek@redhat.com>,
"vanjeff_919@hotmail.com" <vanjeff_919@hotmail.com>,
"Ni, Ray" <ray.ni@intel.com>
Cc: "Lou, Yun" <yun.lou@intel.com>
Subject: Re: 回复: [edk2-devel] [PATCH v2] UefiCpuPkg/MpInitLib: Add check for CR3/GDT/IDT.
Date: Sat, 5 Sep 2020 13:50:52 +0000 [thread overview]
Message-ID: <CY4PR11MB1272E4AA081BFAA8C865FE24FE2A0@CY4PR11MB1272.namprd11.prod.outlook.com> (raw)
In-Reply-To: <CY4PR11MB1288E41650A6B29CF6E6F9E08C2A0@CY4PR11MB1288.namprd11.prod.outlook.com>
[-- Attachment #1: Type: text/plain, Size: 4076 bytes --]
yes, I will close that Bugzilla. Thanks all for your feedback.
Thanks,
Eric
From: Yao, Jiewen <jiewen.yao@intel.com>
Sent: Saturday, September 5, 2020 8:31 PM
To: devel@edk2.groups.io; lersek@redhat.com; vanjeff_919@hotmail.com; Dong, Eric <eric.dong@intel.com>; Ni, Ray <ray.ni@intel.com>
Cc: Lou, Yun <yun.lou@intel.com>
Subject: RE: 回复: [edk2-devel] [PATCH v2] UefiCpuPkg/MpInitLib: Add check for CR3/GDT/IDT.
Thank you Laszlo.
Eric and I communicated with internal team. They understand that CPU is the only owner of the CPU state (CR3/DGT/IDT) and MP_SERVICE_PROTOCOL. Then we agree that the original test is invalid.
As conclusion, we can withdraw this patch and close the Bugzilla with "not a defect". 😊
Thank you
Yao Jiewen
> -----Original Message-----
> From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Laszlo Ersek
> Sent: Friday, September 4, 2020 4:37 PM
> To: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>;
> vanjeff_919@hotmail.com<mailto:vanjeff_919@hotmail.com>; Dong, Eric <eric.dong@intel.com<mailto:eric.dong@intel.com>>; Ni, Ray
> <ray.ni@intel.com<mailto:ray.ni@intel.com>>
> Cc: Lou, Yun <yun.lou@intel.com<mailto:yun.lou@intel.com>>
> Subject: Re: 回复: [edk2-devel] [PATCH v2] UefiCpuPkg/MpInitLib: Add check for
> CR3/GDT/IDT.
>
> On 09/04/20 10:06, Yao, Jiewen wrote:
> > When we say “validate”, we need get clear on what is the contract between
> caller and callee, and what is the expectation of the validation.
> >
> > For example, in this case, the validation is limited to 4G or not 4G. Why?
> > This function does not verify following, why?
> >
> > 1. if the GDT table is valid.
> > 2. if the IDT table is valid
> > 3. if the exception handler is valid
> > 4. if the timer handler still works
> > 5. if the page table is valid
> > 6. if the page table is 1:1 mapping
> > 7. if the page table still enforce the expected protection, such as RO, NX
> > 8. ……
>
> Yes, very good point; it has crossed my mind before too. The currently
> proposed checks verify the CR3 (but not the end of the root page
> directory). They also don't try to walk the whole forest of page tables
> and check every entry against 4GB (or, as you say, for 1:1 mapping). The
> check covers the GDT and the IDT, but not the GDT and IDT entries
> (segment granularity? direction of growth?)
>
> I'm OK with the proposed rudimentary checks because in my mind they are
> supposed to catch only one idiosyncratic UEFI application.
>
> > If an application creates a crazy state, CpuDxe may pass the validation with
> below 4G page table, but still fail to wake up APs.
>
> Yes, absolutely.
>
> >
> > If it is the app’s responsibility to ensure the system in good state, the
> validation is unnecessary.
> > If it is the CpuDxe’s responsibility to ensure the system in good state, the
> validation is insufficient.
>
> Agreed on both counts.
>
> I'm just under the impression that Eric has some internal use case that
> doesn't let him fix the application -- or maybe there's no time left for
> them for fixing the application.
>
> >
> > I think we should wait. I am working with Eric to collect the requirement on
> why test case is designed in this way.
>
> Sounds good, thanks!
>
> >
> > DebugAgentDxe is a good case. It is for debug purpose.
> > I believe there must be contract between CPU driver and DebugAgentDxe that
> which status DebugAgentDxe may modify and which state DebugAgentDxe may
> not.
> > It is DebugAgentDxe’s responsibility to ensure the new system state is correct
> and compatible with the CPU driver.
>
> Agreed 100%
>
> > With the contract, I don’t think CPU driver need validate the system state
> changed by DebugAgentDxe.
> > If DebugAgentDxe put system in a wrong state, CPUDriver has no chance to
> run.
>
> Agreed again.
>
> Thanks
> Laszlo
>
>
>
[-- Attachment #2: Type: text/html, Size: 13307 bytes --]
next prev parent reply other threads:[~2020-09-05 13:50 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-03 15:11 [PATCH v2] UefiCpuPkg/MpInitLib: Add check for CR3/GDT/IDT Dong, Eric
2020-09-03 19:00 ` Laszlo Ersek
2020-09-03 19:55 ` Laszlo Ersek
2020-09-04 1:34 ` [edk2-devel] " Ni, Ray
2020-09-04 2:00 ` Dong, Eric
2020-09-04 2:18 ` 回复: " vanjeff_919
2020-09-04 2:27 ` Dong, Eric
2020-09-04 3:09 ` Yao, Jiewen
2020-09-04 6:50 ` Laszlo Ersek
2020-09-04 6:58 ` 回复: " Laszlo Ersek
2020-09-04 7:32 ` 回复: " Fan Jeff
2020-09-04 8:06 ` Yao, Jiewen
2020-09-04 8:36 ` Laszlo Ersek
2020-09-05 12:30 ` Yao, Jiewen
2020-09-05 13:50 ` Dong, Eric [this message]
2020-09-07 9:22 ` Laszlo Ersek
2020-09-04 8:43 ` 回复: " Fan Jeff
2020-09-04 8:23 ` Laszlo Ersek
2020-09-04 6:47 ` Laszlo Ersek
2020-09-04 2:00 ` Dong, Eric
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CY4PR11MB1272E4AA081BFAA8C865FE24FE2A0@CY4PR11MB1272.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox