From: Ingo Molnar <mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
To: Bart Kuivenhoven <bemk-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: Matt Fleming
<matt-HNK1S37rvNbeXh+fF434Mdi2O/JbrIOy@public.gmane.org>,
matt.fleming-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org,
hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org,
tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org,
mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org,
linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
jcm-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
msalter-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org
Subject: Re: [PATCH] x86 efi: bugfix interrupt disabling sequence
Date: Sat, 21 Sep 2013 09:50:02 +0200 [thread overview]
Message-ID: <20130921075002.GB7771@gmail.com> (raw)
In-Reply-To: <1379708486.12705.131.camel-0VdLhd/A9PkhetGgFr3ssPXAX3CI6PSWQQ4Iyu8u01E@public.gmane.org>
* Bart Kuivenhoven <bemk-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote:
> On Fri, 2013-09-20 at 16:28 +0100, Matt Fleming wrote:
> > On Wed, 18 Sep, at 07:28:53PM, Bart Kuivenhoven wrote:
> > > The problem in efi_main was that the idt was cleared before the
> > > interrupts were disabled.
> > >
> > > The UEFI spec states that interrupts aren't used so this shouldn't be
> > > too much of a problem. Peripherals however don't necessarily know about
> > > this and thus might cause interrupts to happen anyway. Even if
> > > ExitBootServices() has been called.
> > >
> > > This means there is a risk of an interrupt being triggered while the IDT
> > > register is nullified and the interrupt bit hasn't been cleared,
> > > allowing for a triple fault.
> >
> > Just to be clear, you haven't witnessed a triple fault, correct?
> >
> > > This patch fixes this by clearing the interrupt bit before the lidt
> > > instruction.
> >
> > I think we can go even further than this and get rid of all of the IDT
> > code in the EFI boot stub. The kernel maintains its own IDT anyway.
> >
>
> Well, isn't it so, that the kernel expects a setup in which interrupts
> are disabled before the decompressed image is loaded?
>
> What we can do is remove the lidt instruction and IDT pointer, but that
> still doesn't change anything with regards to the kernels expectations.
>
> And no, I haven't witnessed a triple fault, this is purely theoretical,
> with a very slim chance of it actually happening. That does not mean
> that it can't happen though.
it would also be very hard to prove that it occured (outside of special
debug environments) - spurious, low probability triple faults are as
undebuggable as it gets.
Thanks,
Ingo
WARNING: multiple messages have this Message-ID (diff)
From: Ingo Molnar <mingo@kernel.org>
To: Bart Kuivenhoven <bemk@redhat.com>
Cc: Matt Fleming <matt@console-pimps.org>,
matt.fleming@intel.com, hpa@zytor.com, tglx@linutronix.de,
mingo@redhat.com, x86@kernel.org, linux-efi@vger.kernel.org,
linux-kernel@vger.kernel.org, jcm@redhat.com, msalter@redhat.com
Subject: Re: [PATCH] x86 efi: bugfix interrupt disabling sequence
Date: Sat, 21 Sep 2013 09:50:02 +0200 [thread overview]
Message-ID: <20130921075002.GB7771@gmail.com> (raw)
In-Reply-To: <1379708486.12705.131.camel@dhcp-128-237.ams.redhat.com>
* Bart Kuivenhoven <bemk@redhat.com> wrote:
> On Fri, 2013-09-20 at 16:28 +0100, Matt Fleming wrote:
> > On Wed, 18 Sep, at 07:28:53PM, Bart Kuivenhoven wrote:
> > > The problem in efi_main was that the idt was cleared before the
> > > interrupts were disabled.
> > >
> > > The UEFI spec states that interrupts aren't used so this shouldn't be
> > > too much of a problem. Peripherals however don't necessarily know about
> > > this and thus might cause interrupts to happen anyway. Even if
> > > ExitBootServices() has been called.
> > >
> > > This means there is a risk of an interrupt being triggered while the IDT
> > > register is nullified and the interrupt bit hasn't been cleared,
> > > allowing for a triple fault.
> >
> > Just to be clear, you haven't witnessed a triple fault, correct?
> >
> > > This patch fixes this by clearing the interrupt bit before the lidt
> > > instruction.
> >
> > I think we can go even further than this and get rid of all of the IDT
> > code in the EFI boot stub. The kernel maintains its own IDT anyway.
> >
>
> Well, isn't it so, that the kernel expects a setup in which interrupts
> are disabled before the decompressed image is loaded?
>
> What we can do is remove the lidt instruction and IDT pointer, but that
> still doesn't change anything with regards to the kernels expectations.
>
> And no, I haven't witnessed a triple fault, this is purely theoretical,
> with a very slim chance of it actually happening. That does not mean
> that it can't happen though.
it would also be very hard to prove that it occured (outside of special
debug environments) - spurious, low probability triple faults are as
undebuggable as it gets.
Thanks,
Ingo
next prev parent reply other threads:[~2013-09-21 7:50 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-18 17:28 [PATCH] x86 efi: bugfix interrupt disabling sequence Bart Kuivenhoven
2013-09-18 17:28 ` Bart Kuivenhoven
[not found] ` <1379525333-4373-1-git-send-email-bemk-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-09-20 15:28 ` Matt Fleming
2013-09-20 15:28 ` Matt Fleming
2013-09-20 20:21 ` Bart Kuivenhoven
[not found] ` <1379708486.12705.131.camel-0VdLhd/A9PkhetGgFr3ssPXAX3CI6PSWQQ4Iyu8u01E@public.gmane.org>
2013-09-21 7:50 ` Ingo Molnar [this message]
2013-09-21 7:50 ` Ingo Molnar
2013-09-21 15:41 ` Matt Fleming
2013-09-21 15:41 ` Matt Fleming
[not found] ` <20130921154127.GD21381-HNK1S37rvNbeXh+fF434Mdi2O/JbrIOy@public.gmane.org>
2013-09-23 9:27 ` Bart Kuivenhoven
2013-09-23 9:27 ` Bart Kuivenhoven
-- strict thread matches above, loose matches on Subject: below --
2013-09-23 9:45 Bart Kuivenhoven
2013-09-23 9:45 ` Bart Kuivenhoven
[not found] ` <1379929528-7534-1-git-send-email-bemk-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-09-25 13:12 ` Matt Fleming
2013-09-25 13:12 ` Matt Fleming
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130921075002.GB7771@gmail.com \
--to=mingo-dgejt+ai2ygdnm+yrofe0a@public.gmane.org \
--cc=bemk-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org \
--cc=jcm-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=matt-HNK1S37rvNbeXh+fF434Mdi2O/JbrIOy@public.gmane.org \
--cc=matt.fleming-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=msalter-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org \
--cc=x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.