Ubuntu
ipxe package

Merge ~paelzer/ubuntu/+source/ipxe:lp-1882671-fix-tpl-on-efi-entry-GROOVY into ubuntu/+source/ipxe:ubuntu/groovy-devel

  1. Git
  2. lp:~paelzer/ubuntu/+source/ipxe
  3. lp-1882671-fix-tpl-on-efi-entry-GROOVY
  4. Merge into ubuntu/groovy-devel
Proposed by Christian Ehrhardt 
Status: Merged
Merged at revision: ef2bbee06b32b2cd143c3313859a771605dde59b
Proposed branch: ~paelzer/ubuntu/+source/ipxe:lp-1882671-fix-tpl-on-efi-entry-GROOVY
Merge into: ubuntu/+source/ipxe:ubuntu/groovy-devel
Diff against target: 95 lines (+73/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/lp-1882671-efi-Raise-TPL-during-driver-entry-point.patch (+65/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Rafael David Tinoco (community) Approve
Canonical Server Pending
Canonical Server packageset reviewers Pending
git-ubuntu developers Pending
Review via email: mp+387521@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

PPA: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4156/+packages

Revision history for this message
Rafael David Tinoco (rafaeldtinoco) wrote :

I'm on this now...

Revision history for this message
Rafael David Tinoco (rafaeldtinoco) wrote :

Alright, after carefully reading LP: #1882671 and asking questions to @paelzer, I feel better in doing a +1 with better understanding on the issue... The merge is simple (so +1), but implications are terribly complicated due to qemu / ipxe-qemu / edk2 combinations of driver configurations and features being enabled (or disabled) AND the original issue on HTTPS being fixed (which is this patch about).

Good to go

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index dc0899c..303357b 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+ipxe (1.0.0+git-20190125.36a4c85-5ubuntu2) groovy; urgency=medium
7+
8+ * d/p/lp-1882671-efi-Raise-TPL-during-driver-entry-point.patch: fix the
9+ formerly avoided efi TPL issues (LP: #1882671)
10+
11+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 16 Jul 2020 14:36:54 +0200
12+
13 ipxe (1.0.0+git-20190125.36a4c85-5ubuntu1) groovy; urgency=medium
14
15 * Merge with Debian unstable (LP: #1884758). Remaining changes:
16diff --git a/debian/patches/lp-1882671-efi-Raise-TPL-during-driver-entry-point.patch b/debian/patches/lp-1882671-efi-Raise-TPL-during-driver-entry-point.patch
17new file mode 100644
18index 0000000..de507a9
19--- /dev/null
20+++ b/debian/patches/lp-1882671-efi-Raise-TPL-during-driver-entry-point.patch
21@@ -0,0 +1,65 @@
22+From 2ae5d4338661b65c63eb5cb1a96e5b803fe7d620 Mon Sep 17 00:00:00 2001
23+From: Michael Brown <mcb30@ipxe.org>
24+Date: Tue, 30 Jun 2020 16:32:59 +0100
25+Subject: [PATCH] [efi] Raise TPL during driver entry point
26+
27+As per commit c89a446 ("[efi] Run at TPL_CALLBACK to protect against
28+UEFI timers") we expect to run at TPL_CALLBACK almost all of the time.
29+Various code paths rely on this assumption. Code paths that need to
30+temporarily lower the TPL (e.g. for entropy gathering) will restore it
31+to TPL_CALLBACK.
32+
33+The entropy gathering code will be run during DRBG initialisation,
34+which happens during the call to startup(). In the case of iPXE
35+compiled as an EFI application this code will run within the scope of
36+efi_snp_claim() and so will execute at TPL_CALLBACK as expected.
37+
38+In the case of iPXE compiled as an EFI driver the code will
39+incorrectly run at TPL_APPLICATION since there is nothing within the
40+EFI driver entry point that raises (and restores) the TPL. The net
41+effect is that a build that includes the entropy-gathering code
42+(e.g. a build with HTTPS enabled) will return from the driver entry
43+point at TPL_CALLBACK, which causes a system lockup.
44+
45+Fix by raising and restoring the TPL within the EFI driver entry
46+point.
47+
48+Debugged-by: Ignat Korchagin <ignat@cloudflare.com>
49+Signed-off-by: Michael Brown <mcb30@ipxe.org>
50+
51+Origin: backport, https://github.com/ipxe/ipxe/commit/2ae5d4338661b65c63eb5cb1a96e5b803fe7d620
52+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1882671
53+Last-Update: 2020-07-16
54+
55+---
56+ src/interface/efi/efidrvprefix.c | 9 +++++++++
57+ 1 file changed, 9 insertions(+)
58+
59+--- a/src/interface/efi/efidrvprefix.c
60++++ b/src/interface/efi/efidrvprefix.c
61+@@ -34,16 +34,25 @@ FILE_LICENCE ( GPL2_OR_LATER );
62+ */
63+ EFI_STATUS EFIAPI _efidrv_start ( EFI_HANDLE image_handle,
64+ EFI_SYSTEM_TABLE *systab ) {
65++ EFI_BOOT_SERVICES *bs;
66++ EFI_TPL saved_tpl;
67+ EFI_STATUS efirc;
68+
69+ /* Initialise EFI environment */
70+ if ( ( efirc = efi_init ( image_handle, systab ) ) != 0 )
71+ return efirc;
72+
73++ /* Raise TPL */
74++ bs = efi_systab->BootServices;
75++ saved_tpl = bs->RaiseTPL ( TPL_CALLBACK );
76++
77+ /* Initialise iPXE environment */
78+ initialise();
79+ startup();
80+
81++ /* Restore TPL */
82++ bs->RestoreTPL ( saved_tpl );
83++
84+ return 0;
85+ }
86+
87diff --git a/debian/patches/series b/debian/patches/series
88index f422ac7..d5c97a2 100644
89--- a/debian/patches/series
90+++ b/debian/patches/series
91@@ -1,3 +1,4 @@
92 debian-changes
93 handle-dhcp-nack.patch
94 0005-strip-802.1Q-VLAN-0-priority-tags.patch
95+lp-1882671-efi-Raise-TPL-during-driver-entry-point.patch

Subscribers

People subscribed via source and target branches