From: Tom Rini <trini@konsulko.com>
To: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>,
u-boot@lists.denx.de, Andre Przywara <andre.przywara@arm.com>
Subject: Re: [PATCH 1/1] efi_loader: stop watchdogs in ExitBootServices()
Date: Mon, 30 Jan 2023 13:30:49 -0500 [thread overview]
Message-ID: <Y9gM2ce4xxEYNB/o@bill-the-cat> (raw)
In-Reply-To: <Y9gI41dldjjQg3Ss@bill-the-cat>
[-- Attachment #1: Type: text/plain, Size: 2774 bytes --]
On Mon, Jan 30, 2023 at 01:13:55PM -0500, Tom Rini wrote:
> On Sat, Jan 28, 2023 at 09:57:45AM +0100, Heinrich Schuchardt wrote:
>
> > The UEFI specification requires for ExitBootServices() that "the boot
> > services watchdog timer is disabled". We already disable the software
> > watchdog. We should additionally disable the hardware watchdogs.
> >
> > Reported-by: Andre Przywara <andre.przywara@arm.com>
> > Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
> > ---
> > lib/efi_loader/efi_boottime.c | 10 ++++++----
> > 1 file changed, 6 insertions(+), 4 deletions(-)
> >
> > diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c
> > index ba28989f36..71215af9d2 100644
> > --- a/lib/efi_loader/efi_boottime.c
> > +++ b/lib/efi_loader/efi_boottime.c
> > @@ -19,6 +19,7 @@
> > #include <u-boot/crc.h>
> > #include <usb.h>
> > #include <watchdog.h>
> > +#include <wdt.h>
> > #include <asm/global_data.h>
> > #include <asm/setjmp.h>
> > #include <linux/libfdt_env.h>
> > @@ -2171,6 +2172,11 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle,
> > list_del(&evt->link);
> > }
> >
> > + /* Disable watchdogs */
> > + efi_set_watchdog(0);
> > + if IS_ENABLED(CONFIG_WDT)
> > + wdt_stop_all();
> > +
> > if (!efi_st_keep_devices) {
> > bootm_disable_interrupts();
> > if (IS_ENABLED(CONFIG_USB_DEVICE))
> > @@ -2196,10 +2202,6 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle,
> >
> > /* Recalculate CRC32 */
> > efi_update_table_header_crc32(&systab.hdr);
> > -
> > - /* Give the payload some time to boot */
> > - efi_set_watchdog(0);
> > - schedule();
> > out:
> > if (IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL)) {
> > if (ret != EFI_SUCCESS)
>
> I thought we had rejected going down this path since the UEFI spec is
> unhelpfully wrong if it insists this?
Because, to be clear, stopping hardware watchdogs is not to be done. The
one in-tree caller of wdt_stop_all is very questionable. You cannot
seriously stop a watchdog until someone else can hopefully resume it as
that violates the function of a hardware watchdog. A pure software
watchdog is one thing, and a hardware watchdog is another. I feel like
the most likely answer here is that someone needs to, still, push back
to the UEFI specification to get hardware watchdogs better understood
and handled, as it must never be stopped once started and if you cannot
reach the next stage in time, that's an engineering issue to resolve. My
first guess is that ExitBootServices should service the watchdog one
last time to ensure the largest window of time for the OS to take over
servicing of the watchdog.
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
next prev parent reply other threads:[~2023-01-30 18:31 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-28 8:57 [PATCH 1/1] efi_loader: stop watchdogs in ExitBootServices() Heinrich Schuchardt
2023-01-30 18:13 ` Tom Rini
2023-01-30 18:30 ` Tom Rini [this message]
2023-01-31 12:03 ` Ilias Apalodimas
2023-01-31 14:16 ` Simon Glass
2023-01-31 14:48 ` Heinrich Schuchardt
2023-01-31 15:07 ` Tom Rini
2023-02-01 8:32 ` Rasmus Villemoes
2023-02-01 9:00 ` Heinrich Schuchardt
2023-02-02 8:17 ` Etienne Carriere
2023-02-02 17:12 ` Simon Glass
2023-02-02 17:22 ` Tom Rini
2023-02-03 2:15 ` Simon Glass
2023-02-03 7:30 ` Rasmus Villemoes
2023-02-07 14:59 ` Michael Walle
2023-02-07 15:08 ` Heinrich Schuchardt
2023-02-07 15:29 ` Michael Walle
2023-02-07 15:30 ` Heinrich Schuchardt
2023-02-07 15:34 ` Michael Walle
2023-02-03 15:51 ` Tom Rini
2023-02-04 0:20 ` Simon Glass
2023-02-01 12:49 ` Mark Kettenis
2023-02-01 15:21 ` Tom Rini
-- strict thread matches above, loose matches on Subject: below --
2021-11-09 10:19 Heinrich Schuchardt
2021-11-09 10:19 ` Heinrich Schuchardt
2021-11-09 14:20 ` Michael Walle
2021-11-09 14:46 ` Mark Kettenis
2021-11-09 14:54 ` Michael Walle
2021-11-09 17:30 ` Heinrich Schuchardt
2021-11-09 17:55 ` Tom Rini
2021-11-09 18:15 ` Heinrich Schuchardt
2021-11-09 18:18 ` Tom Rini
2021-11-09 21:47 ` Andre Przywara
2021-11-09 23:45 ` Grant Likely
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y9gM2ce4xxEYNB/o@bill-the-cat \
--to=trini@konsulko.com \
--cc=andre.przywara@arm.com \
--cc=heinrich.schuchardt@canonical.com \
--cc=ilias.apalodimas@linaro.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.