Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
OvmfPkg/CpuHotplugSmm: fix CPU hotplug race just before SMI broadcast
The "virsh setvcpus" (plural) command may hot-plug several VCPUs in quick succession -- it means a series of "device_add" QEMU monitor commands, back-to-back. If a "device_add" occurs *just before* ACPI raises the broadcast SMI, then: - OVMF processes the hot-added CPU well. - However, QEMU's post-SMI ACPI loop -- which clears the pending events for the hot-added CPUs that were collected before raising the SMI -- is unaware of the stray CPU. Thus, the pending event is not cleared for it. As a result of the stuck event, at the next hot-plug, OVMF tries to re-add (relocate for the 2nd time) the already-known CPU. At that time, the AP is already in the normal edk2 SMM busy-wait however, so it doesn't respond to the exchange that the BSP intends to do in SmbaseRelocate(). Thus the VM gets stuck in SMM. (Because of the above symptom, this is not considered a security patch; it doesn't seem exploitable by a malicious guest OS.) In CpuHotplugMmi(), skip the supposedly hot-added CPU if it's already known. The post-SMI ACPI loop will clear the pending event for it this time. Cc: Ard Biesheuvel <[email protected]> Cc: Igor Mammedov <[email protected]> Cc: Jordan Justen <[email protected]> Cc: Philippe Mathieu-Daudé <[email protected]> Fixes: bc498ac Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2929 Signed-off-by: Laszlo Ersek <[email protected]> Message-Id: <[email protected]> Reviewed-by: Ard Biesheuvel <[email protected]>
- Loading branch information
1 parent
63d9267
commit 020bb4b