From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C2F9D21A18AA9 for ; Tue, 28 Mar 2017 02:22:39 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2D0F180471; Tue, 28 Mar 2017 09:22:39 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 2D0F180471 Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=lersek@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 2D0F180471 Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-89.phx2.redhat.com [10.3.116.89]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5103B8FAE0; Tue, 28 Mar 2017 09:22:38 +0000 (UTC) To: Jordan Justen , edk2-devel@lists.01.org References: <20170327080544.24748-1-jordan.l.justen@intel.com> <149065122031.28789.9113394760317457361@jljusten-skl> From: Laszlo Ersek Message-ID: <121bb81b-08d1-d854-cf6f-ebc8268eb360@redhat.com> Date: Tue, 28 Mar 2017 11:22:37 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <149065122031.28789.9113394760317457361@jljusten-skl> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Tue, 28 Mar 2017 09:22:39 +0000 (UTC) Subject: Re: [PATCH 00/12] OvmfPkg: Enable variable access in PEI X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Mar 2017 09:22:40 -0000 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit On 03/27/17 23:47, Jordan Justen wrote: > On 2017-03-27 11:03:42, Laszlo Ersek wrote: >> On 03/27/17 10:05, Jordan Justen wrote: >>> web: https://github.com/jljusten/edk2/tree/pei-vars-v1 >>> >>> git: https://github.com/jljusten/edk2.git pei-vars-v1 >>> >>> This series moves flash detection into PEI to allow the PEI variable >>> access drivers to run. If flash is writable, the PCDs are set to >>> point at the flash memory. If flash is not writable, the PCDs are >>> set to point at a memory buffer. >> >> Can you please state the use case for the latter option? That is, >> when the PCDs are set to point at the memory buffer. >> >> In that case, the memory buffer is guaranteed to be empty (modulo >> internal formatting that PlatformPei would do just-in-time), unless >> the VM has just been rebooted within the same QEMU instance. >> >> In other words, clients of the r/o variable2 PPI will get false >> results, most of the time -- if I understand correctly. After a fresh >> boot (which is most of the boots), no variable will be found in the >> PEI phase, even if the \NvVars file contains it, and the variable >> services in DXE will later find it. >> >> ... I'm not sure if my understanding above is correct, but if it is, >> then I think this feature only contributes to the confusing nature of >> the memory-emulated variables. > > I think we should continue to support the memory vars, even if they > have some obvious drawbacks. I don't understand how you can call this "continued support" when Xen (and any other similarly pflash-less virt host scenarios) will see zero benefit from the increased complexity. The r/o variable2 PPI will be available to them, and it will almost always lie to them. Is that "continued support"? Is the availability of a lying PPI better than the absence of a functional PPI? I'm out of arguments. Anyway, I tested the series with the SMM_REQUIRE build -- you mentioned in the blurb that you didn't test SMM --; there is a regression. PlatformPei fails to detect flash: > Loading PEIM at 0x00000844B20 EntryPoint=0x00000844D40 PlatformPei.efi > Select Item: 0x0 > FW CFG Signature: 0x554D4551 > Select Item: 0x1 > FW CFG Revision: 0x3 > QemuFwCfg interface (DMA) is supported. > QEMU Flash: Attempting flash detection at FFE00010 > QemuFlashDetected => FD behaves as ROM > QemuFlashDetected => No > Platform PEIM Loaded the SMBASE relocation succeeds: > Loading SMM driver at 0x0007FFA8000 EntryPoint=0x0007FFA9034 PiSmmCpuDxeSmm.efi > SMRR Base: 0x7F800000, SMRR Size: 0x800000 > PcdCpuSmmCodeAccessCheckEnable = 1 > mAddressEncMask = 0x0 > SMRAM TileSize = 0x00002000 (0x00001000, 0x00001000) > SMRAM SaveState Buffer (0x7FF9A000, 0x0000E000) > CPU[000] APIC ID=0000 SMBASE=7FF92000 SaveState=7FFA1C00 Size=00000400 > CPU[001] APIC ID=0001 SMBASE=7FF94000 SaveState=7FFA3C00 Size=00000400 > CPU[002] APIC ID=0002 SMBASE=7FF96000 SaveState=7FFA5C00 Size=00000400 > CPU[003] APIC ID=0003 SMBASE=7FF98000 SaveState=7FFA7C00 Size=00000400 > mXdSupported - 0x0 > One Semaphore Size = 0x40 > Total Semaphores Size = 0x840 > InstallProtocolInterface: [gEfiSmmConfigurationProtocolGuid] 7FFC2040 > SMM IPL registered SMM Entry Point address 7FFE099D > SmmInstallProtocolInterface: [EfiSmmCpuProtocol] 7FFC2068 > SmmInstallProtocolInterface: [EfiSmmCpuServiceProtocol] 7FFC2084 > SMM S3 SMRAM Structure = 7F47DAD8 > SMM S3 Structure = 7F800000 > SMM CPU Module exit from SMRAM with EFI_SUCCESS > PageTable is 0! > SMM IPL closed SMRAM window and then FvbServicesSmm blows up due to the originally failed flash detection: > InstallProtocolInterface: [EfiLoadedImageProtocol] 7E9EEC10 > SmmInstallProtocolInterface: [EfiLoadedImageProtocol] 7FFDD47C > Loading SMM driver at 0x0007FF5F000 EntryPoint=0x0007FF60034 FvbServicesSmm.efi > ASSERT .../OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c(970): !_gPcd_FixedAtBuild_PcdSmmSmramRequire The reason for the failed flash detection, in PlatformPei, is that PlatformPei does not run in System Management Mode. Therefore QEMU denies it write access to the pflash chip. Without the series applied, the flash detection (which involves a write) only occurs in FvbServicesSmm, which is an SMM driver; it runs in System Management Mode, so QEMU lets it write to the pflash chip. NB, the assertion failure (the boot regression) is just one problem. The real problem (concerning the feature itself) is that the failed dynamic flash detection in PlatformPei will prevent the PEI phase, in the SMM_REQUIRE build, from reading the actual pflash variable store. In the SMM_REQUIRE build, the real variables in the pflash store *would be* available for reading (via the r/o variable2 PPI), but PlatformPei falls back to memory emulation, because it cannot successfully write the pflash. That kind of defeats the entire feature. Thanks Laszlo