public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: Laszlo Ersek <lersek@redhat.com>
To: Andrew Fish <afish@apple.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	Ruiyu Ni <ruiyu.ni@intel.com>,
	Mike Kinney <michael.d.kinney@intel.com>,
	"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>,
	Liming Gao <liming.gao@intel.com>
Subject: Re: [PATCH v2 05/10] MdeModulePkg/ResetSystemRuntimeDxe: Add more debug message
Date: Tue, 20 Feb 2018 09:53:58 +0100	[thread overview]
Message-ID: <1c44e505-b0df-50f7-583a-7ba2ccd4f8c0@redhat.com> (raw)
In-Reply-To: <813EF154-1100-4151-A52D-2FD80D523B5E@apple.com>

On 02/20/18 00:30, Andrew Fish wrote:
>
>
>> On Feb 19, 2018, at 11:23 AM, Laszlo Ersek <lersek@redhat.com> wrote:
>>
>> On 02/19/18 19:59, Ard Biesheuvel wrote:
>>> On 9 February 2018 at 04:16, Ruiyu Ni <ruiyu.ni@intel.com> wrote:

>>>> +  DEBUG ((DEBUG_INFO, "DXE ResetSystem2: Reset call depth = %d.\n", mResetNotifyDepth));
>>>> +
>>>
>>> This DEBUG() print is breaking system reset from the Linux OS at
>>> runtime in DEBUG builds.
>>>
>>> [    4.223704] reboot: Restarting system
>>> [    4.224733] Unable to handle kernel paging request at virtual
>>> address 09000018
>>>
>>> This is the boottime MMIO address of the UART on the QEMU mach-virt
>>> model, and no runtime mapping exists for it, resulting in the crash.
>>>
>>> Please ensure that DEBUG () is used with care in DXE_RUNTIME_DRIVER
>>> modules.
>>
>> Not disagreeing, just asking: should we perhaps take care of this in
>> a new DebugLib instance, specifically for DXE runtime drivers?
>>
>> "MdePkg/Library/UefiRuntimeLib" provides functions like
>> EfiAtRuntime() and EfiGoneVirtual(). We couldn't use UefiRuntimeLib
>> in DebugLib, because UefiRuntimeLib already depends on DebugLib (we
>> can't introduce a circular dependency). But, we could reimplement
>> EfiAtRuntime() manually, in order to silence all debug messages after
>> ExitBootServices().
>>
>> This would make sense also because after ExitBootServices(), the
>> serial port is considered "owned" by the boot loader or the OS, and
>> the firmware should likely not mess up whatever IO occurs there.
>>
>> I guess the two possible places to implement such runtime logic would
>> be:
>>
>> - in a RuntimeDxe clone of BaseDebugLibSerialPort (i.e., commonly for
>> all edk2 platforms),
>>
>> - in a RuntimeDxe clone of
>> "ArmVirtPkg/Library/FdtPL011SerialPortLib/FdtPL011SerialPortLib.inf"
>> (i.e., move the checking to the serial port lib level).
>>
>> (This is different from OVMF / x86, because (a) there the debug data
>> are written to IO port 0x402, and the IO address space does not
>> depend on paging, (b) largely, no boot loader or OS ever are aware of
>> the QEMU debug port, it can be considered as owned by the firmware,
>> always.)
>>
>> Just thinking out loud.
>>
>
> Laszlo,
>
> From a Pedantic point of view an EFI Runtime Service can only use
> hardware not exposed to OS as there is no clean way to share. There
> are some scary wiggle words about the RTC that date all the way back
> to EFI 1.1, and that is the only conformant exception. So that is
> probably why we don't have a generic solution as it is kind of
> dangerous.

I think a DebugLib instance located at

  MdePkg/Library/DxeRuntimeDebugLibSerialPort

could be general enough, since it would not share hardware with the OS
-- it would stop runtime DXE drivers from making SerialPortLib calls.

> For example what happens if the OS has a kernel debugger running on
> that serial port and EFI Spews DEBUG prints, that would probably not
> come out well.
>
> For things I've written I usually end up writing a macro that does
> something like:
>
> if (!EfiAtRuntime ()) {
>   DEBUG ((DEBUG_ERROR, "Hello World!"));
> }

Right, so this supports Ard's original idea, namely that we should
disable the DEBUGs in the client code, one way or another...

> and
>
> if (!EfiAtRuntime ()) {
>   ASSERT (FALSE);
> }

... On the other hand, I think only the debug message should be
suppressed for ASSERTs; the exception or deadloop (whatever the assert
disposition) should not be suppressed at runtime. If the firmware
encounters a fatal unexpected error, it's better to hang the system
(with the deadloop) or crash it (raise an exception and make the kernel
panic) than silently corrupt more state and pretend everything's fine.
So wrapping "ASSERT (Predicate)" with "if (!EfiAtRuntime ())" does not
seem like the best solution to me.

> Maybe it would possible to add a RUNTIME_DEBUG(), RUNTIME_ASSERT(),
> etc. macros to the UefiRuntimeLib?

> Makes me remember the story from back in the 1990's about and update
> to the Windows Plug-N-Play subsystem to auto magically detect modems.
> It worked great, and made it easier to get folks online (even if it
> was very slow), but seems a software update managed to destroy a very
> very expensive custom milling machine. It seems this milling machine
> was connected to the serial port of the PC, and it was a very dumb
> device as it interpreted data across the serial port as coordinates
> and commands, and all the error checking was done on the PC. So these
> random data on the serial line told the milling machine to attack its
> self.

A "winmodem" on steroids :)

Thanks!
Laszlo


  reply	other threads:[~2018-02-20  8:48 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-02-09  4:16 [PATCH v2 00/10] Formalize the reset system core design Ruiyu Ni
2018-02-09  4:16 ` [PATCH v2 01/10] MdePkg/PeiServicesLib: Add PeiServicesResetSystem2() Ruiyu Ni
2018-02-09  4:16 ` [PATCH v2 02/10] MdeModulePkg/PeiMain: Always attempt to use Reset2 PPI first Ruiyu Ni
2018-02-09  4:16 ` [PATCH v2 03/10] MdeModulePkg/PeiMain: Cleanup whitespace in Reset.c Ruiyu Ni
2018-02-09  4:16 ` [PATCH v2 04/10] MdeModulePkg/ResetSystemRuntimeDxe: Add platform filter and handler Ruiyu Ni
2018-02-09  4:16 ` [PATCH v2 05/10] MdeModulePkg/ResetSystemRuntimeDxe: Add more debug message Ruiyu Ni
2018-02-19 18:59   ` Ard Biesheuvel
2018-02-19 19:23     ` Laszlo Ersek
2018-02-19 23:30       ` Andrew Fish
2018-02-20  8:53         ` Laszlo Ersek [this message]
2018-02-09  4:16 ` [PATCH v2 06/10] MdeModulePkg: Add ResetSystemLib instances that call core services Ruiyu Ni
2018-02-09  4:16 ` [PATCH v2 07/10] MdeModulePkg: Add ResetUtility librray class and BASE instance Ruiyu Ni
2018-02-09  4:16 ` [PATCH v2 08/10] MdePkg/UefiRuntimeLib: Support more module types Ruiyu Ni
2018-02-09  4:16 ` [PATCH v2 09/10] MdeModulePkg: Add ResetSystemPei PEIM Ruiyu Ni
2018-02-09  4:16 ` [PATCH v2 10/10] MdeModulePkg/ResetSystemPei: Add reset notifications in PEI Ruiyu Ni
2018-02-09  4:55 ` [PATCH v2 00/10] Formalize the reset system core design Zeng, Star

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1c44e505-b0df-50f7-583a-7ba2ccd4f8c0@redhat.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox