From: Jeff Fan <jeff.fan@intel.com>
To: edk2-devel@lists.01.org
Cc: Laszlo Ersek <lersek@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Michael D Kinney <michael.d.kinney@intel.com>
Subject: [PATCH 1/2] UefiCpuPkg/PiSmmCpuDxeSmm: Put AP into safe hlt-loop code on S3 path
Date: Thu, 10 Nov 2016 14:07:07 +0800 [thread overview]
Message-ID: <20161110060708.13932-2-jeff.fan@intel.com> (raw)
In-Reply-To: <20161110060708.13932-1-jeff.fan@intel.com>
On S3 path, we will wake up APs to restore CPU context in PiSmmCpuDxeSmm
driver. However, we place AP in hlt-loop under 1MB space borrowed after CPU
restoring CPU contexts.
In case, one NMI or SMI happens, APs may exit from hlt state and execute the
instruction after HLT instruction. But the code under 1MB is no longer safe at
that time.
This fix is to allocate one ACPI NVS range to place the AP hlt-loop code. When
CPU finished restoration CPU contexts, AP will execute in this ACPI NVS range.
https://bugzilla.tianocore.org/show_bug.cgi?id=216
Reported-by: Laszlo Ersek <lersek@redhat.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
---
UefiCpuPkg/PiSmmCpuDxeSmm/CpuS3.c | 31 +++++++++++++++++++++++++++
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c | 25 +++++++++++++++++++++
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 13 +++++++++++
UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c | 26 ++++++++++++++++++++++
4 files changed, 95 insertions(+)
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/CpuS3.c b/UefiCpuPkg/PiSmmCpuDxeSmm/CpuS3.c
index 6a798ef..6f290b8 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/CpuS3.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/CpuS3.c
@@ -77,6 +77,13 @@ SMM_S3_RESUME_STATE *mSmmS3ResumeState = NULL;
BOOLEAN mAcpiS3Enable = TRUE;
+UINT8 *mApHltLoopCode = NULL;
+UINT8 mApHltLoopCodeTemplate[] = {
+ 0xFA, // cli
+ 0xF4, // hlt
+ 0xEB, 0xFC // jmp $-2
+ };
+
/**
Get MSR spin lock by MSR index.
@@ -376,6 +383,8 @@ MPRendezvousProcedure (
CPU_REGISTER_TABLE *RegisterTableList;
UINT32 InitApicId;
UINTN Index;
+ UINT32 TopOfStack;
+ UINT8 Stack[128];
ProgramVirtualWireMode ();
DisableLvtInterrupts ();
@@ -393,6 +402,13 @@ MPRendezvousProcedure (
// Count down the number with lock mechanism.
//
InterlockedDecrement (&mNumberToFinish);
+
+ //
+ // Place AP into the safe code
+ //
+ TopOfStack = (UINT32) (UINTN) Stack + sizeof (Stack);
+ CopyMem ((VOID *) (UINTN) mApHltLoopCode, mApHltLoopCodeTemplate, sizeof (mApHltLoopCodeTemplate));
+ TransferApToSafeState ((UINT32) (UINTN) mApHltLoopCode, TopOfStack);
}
/**
@@ -731,6 +747,8 @@ InitSmmS3ResumeState (
VOID *GuidHob;
EFI_SMRAM_DESCRIPTOR *SmramDescriptor;
SMM_S3_RESUME_STATE *SmmS3ResumeState;
+ EFI_PHYSICAL_ADDRESS Address;
+ EFI_STATUS Status;
if (!mAcpiS3Enable) {
return;
@@ -773,6 +791,19 @@ InitSmmS3ResumeState (
// Patch SmmS3ResumeState->SmmS3Cr3
//
InitSmmS3Cr3 ();
+
+ //
+ // Allocate safe memory in ACPI NVS for AP to execute hlt loop on S3 path
+ //
+ Address = BASE_4GB - 1;
+ Status = gBS->AllocatePages (
+ AllocateMaxAddress,
+ EfiACPIMemoryNVS,
+ EFI_SIZE_TO_PAGES (sizeof (mApHltLoopCodeTemplate)),
+ &Address
+ );
+ ASSERT_EFI_ERROR (Status);
+ mApHltLoopCode = (UINT8 *) (UINTN) Address;
}
/**
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c
index 545b534..3e99aab 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c
@@ -94,3 +94,28 @@ InitGdt (
*GdtStepSize = GdtTableStepSize;
return GdtTssTables;
}
+
+/**
+ Transfer AP to safe hlt-loop after it finished restore CPU features on S3 patch.
+
+ @param[in] ApHltLoopCode The 32-bit address of the safe hlt-loop function
+ @param[in] TopOfStack A pointer to the new stack to use for the ApHltLoopCode.
+
+**/
+VOID
+TransferApToSafeState (
+ IN UINT32 ApHltLoopCode,
+ IN UINT32 TopOfStack
+ )
+{
+ SwitchStack (
+ (SWITCH_STACK_ENTRY_POINT) (UINTN) ApHltLoopCode,
+ NULL,
+ NULL,
+ (VOID *) (UINTN) TopOfStack
+ );
+ //
+ // It should never reach here
+ //
+ ASSERT (FALSE);
+}
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
index 9b119c8..82fa5a6 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
@@ -825,4 +825,17 @@ GetAcpiS3EnableFlag (
VOID
);
+/**
+ Transfer AP to safe hlt-loop after it finished restore CPU features on S3 patch.
+
+ @param[in] ApHltLoopCode The 32-bit address of the safe hlt-loop function
+ @param[in] TopOfStack A pointer to the new stack to use for the ApHltLoopCode.
+
+**/
+VOID
+TransferApToSafeState (
+ IN UINT32 ApHltLoopCode,
+ IN UINT32 TopOfStack
+ );
+
#endif
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c
index b53aa45..c05dec7 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c
@@ -68,3 +68,29 @@ InitGdt (
*GdtStepSize = GdtTableStepSize;
return GdtTssTables;
}
+/**
+ Transfer AP to safe hlt-loop after it finished restore CPU features on S3 patch.
+
+ @param[in] ApHltLoopCode The 32-bit address of the safe hlt-loop function
+ @param[in] TopOfStack A pointer to the new stack to use for the ApHltLoopCode.
+
+**/
+VOID
+TransferApToSafeState (
+ IN UINT32 ApHltLoopCode,
+ IN UINT32 TopOfStack
+ )
+{
+ SwitchStack (
+ (SWITCH_STACK_ENTRY_POINT) (UINTN) ApHltLoopCode,
+ NULL,
+ NULL,
+ (VOID *) (UINTN) TopOfStack
+ );
+ //
+ // It should never reach here
+ //
+ ASSERT (FALSE);
+}
+
+
--
2.9.3.windows.2
next prev parent reply other threads:[~2016-11-10 6:07 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-10 6:07 [PATCH 0/2] Put AP into safe hlt-loop code on S3 path Jeff Fan
2016-11-10 6:07 ` Jeff Fan [this message]
2016-11-10 8:50 ` [PATCH 1/2] UefiCpuPkg/PiSmmCpuDxeSmm: " Laszlo Ersek
2016-11-10 9:00 ` Fan, Jeff
2016-11-10 9:30 ` Laszlo Ersek
2016-11-10 6:07 ` [PATCH 2/2] UefiCpuPkg/PiSmmCpuDxeSmm: Place AP to 32bit protected mode " Jeff Fan
2016-11-10 8:56 ` [PATCH 0/2] Put AP into safe hlt-loop code " Laszlo Ersek
2016-11-10 9:59 ` Paolo Bonzini
2016-11-11 6:32 ` Fan, Jeff
2016-11-10 10:41 ` Laszlo Ersek
2016-11-10 11:17 ` Yao, Jiewen
2016-11-10 12:08 ` Laszlo Ersek
2016-11-10 20:45 ` Laszlo Ersek
2016-11-10 12:26 ` Paolo Bonzini
2016-11-10 13:33 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161110060708.13932-2-jeff.fan@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox