From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: imammedo@redhat.com) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Fri, 16 Aug 2019 00:42:17 -0700 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id EB3453090FD1; Fri, 16 Aug 2019 07:42:16 +0000 (UTC) Received: from localhost (unknown [10.43.2.182]) by smtp.corp.redhat.com (Postfix) with ESMTP id DFA0017493; Fri, 16 Aug 2019 07:42:14 +0000 (UTC) Date: Fri, 16 Aug 2019 09:42:12 +0200 From: Igor Mammedov To: Paolo Bonzini Cc: "Yao, Jiewen" , Laszlo Ersek , edk2-devel-groups-io , edk2-rfc-groups-io , qemu devel list , "Chen, Yingwen" , "Nakajima, Jun" , Boris Ostrovsky , Joao Marcal Lemos Martins , Phillip Goerl Subject: Re: CPU hotplug using SMM with QEMU+OVMF Message-ID: <20190816094212.28184314@redhat.com> In-Reply-To: References: <8091f6e8-b1ec-f017-1430-00b0255729f4@redhat.com> <74D8A39837DF1E4DA445A8C0B3885C503F75B680@shsmsx102.ccr.corp.intel.com> <047801f8-624a-2300-3cf7-1daa1395ce59@redhat.com> <20190815180733.4b396b5d@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Fri, 16 Aug 2019 07:42:17 +0000 (UTC) Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Thu, 15 Aug 2019 18:24:53 +0200 Paolo Bonzini wrote: > On 15/08/19 18:07, Igor Mammedov wrote: > > Looking at Q35 code and Seabios SMM relocation as example, if I see it > > right QEMU has: > > - SMRAM is aliased from DRAM at 0xa0000 > > - and TSEG steals from the top of low RAM when configured > > > > Now problem is that default SMBASE at 0x30000 isn't backed by anything > > in SMRAM address space and default SMI entry falls-through to the same > > location in System address space. > > > > The later is not trusted and entry into SMM mode will corrupt area + might > > jump to 'random' SMI handler (hence save/restore code in Seabios). > > > > Here is an idea, can we map a memory region at 0x30000 in SMRAM address > > space with relocation space/code reserved. It could be a part of TSEG > > (so we don't have to invent ABI to configure that)? > > No, there could be real mode code using it. My impression was that QEMU/KVM's SMM address space is accessible only from CPU in SMM mode, so SMM CPU should access in-depended SMRAM at 0x30000 in SMM address space while not SMM CPUs (including real mode) should access 0x30000 from normal system RAM. > What we _could_ do is > initialize SMBASE to 0xa0000, but I think it's better to not deviate too > much from processor behavior (even if it's admittedly a 20-years legacy > that doesn't make any sense). Agreed, it's better to follow spec, that's one of the reasons why I was toying with idea of using separate SMRAM at 0x30000 mapped only in SMM address space. Practically we would be following spec: SDM: 34.4 SMRAM " System logic can use the SMI acknowledge transaction or the assertion of the SMIACT# pin to decode accesses to the SMRAM and redirect them (if desired) to specific SMRAM memory. If a separate RAM memory is used for SMRAM, system logic should provide a programmable method of mapping the SMRAM into system memory space when the processor is not in SMM. This mechanism will enable start-up procedures to initialize the SMRAM space (that is, load the SMI handler) before executing the SMI handler during SMM. " Another benefit that gives us, is that we won't have to pull in all existing CPUs into SMM (essentially another stop_machine) to guarantee exclusive access to 0x30000 in normal RAM. > > Paolo