public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Brian J. Johnson" <brian.johnson@hpe.com>
To: devel@edk2.groups.io, lersek@redhat.com, Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>, Michael Kinney <michael.d.kinney@intel.com>
Subject: Re: [edk2-devel] [Patch 0/2] UefiCpuPkg: Default avoid print.
Date: Wed, 31 Jul 2019 11:34:26 -0500	[thread overview]
Message-ID: <3a28f2c6-6ef1-c830-b3c6-3cf69c5ca60f@hpe.com> (raw)
In-Reply-To: <bb69cd0b-5be5-463d-f027-17dba481b92c@redhat.com>

On 7/31/19 7:43 AM, Laszlo Ersek wrote:
> (adding Mike)
> 
> On 07/31/19 09:35, Eric Dong wrote:
>> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1984
>>
>> Current debug message brings much restriction for the platform
>> which use this driver.
>>
>> For PEI and DXE phase, platform mush link base DebugLib (without
>> using any pei/dxe services, even for its dependent libraries).
>>
>> This patch default disable this debug message, only open it when
>> need to debug the related code.
>>
>> Signed-off-by: Eric Dong <eric.dong@intel.com>
>> Cc: Ray Ni <ray.ni@intel.com>
>> Cc: Laszlo Ersek <lersek@redhat.com>
>>
>> Eric Dong (2):
>>    UefiCpuPkg/RegisterCpuFeaturesLib: Default avoid print.
>>    UefiCpuPkg/PiSmmCpuDxeSmm: Default avoid print.
>>
>>   .../Library/RegisterCpuFeaturesLib/CpuFeaturesInitialize.c    | 4 +++-
>>   UefiCpuPkg/PiSmmCpuDxeSmm/CpuS3.c                             | 4 +++-
>>   2 files changed, 6 insertions(+), 2 deletions(-)
>>
> 
> The basic problem seems to be that APs should not use "thick" services
> that might underlie the DebugLib instance that is picked by the
> platform. That requirement appears sane to me.
> 
> I think I disagree with the proposed mitigation though. Reasons:
> 
> (a) The mitigation is duplicated to independent modules.
> 
> (b) It is not possible to change the debug mask without modifying C
> language source code.
> 
> (c) Passing a zero log mask to DEBUG() on the APs does not guarantee
> thread safety:
> 
> - The DEBUG() macro calls DebugPrintEnabled() regardless of the log mask
> passed to DEBUG().
> 
> - The DEBUG() macro may or may not call DebugPrintLevelEnabled(),
> dependent on architecture & toolchain.
> 
> - Both DebugPrintEnabled() and DebugPrintLevelEnabled() are DebugLib
> interfaces. The library instance may implement them unsafely for APs,
> and a zero log mask at the DEBUG call site could not prevent that.
> 
> - Finally, DebugPrint() itself could invoke thread-unsafe logic, before
> consulting the log mask.
> 
> 
> I would propose the following, instead:
> 
> (i) Introduce BIT6 for PcdDebugPropertyMask in "MdePkg.dec". The default
> value should be zero. The bit stands for "DEBUG is safe to call on APs".
> 
> (ii) Add a macro called AP_DEBUG to <DebugLib.h>.
> 
> This macro should work the same as DEBUG, except it should do nothing if
> BIT6 in PcdDebugProperyMask is clear.
> 
> Fetching PcdDebugPropertyMask inside AP_DEBUG() is safe, because:
> 
> - the PCD can only be fixed-at-build or patchable-in-module (therefore
> it is safe to read on APs -- no PCD PPI or PCD Protocol is needed);
> 
> - PcdDebugPropertyMask is a preexistent PCD that *all* existent DebugLib
> instances are expected to consume -- per the API specifications in
> <DebugLib.h> --, therefore no new PCD dependency would be introduced to
> DebugLib instances.
> 
> (iii) Modules that call DEBUG on APs should replace those calls with
> AP_DEBUG. Code that currently calls DEBUG while running on either BSP or
> APs should discriminate those cases from each other, and use AP_DEBUG
> explicitly, when it runs on APs.
> 
> As a further refinement, a macro called MP_DEBUG could be introduced
> too, with a new initial parameter called "Bsp". If the Bsp parameter is
> TRUE, then MP_DEBUG is identical to DEBUG. Otherwise, MP_DEBUG is
> identical to AP_DEBUG. This way, DEBUG() calls such as described above
> wouldn't have to be split into DEBUG / AP_DEBUG calls; they could be
> changed into MP_DEBUG calls (with an extra parameter in the front).
> 
> (iv) platforms can set BIT6 in PcdDebugPropertyMask in DSC files. This
> need not be a full platform-level setting: the PCD can be overridden in
> module scope, just like the DebugLib resolution can be module-scoped.
> 
> 
> As an end result, AP_DEBUG messages will disappear by default (safely),
> and platforms will have to do extra work only if they want AP_DEBUG
> messages to appear. Otherwise the change is transparent to platforms.
> 
> And, I think that AP_DEBUG belongs in MdePkg (and not UefiCpuPkg)
> because both DebugLib and EFI_MP_SERVICES_PROTOCOL are declared in
> MdePkg. While UefiCpuPkg provides the multiprocessing implementation for
> IA32 and X64, the problem is architecture-independent. Furthermore, the
> problem is a long-standing and recurrent one -- please refer to commit
> 81f560498bf1, for example --, so it makes sense to solve it once and for
> all.
> 
> Thanks
> Laszlo

Laszlo,

Defining a PCD bit for DEBUG() AP safety is an excellent suggestion.  As 
you said, this is a long-standing, recurrent problem which keeps biting 
real platforms, and it would be good to have a solid, 
platform-independent solution.

I do wonder if there would be a clean way to let a DebugLib instance 
itself declare that AP_DEBUG() is safe.  That way a platform would only 
need to override the DebugLib instance in the DSC file, rather than both 
the instance and the PCD.  (I know, I'm nitpicking.)  A library can't 
override PCDs in its calling modules, of course.  I suppose the 
AP_DEBUG() macro could call a new DebugLib entry point to test for AP 
safety before doing anything else, say DebugPrintOnApIsSafe().  Or it 
could even be a global CONST BOOLEAN defined by the library.  But that 
would require all DebugLib instances to change, which is something you 
were trying to avoid.

However, it's not always practical to track down all uses of DEBUG(). 
An AP can easily call a library routine which uses DEBUG() rather than 
AP_DEBUG(), buried under several layers of transitive library 
dependencies.  In other words, it's not always practical to determine 
ahead of time if a given DEBUG() call may be done on an AP.  I know that 
AP code runs in a very restricted environment and that people who use 
MpServices are supposed to understand the repercussions, but it gets 
very difficult when libraries are involved.  :(

So would a better solution be to modify the common unsafe DebugLib 
instances to have DebugPrintEnabled() return FALSE on APs?  That would 
probably require a new BaseLib interface to determine if the caller is 
running on the BSP or an AP.  (For IA32/X64 this isn't too hard -- it 
just needs to check a bit in the local APIC.  I have no idea about other 
architectures.)  That wouldn't solve the problem everywhere -- anyone 
using a custom DebugLib would have to update it themselves.  But it 
would solve it solidly in the majority of cases.

Thoughts?
-- 
Brian J. Johnson
Enterprise X86 Lab

Hewlett Packard Enterprise

  reply	other threads:[~2019-07-31 16:34 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-31  7:35 [Patch 0/2] UefiCpuPkg: Default avoid print Dong, Eric
2019-07-31  7:35 ` [Patch 1/2] UefiCpuPkg/RegisterCpuFeaturesLib: " Dong, Eric
2019-07-31  7:35 ` [Patch 2/2] UefiCpuPkg/PiSmmCpuDxeSmm: " Dong, Eric
2019-07-31 12:43 ` [Patch 0/2] UefiCpuPkg: " Laszlo Ersek
2019-07-31 16:34   ` Brian J. Johnson [this message]
2019-07-31 18:06     ` [edk2-devel] " Andrew Fish
2019-07-31 18:58     ` Laszlo Ersek
2019-07-31 22:04       ` Johnson, Michael
2019-08-02  0:12         ` Laszlo Ersek
2019-08-01 20:20       ` Brian J. Johnson
2019-08-01 21:14         ` Andrew Fish
2019-08-02 21:45           ` Laszlo Ersek
2019-08-01  7:51 ` Ni, Ray
2019-08-01  9:07   ` Dong, Eric

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3a28f2c6-6ef1-c830-b3c6-3cf69c5ca60f@hpe.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox