From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: hpe.com, ip: 148.163.147.86, mailfrom: prvs=01156482bf=brian.johnson@hpe.com) Received: from mx0a-002e3701.pphosted.com (mx0a-002e3701.pphosted.com [148.163.147.86]) by groups.io with SMTP; Wed, 31 Jul 2019 09:34:30 -0700 Received: from pps.filterd (m0150242.ppops.net [127.0.0.1]) by mx0a-002e3701.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x6VGVO8x006301; Wed, 31 Jul 2019 16:34:29 GMT Received: from g2t2354.austin.hpe.com (g2t2354.austin.hpe.com [15.233.44.27]) by mx0a-002e3701.pphosted.com with ESMTP id 2u3e7306kt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 31 Jul 2019 16:34:29 +0000 Received: from g2t2360.austin.hpecorp.net (g2t2360.austin.hpecorp.net [16.196.225.135]) by g2t2354.austin.hpe.com (Postfix) with ESMTP id B7E3983; Wed, 31 Jul 2019 16:34:28 +0000 (UTC) Received: from [16.99.208.215] (unknown [16.99.208.215]) by g2t2360.austin.hpecorp.net (Postfix) with ESMTP id 0BB5636; Wed, 31 Jul 2019 16:34:26 +0000 (UTC) Subject: Re: [edk2-devel] [Patch 0/2] UefiCpuPkg: Default avoid print. To: devel@edk2.groups.io, lersek@redhat.com, Eric Dong Cc: Ray Ni , Michael Kinney References: <20190731073502.24640-1-eric.dong@intel.com> From: "Brian J. Johnson" Message-ID: <3a28f2c6-6ef1-c830-b3c6-3cf69c5ca60f@hpe.com> Date: Wed, 31 Jul 2019 11:34:26 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 In-Reply-To: X-Proofpoint-UnRewURL: 1 URL was un-rewritten MIME-Version: 1.0 X-HPE-SCL: -1 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-07-31_08:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1906280000 definitions=main-1907310165 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit On 7/31/19 7:43 AM, Laszlo Ersek wrote: > (adding Mike) > > On 07/31/19 09:35, Eric Dong wrote: >> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1984 >> >> Current debug message brings much restriction for the platform >> which use this driver. >> >> For PEI and DXE phase, platform mush link base DebugLib (without >> using any pei/dxe services, even for its dependent libraries). >> >> This patch default disable this debug message, only open it when >> need to debug the related code. >> >> Signed-off-by: Eric Dong >> Cc: Ray Ni >> Cc: Laszlo Ersek >> >> Eric Dong (2): >> UefiCpuPkg/RegisterCpuFeaturesLib: Default avoid print. >> UefiCpuPkg/PiSmmCpuDxeSmm: Default avoid print. >> >> .../Library/RegisterCpuFeaturesLib/CpuFeaturesInitialize.c | 4 +++- >> UefiCpuPkg/PiSmmCpuDxeSmm/CpuS3.c | 4 +++- >> 2 files changed, 6 insertions(+), 2 deletions(-) >> > > The basic problem seems to be that APs should not use "thick" services > that might underlie the DebugLib instance that is picked by the > platform. That requirement appears sane to me. > > I think I disagree with the proposed mitigation though. Reasons: > > (a) The mitigation is duplicated to independent modules. > > (b) It is not possible to change the debug mask without modifying C > language source code. > > (c) Passing a zero log mask to DEBUG() on the APs does not guarantee > thread safety: > > - The DEBUG() macro calls DebugPrintEnabled() regardless of the log mask > passed to DEBUG(). > > - The DEBUG() macro may or may not call DebugPrintLevelEnabled(), > dependent on architecture & toolchain. > > - Both DebugPrintEnabled() and DebugPrintLevelEnabled() are DebugLib > interfaces. The library instance may implement them unsafely for APs, > and a zero log mask at the DEBUG call site could not prevent that. > > - Finally, DebugPrint() itself could invoke thread-unsafe logic, before > consulting the log mask. > > > I would propose the following, instead: > > (i) Introduce BIT6 for PcdDebugPropertyMask in "MdePkg.dec". The default > value should be zero. The bit stands for "DEBUG is safe to call on APs". > > (ii) Add a macro called AP_DEBUG to . > > This macro should work the same as DEBUG, except it should do nothing if > BIT6 in PcdDebugProperyMask is clear. > > Fetching PcdDebugPropertyMask inside AP_DEBUG() is safe, because: > > - the PCD can only be fixed-at-build or patchable-in-module (therefore > it is safe to read on APs -- no PCD PPI or PCD Protocol is needed); > > - PcdDebugPropertyMask is a preexistent PCD that *all* existent DebugLib > instances are expected to consume -- per the API specifications in > --, therefore no new PCD dependency would be introduced to > DebugLib instances. > > (iii) Modules that call DEBUG on APs should replace those calls with > AP_DEBUG. Code that currently calls DEBUG while running on either BSP or > APs should discriminate those cases from each other, and use AP_DEBUG > explicitly, when it runs on APs. > > As a further refinement, a macro called MP_DEBUG could be introduced > too, with a new initial parameter called "Bsp". If the Bsp parameter is > TRUE, then MP_DEBUG is identical to DEBUG. Otherwise, MP_DEBUG is > identical to AP_DEBUG. This way, DEBUG() calls such as described above > wouldn't have to be split into DEBUG / AP_DEBUG calls; they could be > changed into MP_DEBUG calls (with an extra parameter in the front). > > (iv) platforms can set BIT6 in PcdDebugPropertyMask in DSC files. This > need not be a full platform-level setting: the PCD can be overridden in > module scope, just like the DebugLib resolution can be module-scoped. > > > As an end result, AP_DEBUG messages will disappear by default (safely), > and platforms will have to do extra work only if they want AP_DEBUG > messages to appear. Otherwise the change is transparent to platforms. > > And, I think that AP_DEBUG belongs in MdePkg (and not UefiCpuPkg) > because both DebugLib and EFI_MP_SERVICES_PROTOCOL are declared in > MdePkg. While UefiCpuPkg provides the multiprocessing implementation for > IA32 and X64, the problem is architecture-independent. Furthermore, the > problem is a long-standing and recurrent one -- please refer to commit > 81f560498bf1, for example --, so it makes sense to solve it once and for > all. > > Thanks > Laszlo Laszlo, Defining a PCD bit for DEBUG() AP safety is an excellent suggestion. As you said, this is a long-standing, recurrent problem which keeps biting real platforms, and it would be good to have a solid, platform-independent solution. I do wonder if there would be a clean way to let a DebugLib instance itself declare that AP_DEBUG() is safe. That way a platform would only need to override the DebugLib instance in the DSC file, rather than both the instance and the PCD. (I know, I'm nitpicking.) A library can't override PCDs in its calling modules, of course. I suppose the AP_DEBUG() macro could call a new DebugLib entry point to test for AP safety before doing anything else, say DebugPrintOnApIsSafe(). Or it could even be a global CONST BOOLEAN defined by the library. But that would require all DebugLib instances to change, which is something you were trying to avoid. However, it's not always practical to track down all uses of DEBUG(). An AP can easily call a library routine which uses DEBUG() rather than AP_DEBUG(), buried under several layers of transitive library dependencies. In other words, it's not always practical to determine ahead of time if a given DEBUG() call may be done on an AP. I know that AP code runs in a very restricted environment and that people who use MpServices are supposed to understand the repercussions, but it gets very difficult when libraries are involved. :( So would a better solution be to modify the common unsafe DebugLib instances to have DebugPrintEnabled() return FALSE on APs? That would probably require a new BaseLib interface to determine if the caller is running on the BSP or an AP. (For IA32/X64 this isn't too hard -- it just needs to check a bit in the local APIC. I have no idea about other architectures.) That wouldn't solve the problem everywhere -- anyone using a custom DebugLib would have to update it themselves. But it would solve it solidly in the majority of cases. Thoughts? -- Brian J. Johnson Enterprise X86 Lab Hewlett Packard Enterprise