public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "David Woodhouse" <dwmw2@infradead.org>
To: Laszlo Ersek <lersek@redhat.com>
Cc: "devel@edk2.groups.io" <devel@edk2.groups.io>,
	Ray Ni <ray.ni@intel.com>,
	 Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: Re: [edk2] [PATCH] OvmfPkg: prevent 64-bit MMIO BAR degradation if there is no CSM
Date: Thu, 20 Jun 2019 14:58:53 +0100	[thread overview]
Message-ID: <42f4314e3545b698dc5294a494a43afdcc205722.camel@infradead.org> (raw)
In-Reply-To: <28b2a68d-ad2f-1137-d356-227ee43db295@redhat.com>

[-- Attachment #1: Type: text/plain, Size: 4139 bytes --]

On Thu, 2019-06-20 at 14:57 +0200, Laszlo Ersek wrote:
> (updating Ray's email)
> 
> On 06/20/19 00:19, David Woodhouse wrote:
> > 
> > > the driver is thoroughly commented. See especially the
> > > DriverInitialize() function. Can you determine which one(s) of those
> > > statements doesn't / don't hold any longer?
> > > 
> > > Or maybe IncompatiblePciDeviceSupportDxe works as before, but commit
> > > 065ae7d717f9 ("MdeModulePkg/PciBusDxe: make OPROM BAR degradation
> > > configurable", 2016-09-26) made a difference? (Adding Ard.)
> > > 
> > > I'm just guessing of course; a bisection could prove more effective.
> > 
> > I think I worked it out. The problem is that the nvme controller doesn't
> > have a ROM so it wasn't triggering the downgrade to 32-bit in the first
> > place.
> > 
> > By hacking IncompatiblePciDeviceSupportDxe to always return configuration
> > with 32+bit "granularity" I can boot. That does it for *all* devices, of
> > course... but I don't get the PCI class; only device/vendor IDs.
> 
> Doesn't this imply that we have a more generic problem in PciBusDxe?

Potentially so, yes. Although it's not clear the PciBusDxe itself
should be making such platform-dependent decisions. Calling out to
something like IncompatiblePciDeviceSupportDxe seems like the right
decision — but having an a priori default behaviour based on the
presence or otherwise of an OpROM doesn't. Just let the platform code
decide.


> AIUI, the current aperture degradation (for BAR allocation purposes) is
> meant to allow the device's own (specific) legacy option ROM to access
> the BARs. If the device has no option ROM, this particular goal falls
> away. (And OVMF's driver basically implements an override, in case the
> oprom does exist, but "legacy" is whole-sale unsupported by the platform.)
> 
> If the generic (device independent) CSM code -- *any* generic CSM in
> fact -- is expected to access BARs, then the logic in PciBusDxe is both
> too lax and too restrictive at the same time. It's too lax due to
> factors discussed previously (see the paragraph above, and commit
> 065ae7d717f9), and too restrictive because it misses the "CSM per se
> needs BAR access" case.

Right. AFAICT the criterion "has OpROM" was never really correct. It
should really have been "will be driven by legacy code".

Things that are natively supported by the CSM — including IDE, SATA,
VirtIO and NVMe 'disks' — all fall into that category whether they have
OpROMs or not. I think we've mostly just got away with it until now
because they haven't had 64-bit capable BARs.

> For working this around in OVMF, we'd have to change the OVMF driver's
> behavior from "force 64-bit, or keep silent", to "force 64-bit, or force
> 32-bit". This looks like a kludge that entirely supplants the PciBusDxe
> logic. So I'm not a fan of it.

Hm, I think the PciBusDxe logic *should* be "supplanted". It never made
sense for PciBusDxe to take a guess about what the platform might want,
then let the platform 'correct' it.

But of course it would be nice if PciBusDxe made a callout to platform
code and gave it all the information that might be needed — like the
PCI class, and the presence or otherwise of an OpROM. 

>  That said, if you can patch
> IncompatiblePciDeviceSupportDxe such that the change only affect the
> CSM_ENABLE build of OVMF observably, I guess I can live with it.

That's simple enough; we make CheckDevice() always return a
configuration, but with the granularity set to 32 if there's a CSM and
(as is currently the case) with it set to 64 if there's not.

Really, there should be a CSM call to say "do you want this device?",
and then the real trigger for degrading to 32-bit should be whether it
has an OpRom *or* that call returns true.

For now I've resorted to building with--pcd
gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio64Size=0 — if we switch from
SeaBIOS to OVMF+SeaBIOS then I don't want random 32-bit guests breaking
because their BARs are suddenly unreachable, whether the device in
question is used by the BIOS or not.




[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 5174 bytes --]

      reply	other threads:[~2019-06-20 13:59 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <1463609573-16626-1-git-send-email-lersek@redhat.com>
2019-06-19 12:50 ` [edk2] [PATCH] OvmfPkg: prevent 64-bit MMIO BAR degradation if there is no CSM David Woodhouse
2019-06-19 22:10   ` Laszlo Ersek
2019-06-19 22:19     ` David Woodhouse
2019-06-20 12:57       ` Laszlo Ersek
2019-06-20 13:58         ` David Woodhouse [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=42f4314e3545b698dc5294a494a43afdcc205722.camel@infradead.org \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox