From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Tue, 27 Aug 2019 13:11:22 -0700 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2A9CE89ACA; Tue, 27 Aug 2019 20:11:22 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (unknown [10.36.118.80]) by smtp.corp.redhat.com (Postfix) with ESMTP id CE3895D6B0; Tue, 27 Aug 2019 20:11:16 +0000 (UTC) Subject: Re: [edk2-rfc] [edk2-devel] CPU hotplug using SMM with QEMU+OVMF To: Igor Mammedov Cc: "Kinney, Michael D" , "Yao, Jiewen" , Paolo Bonzini , "rfc@edk2.groups.io" , Alex Williamson , "devel@edk2.groups.io" , qemu devel list , "Chen, Yingwen" , "Nakajima, Jun" , Boris Ostrovsky , Joao Marcal Lemos Martins , Phillip Goerl References: <8091f6e8-b1ec-f017-1430-00b0255729f4@redhat.com> <35396800-32d2-c25f-b0d0-2d7cd8438687@redhat.com> <2b4ba607-f0e3-efee-6712-6dcef129b310@redhat.com> <7f2d2f1e-2dd8-6914-c55e-61067e06b142@redhat.com> <3661c0c5-3da4-1453-a66a-3e4d4022e876@redhat.com> <74D8A39837DF1E4DA445A8C0B3885C503F76FDAF@shsmsx102.ccr.corp.intel.com> <20190827182307.0b5ce17b@redhat.com> From: "Laszlo Ersek" Message-ID: <805ab9fc-2d51-8768-8a11-bfc90d77a29f@redhat.com> Date: Tue, 27 Aug 2019 22:11:15 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20190827182307.0b5ce17b@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Tue, 27 Aug 2019 20:11:22 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 08/27/19 18:23, Igor Mammedov wrote: > On Mon, 26 Aug 2019 17:30:43 +0200 > Laszlo Ersek wrote: > >> On 08/23/19 17:25, Kinney, Michael D wrote: >>> Hi Jiewen, >>> >>> If a hot add CPU needs to run any code before the >>> first SMI, I would recommend is only executes code >>> from a write protected FLASH range without a stack >>> and then wait for the first SMI. >> >> "without a stack" looks very risky to me. Even if we manage to implement >> the guest code initially, we'll be trapped without a stack, should we >> ever need to add more complex stuff there. > > Do we need anything complex in relocation handler, though? > From what I'd imagine, minimum handler should > 1: get address of TSEG, possibly read it from chipset The TSEG base calculation is not trivial in this environment. The 32-bit RAM size needs to be read from the CMOS (IO port accesses). Then the extended TSEG size (if any) needs to be detected from PCI config space (IO port accesses). Both CMOS and PCI config space requires IO port writes too (not just reads). Even if there are enough registers for the calculations, can we rely on these unprotected IO ports? Also, can we switch to 32-bit mode without a stack? I assume it would be necessary to switch to 32-bit mode for 32-bit arithmetic. Getting the initial APIC ID needs some CPUID instructions IIUC, which clobber EAX through EDX, if I understand correctly. Given the register pressure, CPUID might have to be one of the first instructions to call. > 2: calculate its new SMBASE offset based on its APIC ID > 3: save new SMBASE > >>> For this OVMF use case, is any CPU init required >>> before the first SMI? >> >> I expressed a preference for that too: "I wish we could simply wake the >> new CPU [...] with an SMI". >> >> http://mid.mail-archive.com/398b3327-0820-95af-a34d-1a4a1d50cf35@redhat.com >> >> >>> From Paolo's list of steps are steps (8a) and (8b) >>> really required? > > 07b - implies 08b I agree about that implication, yes. *If* we send an INIT/SIPI/SIPI to the new CPU, then the new CPU needs a HLT loop, I think. > 8b could be trivial hlt loop and we most likely could skip 08a and signaling host CPU steps > but we need INIT/SIPI/SIPI sequence to wake up AP so it could handle pending SMI > before handling SIPI (so behavior would follow SDM). > > >> See again my message linked above -- just after the quoted sentence, I >> wrote, "IOW, if we could excise steps 07b, 08a, 08b". >> >> But, I obviously defer to Paolo and Igor on that. >> >> (I do believe we have a dilemma here. In QEMU, we probably prefer to >> emulate physical hardware as faithfully as possible. However, we do not >> have Cache-As-RAM (nor do we intend to, IIUC). Does that justify other >> divergences from physical hardware too, such as waking just by virtue of >> an SMI?) > So far we should be able to implement it per spec (at least SDM one), > but we would still need to invent chipset hardware > i.e. like adding to Q35 non exiting SMRAM and means to map/unmap it > to non-SMM address space. > (and I hope we could avoid adding "parked CPU" thingy) I think we'll need a separate QEMU tree for this. I'm quite in the dark -- I can't tell if I'll be able to do something in OVMF without actually trying it. And for that, we'll need some proposed QEMU code that is testable, but not upstream yet. (As I might realize that I'm unable to make it work in OVMF.) >>> Can the SMI monarch use the Local >>> APIC to send a directed SMI to the hot added CPU? >>> The SMI monarch needs to know the APIC ID of the >>> hot added CPU. Do we also need to handle the case >>> where multiple CPUs are added at once? I think we >>> would need to serialize the use of 3000:8000 for the >>> SMM rebase operation on each hot added CPU. >> >> I agree this would be a huge help. > > We can serialize it (for normal hotplug flow) from ACPI handler > in the guest (i.e. non enforced serialization). > The only reason for serialization I see is not to allow > a bunch of new CPU trample over default SMBASE save area > at the same time. If the default SMBASE area is corrupted due to concurrent access, could that lead to invalid relocated SMBASE values? Possibly pointing into normal RAM? Thanks Laszlo