From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web12.4577.1571156131573680578 for ; Tue, 15 Oct 2019 09:15:31 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=MKyv8dPE; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: michael.a.kubacki@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Oct 2019 09:15:30 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,300,1566889200"; d="scan'208";a="395584740" Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206]) by fmsmga005.fm.intel.com with ESMTP; 15 Oct 2019 09:15:30 -0700 Received: from fmsmsx604.amr.corp.intel.com (10.18.126.84) by FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 15 Oct 2019 09:15:30 -0700 Received: from fmsmsx604.amr.corp.intel.com (10.18.126.84) by fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Tue, 15 Oct 2019 09:15:27 -0700 Received: from FMSEDG002.ED.cps.intel.com (10.1.192.134) by fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Tue, 15 Oct 2019 09:15:27 -0700 Received: from NAM04-SN1-obe.outbound.protection.outlook.com (104.47.44.55) by edgegateway.intel.com (192.55.55.69) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 15 Oct 2019 09:15:27 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NnEx0RDAYObw29G4ffnBw4Zpv+VUl3MQ+qh3YRB1ntb4Weomv/ZFlhXOrzPp22+pg5Us1atJ6LPGqBuoFtPnlWvMIW1UKbCdU2Gnqw6DDDQvuTmMrhEBII+7OEUXEwzzFFU1iaV3r5jBXQ0gommZqRp8fcOK3eWyeZsw0eKAZBxLRjdjmrJLONl3YoiDeXlF0FIILvgF1CD1d/TJlDljiW+tHbUbnRnPAlSAZ0BmNOoq30as9GcPuH6QXtGs6Gud8Jhno6JvQu5h0tgf/TmptNFJsy0uQxbuCIz7U0PAiq/zP0a3nvzfPvRXkxAbtqOwOD/O38hTS5EOFQIB++2uCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OzV2hD4N8fvS9eafKJhlZmVgrqPWgS+ihgqTSV0mG+8=; b=Us3hZyl9A3g/oXGtY1M1QK3wMSI6Th7P2uy4KJPmUhoqCOY0JJUwhN6I9VukGHsJKTrs+GFqztLGK3mrljLDkFn/axejr04ObDlYiELrqVwwG0Ry0rz44UKgm1Hm8r7HrMv6/YpKQmFeyjmckVKKQfgCMO8077jL/7xrLdQVopm5dT4Jkr32vWxSD0WgYseCzQoe4jg1oj0yp8DU3jWYqiwZKsw+9rnhQa8ggWyRNtvia04B6c4eInrMdWRgBTW6CKlQ4+/HqMxuDiNOZBGI9cUAe1WTseAI+XbKQQq0xIs81YeZcjWP00rI0IOgiWRIO12ESwgNOk2MKJ/rh75lcg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OzV2hD4N8fvS9eafKJhlZmVgrqPWgS+ihgqTSV0mG+8=; b=MKyv8dPElp8odYcBMAP43b89Bwj+0diMy2m45XzZWVo/dbNRmg3iIABtRGuROXWE9drHQMmFVHKCBZcVmvj3Po8r5NufGc7/r5dEK0ljnC77TGM0Z0B/BGVEyGoFmFtLNzrqw14JjLBgPJ/ZdIqNa6hyHOYu9C0jmo0uR3twcm8= Received: from DM6PR11MB3834.namprd11.prod.outlook.com (20.179.17.87) by DM6PR11MB3115.namprd11.prod.outlook.com (20.177.219.76) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.16; Tue, 15 Oct 2019 16:15:24 +0000 Received: from DM6PR11MB3834.namprd11.prod.outlook.com ([fe80::21f7:6d8d:919b:d755]) by DM6PR11MB3834.namprd11.prod.outlook.com ([fe80::21f7:6d8d:919b:d755%6]) with mapi id 15.20.2347.023; Tue, 15 Oct 2019 16:15:24 +0000 From: "Kubacki, Michael A" To: "Gao, Liming" , "devel@edk2.groups.io" CC: "Bi, Dandan" , Ard Biesheuvel , "Dong, Eric" , Laszlo Ersek , "Kinney, Michael D" , "Ni, Ray" , "Wang, Jian J" , "Wu, Hao A" , "Yao, Jiewen" Subject: Re: [PATCH V4 00/10] UEFI Variable SMI Reduction Thread-Topic: [PATCH V4 00/10] UEFI Variable SMI Reduction Thread-Index: AQHVgudgxIA7bJW0AkCqKtYHJx16MKda3uaggAECCmA= Date: Tue, 15 Oct 2019 16:15:24 +0000 Message-ID: References: <20191014233001.33024-1-michael.a.kubacki@intel.com> <4A89E2EF3DFEDB4C8BFDE51014F606A14E517150@SHSMSX104.ccr.corp.intel.com> In-Reply-To: <4A89E2EF3DFEDB4C8BFDE51014F606A14E517150@SHSMSX104.ccr.corp.intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows x-ctpclassification: CTP_NT x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZDM0MDA2Y2EtZWNkYi00MmIxLTkwNmMtMjYyZjBmN2VjMmM3IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiK2dSWmREZTN2emxUVHI5d0ZTTnRYck5US3E4OHRkYkx0TmdQQzlVSzcwa2MzU1wvaVZyeXY5T0ZRYW81RFFGY1UifQ== dlp-reaction: no-action dlp-version: 11.2.0.6 authentication-results: spf=none (sender IP is ) smtp.mailfrom=michael.a.kubacki@intel.com; x-originating-ip: [134.134.136.217] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 38c78c62-1f18-46a8-d472-08d7518ae273 x-ms-traffictypediagnostic: DM6PR11MB3115: x-ms-exchange-purlcount: 1 x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 01917B1794 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(376002)(366004)(346002)(39860400002)(396003)(136003)(199004)(189003)(13464003)(478600001)(6506007)(55016002)(6116002)(86362001)(446003)(6306002)(9686003)(2501003)(7736002)(2906002)(52536014)(476003)(305945005)(229853002)(3846002)(6436002)(11346002)(486006)(186003)(8936002)(54906003)(110136005)(99286004)(76176011)(26005)(102836004)(4326008)(53546011)(66066001)(8676002)(81156014)(81166006)(33656002)(107886003)(6246003)(7696005)(14444005)(256004)(71190400001)(71200400001)(76116006)(66946007)(966005)(64756008)(66476007)(66556008)(66446008)(14454004)(19627235002)(30864003)(25786009)(5660300002)(74316002)(316002)(44824005);DIR:OUT;SFP:1102;SCL:1;SRVR:DM6PR11MB3115;H:DM6PR11MB3834.namprd11.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 0ym3Zdt5oLA5C3c7KlHVCIDV9fOTm9RFOXbR3/r1XxIMnJenjrGZGkNMW1gybKro/qIcHj6kgu6BgnqdjAeN36LYKyVeI6m/3X38pnScM/3pP8g2jAi9NI6T7dhS9/E5wiy63BA/fEJozIA88FJQv9dceNR4fAfo1UTWn9VqyKm8im0TRkfF4sL0nEKK9WJ+N7kQvUjZqTksfdwwaAmdfZs9rrhsX/WpqW3xfKLcw9yJpSmBB7nu1pBdxD5xR79Uo5jNG++VBB/0xY22o9tAJRhxmINHBK3c/5V3TBe8Y0H2f5cQXss5UA1hXKtWHQT7o3hez8Bve4KIav3hpXEcz9dTA+nmJ754vRMOlm52yaWrrMgSudw/DfIr1SWSdpf89RH8FmnBP8I/CSy1cRQ4tej5BcKpEzdrtjS8ryNSFg30bOBW8BIcmto7+E9IXeVXZ0unBpKENorZvn9r83Pt4Q== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 38c78c62-1f18-46a8-d472-08d7518ae273 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Oct 2019 16:15:24.0874 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 4YRbdD4pcqCxlbp/4EALNXXwBJ368Ypy4Mm4iLF82YVUUcFPyVoblEVvBFUM5l1U324u0RB8yr+W/f+B5ICMrXwntrz1lEKAjEhB5hgc6gU= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB3115 Return-Path: michael.a.kubacki@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable That sounds good to me. Thanks, Michael > -----Original Message----- > From: Gao, Liming > Sent: Monday, October 14, 2019 5:50 PM > To: Kubacki, Michael A ; > devel@edk2.groups.io > Cc: Bi, Dandan ; Ard Biesheuvel > ; Dong, Eric ; Laszlo Ers= ek > ; Kinney, Michael D ; Ni, > Ray ; Wang, Jian J ; Wu, Hao A > ; Yao, Jiewen > Subject: RE: [PATCH V4 00/10] UEFI Variable SMI Reduction >=20 > Michael: > I add this feature into edk2-stable2019011 tag planning. Is it ok to yo= u? >=20 > Thanks > Liming > >-----Original Message----- > >From: Kubacki, Michael A > >Sent: Tuesday, October 15, 2019 7:30 AM > >To: devel@edk2.groups.io > >Cc: Bi, Dandan ; Ard Biesheuvel > >; Dong, Eric ; Laszlo > >Ersek ; Gao, Liming ; Kinney, > >Michael D ; Ni, Ray ; > >Wang, Jian J ; Wu, Hao A ; > >Yao, Jiewen > >Subject: [PATCH V4 00/10] UEFI Variable SMI Reduction > > > >REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D2220 > > > >V4 Changes: > > [PATCH V3 7/9] MdeModulePkg/Variable: Add RT GetVariable() cache > >support > > * Set > gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache > >to FALSE > > by default in MdeModulePkg.dec. > > > > * Added a new patch to set > >gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache > > to TRUE at the end of the patch series. This allows someone to > >bisect an issue at > > patch #7 or patch #8 in the series with no change in variable caching > behavior. > >The > > runtime cache variable logic would be applied explicitly in V4 patch = #10. > > > >V3 Changes: > > [PATCH V2 1/9] MdeModulePkg/Variable: Consolidate common parsing > >functions > > * Removed GUIDs added to VariableStandaloneMm.inf that are not > required. > > * Added more details to the commit message describing the criteria of > > moving the chosen functions to VariableParsing.c. > > > > [PATCH V2 2/9] MdeModulePkg/Variable: Parameterize > GetNextVariableEx() > >store list > > * RenamedGetNextVariableEx () to > >VariableServiceGetNextVariableInternal () > > * Updated comments in VariableServiceGetNextVariableInternal () to > >refer to > > "FindVariablEx ()" instead of "FindVariable ()" since FindVariableEx = () > > is not used in the function. > > > > [PATCH V2 3/9] MdeModulePkg/Variable: Parameterize > VARIABLE_INFO_ENTRY > >buffer > > * Updated the commit message to clarify the message "structure can be > >updated > > outside the fixed global variable". > > > > [edk2-devel] [PATCH V2 4/9] MdeModulePkg/Variable: Add local auth > >status in VariableParsing > > * Remove the function InitVariableParsing () > > * Remove the mAuthFormat global variable and instead add a BOOLEAN > >parameter > > to all functions that require variable authentication information to > > indicate if authenticated variables are used. > > * This allows the authenticated variable status to be tracked in one = place > in > > each variable driver in the SMM variable solution > (VariableSmmRuntimeDxe > > and VariableSmm). > > > > [edk2-devel] [PATCH V2 5/9] MdeModulePkg/Variable: Add a file for NV > >variable functions > > * Added the following non-volatile related functions to > VariableNonVolatile.c > > from Variable.c: > > * InitRealNonVolatileVariableStore () > > * InitEmuNonVolatileVariableStore () > > * InitNonVolatileVariableStore () > > > > [edk2-devel] [PATCH V2 7/9] MdeModulePkg/Variable: Add RT > >GetVariable() cache support > > * Added a FeaturePCD to control enabling the runtime variable cache - > > gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache. > > * Removed usage of the TimerLib and the wait to acquire > > mVariableRuntimeCacheReadLock. Can rely on the UEFI specification > > restrictions on Runtime Services callers. > > * Removed the EFIAPI keyword from internal functions. > > * Removed PCDs in VariableSmmRuntimeDxe.inf not required. > > * Removed the HobVariableBackupBase variable no longer required. > > * Renamed SynchronizeRuntimeVariableCacheEx () to better reflect usage. > > * Renamed functions in VariableRuntimeCache.c to better reflect usage. > > * Introduced a local variable in > FlushPendingRuntimeVariableCacheUpdates () > > to reduce duplication of > > mVariableModuleGlobal->VariableGlobal.VariableRuntimeCacheContext. > > * Corrected the macro used in SmmVariableHandler () to > > > SMM_VARIABLE_COMMUNICATE_RUNTIME_VARIABLE_CACHE_CONTEXT. > > * Remove usage of the > EDKII_PI_SMM_COMMUNICATION_REGION_TABLE > >to acquire a > > CommBuffer from the EFI System Table and use the same runtime > >CommBuffer > > allocated for variable SMM communicate calls. > > > > [PATCH V2 8/9] MdeModulePkg/Variable: Add RT GetNextVariableName() > >cache support > > * Removed usage of the TimerLib and the wait to acquire > > mVariableRuntimeCacheReadLock. Can rely on the UEFI specification > >restrictions > > on Runtime Services callers. > > > > * Added a new patch to disable > >gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache > > for all OvmfPkg package builds as requested by maintainer Laszlo Erse= k. > > > >V2 Changes: > > > >Patch #1 in V1 both moved functions to VariableParsing.c and modified > >some functionality in those functions. In V2, the functions are first > >moved and then functionality is modified in subsequent patches. This > >resulted in the following new patches in the V2 patch series: > > > > 1. MdeModulePkg/Variable: Parameterize GetNextVariableEx() store list > > 2. MdeModulePkg/Variable: Parameterize VARIABLE_INFO_ENTRY buffer > 3. > > MdeModulePkg/Variable: Add local auth status in VariableParsing 4. > > MdeModulePkg/Variable: Add a file for NV variable functions > > > >Apart from this refactor in the patches, no functionally impacting > >changes were made. > > > >Overview > >--------- > >This patch series reduces SMM usage when using VariableSmmRuntimeDxe > >with VariableSmm. It does so by eliminating SMM usage for runtime > >service GetVariable () and GetNextVariableName () invocations. Most > >UEFI variable usage in typical systems after the variable store is > >initialized (e.g. manufacturing boots) is due to GetVariable ( ) and > >GetNextVariableName () not SetVariable (). GetVariable () calls can > >regularly exceed 100 per boot while SetVariable () calls typically > >remain less than 10 per boot. By focusing on the common case, the > >majority of overhead associated with SMM can be avoided while still > >using existing and proven code for operations such as variable > >authentication that require an isolated execution environment. > > > > * Advantage: Reduces overall system SMM usage > > * Disadvantage: Requires more Runtime data memory usage > > > >The runtime cache behavior described for this patch series is enabled > >by default but can be disabled with a new FeaturePCD added to > >MdeModulePkg.dec: > > gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache > > > >The reaminder of this blurb describes the changes and behavior when the > >PCD is set to TRUE. > > > >Initial Performance Observations > >--------------------------------- > > * With these proposed changes, an Intel Atom based SoC saw GetVariable > ( ) > > time for an existing variable reduce from ~220us to ~5us. > > > >Major Changes > >-------------- > > 1. Two UEFI variable caches will be maintained. > > a. "Runtime Cache" - Maintained in VariableSmmRuntimeDxe. Used to > >serve > > runtime service GetVariable () and GetNextVariableName () calle= rs. > > b. "SMM cache" - Maintained in VariableSmm to service SMM > GetVariable () > > and GetNextVariableName () callers. > > i. A cache in SMRAM is retained so SMM modules do not operate o= n > data > > outside SMRAM. > > 2. A new UEFI variable read and write flow will be used as described be= low. > > > >At any given time, the two caches would be coherent. On a variable > >write, the runtime cache is only updated after validation in SMM and, > >in the case of a non-volatile UEFI variable, the variable must also be > >successfully written to non-volatile storage. > > > >Prior RFC Feedback Addressed > >----------------------------- > >RFC sent Sept. 5, 2019: https://edk2.groups.io/g/devel/message/46939 > > > >1. UEFI variable data retrieval from a ring 0 buffer > > > > A common concern with this proposed set of changes is the potential > >security > > threat presented by serving runtime services callers from a ring 0 me= mory > > buffer of EfiRuntimeServicesData type. The conclusion was that this > change > > does not fundamentally alter the attack surface. The UEFI variable > Runtime > > Services are invoked from ring 0 and the data already travels through= ring > > 0 buffers (such as the SMM communicate buffer) to reach the caller. E= ven > > today if ring 0 is assumed to be malicious, the malicious code may ke= ep > one > > AP in a loop to monitor the communication data, when the BSP gets an > > (authenticated) variable. When the communication buffer is updated > >and the > > status is set to EFI_SUCCESS, the AP may modify the communication > buffer > > contents such the tampered data is returned to the BSP caller. Or an > > interrupt handler on the BSP may alter the communication buffer > contents > > before the data is returned to the caller. In summary, this was not f= ound > to > > introduce any attack not possible today. > > > >2. VarCheckLib impact > > > > VarCheckLib plays a role in SetVariable () calls. This patch series o= nly > > changes GetVariable () behavior. Therefore, VarCheckLib is expected t= o > > have no impact due to these changes. > > > >Testing Performed > >------------------ > >This code was tested with the master branch of edk2 on an Intel Kaby > >Lake U and Intel Whiskey Lake U reference validation platform. The set > >of tests performed included: > > > >1. Boot from S5 to Windows 10 OS with SMM variables enabled and > > the variable runtime cache enabled. > >2. Boot from S5 to Ubuntu 18.04.1 LTS with SMM variable enabled > > and the variable runtime cache enabled. > >3. Boot from S5 to Windows 10 OS with SMM variables enabled and > > the variable runtime cache disabled. > >4. Boot from S5 to Ubuntu 18.04.1 LTS with SMM variable enabled > > and the variable runtime cache disabled. > >5. Boot from S5 to EFI shell with DXE variables enabled. > > (commit 2de1f611be broke OvmfPkgIa32X64 boot regardless of > > this patch series; testing without this commit was successful) 6. > >Dump UEFI variable store at shell with dmpstore to verify contents. > >7. Dump NvStorage FV from SPI flash after boot to verify contents writt= en. > >8. Dump UEFI variable statistics with VariableInfo at shell. > >9. Boot with emulated variables enabled. > >10. Cycles of adding and deleting a UEFI variable to verify cache correc= tness. > >11. Set OsIndications to stop at FW UI to verify cache load of non-volat= ile > > contents. > > > >Why Keep SMM on Variable Writes > >-------------------------------- > > * SMM provides a ubiquitous isolated execution environment in x86 for > > authenticated UEFI variables. > > * BIOS region SPI flash write restrictions to SMM in platforms today ca= n > > be retained. > > > >Today's UEFI Variable Cache (for reference) > >-------------------------------------------- > > * Maintained in SMRAM via VariableSmm. > > * A "write-through" cache of variable data in the form of a UEFI variab= le > > store. > > * Non-volatile and volatile variables are maintained in separate > >buffers > > (variable stores). > > > >Runtime & SMM Cache Coherency > >------------------------------ > >The non-volatile cache should always accurately reflect non-volatile > >storage contents (done today) and the "SMM cache" and "Runtime cache" > >should always be coherent on access. The runtime cache is updated by > >VariableSmm. > > > >Updating both caches from within a SMM SetVariable () operation is > >fairly straightforward but a race condition can occur if an SMI occurs > >during the execution of runtime code reading from the runtime cache. To > >handle this case, a runtime cache read lock is introduced that > >explicitly moves pending updates from SMM to the runtime cache if an > >SMM update occurs while the runtime cache is locked. Note that it is > >not expected a Runtime services call will interrupt SMM processing > >since all CPU cores rendezvous in SMM. > > > >New Key Elements for Coherence > >------------------------------- > >Runtime DXE (VariableSmmRuntimeDxe) > > 1. RuntimeCacheReadLock - A global lock used to lock read access to the > > runtime cache. > > 2. RuntimeCachePendingUpdate - A global flag used to notify runtime > >code of a > > pending cache update in SMM. > > > >SMM (VariableSmm) > > 1. FlushRuntimeCachePendingUpdate SMI - A SW SMI handler that > >synchronizes > > the runtime cache buffer with t= he SMM > > cache buffer. > > > >Proposed Runtime DXE Read Flow > >------------------------------- > > 1. Acquire RuntimeCacheReadLock > > 2. If RuntimeCachePendingUpdate flag (rare) is set then: > > 2.a. Trigger FlushRuntimeCachePendingUpdate SMI > > 2.b. Verify RuntimeCachePendingUpdate flag is cleared 3. Perform > >read from RuntimeCache 4. Release RuntimeCacheReadLock > > > >Proposed FlushRuntimeCachePendingUpdate SMI > >-------------------------------------------- > > 1. If RuntimeCachePendingUpdate flag is not set: > > 1.a. Return > > 2. Copy the data at RuntimeCachePendingOffset of > >RuntimeCachePendingLength to > > RuntimeCache > > 3. Clear the RuntimeCachePendingUpdate flag > > > >Proposed SMM Write Flow > >------------------------ > > 1. Perform variable authentication and non-volatile write. If either fa= il, > > return an error to the caller. > > 2. If RuntimeCacheReadLock is set then: > > 2.a. Set RuntimeCachePendingUpdate flag > > 2.b. Update RuntimeCachePendingOffset and > >RuntimeCachePendingLength to > > cover the a superset of the pending chunk (for simplicity, the > > entire variable store is currently synchronized). > >3. Else: > > 3.a. Update RuntimeCache > >4. Update SmmCache > > - Note: RT read cannot occur during SMI processing since all cores = are > > locked in SMM. > > > >Cc: Dandan Bi > >Cc: Ard Biesheuvel > >Cc: Eric Dong > >Cc: Laszlo Ersek > >Cc: Liming Gao > >Cc: Michael D Kinney > >Cc: Ray Ni > >Cc: Jian J Wang > >Cc: Hao A Wu > >Cc: Jiewen Yao > >Signed-off-by: Michael Kubacki > > > >Michael Kubacki (10): > > MdeModulePkg/Variable: Consolidate common parsing functions > > MdeModulePkg/Variable: Parameterize GetNextVariableInternal () stores > > MdeModulePkg/Variable: Parameterize VARIABLE_INFO_ENTRY buffer > > MdeModulePkg/Variable: Parameterize auth status in VariableParsing > > MdeModulePkg/Variable: Add a file for NV variable functions > > MdeModulePkg VariableInfo: Always consider RT DXE and SMM stats > > MdeModulePkg/Variable: Add RT GetVariable() cache support > > MdeModulePkg/Variable: Add RT GetNextVariableName() cache support > > OvmfPkg: Disable variable runtime cache > > MdeModulePkg: Enable variable runtime cache by default > > > > MdeModulePkg/MdeModulePkg.dec | = 12 + > > OvmfPkg/OvmfPkgIa32.dsc | = 1 + > > OvmfPkg/OvmfPkgIa32X64.dsc | = 1 + > > OvmfPkg/OvmfPkgX64.dsc | = 1 + > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf > | > >6 + > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | > 6 > >+ > > > >MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDx > e.i > >nf | 20 +- > > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf > >| 6 + > > MdeModulePkg/Include/Guid/SmmVariableCommon.h | = 29 +- > > MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h | = 151 > +-- > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableNonVolatile.h > | > >67 + > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableParsing.h | > 347 > >+++++ > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeCache.h > >| 51 + > > MdeModulePkg/Application/VariableInfo/VariableInfo.c | = 37 +- > > MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | = 1373 > >++++---------------- > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableExLib.c | > 24 > >+- > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableNonVolatile.c > | > >334 +++++ > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableParsing.c | > 786 > >+++++++++++ > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeCache.c > >| 153 +++ > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | > 120 > >+- > > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe. > c > >| 655 +++++++++- > > 21 files changed, 2851 insertions(+), 1329 deletions(-) create mode > >100644 > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableNonVolatile.h > > create mode 100644 > >MdeModulePkg/Universal/Variable/RuntimeDxe/VariableParsing.h > > create mode 100644 > >MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeCache.h > > create mode 100644 > >MdeModulePkg/Universal/Variable/RuntimeDxe/VariableNonVolatile.c > > create mode 100644 > >MdeModulePkg/Universal/Variable/RuntimeDxe/VariableParsing.c > > create mode 100644 > >MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeCache.c > > > >-- > >2.16.2.windows.1 >=20