From: "Zhou, Jianfeng" <jianfeng.zhou@intel.com>
To: Pedro Falcato <pedro.falcato@gmail.com>
Cc: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"lersek@redhat.com" <lersek@redhat.com>,
"Tan, Dun" <dun.tan@intel.com>, "Ni, Ray" <ray.ni@intel.com>,
"Kumar, Rahul R" <rahul.r.kumar@intel.com>,
Gerd Hoffmann <kraxel@redhat.com>
Subject: Re: [edk2-devel] [PATCH 1/3] UefiCpuPkg: Reduce and optimize access to attribute
Date: Wed, 7 Feb 2024 01:57:44 +0000 [thread overview]
Message-ID: <PH7PR11MB66735BB9FB624308665D7B8EEF452@PH7PR11MB6673.namprd11.prod.outlook.com> (raw)
In-Reply-To: <CAKbZUD3tYm9hAU1MgBXrCgjd2db++0CZOecpYhaR_QBAEAzpAQ@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 3683 bytes --]
Hi Pedro,
>> AFAIK, it's not allowed as IIRC APs cannot run arbitrary EFI boot services code.
[Zhou] The scenario I mentioned/The case we hit is during BIOS boot, not software after EndOfBootService.
>> 1) Your fix is not correct. The compiler can tear your store, you need to use a volatile store for this.
[Zhou] Assembly code of function PageTableLibSetPnle attached. The code is expected.
Can't get "need to use a volatile store for this", would you please share more detail about it?
>> 2) What kind of page table manipulation is happening while APs are running code, and does this mean you need a TLB shootdown mechanism?
[Zhou] a) happened while split 2M Page to 4K to make full use of memory: it is long story.
Anyway, the bit operation code is unexpected, and my change is harmless.
b) my understanding, TLB shootdown mechanism not suitable for this case. It's too late to "shootdown". AP might exception before "shootdown"
One more extreme scenario, the code " Pnle->Bits.Present = Attribute->Bits.Present " happened to be mapped by Pnle, it will lead to exception even in one processor case. Just mentioning, please ignore this scenario as it is hard to verify.
Thanks & Regards,
Zhou Jianfeng
-----Original Message-----
From: Pedro Falcato <pedro.falcato@gmail.com>
Sent: Wednesday, February 7, 2024 9:05 AM
To: Zhou, Jianfeng <jianfeng.zhou@intel.com>
Cc: devel@edk2.groups.io; lersek@redhat.com; Tan, Dun <dun.tan@intel.com>; Ni, Ray <ray.ni@intel.com>; Kumar, Rahul R <rahul.r.kumar@intel.com>; Gerd Hoffmann <kraxel@redhat.com>
Subject: Re: [edk2-devel] [PATCH 1/3] UefiCpuPkg: Reduce and optimize access to attribute
On Wed, Feb 7, 2024 at 12:47 AM Zhou, Jianfeng <jianfeng.zhou@intel.com> wrote:
>
> Hi Laszlo, Pedro,
>
> Clarify one thing, this change is not for racing introduced by MP reading/writing to the same page table at the same time, but for unexpected behavior introduced by compiler.
> As my understanding, MP reading/writing to the same page table at the same time is not recommended, perhaps, it is not allowed.
AFAIK, it's not allowed as IIRC APs cannot run arbitrary EFI boot services code.
>
> For bit operation code, such as Pnle->Bits.Present = Attribute->Bits.Present, we might think it is atomic assignment, while not. The assembly code looks like:
> and dword [rcx], 0xfffffffe
> and eax, 0x1
> or [rcx], eax
> In case Pnle->Bits.Present = 1, Attribute->Bits.Present = 1, we might think it is harmless, as the value not changed. While actually,
> and dword [rcx], 0xfffffffe // the present bit set to 0 ---- this is unexpected !!!!! we don’t want the present bit set to 0!
> and eax, 0x1
> or [rcx], eax // the present bit set to right value 1
>
> Let's consider such a MP scenario:
> 1) one processor executing instruction "and dword [rcx], 0xfffffffe"
> 2) other processors happened to access the memory mapped by Pnle, it may lead to exception.
I understand your original problem, but:
1) Your fix is not correct. The compiler can tear your store, you need to use a volatile store for this.
2) What kind of page table manipulation is happening while APs are running code, and does this mean you need a TLB shootdown mechanism?
--
Pedro
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115257): https://edk2.groups.io/g/devel/message/115257
Mute This Topic: https://groups.io/mt/104176232/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #2: PageTableLibSetPnle.s --]
[-- Type: application/octet-stream, Size: 1207 bytes --]
0x7FD42994 PageTableLibSetPnle: test byte [r8], 0x1
0x7FD42998 mov r10, [rcx]
0x7FD4299B mov [rsp+0x8], r10
0x7FD429A0 mov r9d, r10d
0x7FD429A3 jz 0x7fd429b0
0x7FD429A5 mov eax, [rdx]
0x7FD429A7 xor eax, r10d
0x7FD429AA and eax, 0x1
0x7FD429AD xor r9d, eax
0x7FD429B0 test byte [r8], 0x2
0x7FD429B4 jz 0x7fd429c1
0x7FD429B6 mov eax, [rdx]
0x7FD429B8 xor eax, r9d
0x7FD429BB and eax, 0x2
0x7FD429BE xor r9d, eax
0x7FD429C1 test byte [r8], 0x4
0x7FD429C5 jz 0x7fd429d2
0x7FD429C7 mov eax, [rdx]
0x7FD429C9 xor eax, r9d
0x7FD429CC and eax, 0x4
0x7FD429CF xor r9d, eax
0x7FD429D2 cmp dword [r8+0x4], 0x80000000
0x7FD429DA jb 0x7fd429ee
0x7FD429DC mov eax, [rdx+0x4]
0x7FD429DF xor eax, [rsp+0xc]
0x7FD429E3 btr eax, 0x1f
0x7FD429E7 xor eax, [rdx+0x4]
0x7FD429EA mov [rsp+0xc], eax
0x7FD429EE and r9d, 0xffffff47
0x7FD429F5 mov [rsp+0x8], r9d ###
0x7FD429FA mov rax, [rsp+0x8] ###
0x7FD429FF cmp r10, rax ### if (Pnle->Uint64 != LocalPnle.Uint64)
0x7FD42A02 jz 0x7fd42a07
0x7FD42A04 mov [rcx], rax ### Pnle->Uint64 = LocalPnle.Uint64
0x7FD42A07 ret
next prev parent reply other threads:[~2024-02-07 21:10 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-05 14:03 [edk2-devel] [PATCH 0/3] Fix potential issue in CpuPageTableLib and SMM page table initialization duntan
2024-02-05 14:03 ` [edk2-devel] [PATCH 1/3] UefiCpuPkg: Reduce and optimize access to attribute duntan
2024-02-06 1:20 ` Ni, Ray
2024-02-06 13:32 ` Laszlo Ersek
2024-02-06 15:02 ` Ni, Ray
2024-02-06 17:34 ` Pedro Falcato
2024-02-07 0:47 ` Zhou, Jianfeng
2024-02-07 1:05 ` Pedro Falcato
2024-02-07 1:57 ` Zhou, Jianfeng [this message]
2024-02-07 17:52 ` Pedro Falcato
2024-02-07 20:42 ` Laszlo Ersek
2024-02-08 2:29 ` Zhou, Jianfeng
2024-02-07 20:33 ` Laszlo Ersek
2024-02-07 20:17 ` Laszlo Ersek
2024-02-05 14:03 ` [edk2-devel] [PATCH 2/3] UefiCpuPkg: Add more Paging mode enumeration duntan
2024-02-06 1:21 ` Ni, Ray
2024-02-05 14:03 ` [edk2-devel] [PATCH 3/3] UefiCpuPkg/PiSmmCpuDxeSmm:Map SMRAM in 4K page granularity duntan
2024-02-06 1:23 ` Ni, Ray
2024-02-06 13:33 ` Laszlo Ersek
2024-02-06 1:48 ` [edk2-devel] [PATCH 0/3] Fix potential issue in CpuPageTableLib and SMM page table initialization Ni, Ray
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=PH7PR11MB66735BB9FB624308665D7B8EEF452@PH7PR11MB6673.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox