From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 6D25E8038F for ; Thu, 9 Mar 2017 09:19:18 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx16.intmail.prod.int.phx2.redhat.com [10.5.11.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 033B25144F; Thu, 9 Mar 2017 17:19:19 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-228.phx2.redhat.com [10.3.116.228]) by smtp.corp.redhat.com (Postfix) with ESMTP id E92452D653; Thu, 9 Mar 2017 17:19:17 +0000 (UTC) To: Leif Lindholm References: <20170308190511.31195-1-lersek@redhat.com> <2936c55e-ac00-6595-95a8-d8cfdbd83cb8@redhat.com> <886a23a6-2090-9a74-7672-e86b0d1224be@redhat.com> <20170309170022.GI16034@bivouac.eciton.net> Cc: Ard Biesheuvel , edk2-devel-01 From: Laszlo Ersek Message-ID: Date: Thu, 9 Mar 2017 18:19:15 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <20170309170022.GI16034@bivouac.eciton.net> X-Scanned-By: MIMEDefang 2.74 on 10.5.11.28 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Thu, 09 Mar 2017 17:19:19 +0000 (UTC) Subject: Re: [PATCH 0/6] ArmVirtPkg: don't forward the DT to the OS if QEMU provides ACPI X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Mar 2017 17:19:18 -0000 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit On 03/09/17 18:00, Leif Lindholm wrote: > Hi Laszlo, > > Apologies, I didn't ignore this set, I just missed it No wonder you missed it, I didn't CC you on it :) I wondered if I should. In general I don't want to increase other people's email load, and you aren't (yet?) listed as an ArmVirtPkg co-maintainer, so I didn't CC you in the end. > (and felt Ard's > set was a clean solution to this behaviour change). It is a simple solution, yes; I think its simplicity is deceptive though, to an extent. To me, ReadyToBoot callbacks are a last resort. If you grep the UEFI spec for EFI_EVENT_GROUP_READY_TO_BOOT, among other locations, you find 34.1.1 User Identify [...] When the UEFI Boot Manager signals the EFI_EVENT_GROUP_READY_TO_BOOT event group, the User Identity Manager publishes the current user profile information in the EFI System Configuration Table. [...] The rest of the language is irrelevant here; my point is that there is "prior art" for installing sysconfig tables at Ready To Boot. That's entirely fine. What worries me is that the dependency we evaluate in the callback is *generally* something that could be satisfied by *another* Ready To Boot callback, and the ordering between those is unspecified. Given the current platform, this is not a real issue in practice (we don't install any of our ACPI tables at Ready To Boot), which is why I'm open to Ard's solution. I just want us to be aware of this risk. > > A few comments below. > > On Thu, Mar 09, 2017 at 04:30:19PM +0100, Laszlo Ersek wrote: >> On 03/09/17 13:26, Ard Biesheuvel wrote: >>>>> Hi Laszlo, >>>>> >>>>> This looks complicated to me. Given that it is arguably a policy to >>>>> only expose on h/w description or the other, couldn't we simply remove >>>>> the FDT config table in BDS if an ACPI/ACPI2.0 config table is >>>>> present? >>>> >>>> Technically we could do that, but I dislike it for two reasons: >>>> >>>> - BDS is often the first victim found when looking for a driver to add >>>> new code to that doesn't seem to fit very well elsewhere. That doesn't >>>> make BDS any better a recipient, however. "For lack of a better driver" >>>> is not a strong enough argument to dump code into BDS. If there's really >>>> no better "topical" driver, then the code usually goes to PlatformDxe. >>>> >>>> - Installing a sysconfig table (or any other system-wide resource) in >>>> one driver, then undoing it in another driver, should be avoided as much >>>> as possible, because it leads to non-trivial lifecycles and boggles our >>>> minds over the longer term. If we can come to a decision that the table >>>> shouldn't be installed in the first place, we should pursue that. >>>> >>>> Another approach we could look into is: move the installation of the >>>> sysconfig table from FdtClientDxe to AcpiPlatformDxe. Look for the ACPI >>>> payload first, and fall back to installing DT (from within >>>> AcpiPlatformDxe). However, DT should be installed even in builds (like >>>> ARM32) that don't contain AcpiPlatformDxe at all. >>>> >>> >>> Or we could hook to the ReadyToBoot event in FdtClientDxe, and install >>> the DT config table if there is no ACPI/ACPI2.0 table registered. >> >> Yes, that's doable in our case, because we control the full platform. >> >> Installing tables (any kinds of tables) in ReadyToBoot and similar event >> handlers is generally a bad idea, because everyone thinks, "okay I'll >> wait until the rest of the system is done setting up, and I'll just add >> my stuff afterwards". Obviously, this results in much of the logic being >> simply moved to such event callbacks, and the invocation order of >> callbacks remains unspecified. >> >> In more precise terms, if the ACPI tables too were installed in a >> ReadyToBoot callback, your suggestion above would not work. And our ACPI >> tables are not installed in a ReadyToBoot callback partly because I >> ultimately introduced a separate event group for "PCI bridges have been >> connected", and we signal it now explicitly from BDS (device connections >> are BDS jurisdiction, and QEMU's ACPI generation depends on PCI state). > > All you say above is clearly correct. > But I am still not clear on why this is a problem. > This is a _very_ specific case, that applies only to virtual machines > (which we are in complete control of). Yes, the "complete control of the platform" argument is not lost on me. > > For hardware platforms wanting the ability to switch between different > hardware description types, as we discussed, we need a configuration > setting based on a dynamic Pcd or environment variable - so they won't > need to wait until the end. > >> I just want to point out that we have a kind of "capital" here. By >> carefully coding stuff we build capital, and by hooking stuff into >> ReadyToBoot callbacks we spend (hopefully not "squander") that capital. > > I fully agree with this as a strong default position. But I am > suggesting that in this case, the callback sort order genuinely does > not matter for this feature. At which point I prefer the simpler > solution of Ard's set. Yes, that's a valid argument. > > That said, there are two maintainers of ArmVirtPkg, and I'm neither of > them :) > >> Originally, the APM Mustang firmware (open source, so I can talk about >> it) would first install ACPI tables with constant, platform-tailored >> contents (built from *.asl / *.aslc files), but reusing the stock >> AcpiPlatformDxe C code without customization. Then it would install a >> ReadyToBoot callback which looked up the right DSDT or SSDT, by walking >> the table tree manually, and then it would poke data into the installed >> table (DSDT or SSDT) in-place, using the ACPI SDT protocol. >> >> Of course it was completely bogus and unreliable, and I changed the >> constant table to contain external references, and I provided those >> external references in a minimal, hand- and runtime- built SSDT, right >> in AcpiPlatformDxe. >> >> I'm not trying to carefully compose a strawman argument here, just >> presenting why I'm nervous about ReadyToBoot callbacks that try to rely >> on ordering between system-wide resources. >> >> >> Also, please don't forget about the other (current) consumer of the >> feature PCD, ArmVirtPL031FdtClientLib, which is plugged into >> RealTimeClockRuntimeDxe. How do you suggest to rewrite the PCD test in >> that driver under the ReadyToBoot callback scenario? >> >> RealTimeClockRuntimeDxe's dispatch order is unspecified relative to the >> installation of ACPI tables, so you couldn't look at the latter's >> presence to see if the DTB needs an update. (In fact, because >> AcpiPlatformDxe's main actions are cued in from BDS in practice, the >> tables would be guaranteed not to exist when RealTimeClockRuntimeDxe looks.) >> >> So ArmVirtPL031FdtClientLib would have to install another ReadyToBoot >> callback for modifying the DTB. And this callback could be invoked >> before or after the callback to FdtClientDxe. (I guess it would be okay, >> but not very intuitive.) > > (I think Ard's resolution of this, in 1/3, could be applied regardless > of method picked for the overall changeset.) I think I'm less opposed to Ard's solution than he is opposed to mine, so I guess we should roll with Ard's upcoming v2 (as long as he agrees to own any future fallout due to ReadyToBoot ordering) :) Thanks Laszlo > > Regards, > > Leif > >>>> This series indeed turned out a bit more complex than I had expected, >>>> but it was the one I could post with a good conscience. Can you perhaps >>>> identify the part(s) in more detail that seem overly complex to you? >>>> >>> >>> Building the same library in two different ways, having to call a >>> library constructor explicitly in some cases and muck about with TPL >>> levels to prevent a protocol notify from triggering are all things I >>> would really like to avoid tbh >> >> Alright; can you please post the alternative patch set? (With the >> ReadyToBoot callback(s), that is, not the BDS hack.) >> >> Thanks! >> Laszlo >> _______________________________________________ >> edk2-devel mailing list >> edk2-devel@lists.01.org >> https://lists.01.org/mailman/listinfo/edk2-devel