[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-4.17] x86/efi: don't translate EFI memory map MMIO regions to e820 RESERVED

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Tue, 4 Oct 2022 15:55:39 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FYSnlllqaL3Sw6jUTiMk8Dpoap57tZWhKEnvmSz0SGU=; b=C04Vg3SFPo4qtY276Ydkh0VCMF4dn3j7Rg60rGeuycjKmgDwyelW6NYauJOcC7q/QCnU1O4U38HiyfTIQrnnslZspXAnCzzId/2BvZnbAFj82ezaQX67fXK8NeBT7Dsp1npF7PF+d6iUN2qJ2aaOXMUGPuh8FXzv3QwsSrk9mNyZh6IEH+I0TqT9vzmfyHy3Uch0InQ2ID84JzvMl11doaC0/KJGcQriFPP9utoR3NPkWnsIWKKi9Kp/M6bFsOLHbEVXH0/DiFgeXtPrITXii2hrTvVeH/3jwWKHaeJxY+RF29S6K7MLQLOjfVTPsuu+w2yL1ndTB1NTD2EQX6TXTQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FKxmS9myChunW0/pdmuytCF0nzPs9VVvxOArGSieF5R4clYAqMoWjHis6lALYrEDL+iKpBcl7zaTWYnveNlDTE+DCh27BtEuMK+9KUqwix1A5hObSRFQAarFj6AbDvkG6FLgbq2l8JAwsGfMxpC4ROfnEudjJ/CFq2jppOYYrBV6x6x1VS52UrWFnq/p7yYvKiClXEsBVueKX4yEh7CAtiuBMEixVItdNyQw/decdGulK6Ut4AnZulfDTvc387TOW3nT5Gc7DbIDcXUYcxA9QSTtFw4f3rXBkOeqEyCX8da9I6uRlJMgBaOMjzh7B95kbZ1DEm0bbiwa1lD6QVNB7A==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Tue, 04 Oct 2022 13:56:27 +0000
  • Ironport-data: A9a23:qhZuma4T+l5yuck74BjcSQxRtCLGchMFZxGqfqrLsTDasY5as4F+v jFMDW2GPa7fM2Dzed5+Otjj/EpXupeHzdRlTwQ5+yFnHi5G8cbLO4+Ufxz6V8+wwm8vb2o8t plDNYOQRCwQZiWBzvt4GuG59RGQ7YnRGvymTras1hlZHWdMUD0mhQ9oh9k3i4tphcnRKw6Ws Jb5rta31GWNglaYCUpJrfPewP9TlK6q4mlB5gRiPasjUGL2zBH5MrpOfcldEFOgKmVkNrbSb /rOyri/4lTY838FYj9yuu+mGqGiaue60Tmm0hK6aYD76vRxjnVaPpIAHOgdcS9qZwChxLid/ jnvWauYEm/FNoWU8AgUvoIx/ytWZcWq85efSZSzXFD6I+QrvBIAzt03ZHzaM7H09c5HC111y ewqdQwUYxal2sfmzJGfbrJF05FLwMnDZOvzu1lG5BSAVbMDfsqGRK/Ho9hFwD03m8ZCW+7EY NYUYiZuaxKGZABTPlAQC9Q1m+LAanvXKmUE7g7K4/dqpTGLl2Sd05C0WDbRUsaNSshP2F6Ru 0rN/njjAwFcP9uaodaA2iL1276XwX2mMG4UPJvmrKdHhVSw/Wc4FU0ycEK5i9yk1mfrDrqzL GRRoELCt5Ma9kamU938VB2Qu2Ofs1gXXN84O/I+wBGAzOzT+QnxLngJSHtNZcIrsOcyRCc2z RmZktXxHzttvbaJD3WH+d+pQSiaPCEUKSoHenUCRA5cu937+thr1VTIU8ppF7OzgpvtAzbsz juWrS84wbIOkcoM0Kb99lfC696xmqX0oscOzl2/dgqYAslRPdLNi1CAgbQD0ct9EQ==
  • Ironport-hdrordr: A9a23:NecAOK6plCC0IhbR9wPXwVOBI+orL9Y04lQ7vn2ZFiY5TiXIra qTdaogviMc6Ax/ZJjvo6HkBEClewKlyXcT2/hrAV7CZniehILMFu1fBOTZowEIdxeOldK1kJ 0QCZSWa+eAcmSS7/yKhzVQeuxIqLfnzEnrv5a5854Ed3AXV0gK1XYcNu/0KDwVeOEQbqBJaa Z0q/A30QaISDAyVICWF3MFV+/Mq5nik4/nWwcPA1oC5BOVhT2lxbbmG1zAty1uGw9n8PMHyy zoggb57qKsv7WSzQLd7Xba69BzlMH6wtVOKcSQgow+KynqiCyveIN9Mofy9QwdkaWK0hIHgd PMqxAvM4Ba7G7QRHi8pV/X1wzpwF8Vmgrf4G7dpUGmjd3yRTo8BcYEr5leaAHl500pu8w5+L 5X3kqC3qAnQS/orWDY3ZzlRhtqnk27rT4JiugIlUFSVoMYdft4sZEfxkVIC50NdRiKpbzPKN MeQv002cwmMG9zNxvizylSKZ2XLz4O9y69Mwc/Upf/6UkUoJh7p3FotvD30E1wtq7VcKM0l9 gsAp4Y6o2mcfVmHJ6VJN1xNfdfWVa9Ni7kASa1HWnNMp0hFjbkl6PXiY9Fl91CPqZ4h6cPpA ==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Tue, Oct 04, 2022 at 03:15:02PM +0200, Jan Beulich wrote:
> On 04.10.2022 14:59, Roger Pau Monné wrote:
> > On Tue, Oct 04, 2022 at 02:21:20PM +0200, Jan Beulich wrote:
> >> On 04.10.2022 14:17, Roger Pau Monné wrote:
> >>> On Tue, Oct 04, 2022 at 12:40:10PM +0200, Jan Beulich wrote:
> >>>> On 04.10.2022 11:27, Roger Pau Monné wrote:
> >>>>> On Tue, Oct 04, 2022 at 11:01:18AM +0200, Jan Beulich wrote:
> >>>>>> On 30.09.2022 16:17, Roger Pau Monne wrote:
> >>>>>>> The EFI memory map contains two memory types (EfiMemoryMappedIO and
> >>>>>>> EfiMemoryMappedIOPortSpace) used to describe IO memory areas of
> >>>>>>> devices used by EFI.
> >>>>>>>
> >>>>>>> The current parsing of the EFI memory map was translating
> >>>>>>> EfiMemoryMappedIO and EfiMemoryMappedIOPortSpace to E820_RESERVED on
> >>>>>>> x86.  This is an issue because device MMIO regions (BARs) should not
> >>>>>>> be positioned on reserved regions.  Any BARs positioned on non-hole
> >>>>>>> areas of the memory map will cause is_memory_hole() to return false,
> >>>>>>> which would then cause memory decoding to be disabled for such device.
> >>>>>>> This leads to EFI firmware malfunctions when using runtime services.
> >>>>>>>
> >>>>>>> The system under which this was observed has:
> >>>>>>>
> >>>>>>> EFI memory map:
> >>>>>>> [...]
> >>>>>>>  00000fd000000-00000fe7fffff type=11 attr=800000000000100d
> >>>>>>> [...]
> >>>>>>> 0000:00:1f.5 disabled: BAR [0xfe010, 0xfe010] overlaps with memory map
> >>>>>>>
> >>>>>>> The device behind this BAR is:
> >>>>>>>
> >>>>>>> 00:1f.5 Serial bus controller [0c80]: Intel Corporation Lewisburg SPI 
> >>>>>>> Controller (rev 09)
> >>>>>>>       Subsystem: Super Micro Computer Inc Device 091c
> >>>>>>>       Flags: fast devsel
> >>>>>>>       Memory at fe010000 (32-bit, non-prefetchable) [size=4K]well
> >>>>>>>
> >>>>>>> For the record, the symptom observed in that machine was a hard freeze
> >>>>>>> when attempting to set an EFI variable (XEN_EFI_set_variable).
> >>>>>>>
> >>>>>>> Fix by not adding regions with type EfiMemoryMappedIO or
> >>>>>>> EfiMemoryMappedIOPortSpace to the e820 memory map, that allows BARs to
> >>>>>>> be positioned there.
> >>>>>>>
> >>>>>>> Fixes: 75cc460a1b ('xen/pci: detect when BARs are not suitably 
> >>>>>>> positioned')
> >>>>>>> Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> >>>>>>
> >>>>>> In the best case this is moving us from one way of being wrong to 
> >>>>>> another:
> >>>>>> So far we wrongly include BARs in E820_RESERVED (_if_ they can be
> >>>>>> legitimately covered by a EfiMemoryMappedIO region in the first place,
> >>>>>> which I'm not sure is actually permitted - iirc just like E820_RESERVED
> >>>>>> may not be used for BARs, this memory type also may not be), whereas 
> >>>>>> with
> >>>>>> your change we would no longer report non-BAR MMIO space (chipset 
> >>>>>> specific
> >>>>>> ranges for example) as reserved. In fact I think the example you 
> >>>>>> provide
> >>>>>> is at least partly due to bogus firmware behavior: The BAR is put in 
> >>>>>> space
> >>>>>> normally used for firmware specific memory (MMIO) ranges. I think 
> >>>>>> firmware
> >>>>>> should either assign the BAR differently or exclude the range from the
> >>>>>> memory map.
> >>>>>
> >>>>> Hm, I'm not sure the example is bogus, how would firmware request a BAR
> >>>>> to be mapped for run time services to access it otherwise if it's not
> >>>>> using EfiMemoryMappedIO?
> >>>>>
> >>>>> Not adding the BAR to the memory map in any way would mean the OS is
> >>>>> free to not map it for runtime services to access.
> >>>>
> >>>> My view is that BARs should not be marked for runtime services use. Doing
> >>>> so requires awareness of the driver inside the OS, which I don't think
> >>>> one can expect. If firmware needs to make use of a device in a system, it
> >>>> ought to properly hide it from the OS. Note how the potential sharing of
> >>>> an RTC requires special provisions in the spec, mandating driver 
> >>>> awareness.
> >>>>
> >>>> Having a BAR expressed in the memory map also contradicts the ability of
> >>>> an OS to relocate all BARs of all devices, if necessary.
> >>>
> >>> I've failed to figure out if there's a way in UEFI to report a device
> >>> is in use by the firmware.  I've already looked before sending the
> >>> patch (see also the post commit notes about for example not passing
> >>> through the device to any guest for obvious reason).
> >>>
> >>> I've got no idea if Linux has any checks to avoid trying to move BARs
> >>> residing in EfiMemoryMappedIO ranges, we have now observed this
> >>> behavior in two systems already.
> >>>
> >>> Maybe we could do a special check for PCI devices and allow them
> >>> having BARs in EfiMemoryMappedIO, together with printing a warning
> >>> message.
> >>
> >> Right, that's one of the possible quirk workarounds I was thinking of.
> >> At the risk of stating the obvious - the same would presumably apply to
> >> E820_RESERVED on non-EFI systems then.
> > 
> > One option would be to strictly limit to EfiMemoryMappedIO, by taking
> > the EFI memory map into account also if present.
> > 
> > Another maybe simpler option is to allow BARs to be placed in
> > E820_RESERVED regions, and translate EfiMemoryMappedIO into
> > E820_RESERVED like we have been doing.
> > 
> > I will attempt the later if you are OK with the approach.
> 
> I might be okay with the approach, but first of all I continue to be
> worried of us violating specifications if we make this the default
> behavior.

In any case it would be the firmware violating the specification by
not hiding those PCI devices, Xen is just trying to cope.

Xen went from not checking the position of the BARs at all to
enforcing them to not be placed over any regions on the memory map. I
think we need to relax the checks a bit to match reality.

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.