From: Matt Fleming <matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
To: Sylvain Chouleur
<sylvain.chouleur-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: Sylvain Chouleur
<sylvain.chouleur-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
"H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>,
Ingo Molnar <mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Thomas Gleixner <tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org>
Subject: Re: [PATCH v3 3/3] efi: implement interruptible runtime services
Date: Thu, 11 Feb 2016 14:19:37 +0000 [thread overview]
Message-ID: <20160211141937.GD4134@codeblueprint.co.uk> (raw)
In-Reply-To: <1452702762-27216-4-git-send-email-sylvain.chouleur-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
On Wed, 13 Jan, at 05:32:42PM, Sylvain Chouleur wrote:
> From: Sylvain Chouleur <sylvain.chouleur-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
>
> This patch adds an implementation of EFI runtime services wappers which
> allow interrupts and preemption during execution of BIOS code.
>
> It's needed by Broxton platform which requires the OS to do the write
> of the non volatile variables. To do that, the OS will receive an
> interrupt coming from the firmware to notify that it must write the
> data.
>
> BIOS code must be executed using a specific PGD. This is currently
> done by efi_call() which force value of CR3 before calling BIOS and
> restore previous value after.
>
> We use a dedicated kthread which will execute all interruptible runtime
> services. This efi_kthread is special because it has it's own mm_struct
> whereas kthread should not have one. This mm_struct contains the EFI PGD
> so the scheduler will load it before running any BIOS code.
>
> Obviously, an interruptible runtime service must never be called from an
> interrupt context. EFI pstore is the only use case here, that's why we
> require it to be disabled when activating interruptible runtime services.
>
> Signed-off-by: Sylvain Chouleur <sylvain.chouleur-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
> ---
> arch/x86/Kconfig | 17 +++
> arch/x86/include/asm/efi.h | 1 +
> arch/x86/platform/efi/Makefile | 1 +
> arch/x86/platform/efi/efi_32.c | 5 +
> arch/x86/platform/efi/efi_64.c | 5 +
> arch/x86/platform/efi/efi_interruptible.c | 189 ++++++++++++++++++++++++++++++
> 6 files changed, 218 insertions(+)
> create mode 100644 arch/x86/platform/efi/efi_interruptible.c
Last time Peter and I talked about this patch (sometime last year), he
said he had a different approach in mind.
Peter, do you have any comments on this patch?
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index db3622f22b61..37301516f4e6 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1720,6 +1720,23 @@ config EFI_MIXED
>
> If unsure, say N.
>
> +if X86_64
> +config EFI_INTERRUPTIBLE
> + bool "Interruptible Efi Runtime Services"
> + depends on EFI && !EFI_VARS_PSTORE
> + default n
> + ---help---
> + Only use this if you really know what you are doing, you
> + possibly risk to break your BIOS.
> +
> + This is an interruptible implementation of efi runtime
> + services wrappers. If you say Y, BIOS code could be
> + interrupted and preempted as a standard process. Enable this
> + only if you are sure that your BIOS will support
> + interruptible efi calls
> + In doubt, say "N".
> +endif
> +
> config SECCOMP
> def_bool y
> prompt "Enable seccomp to safely compute untrusted bytecode"
> diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h
> index 8fd9e637629a..5b94d9dd9409 100644
> --- a/arch/x86/include/asm/efi.h
> +++ b/arch/x86/include/asm/efi.h
> @@ -137,6 +137,7 @@ extern void __init efi_map_region(efi_memory_desc_t *md);
> extern void __init efi_map_region_fixed(efi_memory_desc_t *md);
> extern void efi_sync_low_kernel_mappings(void);
> extern int __init efi_alloc_page_tables(void);
> +extern pgd_t *efi_get_pgd(void);
> extern int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages);
> extern void __init efi_cleanup_page_tables(unsigned long pa_memmap, unsigned num_pages);
> extern void __init old_map_region(efi_memory_desc_t *md);
> diff --git a/arch/x86/platform/efi/Makefile b/arch/x86/platform/efi/Makefile
> index 2846aaab5103..ff57d3840842 100644
> --- a/arch/x86/platform/efi/Makefile
> +++ b/arch/x86/platform/efi/Makefile
> @@ -2,3 +2,4 @@ obj-$(CONFIG_EFI) += quirks.o efi.o efi_$(BITS).o efi_stub_$(BITS).o
> obj-$(CONFIG_ACPI_BGRT) += efi-bgrt.o
> obj-$(CONFIG_EARLY_PRINTK_EFI) += early_printk.o
> obj-$(CONFIG_EFI_MIXED) += efi_thunk_$(BITS).o
> +obj-$(CONFIG_EFI_INTERRUPTIBLE) += efi_interruptible.o
> diff --git a/arch/x86/platform/efi/efi_32.c b/arch/x86/platform/efi/efi_32.c
> index 58d669bc8250..f2403e16a8bb 100644
> --- a/arch/x86/platform/efi/efi_32.c
> +++ b/arch/x86/platform/efi/efi_32.c
> @@ -61,6 +61,11 @@ void __init efi_map_region(efi_memory_desc_t *md)
> void __init efi_map_region_fixed(efi_memory_desc_t *md) {}
> void __init parse_efi_setup(u64 phys_addr, u32 data_len) {}
>
> +pgd_t *efi_get_pgd(void)
> +{
> + return initial_page_table;
> +}
> +
> pgd_t * __init efi_call_phys_prolog(void)
> {
> struct desc_ptr gdt_descr;
Shouldn't be necessary. You can't build this for 32-bit because of the
Kconfig magic.
> diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c
> index b492521503fe..7886c7527cdf 100644
> --- a/arch/x86/platform/efi/efi_64.c
> +++ b/arch/x86/platform/efi/efi_64.c
> @@ -212,6 +212,11 @@ void efi_sync_low_kernel_mappings(void)
> memcpy(pud_efi, pud_k, sizeof(pud_t) * num_entries);
> }
>
> +pgd_t *efi_get_pgd(void)
> +{
> + return __va(efi_scratch.efi_pgt);
> +}
> +
You could make this easier and just return 'efi_pgd', since we now
have entirely separate EFI page tables.
> +static struct efivars interruptible_efivars;
> +
> +static int efi_interruptible_panic_notifier_call(
> + struct notifier_block *notifier,
> + unsigned long what, void *data)
> +{
> + in_panic = true;
> + return NOTIFY_DONE;
> +}
Please make the panic notifier changes a separate patch.
> +static struct notifier_block panic_nb = {
> + .notifier_call = efi_interruptible_panic_notifier_call,
> + .priority = 100,
> +};
> +
> +static struct task_struct *efi_kworker_task;
> +static struct efivar_operations interruptible_ops;
> +static __init int efi_interruptible_init(void)
> +{
> + int ret;
> +
> + efi_kworker_task = kthread_create(kthread_worker_fn, &efi_kworker,
> + "efi_kthread");
> + if (IS_ERR(efi_kworker_task)) {
> + pr_err("efi_interruptible: Failed to create kthread\n");
> + ret = PTR_ERR(efi_kworker_task);
> + efi_kworker_task = NULL;
> + return ret;
> + }
> +
> + efi_kworker_task->mm = mm_alloc();
> + efi_kworker_task->active_mm = efi_kworker_task->mm;
> + efi_kworker_task->mm->pgd = efi_get_pgd();
> + wake_up_process(efi_kworker_task);
Did you have any luck binding this driver to the other
Broxton-specific drivers?
Additionally, you're going to want to make sure that
efi_enabled(EFI_OLD_MEMMAP) is false in efi_interruptible_init(),
otherwise you can't use the new EFI page table scheme, e.g. if someone
boots with efi=old_map.
WARNING: multiple messages have this Message-ID (diff)
From: Matt Fleming <matt@codeblueprint.co.uk>
To: Sylvain Chouleur <sylvain.chouleur@gmail.com>
Cc: Sylvain Chouleur <sylvain.chouleur@intel.com>,
linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org,
"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCH v3 3/3] efi: implement interruptible runtime services
Date: Thu, 11 Feb 2016 14:19:37 +0000 [thread overview]
Message-ID: <20160211141937.GD4134@codeblueprint.co.uk> (raw)
In-Reply-To: <1452702762-27216-4-git-send-email-sylvain.chouleur@gmail.com>
On Wed, 13 Jan, at 05:32:42PM, Sylvain Chouleur wrote:
> From: Sylvain Chouleur <sylvain.chouleur@intel.com>
>
> This patch adds an implementation of EFI runtime services wappers which
> allow interrupts and preemption during execution of BIOS code.
>
> It's needed by Broxton platform which requires the OS to do the write
> of the non volatile variables. To do that, the OS will receive an
> interrupt coming from the firmware to notify that it must write the
> data.
>
> BIOS code must be executed using a specific PGD. This is currently
> done by efi_call() which force value of CR3 before calling BIOS and
> restore previous value after.
>
> We use a dedicated kthread which will execute all interruptible runtime
> services. This efi_kthread is special because it has it's own mm_struct
> whereas kthread should not have one. This mm_struct contains the EFI PGD
> so the scheduler will load it before running any BIOS code.
>
> Obviously, an interruptible runtime service must never be called from an
> interrupt context. EFI pstore is the only use case here, that's why we
> require it to be disabled when activating interruptible runtime services.
>
> Signed-off-by: Sylvain Chouleur <sylvain.chouleur@intel.com>
> ---
> arch/x86/Kconfig | 17 +++
> arch/x86/include/asm/efi.h | 1 +
> arch/x86/platform/efi/Makefile | 1 +
> arch/x86/platform/efi/efi_32.c | 5 +
> arch/x86/platform/efi/efi_64.c | 5 +
> arch/x86/platform/efi/efi_interruptible.c | 189 ++++++++++++++++++++++++++++++
> 6 files changed, 218 insertions(+)
> create mode 100644 arch/x86/platform/efi/efi_interruptible.c
Last time Peter and I talked about this patch (sometime last year), he
said he had a different approach in mind.
Peter, do you have any comments on this patch?
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index db3622f22b61..37301516f4e6 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1720,6 +1720,23 @@ config EFI_MIXED
>
> If unsure, say N.
>
> +if X86_64
> +config EFI_INTERRUPTIBLE
> + bool "Interruptible Efi Runtime Services"
> + depends on EFI && !EFI_VARS_PSTORE
> + default n
> + ---help---
> + Only use this if you really know what you are doing, you
> + possibly risk to break your BIOS.
> +
> + This is an interruptible implementation of efi runtime
> + services wrappers. If you say Y, BIOS code could be
> + interrupted and preempted as a standard process. Enable this
> + only if you are sure that your BIOS will support
> + interruptible efi calls
> + In doubt, say "N".
> +endif
> +
> config SECCOMP
> def_bool y
> prompt "Enable seccomp to safely compute untrusted bytecode"
> diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h
> index 8fd9e637629a..5b94d9dd9409 100644
> --- a/arch/x86/include/asm/efi.h
> +++ b/arch/x86/include/asm/efi.h
> @@ -137,6 +137,7 @@ extern void __init efi_map_region(efi_memory_desc_t *md);
> extern void __init efi_map_region_fixed(efi_memory_desc_t *md);
> extern void efi_sync_low_kernel_mappings(void);
> extern int __init efi_alloc_page_tables(void);
> +extern pgd_t *efi_get_pgd(void);
> extern int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages);
> extern void __init efi_cleanup_page_tables(unsigned long pa_memmap, unsigned num_pages);
> extern void __init old_map_region(efi_memory_desc_t *md);
> diff --git a/arch/x86/platform/efi/Makefile b/arch/x86/platform/efi/Makefile
> index 2846aaab5103..ff57d3840842 100644
> --- a/arch/x86/platform/efi/Makefile
> +++ b/arch/x86/platform/efi/Makefile
> @@ -2,3 +2,4 @@ obj-$(CONFIG_EFI) += quirks.o efi.o efi_$(BITS).o efi_stub_$(BITS).o
> obj-$(CONFIG_ACPI_BGRT) += efi-bgrt.o
> obj-$(CONFIG_EARLY_PRINTK_EFI) += early_printk.o
> obj-$(CONFIG_EFI_MIXED) += efi_thunk_$(BITS).o
> +obj-$(CONFIG_EFI_INTERRUPTIBLE) += efi_interruptible.o
> diff --git a/arch/x86/platform/efi/efi_32.c b/arch/x86/platform/efi/efi_32.c
> index 58d669bc8250..f2403e16a8bb 100644
> --- a/arch/x86/platform/efi/efi_32.c
> +++ b/arch/x86/platform/efi/efi_32.c
> @@ -61,6 +61,11 @@ void __init efi_map_region(efi_memory_desc_t *md)
> void __init efi_map_region_fixed(efi_memory_desc_t *md) {}
> void __init parse_efi_setup(u64 phys_addr, u32 data_len) {}
>
> +pgd_t *efi_get_pgd(void)
> +{
> + return initial_page_table;
> +}
> +
> pgd_t * __init efi_call_phys_prolog(void)
> {
> struct desc_ptr gdt_descr;
Shouldn't be necessary. You can't build this for 32-bit because of the
Kconfig magic.
> diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c
> index b492521503fe..7886c7527cdf 100644
> --- a/arch/x86/platform/efi/efi_64.c
> +++ b/arch/x86/platform/efi/efi_64.c
> @@ -212,6 +212,11 @@ void efi_sync_low_kernel_mappings(void)
> memcpy(pud_efi, pud_k, sizeof(pud_t) * num_entries);
> }
>
> +pgd_t *efi_get_pgd(void)
> +{
> + return __va(efi_scratch.efi_pgt);
> +}
> +
You could make this easier and just return 'efi_pgd', since we now
have entirely separate EFI page tables.
> +static struct efivars interruptible_efivars;
> +
> +static int efi_interruptible_panic_notifier_call(
> + struct notifier_block *notifier,
> + unsigned long what, void *data)
> +{
> + in_panic = true;
> + return NOTIFY_DONE;
> +}
Please make the panic notifier changes a separate patch.
> +static struct notifier_block panic_nb = {
> + .notifier_call = efi_interruptible_panic_notifier_call,
> + .priority = 100,
> +};
> +
> +static struct task_struct *efi_kworker_task;
> +static struct efivar_operations interruptible_ops;
> +static __init int efi_interruptible_init(void)
> +{
> + int ret;
> +
> + efi_kworker_task = kthread_create(kthread_worker_fn, &efi_kworker,
> + "efi_kthread");
> + if (IS_ERR(efi_kworker_task)) {
> + pr_err("efi_interruptible: Failed to create kthread\n");
> + ret = PTR_ERR(efi_kworker_task);
> + efi_kworker_task = NULL;
> + return ret;
> + }
> +
> + efi_kworker_task->mm = mm_alloc();
> + efi_kworker_task->active_mm = efi_kworker_task->mm;
> + efi_kworker_task->mm->pgd = efi_get_pgd();
> + wake_up_process(efi_kworker_task);
Did you have any luck binding this driver to the other
Broxton-specific drivers?
Additionally, you're going to want to make sure that
efi_enabled(EFI_OLD_MEMMAP) is false in efi_interruptible_init(),
otherwise you can't use the new EFI page table scheme, e.g. if someone
boots with efi=old_map.
next prev parent reply other threads:[~2016-02-11 14:19 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-18 10:29 [PATCH 1/2] efi: Don't use spinlocks for efi vars sylvain.chouleur-Re5JQEeQqe8AvxtiuMwx3w
[not found] ` <1450434591-31104-1-git-send-email-sylvain.chouleur-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2015-12-18 10:29 ` [PATCH 2/2] efi: implement interruptible runtime services sylvain.chouleur-Re5JQEeQqe8AvxtiuMwx3w
[not found] ` <1450434591-31104-2-git-send-email-sylvain.chouleur-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-01-06 12:58 ` Matt Fleming
2016-01-06 12:58 ` Matt Fleming
[not found] ` <20160106125846.GC2671-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
2016-01-06 15:57 ` Sylvain Chouleur
2016-01-06 15:57 ` Sylvain Chouleur
[not found] ` <CAD_mUW3gLnCV6NW0V-HPNUoMd9dS0wQnecXotpS4Vvij9ZrObg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-01-08 10:38 ` Matt Fleming
2016-01-08 10:38 ` Matt Fleming
2016-01-08 13:57 ` Sylvain Chouleur
[not found] ` <CAD_mUW3gNhWcT02b_5+mhAx764eEFVNq7EWf5TnjngSEVFFvNQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-01-14 16:21 ` Matt Fleming
2016-01-14 16:21 ` Matt Fleming
2016-01-06 12:24 ` [PATCH 1/2] efi: Don't use spinlocks for efi vars Matt Fleming
[not found] ` <20160106122421.GB2671-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
2016-01-06 15:22 ` Sylvain Chouleur
[not found] ` <CAD_mUW3Ws6+VrfXE-SnmSSzkqeCN0PVKeQJVXkRuJ8R_=pZ66g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-01-08 11:08 ` Matt Fleming
[not found] ` <20160108110833.GC2532-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
2016-01-08 14:12 ` Sylvain Chouleur
2016-01-06 22:33 ` [PATCH v2 0/3] efi interruptible runtime services Sylvain Chouleur
2016-01-06 22:33 ` Sylvain Chouleur
[not found] ` <1452119637-10958-1-git-send-email-sylvain.chouleur-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-01-06 22:33 ` [PATCH v2 1/3] efi: use a file local lock for efivars Sylvain Chouleur
2016-01-06 22:33 ` [PATCH v2 2/3] efi: don't use spinlocks for efi vars Sylvain Chouleur
2016-01-06 22:33 ` [PATCH v2 3/3] efi: implement interruptible runtime services Sylvain Chouleur
2016-01-13 16:32 ` [PATCH v3 0/3] efi " Sylvain Chouleur
[not found] ` <1452702762-27216-1-git-send-email-sylvain.chouleur-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-01-13 16:32 ` [PATCH v3 1/3] efi: use a file local lock for efivars Sylvain Chouleur
[not found] ` <1452702762-27216-2-git-send-email-sylvain.chouleur-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-02-11 13:14 ` Matt Fleming
[not found] ` <20160211131422.GB4134-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
2016-02-11 13:16 ` Ard Biesheuvel
2016-01-13 16:32 ` [PATCH v3 2/3] efi: don't use spinlocks for efi vars Sylvain Chouleur
[not found] ` <1452702762-27216-3-git-send-email-sylvain.chouleur-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-02-11 13:45 ` Matt Fleming
2016-01-13 16:32 ` [PATCH v3 3/3] efi: implement interruptible runtime services Sylvain Chouleur
[not found] ` <1452702762-27216-4-git-send-email-sylvain.chouleur-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-02-11 14:19 ` Matt Fleming [this message]
2016-02-11 14:19 ` Matt Fleming
[not found] ` <20160211141937.GD4134-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
2016-02-11 14:23 ` Sylvain Chouleur
2016-02-11 14:23 ` Sylvain Chouleur
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160211141937.GD4134@codeblueprint.co.uk \
--to=matt-mf/unelci9gs6ibeejttw/xrex20p6io@public.gmane.org \
--cc=hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org \
--cc=linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=sylvain.chouleur-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=sylvain.chouleur-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.