[PATCH] x86/MTRR: hook mtrr_bp_restore() back up

[PATCH] x86/MTRR: hook mtrr_bp_restore() back up

[Jan Beulich]

Unlike stated in the offending commit's description,
load_system_tables() wasn't the only thing left to retain from the
earlier restore_rest_processor_state().

While there also do Misra-related tidying for the function itself: The
function being used from assembly only means it doesn't need to have a
declaration, but wants to be asmlinkage.

Fixes: 4304ff420e51 ("x86/S3: Drop {save,restore}_rest_processor_state() completely")
Reported-by: Roger Pau Monné <roger.pau@citrix.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
Contextually assumed to go on top of "x86/MTRR: constrain AP sync and
BSP restore". Functionally there's no dependency.

--- a/xen/arch/x86/acpi/wakeup_prot.S
+++ b/xen/arch/x86/acpi/wakeup_prot.S
@@ -124,6 +124,8 @@ LABEL(s3_resume)
         mov     STACK_CPUINFO_FIELD(cr4)(%rbx), %rax
         mov     %rax, %cr4
 
+        call    mtrr_bp_restore
+
 .Lsuspend_err:
         pop     %r15
         pop     %r14
--- a/xen/arch/x86/cpu/mtrr/main.c
+++ b/xen/arch/x86/cpu/mtrr/main.c
@@ -610,7 +610,7 @@ void mtrr_aps_sync_end(void)
 	hold_mtrr_updates_on_aps = 0;
 }
 
-void mtrr_bp_restore(void)
+void asmlinkage mtrr_bp_restore(void)
 {
 	if (mtrr_if)
 		mtrr_set_all();
--- a/xen/arch/x86/include/asm/mtrr.h
+++ b/xen/arch/x86/include/asm/mtrr.h
@@ -66,7 +66,6 @@ extern uint8_t pat_type_2_pte_flags(uint
 extern int hold_mtrr_updates_on_aps;
 extern void mtrr_aps_sync_begin(void);
 extern void mtrr_aps_sync_end(void);
-extern void mtrr_bp_restore(void);
 
 extern bool mtrr_var_range_msr_set(struct domain *d, struct mtrr_state *m,
                                    uint32_t msr, uint64_t msr_content);

Re: [PATCH] x86/MTRR: hook mtrr_bp_restore() back up

[Roger Pau Monné]

On Thu, Mar 27, 2025 at 12:20:47PM +0100, Jan Beulich wrote:
> Unlike stated in the offending commit's description,
> load_system_tables() wasn't the only thing left to retain from the
> earlier restore_rest_processor_state().
> 
> While there also do Misra-related tidying for the function itself: The
> function being used from assembly only means it doesn't need to have a
> declaration, but wants to be asmlinkage.

I wonder, maybe the intention was for the MTRR restoring on the BSP to
also be done by the mtrr_aps_sync_end() call in enter_state()?

AFAICT that will set the MTRRs uniformly on all CPUs, by calling
mtrr_set_all() just like mtrr_bp_restore(), but later in the restore
process.

Thanks, Roger.

Re: [PATCH] x86/MTRR: hook mtrr_bp_restore() back up

[Jan Beulich]

On 27.03.2025 12:38, Roger Pau Monné wrote:
> On Thu, Mar 27, 2025 at 12:20:47PM +0100, Jan Beulich wrote:
>> Unlike stated in the offending commit's description,
>> load_system_tables() wasn't the only thing left to retain from the
>> earlier restore_rest_processor_state().
>>
>> While there also do Misra-related tidying for the function itself: The
>> function being used from assembly only means it doesn't need to have a
>> declaration, but wants to be asmlinkage.
> 
> I wonder, maybe the intention was for the MTRR restoring on the BSP to
> also be done by the mtrr_aps_sync_end() call in enter_state()?
> 
> AFAICT that will set the MTRRs uniformly on all CPUs, by calling
> mtrr_set_all() just like mtrr_bp_restore(), but later in the restore
> process.

Hmm, yes, that's possible. The comment in set_mtrr() is somewhat misleading
then, though, as for the BP the writing then isn't just "okay" but necessary.
Question is whether doing this so much later is actually good enough.

Jan

Re: [PATCH] x86/MTRR: hook mtrr_bp_restore() back up

[Roger Pau Monné]

On Thu, Mar 27, 2025 at 01:30:44PM +0100, Jan Beulich wrote:
> On 27.03.2025 12:38, Roger Pau Monné wrote:
> > On Thu, Mar 27, 2025 at 12:20:47PM +0100, Jan Beulich wrote:
> >> Unlike stated in the offending commit's description,
> >> load_system_tables() wasn't the only thing left to retain from the
> >> earlier restore_rest_processor_state().
> >>
> >> While there also do Misra-related tidying for the function itself: The
> >> function being used from assembly only means it doesn't need to have a
> >> declaration, but wants to be asmlinkage.
> > 
> > I wonder, maybe the intention was for the MTRR restoring on the BSP to
> > also be done by the mtrr_aps_sync_end() call in enter_state()?
> > 
> > AFAICT that will set the MTRRs uniformly on all CPUs, by calling
> > mtrr_set_all() just like mtrr_bp_restore(), but later in the restore
> > process.
> 
> Hmm, yes, that's possible. The comment in set_mtrr() is somewhat misleading
> then, though, as for the BP the writing then isn't just "okay" but necessary.
> Question is whether doing this so much later is actually good enough.

Hm, no idea really.  We do the device restore ahead of the MTRR
restore, so I wonder whether we could have issues by using unexpected
effective cache attributes for device memory accesses as a result of
MTRRs not being initialized?

Thanks, Roger.

Re: [PATCH] x86/MTRR: hook mtrr_bp_restore() back up

[Jan Beulich]

On 27.03.2025 13:48, Roger Pau Monné wrote:
> On Thu, Mar 27, 2025 at 01:30:44PM +0100, Jan Beulich wrote:
>> On 27.03.2025 12:38, Roger Pau Monné wrote:
>>> On Thu, Mar 27, 2025 at 12:20:47PM +0100, Jan Beulich wrote:
>>>> Unlike stated in the offending commit's description,
>>>> load_system_tables() wasn't the only thing left to retain from the
>>>> earlier restore_rest_processor_state().
>>>>
>>>> While there also do Misra-related tidying for the function itself: The
>>>> function being used from assembly only means it doesn't need to have a
>>>> declaration, but wants to be asmlinkage.
>>>
>>> I wonder, maybe the intention was for the MTRR restoring on the BSP to
>>> also be done by the mtrr_aps_sync_end() call in enter_state()?
>>>
>>> AFAICT that will set the MTRRs uniformly on all CPUs, by calling
>>> mtrr_set_all() just like mtrr_bp_restore(), but later in the restore
>>> process.
>>
>> Hmm, yes, that's possible. The comment in set_mtrr() is somewhat misleading
>> then, though, as for the BP the writing then isn't just "okay" but necessary.
>> Question is whether doing this so much later is actually good enough.
> 
> Hm, no idea really.  We do the device restore ahead of the MTRR
> restore, so I wonder whether we could have issues by using unexpected
> effective cache attributes for device memory accesses as a result of
> MTRRs not being initialized?

That's just one of the possible problems. The father the MTRRs we run with
diverged from what firmware puts in place, the bigger the possible trouble.
I think the restoring better is done as being switched to here again. The
absence of any discussion of MTRRs in that earlier change leaves me pretty
certain that the behavioral change there wasn't intended. Andrew is usually
pretty good at spelling out all intended effects.

Jan

Re: [PATCH] x86/MTRR: hook mtrr_bp_restore() back up

[Roger Pau Monné]

On Thu, Mar 27, 2025 at 02:28:42PM +0100, Jan Beulich wrote:
> On 27.03.2025 13:48, Roger Pau Monné wrote:
> > On Thu, Mar 27, 2025 at 01:30:44PM +0100, Jan Beulich wrote:
> >> On 27.03.2025 12:38, Roger Pau Monné wrote:
> >>> On Thu, Mar 27, 2025 at 12:20:47PM +0100, Jan Beulich wrote:
> >>>> Unlike stated in the offending commit's description,
> >>>> load_system_tables() wasn't the only thing left to retain from the
> >>>> earlier restore_rest_processor_state().
> >>>>
> >>>> While there also do Misra-related tidying for the function itself: The
> >>>> function being used from assembly only means it doesn't need to have a
> >>>> declaration, but wants to be asmlinkage.
> >>>
> >>> I wonder, maybe the intention was for the MTRR restoring on the BSP to
> >>> also be done by the mtrr_aps_sync_end() call in enter_state()?
> >>>
> >>> AFAICT that will set the MTRRs uniformly on all CPUs, by calling
> >>> mtrr_set_all() just like mtrr_bp_restore(), but later in the restore
> >>> process.
> >>
> >> Hmm, yes, that's possible. The comment in set_mtrr() is somewhat misleading
> >> then, though, as for the BP the writing then isn't just "okay" but necessary.
> >> Question is whether doing this so much later is actually good enough.
> > 
> > Hm, no idea really.  We do the device restore ahead of the MTRR
> > restore, so I wonder whether we could have issues by using unexpected
> > effective cache attributes for device memory accesses as a result of
> > MTRRs not being initialized?
> 
> That's just one of the possible problems. The father the MTRRs we run with
> diverged from what firmware puts in place, the bigger the possible trouble.
> I think the restoring better is done as being switched to here again. The
> absence of any discussion of MTRRs in that earlier change leaves me pretty
> certain that the behavioral change there wasn't intended. Andrew is usually
> pretty good at spelling out all intended effects.

No objection, however for the BSP we now end up restoring the MTRRs
twice, as we will also do it in mtrr_aps_sync_end().

Might be worth to mention in the commit message that the MTRR state
was restored in mtrr_aps_sync_end() for the BSP also, but that it
might be too late.

Possibly with that somehow noted in the commit message:

Acked-by: Roger Pau Monné <roger.pau@citrix.com>

Thanks, Roger.

Re: [PATCH] x86/MTRR: hook mtrr_bp_restore() back up

[Jan Beulich]

On 27.03.2025 15:10, Roger Pau Monné wrote:
> On Thu, Mar 27, 2025 at 02:28:42PM +0100, Jan Beulich wrote:
>> On 27.03.2025 13:48, Roger Pau Monné wrote:
>>> On Thu, Mar 27, 2025 at 01:30:44PM +0100, Jan Beulich wrote:
>>>> On 27.03.2025 12:38, Roger Pau Monné wrote:
>>>>> On Thu, Mar 27, 2025 at 12:20:47PM +0100, Jan Beulich wrote:
>>>>>> Unlike stated in the offending commit's description,
>>>>>> load_system_tables() wasn't the only thing left to retain from the
>>>>>> earlier restore_rest_processor_state().
>>>>>>
>>>>>> While there also do Misra-related tidying for the function itself: The
>>>>>> function being used from assembly only means it doesn't need to have a
>>>>>> declaration, but wants to be asmlinkage.
>>>>>
>>>>> I wonder, maybe the intention was for the MTRR restoring on the BSP to
>>>>> also be done by the mtrr_aps_sync_end() call in enter_state()?
>>>>>
>>>>> AFAICT that will set the MTRRs uniformly on all CPUs, by calling
>>>>> mtrr_set_all() just like mtrr_bp_restore(), but later in the restore
>>>>> process.
>>>>
>>>> Hmm, yes, that's possible. The comment in set_mtrr() is somewhat misleading
>>>> then, though, as for the BP the writing then isn't just "okay" but necessary.
>>>> Question is whether doing this so much later is actually good enough.
>>>
>>> Hm, no idea really.  We do the device restore ahead of the MTRR
>>> restore, so I wonder whether we could have issues by using unexpected
>>> effective cache attributes for device memory accesses as a result of
>>> MTRRs not being initialized?
>>
>> That's just one of the possible problems. The father the MTRRs we run with
>> diverged from what firmware puts in place, the bigger the possible trouble.
>> I think the restoring better is done as being switched to here again. The
>> absence of any discussion of MTRRs in that earlier change leaves me pretty
>> certain that the behavioral change there wasn't intended. Andrew is usually
>> pretty good at spelling out all intended effects.
> 
> No objection, however for the BSP we now end up restoring the MTRRs
> twice, as we will also do it in mtrr_aps_sync_end().
> 
> Might be worth to mention in the commit message that the MTRR state
> was restored in mtrr_aps_sync_end() for the BSP also, but that it
> might be too late.

I've added "Note that MTRR state was still reloaded via mtrr_aps_sync_end(),
but that happens quite a bit later in the resume process."

> Possibly with that somehow noted in the commit message:
> 
> Acked-by: Roger Pau Monné <roger.pau@citrix.com>

Thanks. Any chance of getting another one for the 3rd patch in this (split
up) group? Maybe the duplicate one for the "don't hard-code" one was actually
meant to go there?

Jan

Re: [PATCH] x86/MTRR: hook mtrr_bp_restore() back up

[Andrew Cooper]

On 27/03/2025 2:20 pm, Jan Beulich wrote:
> On 27.03.2025 15:10, Roger Pau Monné wrote:
>> On Thu, Mar 27, 2025 at 02:28:42PM +0100, Jan Beulich wrote:
>>> On 27.03.2025 13:48, Roger Pau Monné wrote:
>>>> On Thu, Mar 27, 2025 at 01:30:44PM +0100, Jan Beulich wrote:
>>>>> On 27.03.2025 12:38, Roger Pau Monné wrote:
>>>>>> On Thu, Mar 27, 2025 at 12:20:47PM +0100, Jan Beulich wrote:
>>>>>>> Unlike stated in the offending commit's description,
>>>>>>> load_system_tables() wasn't the only thing left to retain from the
>>>>>>> earlier restore_rest_processor_state().
>>>>>>>
>>>>>>> While there also do Misra-related tidying for the function itself: The
>>>>>>> function being used from assembly only means it doesn't need to have a
>>>>>>> declaration, but wants to be asmlinkage.
>>>>>> I wonder, maybe the intention was for the MTRR restoring on the BSP to
>>>>>> also be done by the mtrr_aps_sync_end() call in enter_state()?
>>>>>>
>>>>>> AFAICT that will set the MTRRs uniformly on all CPUs, by calling
>>>>>> mtrr_set_all() just like mtrr_bp_restore(), but later in the restore
>>>>>> process.
>>>>> Hmm, yes, that's possible. The comment in set_mtrr() is somewhat misleading
>>>>> then, though, as for the BP the writing then isn't just "okay" but necessary.
>>>>> Question is whether doing this so much later is actually good enough.
>>>> Hm, no idea really.  We do the device restore ahead of the MTRR
>>>> restore, so I wonder whether we could have issues by using unexpected
>>>> effective cache attributes for device memory accesses as a result of
>>>> MTRRs not being initialized?
>>> That's just one of the possible problems. The father the MTRRs we run with
>>> diverged from what firmware puts in place, the bigger the possible trouble.
>>> I think the restoring better is done as being switched to here again. The
>>> absence of any discussion of MTRRs in that earlier change leaves me pretty
>>> certain that the behavioral change there wasn't intended. Andrew is usually
>>> pretty good at spelling out all intended effects.
>> No objection, however for the BSP we now end up restoring the MTRRs
>> twice, as we will also do it in mtrr_aps_sync_end().
>>
>> Might be worth to mention in the commit message that the MTRR state
>> was restored in mtrr_aps_sync_end() for the BSP also, but that it
>> might be too late.
> I've added "Note that MTRR state was still reloaded via mtrr_aps_sync_end(),
> but that happens quite a bit later in the resume process."

Ah yes, you got here too.

Yes, I think I simply missed this part of the discussion from the commit
message.

The MTRR logic is a giant tangle, and lost of it (I'm pretty sure) is
only relevant for early 32bit days.  Also since then, I expect firmware
has gotten better, considering that S3 is ubiquitous on laptops nowadays.

I expect that we don't need to change MTRRs in most cases.  However, if
change to the MTRRs actually need to happen, then they probably want
doing as part of the AP boot, rather than in a rendezvous later.  That
said, it would be a difference between the normal boot and S3 resume paths.

~Andrew

Re: [PATCH] x86/MTRR: hook mtrr_bp_restore() back up

[Jan Beulich]

On 27.03.2025 16:23, Andrew Cooper wrote:
> On 27/03/2025 2:20 pm, Jan Beulich wrote:
>> On 27.03.2025 15:10, Roger Pau Monné wrote:
>>> On Thu, Mar 27, 2025 at 02:28:42PM +0100, Jan Beulich wrote:
>>>> On 27.03.2025 13:48, Roger Pau Monné wrote:
>>>>> On Thu, Mar 27, 2025 at 01:30:44PM +0100, Jan Beulich wrote:
>>>>>> On 27.03.2025 12:38, Roger Pau Monné wrote:
>>>>>>> On Thu, Mar 27, 2025 at 12:20:47PM +0100, Jan Beulich wrote:
>>>>>>>> Unlike stated in the offending commit's description,
>>>>>>>> load_system_tables() wasn't the only thing left to retain from the
>>>>>>>> earlier restore_rest_processor_state().
>>>>>>>>
>>>>>>>> While there also do Misra-related tidying for the function itself: The
>>>>>>>> function being used from assembly only means it doesn't need to have a
>>>>>>>> declaration, but wants to be asmlinkage.
>>>>>>> I wonder, maybe the intention was for the MTRR restoring on the BSP to
>>>>>>> also be done by the mtrr_aps_sync_end() call in enter_state()?
>>>>>>>
>>>>>>> AFAICT that will set the MTRRs uniformly on all CPUs, by calling
>>>>>>> mtrr_set_all() just like mtrr_bp_restore(), but later in the restore
>>>>>>> process.
>>>>>> Hmm, yes, that's possible. The comment in set_mtrr() is somewhat misleading
>>>>>> then, though, as for the BP the writing then isn't just "okay" but necessary.
>>>>>> Question is whether doing this so much later is actually good enough.
>>>>> Hm, no idea really.  We do the device restore ahead of the MTRR
>>>>> restore, so I wonder whether we could have issues by using unexpected
>>>>> effective cache attributes for device memory accesses as a result of
>>>>> MTRRs not being initialized?
>>>> That's just one of the possible problems. The father the MTRRs we run with
>>>> diverged from what firmware puts in place, the bigger the possible trouble.
>>>> I think the restoring better is done as being switched to here again. The
>>>> absence of any discussion of MTRRs in that earlier change leaves me pretty
>>>> certain that the behavioral change there wasn't intended. Andrew is usually
>>>> pretty good at spelling out all intended effects.
>>> No objection, however for the BSP we now end up restoring the MTRRs
>>> twice, as we will also do it in mtrr_aps_sync_end().
>>>
>>> Might be worth to mention in the commit message that the MTRR state
>>> was restored in mtrr_aps_sync_end() for the BSP also, but that it
>>> might be too late.
>> I've added "Note that MTRR state was still reloaded via mtrr_aps_sync_end(),
>> but that happens quite a bit later in the resume process."
> 
> Ah yes, you got here too.
> 
> Yes, I think I simply missed this part of the discussion from the commit
> message.
> 
> The MTRR logic is a giant tangle, and lost of it (I'm pretty sure) is
> only relevant for early 32bit days.  Also since then, I expect firmware
> has gotten better, considering that S3 is ubiquitous on laptops nowadays.
> 
> I expect that we don't need to change MTRRs in most cases.  However, if
> change to the MTRRs actually need to happen, then they probably want
> doing as part of the AP boot, rather than in a rendezvous later.  That
> said, it would be a difference between the normal boot and S3 resume paths.

So in summary - you think we don't need/want the patch here? It feels risky
to me to run the BSP with not-yet-restored MTRRs for an extended period of
time.

Jan