Re: [PATCH v7 2/3] hw/isa/lpc_ich9: add broadcast SMI feature

["Philippe Mathieu-Daudé" <philmd@linaro.org>]

Hi Laszlo, Igor, Gerd,

(old patch, now commit 5ce45c7a2b)

On 26/1/17 02:44, Laszlo Ersek wrote:
> The generic edk2 SMM infrastructure prefers
> EFI_SMM_CONTROL2_PROTOCOL.Trigger() to inject an SMI on each processor. If
> Trigger() only brings the current processor into SMM, then edk2 handles it
> in the following ways:
> 
> (1) If Trigger() is executed by the BSP (which is guaranteed before
>      ExitBootServices(), but is not necessarily true at runtime), then:
> 
>      (a) If edk2 has been configured for "traditional" SMM synchronization,
>          then the BSP sends directed SMIs to the APs with APIC delivery,
>          bringing them into SMM individually. Then the BSP runs the SMI
>          handler / dispatcher.
> 
>      (b) If edk2 has been configured for "relaxed" SMM synchronization,
>          then the APs that are not already in SMM are not brought in, and
>          the BSP runs the SMI handler / dispatcher.
> 
> (2) If Trigger() is executed by an AP (which is possible after
>      ExitBootServices(), and can be forced e.g. by "taskset -c 1
>      efibootmgr"), then the AP in question brings in the BSP with a
>      directed SMI, and the BSP runs the SMI handler / dispatcher.
> 
> The smaller problem with (1a) and (2) is that the BSP and AP
> synchronization is slow. For example, the "taskset -c 1 efibootmgr"
> command from (2) can take more than 3 seconds to complete, because
> efibootmgr accesses non-volatile UEFI variables intensively.
> 
> The larger problem is that QEMU's current behavior diverges from the
> behavior usually seen on physical hardware, and that keeps exposing
> obscure corner cases, race conditions and other instabilities in edk2,
> which generally expects / prefers a software SMI to affect all CPUs at
> once.
> 
> Therefore introduce the "broadcast SMI" feature that causes QEMU to inject
> the SMI on all VCPUs.

I'm trying to remove cpu_interrupt() API from hw/ and found this odd
case.

IIUC, the code you added is closer to what real HW is doing:

   CPU_FOREACH(cs) { cpu_interrupt(cs, CPU_INTERRUPT_SMI); }

and previous implementation was bogus:

   cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);

but to avoid breaking older VMs ready to deal with bogus impl,
you have to add a virtual (non-HW) ICH9_LPC_SMI_F_BROADCAST bit
so new VMs can detect (negotiating) it and use normal expected
HW behavior.

If so, and since this change was almost 7 years ago, can we
expect that most of today's VMs use ICH9_LPC_SMI_F_BROADCAST_BIT,
and would it be possible to deprecate it, so it become the only
possibility, allowing us to remove this bogus call?

   cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);

> While the original posting of this patch
> <http://lists.nongnu.org/archive/html/qemu-devel/2015-10/msg05658.html>
> only intended to speed up (2), based on our recent "stress testing" of SMM
> this patch actually provides functional improvements.
> 
> Cc: "Michael S. Tsirkin" <mst@redhat.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Igor Mammedov <imammedo@redhat.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
> Reviewed-by: Igor Mammedov <imammedo@redhat.com>
> ---
> 
> Notes:
>      v7:
>      - no changes, pick up Igor's R-b
>      
>      v6:
>      - no changes, pick up Michael's R-b
>      
>      v5:
>      - replace the ICH9_LPC_SMI_F_BROADCAST bit value with the
>        ICH9_LPC_SMI_F_BROADCAST_BIT bit position (necessary for
>        DEFINE_PROP_BIT() in the next patch)
> 
>   include/hw/i386/ich9.h |  3 +++
>   hw/isa/lpc_ich9.c      | 10 +++++++++-
>   2 files changed, 12 insertions(+), 1 deletion(-)
> 
> diff --git a/include/hw/i386/ich9.h b/include/hw/i386/ich9.h
> index da1118727146..18dcca7ebcbf 100644
> --- a/include/hw/i386/ich9.h
> +++ b/include/hw/i386/ich9.h
> @@ -250,4 +250,7 @@ Object *ich9_lpc_find(void);
>   #define ICH9_SMB_HST_D1                         0x06
>   #define ICH9_SMB_HOST_BLOCK_DB                  0x07
>   
> +/* bit positions used in fw_cfg SMI feature negotiation */
> +#define ICH9_LPC_SMI_F_BROADCAST_BIT            0
> +
>   #endif /* HW_ICH9_H */
> diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
> index 376b7801a42c..ced6f803a4f2 100644
> --- a/hw/isa/lpc_ich9.c
> +++ b/hw/isa/lpc_ich9.c
> @@ -437,7 +437,15 @@ static void ich9_apm_ctrl_changed(uint32_t val, void *arg)
>   
>       /* SMI_EN = PMBASE + 30. SMI control and enable register */
>       if (lpc->pm.smi_en & ICH9_PMIO_SMI_EN_APMC_EN) {
> -        cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);
> +        if (lpc->smi_negotiated_features &
> +            (UINT64_C(1) << ICH9_LPC_SMI_F_BROADCAST_BIT)) {
> +            CPUState *cs;
> +            CPU_FOREACH(cs) {
> +                cpu_interrupt(cs, CPU_INTERRUPT_SMI);
> +            }
> +        } else {
> +            cpu_interrupt(current_cpu, CPU_INTERRUPT_SMI);
> +        }
>       }
>   }
>