xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: Alexey G <x1917x@gmail.com>
To: Igor Druzhinin <igor.druzhinin@citrix.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
	jbeulich@suse.com, xen-devel@lists.xen.org
Subject: Re: [PATCH] x86/nmi: lower initial watchdog frequency to avoid boot hangs
Date: Wed, 7 Feb 2018 16:35:10 +1000	[thread overview]
Message-ID: <20180207163510.0000762b@gmail.com> (raw)
In-Reply-To: <b64a75a4-c234-6729-acf2-e2989dbae2ab@citrix.com>


>>>> If the actual SMI source is not related to some place in the NMI
>>>> handler code but was eg. due to some SMI timer, lowering NMI
>>>> watchdog frequency might not fix the issue completely, but lower
>>>> its reproducibility (perhaps to some very rare occurrences). So
>>>> it's better be sure what was the real source of SMI.
>>>>     
>>>
>>> This *is* related to this instruction - it was confirmed
>>> empirically. Removing this instruction stops SMIs from occurring
>>> and effectively removes the issue leaving the frequency unchanged.  
>> 
>> Hmm, it would be interesting to know for what evil purpose does it
>> need to trap I/O port 61h.
>> BTW, on which motherboard model the issue was reproduced?
>>   
>
>The issue has been reported for some Dell/Huawei Skylake platforms (one
>of them PowerEdge R740 to be precise) but I don't think the others are
>unaffected (the issue supposedly originates from Intel's reference
>code)
>- the default BIOS setup indeed matters.

Here is a bit of info you might find useful. I did a quick research on
my test system (Gigabyte GA-H270M-D3H) in order to confirm if BIOS traps
I/O port 61h (NMI status) and for what purposes.

Well, turns out it really does.
Moreover, it's actually the only fixed I/O port location trapped by SMI
I/O traps on this system. Few others are simply 'allocated' ones,
meaning the real I/O port address being trapped is chosen dynamically by
supplying Address=0 to a corresponding call to EFI I/O Trap interface
function -- such I/O traps may be used as interfaces with a SMI handler
in a manner similar to the SW SMI interface.

The EFI module responsible for installing port 61h SMI I/O Trap is
PchInitSmm in my case. The related code is:
    ...
    mov     eax, 61h
    lea     r9, qword_5778
    mov     [rsp+98h+io_trap_ctx.io_address], ax
    mov     rax, cs:pIoTrapIF
    lea     r8, [rsp+98h+io_trap_ctx]
    lea     rdx, Port61h_IoTrapHandler
    mov     rcx, rax
    mov     [rsp+98h+io_trap_ctx.trap_type], ebp  ; trap reads
    mov     [rsp+98h+io_trap_ctx.io_len], bp	  ; ebp=1
    call    qword ptr [rax]
    ...

The actual handler (named Port61h_IoTrapHandler in the above code) is
fairly lightweight and does a bit of useless black magic.

First, there is a loop for all CPUs which finds which CPU actually
caused trapped I/O operation by reading NMI status port.

Then it reads the original port 61h value and set NMI_SC bit4 to its
inverted previous state for the selected CPU' bit. And then updated AL
register value is returned to the NMI_SC-reading user code (via
patching RAX register value in SMRAM saved state):

    ; ebp = 61h, rbx = CPU index
    ...
    mov     edx, ebp
    in      al, dx

    mov     r8, cs:bmNmiRefTogglesForCpus
    mov     rcx, rbx
    mov     edx, 1
    shl     edx, cl
    mov     r9, rbx
    movsxd  rcx, edx
    mov     dl, al
    and     al, 0EFh
    xor     r8, rcx
    or      dl, 10h
    mov     cs:bmNmiRefTogglesForCpus, r8
    and     r8, rcx
    movzx   ecx, al
    movzx   eax, dl
    test    r8, r8
    mov     edx, 1
    cmovnz  ecx, eax
    lea     rax, [rsp+58h+al_to_return]
    lea     r8d, [rdx+25h]  ; EFI_SMM_SAVE_STATE_REGISTER_RAX
    mov     [rsp+58h+func_arg0], rax
    mov     rax, cs:pEFI_SMM_CPU_PROTOCOL_GUID_IF
    mov     [rsp+58h+al_to_return], cl
    mov     rcx, rax
    call    qword ptr [rax+8] ; WriteSaveState
    ...

So, the only purpose of this stuff is emulating REF_TOGGLE bit toggling
logic (simply by alternating ones and zeros on each NMI_SC read),
nothing more. Sort of workaround for some legacy code which depends on
REF_TOGGLE rolling (which is now being marked Reserved in docs).

On this particular system SMI I/O trap for port 61h neither do anything
time-consuming nor anything really useful. That Dell system must have
something similar (thanks to common EFI ref code from Intel Igor
mentioned), leaving the question why port 61h reading is so slow there.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

  reply	other threads:[~2018-02-07  6:35 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-02-05 21:18 [PATCH] x86/nmi: lower initial watchdog frequency to avoid boot hangs Igor Druzhinin
2018-02-06  3:10 ` Alexey G
2018-02-06 14:21   ` Andrew Cooper
2018-02-06 17:08     ` Alexey G
2018-02-06 17:21       ` Igor Druzhinin
2018-02-06 18:17         ` Alexey G
2018-02-06 19:50           ` Igor Druzhinin
2018-02-07  6:35             ` Alexey G [this message]
2018-02-06 14:10 ` Andrew Cooper
2018-02-06 16:07 ` Jan Beulich
2018-02-06 16:14   ` Igor Druzhinin
2018-02-06 16:23     ` Jan Beulich
2018-02-06 16:27       ` Igor Druzhinin
2018-02-06 16:29       ` Igor Druzhinin
2018-02-06 21:51       ` Igor Druzhinin
2018-02-07  9:13         ` Jan Beulich
2018-02-07 13:01           ` Igor Druzhinin
2018-02-07 13:08             ` Jan Beulich
2018-02-07 13:24               ` Andrew Cooper
2018-02-07 15:06                 ` Jan Beulich
2018-02-07 17:08                   ` Andrew Cooper
2018-02-08  9:12                     ` Jan Beulich
2018-02-08 12:18                       ` Andrew Cooper
2018-02-13  9:03                         ` Jan Beulich
2018-02-07 13:54               ` Igor Druzhinin
2018-02-08  6:37             ` Alexey G
2018-02-08 10:47               ` Igor Druzhinin
2018-02-08 12:32                 ` Alexey G
2018-02-08 12:40                   ` Andrew Cooper
2018-02-08 14:37                     ` Alexey G
2018-02-08 15:00                       ` Andrew Cooper
2018-02-08 15:28                         ` Alexey G

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180207163510.0000762b@gmail.com \
    --to=x1917x@gmail.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=igor.druzhinin@citrix.com \
    --cc=jbeulich@suse.com \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).