mbox series

[v5,00/10] x86: fix cpu hotplug with secure boot

Message ID 20200907112348.530921-1-imammedo@redhat.com
Headers show
Series x86: fix cpu hotplug with secure boot | expand

Message

Igor Mammedov Sept. 7, 2020, 11:23 a.m. UTC
v5:
  - fix hotplug on Windows when there is more than 256 possible CPUs
    (Windows isn't able to handle VarPackage over 255 elements
     so process CPUs in batches)
  - fix off-by-one in package length (Laszlo)
  - fix not selecting CPU before clearing insert event (Laszlo)
  - use aml_lgreater() instead of aml_lnot(aml_equal(num_added_cpus, zero) (Laszlo)
  - split 'x68: acpi: trigger SMI before sending hotplug Notify event to OSPM'
    in samller chunks (Laszlo)
  - fix comment to match spec (Laszlo)
  - reorder aml_lor() and aml_land() in header (Laszlo)
v4:
  - fix 5.2 machine types so they won't apply pc_compat_5_1 (Laszlo)
v3:
  - rebase on top of "[PATCH v2] hw: add compat machines for 5.2"
    so apply that before this patch
v2:
  - AML: clean is_inserted flag only after SMI callback
  - make x-smi-cpu-hotunplug false by default
  - massage error hint on not supported unplug
v1:
  - fix typos and some phrases (Laszlo)
  - add unplug check (Laszlo)
  - redo AML scan logic to avoid race when adding multiple CPUs

CPU hotplug with Secure Boot was not really supported and firmware wasn't aware
of hotplugged CPUs (which might lead to guest crashes). During 4.2 we introduced
locked SMI handler RAM arrea to make sure that guest OS wasn't able to inject
its own SMI handler and OVMF added initial CPU hotplug support.

This series is QEMU part of that support which lets QMVF tell QEMU that
CPU hotplug with SMI broadcast enabled is supported so that QEMU would be able
to prevent hotplug in case it's not supported and trigger SMI on hotplug when
it's necessary.

Igor Mammedov (10):
  x86: lpc9: let firmware negotiate 'CPU hotplug with SMI' features
  x86: cpuhp: prevent guest crash on CPU hotplug when broadcast SMI is
    in use
  x86: cpuhp: refuse cpu hot-unplug request earlier if not supported
  acpi: add aml_land() and aml_break() primitives
  tests: acpi: mark to be changed tables in
    bios-tables-test-allowed-diff
  x86: ich9: expose "smi_negotiated_features" as a QOM property
  x86: acpi: introduce AcpiPmInfo::smi_on_cpuhp
  x86: acpi: introduce the PCI0.SMI0 ACPI device
  x68: acpi: trigger SMI before sending hotplug Notify event to OSPM
  tests: acpi: update acpi blobs with new AML

 include/hw/acpi/aml-build.h       |   2 +
 include/hw/acpi/cpu.h             |   1 +
 include/hw/i386/ich9.h            |   4 +
 hw/acpi/aml-build.c               |  16 +++
 hw/acpi/cpu.c                     | 156 ++++++++++++++++++++++++------
 hw/acpi/ich9.c                    |  24 ++++-
 hw/i386/acpi-build.c              |  35 ++++++-
 hw/i386/pc.c                      |  15 ++-
 hw/isa/lpc_ich9.c                 |  16 +++
 tests/data/acpi/pc/DSDT           | Bin 4934 -> 5060 bytes
 tests/data/acpi/pc/DSDT.acpihmat  | Bin 6258 -> 6385 bytes
 tests/data/acpi/pc/DSDT.bridge    | Bin 6793 -> 6919 bytes
 tests/data/acpi/pc/DSDT.cphp      | Bin 5397 -> 5524 bytes
 tests/data/acpi/pc/DSDT.dimmpxm   | Bin 6587 -> 6714 bytes
 tests/data/acpi/pc/DSDT.ipmikcs   | Bin 5006 -> 5132 bytes
 tests/data/acpi/pc/DSDT.memhp     | Bin 6293 -> 6419 bytes
 tests/data/acpi/pc/DSDT.numamem   | Bin 4940 -> 5066 bytes
 tests/data/acpi/q35/DSDT          | Bin 7678 -> 7804 bytes
 tests/data/acpi/q35/DSDT.acpihmat | Bin 9002 -> 9129 bytes
 tests/data/acpi/q35/DSDT.bridge   | Bin 7695 -> 7821 bytes
 tests/data/acpi/q35/DSDT.cphp     | Bin 8141 -> 8268 bytes
 tests/data/acpi/q35/DSDT.dimmpxm  | Bin 9331 -> 9458 bytes
 tests/data/acpi/q35/DSDT.ipmibt   | Bin 7753 -> 7879 bytes
 tests/data/acpi/q35/DSDT.memhp    | Bin 9037 -> 9163 bytes
 tests/data/acpi/q35/DSDT.mmio64   | Bin 8808 -> 8934 bytes
 tests/data/acpi/q35/DSDT.numamem  | Bin 7684 -> 7810 bytes
 tests/data/acpi/q35/DSDT.tis      | Bin 8283 -> 8409 bytes
 27 files changed, 239 insertions(+), 30 deletions(-)

Comments

Igor Mammedov Sept. 21, 2020, 11:46 a.m. UTC | #1
On Mon,  7 Sep 2020 07:23:38 -0400
Igor Mammedov <imammedo@redhat.com> wrote:

> v5:

>   - fix hotplug on Windows when there is more than 256 possible CPUs

>     (Windows isn't able to handle VarPackage over 255 elements

>      so process CPUs in batches)

>   - fix off-by-one in package length (Laszlo)

>   - fix not selecting CPU before clearing insert event (Laszlo)

>   - use aml_lgreater() instead of aml_lnot(aml_equal(num_added_cpus, zero) (Laszlo)

>   - split 'x68: acpi: trigger SMI before sending hotplug Notify event to OSPM'

>     in samller chunks (Laszlo)

>   - fix comment to match spec (Laszlo)

>   - reorder aml_lor() and aml_land() in header (Laszlo)

> v4:

>   - fix 5.2 machine types so they won't apply pc_compat_5_1 (Laszlo)

> v3:

>   - rebase on top of "[PATCH v2] hw: add compat machines for 5.2"

>     so apply that before this patch

> v2:

>   - AML: clean is_inserted flag only after SMI callback

>   - make x-smi-cpu-hotunplug false by default

>   - massage error hint on not supported unplug

> v1:

>   - fix typos and some phrases (Laszlo)

>   - add unplug check (Laszlo)

>   - redo AML scan logic to avoid race when adding multiple CPUs


Michael,

just saw your pull request which missed this series.
Is there any plans to queue it for the next pull request?



> CPU hotplug with Secure Boot was not really supported and firmware wasn't aware

> of hotplugged CPUs (which might lead to guest crashes). During 4.2 we introduced

> locked SMI handler RAM arrea to make sure that guest OS wasn't able to inject

> its own SMI handler and OVMF added initial CPU hotplug support.

> 

> This series is QEMU part of that support which lets QMVF tell QEMU that

> CPU hotplug with SMI broadcast enabled is supported so that QEMU would be able

> to prevent hotplug in case it's not supported and trigger SMI on hotplug when

> it's necessary.

> 

> Igor Mammedov (10):

>   x86: lpc9: let firmware negotiate 'CPU hotplug with SMI' features

>   x86: cpuhp: prevent guest crash on CPU hotplug when broadcast SMI is

>     in use

>   x86: cpuhp: refuse cpu hot-unplug request earlier if not supported

>   acpi: add aml_land() and aml_break() primitives

>   tests: acpi: mark to be changed tables in

>     bios-tables-test-allowed-diff

>   x86: ich9: expose "smi_negotiated_features" as a QOM property

>   x86: acpi: introduce AcpiPmInfo::smi_on_cpuhp

>   x86: acpi: introduce the PCI0.SMI0 ACPI device

>   x68: acpi: trigger SMI before sending hotplug Notify event to OSPM

>   tests: acpi: update acpi blobs with new AML

> 

>  include/hw/acpi/aml-build.h       |   2 +

>  include/hw/acpi/cpu.h             |   1 +

>  include/hw/i386/ich9.h            |   4 +

>  hw/acpi/aml-build.c               |  16 +++

>  hw/acpi/cpu.c                     | 156 ++++++++++++++++++++++++------

>  hw/acpi/ich9.c                    |  24 ++++-

>  hw/i386/acpi-build.c              |  35 ++++++-

>  hw/i386/pc.c                      |  15 ++-

>  hw/isa/lpc_ich9.c                 |  16 +++

>  tests/data/acpi/pc/DSDT           | Bin 4934 -> 5060 bytes

>  tests/data/acpi/pc/DSDT.acpihmat  | Bin 6258 -> 6385 bytes

>  tests/data/acpi/pc/DSDT.bridge    | Bin 6793 -> 6919 bytes

>  tests/data/acpi/pc/DSDT.cphp      | Bin 5397 -> 5524 bytes

>  tests/data/acpi/pc/DSDT.dimmpxm   | Bin 6587 -> 6714 bytes

>  tests/data/acpi/pc/DSDT.ipmikcs   | Bin 5006 -> 5132 bytes

>  tests/data/acpi/pc/DSDT.memhp     | Bin 6293 -> 6419 bytes

>  tests/data/acpi/pc/DSDT.numamem   | Bin 4940 -> 5066 bytes

>  tests/data/acpi/q35/DSDT          | Bin 7678 -> 7804 bytes

>  tests/data/acpi/q35/DSDT.acpihmat | Bin 9002 -> 9129 bytes

>  tests/data/acpi/q35/DSDT.bridge   | Bin 7695 -> 7821 bytes

>  tests/data/acpi/q35/DSDT.cphp     | Bin 8141 -> 8268 bytes

>  tests/data/acpi/q35/DSDT.dimmpxm  | Bin 9331 -> 9458 bytes

>  tests/data/acpi/q35/DSDT.ipmibt   | Bin 7753 -> 7879 bytes

>  tests/data/acpi/q35/DSDT.memhp    | Bin 9037 -> 9163 bytes

>  tests/data/acpi/q35/DSDT.mmio64   | Bin 8808 -> 8934 bytes

>  tests/data/acpi/q35/DSDT.numamem  | Bin 7684 -> 7810 bytes

>  tests/data/acpi/q35/DSDT.tis      | Bin 8283 -> 8409 bytes

>  27 files changed, 239 insertions(+), 30 deletions(-)

>
Michael S. Tsirkin Sept. 21, 2020, 12:34 p.m. UTC | #2
On Mon, Sep 21, 2020 at 01:46:01PM +0200, Igor Mammedov wrote:
> On Mon,  7 Sep 2020 07:23:38 -0400

> Igor Mammedov <imammedo@redhat.com> wrote:

> 

> > v5:

> >   - fix hotplug on Windows when there is more than 256 possible CPUs

> >     (Windows isn't able to handle VarPackage over 255 elements

> >      so process CPUs in batches)

> >   - fix off-by-one in package length (Laszlo)

> >   - fix not selecting CPU before clearing insert event (Laszlo)

> >   - use aml_lgreater() instead of aml_lnot(aml_equal(num_added_cpus, zero) (Laszlo)

> >   - split 'x68: acpi: trigger SMI before sending hotplug Notify event to OSPM'

> >     in samller chunks (Laszlo)

> >   - fix comment to match spec (Laszlo)

> >   - reorder aml_lor() and aml_land() in header (Laszlo)

> > v4:

> >   - fix 5.2 machine types so they won't apply pc_compat_5_1 (Laszlo)

> > v3:

> >   - rebase on top of "[PATCH v2] hw: add compat machines for 5.2"

> >     so apply that before this patch

> > v2:

> >   - AML: clean is_inserted flag only after SMI callback

> >   - make x-smi-cpu-hotunplug false by default

> >   - massage error hint on not supported unplug

> > v1:

> >   - fix typos and some phrases (Laszlo)

> >   - add unplug check (Laszlo)

> >   - redo AML scan logic to avoid race when adding multiple CPUs

> 

> Michael,

> 

> just saw your pull request which missed this series.

> Is there any plans to queue it for the next pull request?


Oh.
You didn't Cc me on most patches so I assumed this is targeting some other tree.
Sorry.
Will review and queue, thanks.

> 

> 

> > CPU hotplug with Secure Boot was not really supported and firmware wasn't aware

> > of hotplugged CPUs (which might lead to guest crashes). During 4.2 we introduced

> > locked SMI handler RAM arrea to make sure that guest OS wasn't able to inject

> > its own SMI handler and OVMF added initial CPU hotplug support.

> > 

> > This series is QEMU part of that support which lets QMVF tell QEMU that

> > CPU hotplug with SMI broadcast enabled is supported so that QEMU would be able

> > to prevent hotplug in case it's not supported and trigger SMI on hotplug when

> > it's necessary.

> > 

> > Igor Mammedov (10):

> >   x86: lpc9: let firmware negotiate 'CPU hotplug with SMI' features

> >   x86: cpuhp: prevent guest crash on CPU hotplug when broadcast SMI is

> >     in use

> >   x86: cpuhp: refuse cpu hot-unplug request earlier if not supported

> >   acpi: add aml_land() and aml_break() primitives

> >   tests: acpi: mark to be changed tables in

> >     bios-tables-test-allowed-diff

> >   x86: ich9: expose "smi_negotiated_features" as a QOM property

> >   x86: acpi: introduce AcpiPmInfo::smi_on_cpuhp

> >   x86: acpi: introduce the PCI0.SMI0 ACPI device

> >   x68: acpi: trigger SMI before sending hotplug Notify event to OSPM

> >   tests: acpi: update acpi blobs with new AML

> > 

> >  include/hw/acpi/aml-build.h       |   2 +

> >  include/hw/acpi/cpu.h             |   1 +

> >  include/hw/i386/ich9.h            |   4 +

> >  hw/acpi/aml-build.c               |  16 +++

> >  hw/acpi/cpu.c                     | 156 ++++++++++++++++++++++++------

> >  hw/acpi/ich9.c                    |  24 ++++-

> >  hw/i386/acpi-build.c              |  35 ++++++-

> >  hw/i386/pc.c                      |  15 ++-

> >  hw/isa/lpc_ich9.c                 |  16 +++

> >  tests/data/acpi/pc/DSDT           | Bin 4934 -> 5060 bytes

> >  tests/data/acpi/pc/DSDT.acpihmat  | Bin 6258 -> 6385 bytes

> >  tests/data/acpi/pc/DSDT.bridge    | Bin 6793 -> 6919 bytes

> >  tests/data/acpi/pc/DSDT.cphp      | Bin 5397 -> 5524 bytes

> >  tests/data/acpi/pc/DSDT.dimmpxm   | Bin 6587 -> 6714 bytes

> >  tests/data/acpi/pc/DSDT.ipmikcs   | Bin 5006 -> 5132 bytes

> >  tests/data/acpi/pc/DSDT.memhp     | Bin 6293 -> 6419 bytes

> >  tests/data/acpi/pc/DSDT.numamem   | Bin 4940 -> 5066 bytes

> >  tests/data/acpi/q35/DSDT          | Bin 7678 -> 7804 bytes

> >  tests/data/acpi/q35/DSDT.acpihmat | Bin 9002 -> 9129 bytes

> >  tests/data/acpi/q35/DSDT.bridge   | Bin 7695 -> 7821 bytes

> >  tests/data/acpi/q35/DSDT.cphp     | Bin 8141 -> 8268 bytes

> >  tests/data/acpi/q35/DSDT.dimmpxm  | Bin 9331 -> 9458 bytes

> >  tests/data/acpi/q35/DSDT.ipmibt   | Bin 7753 -> 7879 bytes

> >  tests/data/acpi/q35/DSDT.memhp    | Bin 9037 -> 9163 bytes

> >  tests/data/acpi/q35/DSDT.mmio64   | Bin 8808 -> 8934 bytes

> >  tests/data/acpi/q35/DSDT.numamem  | Bin 7684 -> 7810 bytes

> >  tests/data/acpi/q35/DSDT.tis      | Bin 8283 -> 8409 bytes

> >  27 files changed, 239 insertions(+), 30 deletions(-)

> >
Igor Mammedov Sept. 23, 2020, 9:48 a.m. UTC | #3
On Mon, 21 Sep 2020 08:34:31 -0400
"Michael S. Tsirkin" <mst@redhat.com> wrote:

> On Mon, Sep 21, 2020 at 01:46:01PM +0200, Igor Mammedov wrote:

> > On Mon,  7 Sep 2020 07:23:38 -0400

> > Igor Mammedov <imammedo@redhat.com> wrote:

> >   

> > > v5:

> > >   - fix hotplug on Windows when there is more than 256 possible CPUs

> > >     (Windows isn't able to handle VarPackage over 255 elements

> > >      so process CPUs in batches)

> > >   - fix off-by-one in package length (Laszlo)

> > >   - fix not selecting CPU before clearing insert event (Laszlo)

> > >   - use aml_lgreater() instead of aml_lnot(aml_equal(num_added_cpus, zero) (Laszlo)

> > >   - split 'x68: acpi: trigger SMI before sending hotplug Notify event to OSPM'

> > >     in samller chunks (Laszlo)

> > >   - fix comment to match spec (Laszlo)

> > >   - reorder aml_lor() and aml_land() in header (Laszlo)

> > > v4:

> > >   - fix 5.2 machine types so they won't apply pc_compat_5_1 (Laszlo)

> > > v3:

> > >   - rebase on top of "[PATCH v2] hw: add compat machines for 5.2"

> > >     so apply that before this patch

> > > v2:

> > >   - AML: clean is_inserted flag only after SMI callback

> > >   - make x-smi-cpu-hotunplug false by default

> > >   - massage error hint on not supported unplug

> > > v1:

> > >   - fix typos and some phrases (Laszlo)

> > >   - add unplug check (Laszlo)

> > >   - redo AML scan logic to avoid race when adding multiple CPUs  

> > 

> > Michael,

> > 

> > just saw your pull request which missed this series.

> > Is there any plans to queue it for the next pull request?  

> 

> Oh.

> You didn't Cc me on most patches so I assumed this is targeting some other tree.

> Sorry.

> Will review and queue, thanks.

Thanks,

Series doesn't apply anymore,
I've rebased fixing conflicts and resent it as v6.

> 

> > 

> >   

> > > CPU hotplug with Secure Boot was not really supported and firmware wasn't aware

> > > of hotplugged CPUs (which might lead to guest crashes). During 4.2 we introduced

> > > locked SMI handler RAM arrea to make sure that guest OS wasn't able to inject

> > > its own SMI handler and OVMF added initial CPU hotplug support.

> > > 

> > > This series is QEMU part of that support which lets QMVF tell QEMU that

> > > CPU hotplug with SMI broadcast enabled is supported so that QEMU would be able

> > > to prevent hotplug in case it's not supported and trigger SMI on hotplug when

> > > it's necessary.

> > > 

> > > Igor Mammedov (10):

> > >   x86: lpc9: let firmware negotiate 'CPU hotplug with SMI' features

> > >   x86: cpuhp: prevent guest crash on CPU hotplug when broadcast SMI is

> > >     in use

> > >   x86: cpuhp: refuse cpu hot-unplug request earlier if not supported

> > >   acpi: add aml_land() and aml_break() primitives

> > >   tests: acpi: mark to be changed tables in

> > >     bios-tables-test-allowed-diff

> > >   x86: ich9: expose "smi_negotiated_features" as a QOM property

> > >   x86: acpi: introduce AcpiPmInfo::smi_on_cpuhp

> > >   x86: acpi: introduce the PCI0.SMI0 ACPI device

> > >   x68: acpi: trigger SMI before sending hotplug Notify event to OSPM

> > >   tests: acpi: update acpi blobs with new AML

> > > 

> > >  include/hw/acpi/aml-build.h       |   2 +

> > >  include/hw/acpi/cpu.h             |   1 +

> > >  include/hw/i386/ich9.h            |   4 +

> > >  hw/acpi/aml-build.c               |  16 +++

> > >  hw/acpi/cpu.c                     | 156 ++++++++++++++++++++++++------

> > >  hw/acpi/ich9.c                    |  24 ++++-

> > >  hw/i386/acpi-build.c              |  35 ++++++-

> > >  hw/i386/pc.c                      |  15 ++-

> > >  hw/isa/lpc_ich9.c                 |  16 +++

> > >  tests/data/acpi/pc/DSDT           | Bin 4934 -> 5060 bytes

> > >  tests/data/acpi/pc/DSDT.acpihmat  | Bin 6258 -> 6385 bytes

> > >  tests/data/acpi/pc/DSDT.bridge    | Bin 6793 -> 6919 bytes

> > >  tests/data/acpi/pc/DSDT.cphp      | Bin 5397 -> 5524 bytes

> > >  tests/data/acpi/pc/DSDT.dimmpxm   | Bin 6587 -> 6714 bytes

> > >  tests/data/acpi/pc/DSDT.ipmikcs   | Bin 5006 -> 5132 bytes

> > >  tests/data/acpi/pc/DSDT.memhp     | Bin 6293 -> 6419 bytes

> > >  tests/data/acpi/pc/DSDT.numamem   | Bin 4940 -> 5066 bytes

> > >  tests/data/acpi/q35/DSDT          | Bin 7678 -> 7804 bytes

> > >  tests/data/acpi/q35/DSDT.acpihmat | Bin 9002 -> 9129 bytes

> > >  tests/data/acpi/q35/DSDT.bridge   | Bin 7695 -> 7821 bytes

> > >  tests/data/acpi/q35/DSDT.cphp     | Bin 8141 -> 8268 bytes

> > >  tests/data/acpi/q35/DSDT.dimmpxm  | Bin 9331 -> 9458 bytes

> > >  tests/data/acpi/q35/DSDT.ipmibt   | Bin 7753 -> 7879 bytes

> > >  tests/data/acpi/q35/DSDT.memhp    | Bin 9037 -> 9163 bytes

> > >  tests/data/acpi/q35/DSDT.mmio64   | Bin 8808 -> 8934 bytes

> > >  tests/data/acpi/q35/DSDT.numamem  | Bin 7684 -> 7810 bytes

> > >  tests/data/acpi/q35/DSDT.tis      | Bin 8283 -> 8409 bytes

> > >  27 files changed, 239 insertions(+), 30 deletions(-)

> > >   

> 

>