Received: by 2002:ab2:6203:0:b0:1f5:f2ab:c469 with SMTP id o3csp640083lqt; Fri, 19 Apr 2024 06:28:42 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCX7Klqsloeq314pVJxF6hSopmQ9TFCgpzWHDKICTAW81GKKGmusvgSpZbyCkXRSloxtEnfWHj1aFDFNhOTVbUvC+VDdN/oqACsAn9JM2w== X-Google-Smtp-Source: AGHT+IG9Ensbdf8jpKnDbMfAuBonB77Aac52S//gGI1DRr4nZrsxmVKYZj8JeuOMYK3jYi0vNF2S X-Received: by 2002:a0c:d84b:0:b0:698:f82b:a6e4 with SMTP id i11-20020a0cd84b000000b00698f82ba6e4mr2119673qvj.40.1713533322362; Fri, 19 Apr 2024 06:28:42 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713533322; cv=pass; d=google.com; s=arc-20160816; b=xEDMRJVmtPe5k0pbJ0iEZI5ki349zxxM1+oz9oqQlO8rv7k/wTgRG2JfzYcpiu5ZNP g4mFZBXmBMkhqr31vYCJPFX1gcwY0CQx+/z+MNR+L3AR7RJrTvMZ9CAdVZuGCKSBHYTz pV7zgIcBtzp6hCJDAwQiphfMi/LHtJ1avUPiITN/frPdSeb4NXxa6+i6xodqztT2kSH+ ZYAKuUkVQQI2dF177ebvpPVeQnGLlqAhWt67KF1KTDGdD/cnmSfi0S3nO1z+eRAxsMZh g0rHs0uRZ8hJx2imgM+lsPCHb7LHPh6dIyiy0/TfZPSVxXSmpP3v10YqJV1oW8gYH6fx bPaw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=ENA/ILce95HlOOVwJuD5NRAe1vDtBRItlwOCTkkMkAE=; fh=lxk+RvRezZ2XdeqcUekliP1X0ajcmlwf4vpqZg41Bzk=; b=0oztH3fruRpo0jVyNnR8L8ByIgnQk0sgq0YgSLZ12IAfvRTtDHvmZocpz3iXADKAFk judERcYp8ZzSC+p/BTfblryu6EwZGMQJf+Niy7rni6/qMHkVePsqxT54xXuPBkEuEM5c LrjAGfwtcCXH1krxX5s6n2Nka44fNO6nkNuWSFOwvSGuUJVsvZklatS0v33Vi8H7Le8H QbDsQAxr/PQfEHc3lgDTiLUbbsJz5b6Enq/46xAEx/w8HFKo1kYCXO1pp09sOrZ+oG++ 5O9b8OGY3Jrd3rDl34D0UTOsnAXZRLeYr2oucMWvlF0fSrV0bkwrTzMN5XrcYBfNL1Un 654w==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Q7GFCHWK; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-151471-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-151471-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id ed3-20020ad44ea3000000b0069c8457cb6dsi3902344qvb.387.2024.04.19.06.28.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 06:28:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-151471-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Q7GFCHWK; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-151471-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-151471-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 0CEDD1C223C5 for ; Fri, 19 Apr 2024 13:28:42 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id F1FC48624B; Fri, 19 Apr 2024 13:28:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Q7GFCHWK" Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 25DF5622 for ; Fri, 19 Apr 2024 13:28:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.7 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713533313; cv=none; b=Dcb3Af+irwijC42DSCeOhtDSzlI3ymaS+qyqHHMe+UAGK3Nc0wAnpgIeKJ4wAlhEgIoaTcZy6SJVjl5d6cZIE2huN3JHgnF49k0VJYD4GuAmmDXmMCjeS9rfTlRxQjfkvD4LvfyhZmTi+D7w8iZMjE0AmtuCU4tUHKm5YjlCnPY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713533313; c=relaxed/simple; bh=/RG5qBxdULyRKxsA28Wpo5X45cb7aAWaUcDEA+9wmsM=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=sQomw+K4I8WV2wM8Gqvlk58P7IyMUXs4ncjdeG57Cg22PjrestNTKWx849oduAH45U96BgATn84Y33D3oTT1vnmZ9s08BFzGRLalYtI+zEO1n0napjter+8kPfZbue84xXtq+lZifvW+wqYcp76v6l+P3EjW1KcVAt3/SEHXg5E= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Q7GFCHWK; arc=none smtp.client-ip=192.198.163.7 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1713533312; x=1745069312; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=/RG5qBxdULyRKxsA28Wpo5X45cb7aAWaUcDEA+9wmsM=; b=Q7GFCHWKOZtvtkO45qNiQd8MptzwfNjFXDzEuJkPE8MzHfTVyDyOgswt iVKlq7FZiumr97KpOuY9EcHGiWg2946MqUIxNcW6AQ7NIMEkLBxfxxxgc hwGiBYtB/tQTujADPhZ5Ur89XgAKRrdNEve/Ie+PGtqPu+tqmeTIkdDgn CwHCxz8bpX3FVqNynWT+MfXGoQaKPK9PufLNQFseHjQUWrh7Yq966upyd 1mh+IokdCiGtBJWmGdd80lf++bVJMcR9ldKCFogKCwLKv32CUL0iTQcT5 zZpxFGZltGktJpc+bzyhNKkVLkEAs4KDACSBhQWOBN9XqqmlgdUsNZrY8 Q==; X-CSE-ConnectionGUID: +actXcPnRHmJcDXLGbnDWg== X-CSE-MsgGUID: GypDxFMTRqaC15oe9i/3fw== X-IronPort-AV: E=McAfee;i="6600,9927,11049"; a="34531948" X-IronPort-AV: E=Sophos;i="6.07,213,1708416000"; d="scan'208";a="34531948" Received: from orviesa008.jf.intel.com ([10.64.159.148]) by fmvoesa101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2024 06:28:31 -0700 X-CSE-ConnectionGUID: KtBqwECzQqSH2sV4He1iOg== X-CSE-MsgGUID: 7j1cWn0ZS+WMSGDgRdQ80w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,213,1708416000"; d="scan'208";a="23949961" Received: from black.fi.intel.com ([10.237.72.28]) by orviesa008.jf.intel.com with ESMTP; 19 Apr 2024 06:28:25 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id B1F50FD; Fri, 19 Apr 2024 16:28:24 +0300 (EEST) Date: Fri, 19 Apr 2024 16:28:24 +0300 From: "Kirill A. Shutemov" To: Borislav Petkov Cc: Thomas Gleixner , Ingo Molnar , Dave Hansen , x86@kernel.org, "Rafael J. Wysocki" , Peter Zijlstra , Adrian Hunter , Kuppuswamy Sathyanarayanan , Elena Reshetova , Jun Nakajima , Rick Edgecombe , Tom Lendacky , "Kalra, Ashish" , Sean Christopherson , "Huang, Kai" , Baoquan He , kexec@lists.infradead.org, linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, Tao Liu Subject: Re: [PATCHv10 01/18] x86/acpi: Extract ACPI MADT wakeup code into a separate file Message-ID: References: <20240409113010.465412-1-kirill.shutemov@linux.intel.com> <20240409113010.465412-2-kirill.shutemov@linux.intel.com> <20240418160324.GKZiFETI8U1WeaUS7_@fat_crate.local> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240418160324.GKZiFETI8U1WeaUS7_@fat_crate.local> On Thu, Apr 18, 2024 at 06:03:24PM +0200, Borislav Petkov wrote: > On Tue, Apr 09, 2024 at 02:29:53PM +0300, Kirill A. Shutemov wrote: > > diff --git a/arch/x86/kernel/acpi/Makefile b/arch/x86/kernel/acpi/Makefile > > index fc17b3f136fe..8c7329c88a75 100644 > > --- a/arch/x86/kernel/acpi/Makefile > > +++ b/arch/x86/kernel/acpi/Makefile > > @@ -1,11 +1,12 @@ > > # SPDX-License-Identifier: GPL-2.0 > > > > -obj-$(CONFIG_ACPI) += boot.o > > -obj-$(CONFIG_ACPI_SLEEP) += sleep.o wakeup_$(BITS).o > > -obj-$(CONFIG_ACPI_APEI) += apei.o > > -obj-$(CONFIG_ACPI_CPPC_LIB) += cppc.o > > +obj-$(CONFIG_ACPI) += boot.o > > +obj-$(CONFIG_ACPI_SLEEP) += sleep.o wakeup_$(BITS).o > > +obj-$(CONFIG_ACPI_APEI) += apei.o > > +obj-$(CONFIG_ACPI_CPPC_LIB) += cppc.o > > +obj-$(CONFIG_X86_ACPI_MADT_WAKEUP) += madt_wakeup.o > > If you drop the "_X86" from the config symbol, you won't have to > re-align them. And the other config symbols don't have to have "_X86" in > them either because this is all in arch/x86/. Okay, fair enough. Updated patch is below. From b020800f89ea4fce8f3698bd4ef290bba8f40b37 Mon Sep 17 00:00:00 2001 From: "Kirill A. Shutemov" Date: Fri, 1 Sep 2023 15:42:55 +0300 Subject: [PATCHv10.1 01/18] x86/acpi: Extract ACPI MADT wakeup code into a separate file In order to prepare for the expansion of support for the ACPI MADT wakeup method, move the relevant code into a separate file. Introduce a new configuration option to clearly indicate dependencies without the use of ifdefs. There have been no functional changes. Signed-off-by: Kirill A. Shutemov Reviewed-by: Kuppuswamy Sathyanarayanan Acked-by: Kai Huang Reviewed-by: Baoquan He Reviewed-by: Thomas Gleixner Tested-by: Tao Liu --- arch/x86/Kconfig | 7 +++ arch/x86/include/asm/acpi.h | 5 ++ arch/x86/kernel/acpi/Makefile | 1 + arch/x86/kernel/acpi/boot.c | 86 +----------------------------- arch/x86/kernel/acpi/madt_wakeup.c | 82 ++++++++++++++++++++++++++++ 5 files changed, 96 insertions(+), 85 deletions(-) create mode 100644 arch/x86/kernel/acpi/madt_wakeup.c diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 2dac256b6e8d..723cd5285781 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1116,6 +1116,13 @@ config X86_LOCAL_APIC depends on X86_64 || SMP || X86_32_NON_STANDARD || X86_UP_APIC || PCI_MSI select IRQ_DOMAIN_HIERARCHY +config ACPI_MADT_WAKEUP + def_bool y + depends on X86_64 + depends on ACPI + depends on SMP + depends on X86_LOCAL_APIC + config X86_IO_APIC def_bool y depends on X86_LOCAL_APIC || X86_UP_IOAPIC diff --git a/arch/x86/include/asm/acpi.h b/arch/x86/include/asm/acpi.h index f896eed4516c..2625b915ae7f 100644 --- a/arch/x86/include/asm/acpi.h +++ b/arch/x86/include/asm/acpi.h @@ -76,6 +76,11 @@ static inline bool acpi_skip_set_wakeup_address(void) #define acpi_skip_set_wakeup_address acpi_skip_set_wakeup_address +union acpi_subtable_headers; + +int __init acpi_parse_mp_wake(union acpi_subtable_headers *header, + const unsigned long end); + /* * Check if the CPU can handle C2 and deeper */ diff --git a/arch/x86/kernel/acpi/Makefile b/arch/x86/kernel/acpi/Makefile index fc17b3f136fe..2feba7257665 100644 --- a/arch/x86/kernel/acpi/Makefile +++ b/arch/x86/kernel/acpi/Makefile @@ -4,6 +4,7 @@ obj-$(CONFIG_ACPI) += boot.o obj-$(CONFIG_ACPI_SLEEP) += sleep.o wakeup_$(BITS).o obj-$(CONFIG_ACPI_APEI) += apei.o obj-$(CONFIG_ACPI_CPPC_LIB) += cppc.o +obj-$(CONFIG_ACPI_MADT_WAKEUP) += madt_wakeup.o ifneq ($(CONFIG_ACPI_PROCESSOR),) obj-y += cstate.o diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c index 4bf82dbd2a6b..9f4618dcd704 100644 --- a/arch/x86/kernel/acpi/boot.c +++ b/arch/x86/kernel/acpi/boot.c @@ -67,13 +67,6 @@ static bool has_lapic_cpus __initdata; static bool acpi_support_online_capable; #endif -#ifdef CONFIG_X86_64 -/* Physical address of the Multiprocessor Wakeup Structure mailbox */ -static u64 acpi_mp_wake_mailbox_paddr; -/* Virtual address of the Multiprocessor Wakeup Structure mailbox */ -static struct acpi_madt_multiproc_wakeup_mailbox *acpi_mp_wake_mailbox; -#endif - #ifdef CONFIG_X86_IO_APIC /* * Locks related to IOAPIC hotplug @@ -341,60 +334,6 @@ acpi_parse_lapic_nmi(union acpi_subtable_headers * header, const unsigned long e return 0; } - -#ifdef CONFIG_X86_64 -static int acpi_wakeup_cpu(u32 apicid, unsigned long start_ip) -{ - /* - * Remap mailbox memory only for the first call to acpi_wakeup_cpu(). - * - * Wakeup of secondary CPUs is fully serialized in the core code. - * No need to protect acpi_mp_wake_mailbox from concurrent accesses. - */ - if (!acpi_mp_wake_mailbox) { - acpi_mp_wake_mailbox = memremap(acpi_mp_wake_mailbox_paddr, - sizeof(*acpi_mp_wake_mailbox), - MEMREMAP_WB); - } - - /* - * Mailbox memory is shared between the firmware and OS. Firmware will - * listen on mailbox command address, and once it receives the wakeup - * command, the CPU associated with the given apicid will be booted. - * - * The value of 'apic_id' and 'wakeup_vector' must be visible to the - * firmware before the wakeup command is visible. smp_store_release() - * ensures ordering and visibility. - */ - acpi_mp_wake_mailbox->apic_id = apicid; - acpi_mp_wake_mailbox->wakeup_vector = start_ip; - smp_store_release(&acpi_mp_wake_mailbox->command, - ACPI_MP_WAKE_COMMAND_WAKEUP); - - /* - * Wait for the CPU to wake up. - * - * The CPU being woken up is essentially in a spin loop waiting to be - * woken up. It should not take long for it wake up and acknowledge by - * zeroing out ->command. - * - * ACPI specification doesn't provide any guidance on how long kernel - * has to wait for a wake up acknowledgement. It also doesn't provide - * a way to cancel a wake up request if it takes too long. - * - * In TDX environment, the VMM has control over how long it takes to - * wake up secondary. It can postpone scheduling secondary vCPU - * indefinitely. Giving up on wake up request and reporting error opens - * possible attack vector for VMM: it can wake up a secondary CPU when - * kernel doesn't expect it. Wait until positive result of the wake up - * request. - */ - while (READ_ONCE(acpi_mp_wake_mailbox->command)) - cpu_relax(); - - return 0; -} -#endif /* CONFIG_X86_64 */ #endif /* CONFIG_X86_LOCAL_APIC */ #ifdef CONFIG_X86_IO_APIC @@ -1124,29 +1063,6 @@ static int __init acpi_parse_madt_lapic_entries(void) } return 0; } - -#ifdef CONFIG_X86_64 -static int __init acpi_parse_mp_wake(union acpi_subtable_headers *header, - const unsigned long end) -{ - struct acpi_madt_multiproc_wakeup *mp_wake; - - if (!IS_ENABLED(CONFIG_SMP)) - return -ENODEV; - - mp_wake = (struct acpi_madt_multiproc_wakeup *)header; - if (BAD_MADT_ENTRY(mp_wake, end)) - return -EINVAL; - - acpi_table_print_madt_entry(&header->common); - - acpi_mp_wake_mailbox_paddr = mp_wake->base_address; - - apic_update_callback(wakeup_secondary_cpu_64, acpi_wakeup_cpu); - - return 0; -} -#endif /* CONFIG_X86_64 */ #endif /* CONFIG_X86_LOCAL_APIC */ #ifdef CONFIG_X86_IO_APIC @@ -1343,7 +1259,7 @@ static void __init acpi_process_madt(void) smp_found_config = 1; } -#ifdef CONFIG_X86_64 +#ifdef CONFIG_ACPI_MADT_WAKEUP /* * Parse MADT MP Wake entry. */ diff --git a/arch/x86/kernel/acpi/madt_wakeup.c b/arch/x86/kernel/acpi/madt_wakeup.c new file mode 100644 index 000000000000..7f164d38bd0b --- /dev/null +++ b/arch/x86/kernel/acpi/madt_wakeup.c @@ -0,0 +1,82 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +#include +#include +#include +#include +#include + +/* Physical address of the Multiprocessor Wakeup Structure mailbox */ +static u64 acpi_mp_wake_mailbox_paddr; + +/* Virtual address of the Multiprocessor Wakeup Structure mailbox */ +static struct acpi_madt_multiproc_wakeup_mailbox *acpi_mp_wake_mailbox; + +static int acpi_wakeup_cpu(u32 apicid, unsigned long start_ip) +{ + /* + * Remap mailbox memory only for the first call to acpi_wakeup_cpu(). + * + * Wakeup of secondary CPUs is fully serialized in the core code. + * No need to protect acpi_mp_wake_mailbox from concurrent accesses. + */ + if (!acpi_mp_wake_mailbox) { + acpi_mp_wake_mailbox = memremap(acpi_mp_wake_mailbox_paddr, + sizeof(*acpi_mp_wake_mailbox), + MEMREMAP_WB); + } + + /* + * Mailbox memory is shared between the firmware and OS. Firmware will + * listen on mailbox command address, and once it receives the wakeup + * command, the CPU associated with the given apicid will be booted. + * + * The value of 'apic_id' and 'wakeup_vector' must be visible to the + * firmware before the wakeup command is visible. smp_store_release() + * ensures ordering and visibility. + */ + acpi_mp_wake_mailbox->apic_id = apicid; + acpi_mp_wake_mailbox->wakeup_vector = start_ip; + smp_store_release(&acpi_mp_wake_mailbox->command, + ACPI_MP_WAKE_COMMAND_WAKEUP); + + /* + * Wait for the CPU to wake up. + * + * The CPU being woken up is essentially in a spin loop waiting to be + * woken up. It should not take long for it wake up and acknowledge by + * zeroing out ->command. + * + * ACPI specification doesn't provide any guidance on how long kernel + * has to wait for a wake up acknowledgment. It also doesn't provide + * a way to cancel a wake up request if it takes too long. + * + * In TDX environment, the VMM has control over how long it takes to + * wake up secondary. It can postpone scheduling secondary vCPU + * indefinitely. Giving up on wake up request and reporting error opens + * possible attack vector for VMM: it can wake up a secondary CPU when + * kernel doesn't expect it. Wait until positive result of the wake up + * request. + */ + while (READ_ONCE(acpi_mp_wake_mailbox->command)) + cpu_relax(); + + return 0; +} + +int __init acpi_parse_mp_wake(union acpi_subtable_headers *header, + const unsigned long end) +{ + struct acpi_madt_multiproc_wakeup *mp_wake; + + mp_wake = (struct acpi_madt_multiproc_wakeup *)header; + if (BAD_MADT_ENTRY(mp_wake, end)) + return -EINVAL; + + acpi_table_print_madt_entry(&header->common); + + acpi_mp_wake_mailbox_paddr = mp_wake->base_address; + + apic_update_callback(wakeup_secondary_cpu_64, acpi_wakeup_cpu); + + return 0; +} -- Kiryl Shutsemau / Kirill A. Shutemov