[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160203094340.GA15890@gmail.com>
Date: Wed, 3 Feb 2016 10:43:41 +0100
From: Ingo Molnar <mingo@...nel.org>
To: Matt Fleming <matt@...eblueprint.co.uk>
Cc: "H . Peter Anvin" <hpa@...or.com>,
Thomas Gleixner <tglx@...utronix.de>,
linux-efi@...r.kernel.org, linux-kernel@...r.kernel.org,
Ard Biesheuvel <ard.biesheuvel@...aro.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Andy Lutomirski <luto@...nel.org>,
Peter Zijlstra <a.p.zijlstra@...llo.nl>
Subject: Re: [PATCH 07/14] efi: runtime-wrappers: Run UEFI Runtime Services
with interrupts enabled
* Matt Fleming <matt@...eblueprint.co.uk> wrote:
> From: Ard Biesheuvel <ard.biesheuvel@...aro.org>
>
> The UEFI spec allows Runtime Services to be invoked with interrupts
> enabled. The only reason we were disabling interrupts was to prevent
> recursive calls into the services on the same CPU, which will lead to
> deadlock. However, the only context where such invocations may occur
> legally is from efi-pstore via efivars, and that code has been updated
> to call a non-blocking alternative when invoked from a non-interruptible
> context.
>
> So instead, update the ordinary, blocking UEFI Runtime Services wrappers
> to execute with interrupts enabled. This aims to prevent excessive interrupt
> latencies on uniprocessor platforms with slow variable stores.
Well, those excessive latencies would affect SMP platforms as well, just that
there are (usually) other CPUs free to do execution, right?
More fundamentally, this makes me nervous:
> The UEFI spec allows Runtime Services to be invoked with interrupts enabled.
> [...]
So what really matters is not what the spec says, but how Windows executes UEFI
firmware code in practice.
If major versions of Windows calls UEFI firmware with interrupts disabled, then
frankly I don't think we should interrupt them under Linux either, regardless of
what the spec says ...
Random firmware code getting interrupted by the OS changes timings and might have
other side effects the firmware code might not expect - so the question is, does
Windows already de facto allow the IRQ preemption of firmware calls?
Also, this:
> - unsigned long flags;
> efi_status_t status;
>
> - spin_lock_irqsave(&efi_runtime_lock, flags);
> + BUG_ON(in_irq());
> +
> + spin_lock(&efi_runtime_lock);
... how does crashing the kernel help debuggability?
Please use WARN_ON_ONCE() - or in fact, this assert is probably not needed at all,
as lockdep will warn about IRQ unsafe lock usage.
I'd add comments to the efi_runtime_lock definition site explaining that this is
never taken from IRQ contexts.
Thanks,
Ingo
Powered by blists - more mailing lists