From patchwork Tue Nov 22 20:26:17 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Laszlo Ersek <lersek@redhat.com>
X-Patchwork-Id: 83492
Delivered-To: patch@linaro.org
Received: by 10.140.97.165 with SMTP id m34csp2299216qge;
 Tue, 22 Nov 2016 12:26:31 -0800 (PST)
X-Received: by 10.99.119.71 with SMTP id s68mr47185684pgc.11.1479846391435; 
 Tue, 22 Nov 2016 12:26:31 -0800 (PST)
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org. [198.145.21.10])
 by mx.google.com with ESMTPS id
 o1si29976591pgf.36.2016.11.22.12.26.31
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 22 Nov 2016 12:26:31 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 edk2-devel-bounces@lists.01.org designates 198.145.21.10 as
 permitted sender) client-ip=198.145.21.10; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 edk2-devel-bounces@lists.01.org designates 198.145.21.10 as
 permitted sender)
 smtp.mailfrom=edk2-devel-bounces@lists.01.org
Received: from [127.0.0.1] (localhost [IPv6:::1])
 by ml01.01.org (Postfix) with ESMTP id 0D40381E5F;
 Tue, 22 Nov 2016 12:26:31 -0800 (PST)
X-Original-To: edk2-devel@ml01.01.org
Delivered-To: edk2-devel@ml01.01.org
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 8191081E5C
 for <edk2-devel@ml01.01.org>; Tue, 22 Nov 2016 12:26:30 -0800 (PST)
Received: from int-mx10.intmail.prod.int.phx2.redhat.com
 (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 0BD3B3D973;
 Tue, 22 Nov 2016 20:26:30 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-82.phx2.redhat.com
 [10.3.116.82])
 by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with
 ESMTP id uAMKQN4v021949; Tue, 22 Nov 2016 15:26:29 -0500
From: Laszlo Ersek <lersek@redhat.com>
To: edk2-devel-01 <edk2-devel@ml01.01.org>
Date: Tue, 22 Nov 2016 21:26:17 +0100
Message-Id: <20161122202619.12594-3-lersek@redhat.com>
In-Reply-To: <20161122202619.12594-1-lersek@redhat.com>
References: <20161122202619.12594-1-lersek@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.30]); Tue, 22 Nov 2016 20:26:30 +0000 (UTC)
Subject: [edk2] [PATCH 2/4] UefiCpuPkg/MpInitLib: fix feature test for
 Extended Topology CPUID leaf
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: Jeff Fan <jeff.fan@intel.com>
MIME-Version: 1.0
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>

According to the Intel SDM (325462-060US / September 2016),

> INPUT EAX = 0BH: Returns Extended Topology Information
>
> [...] Software must detect the presence of CPUID leaf 0BH by verifying
> (a) the highest leaf index supported by CPUID is >= 0BH, and
> (b) CPUID.0BH:EBX[15:0] reports a non-zero value. [...]

The "GetApicId" sections in the Ia32 and X64 "MpFuncs.nasm" files do not
perform check (b).

This causes an actual bug in the following OVMF setup:

- Intel W3550 host processor <http://ark.intel.com/products/39720/>,

- the QEMU/KVM guest's VCPU model is set to "host", that is, "the CPU
  visible to the guest should be exactly the same as the host CPU".

Under "GetApicId", check (a) passes: the CPUID level of the W3550 is
exactly 11 decimal. However, leaf 11 itself is not supported, therefore
EDX is set to zero:

> If a value entered for CPUID.EAX is less than or equal to the maximum
> input value and the leaf is not supported on that processor then 0 is
> returned in all the registers.

Because we don't check (b), the "GetProcessorNumber" section of the code
is reached with an initial APIC ID of 0 in EDX on all of the APs. Given
that "GetProcessorNumber" searches the
"MP_CPU_EXCHANGE_INFO.CpuInfo[*].InitialApicId" fields for a match, all
APs enter ApWakeupFunction() with an identical "NumApsExecuting"
parameter. This results in unpredictable guest behavior (crashes, reboots,
hangs etc).

Reorganize the "GetApicId" section and add the missing check in both
assembly files.

Cc: Jeff Fan <jeff.fan@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
 UefiCpuPkg/Library/MpInitLib/Ia32/MpFuncs.nasm | 21 +++++++++++---------
 UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm  | 21 +++++++++++---------
 2 files changed, 24 insertions(+), 18 deletions(-)

-- 
2.9.2


_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

diff --git a/UefiCpuPkg/Library/MpInitLib/Ia32/MpFuncs.nasm b/UefiCpuPkg/Library/MpInitLib/Ia32/MpFuncs.nasm
index 64e51d87ae24..9067f7807098 100644
--- a/UefiCpuPkg/Library/MpInitLib/Ia32/MpFuncs.nasm
+++ b/UefiCpuPkg/Library/MpInitLib/Ia32/MpFuncs.nasm
@@ -154,21 +154,24 @@ GetApicId:
     mov        eax, 0
     cpuid
     cmp        eax, 0bh
-    jnb        X2Apic
+    jb         NoX2Apic             ; CPUID level below CPUID_EXTENDED_TOPOLOGY
+
+    mov        eax, 0bh
+    xor        ecx, ecx
+    cpuid
+    test       ebx, 0ffffh
+    jz         NoX2Apic             ; CPUID.0BH:EBX[15:0] is zero
+
+    ; Processor is x2APIC capable; 32-bit x2APIC ID is already in EDX
+    jmp        GetProcessorNumber
+
+NoX2Apic:
     ; Processor is not x2APIC capable, so get 8-bit APIC ID
     mov        eax, 1
     cpuid
     shr        ebx, 24
     mov        edx, ebx
-    jmp        GetProcessorNumber
 
-X2Apic:
-    ; Processor is x2APIC capable, so get 32-bit x2APIC ID
-    mov        eax, 0bh
-    xor        ecx, ecx
-    cpuid                   
-    ; edx save x2APIC ID
-    
 GetProcessorNumber:
     ;
     ; Get processor number for this AP
diff --git a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm
index aaabb50c5468..e7e7d8086dd0 100644
--- a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm
+++ b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm
@@ -158,21 +158,24 @@ GetApicId:
     mov        eax, 0
     cpuid
     cmp        eax, 0bh
-    jnb        X2Apic
+    jb         NoX2Apic             ; CPUID level below CPUID_EXTENDED_TOPOLOGY
+
+    mov        eax, 0bh
+    xor        ecx, ecx
+    cpuid
+    test       ebx, 0ffffh
+    jz         NoX2Apic             ; CPUID.0BH:EBX[15:0] is zero
+
+    ; Processor is x2APIC capable; 32-bit x2APIC ID is already in EDX
+    jmp        GetProcessorNumber
+
+NoX2Apic:
     ; Processor is not x2APIC capable, so get 8-bit APIC ID
     mov        eax, 1
     cpuid
     shr        ebx, 24
     mov        edx, ebx
-    jmp        GetProcessorNumber
 
-X2Apic:
-    ; Processor is x2APIC capable, so get 32-bit x2APIC ID
-    mov        eax, 0bh
-    xor        ecx, ecx
-    cpuid                   
-    ; edx save x2APIC ID
-    
 GetProcessorNumber:
     ;
     ; Get processor number for this AP