[edk2] [PATCH 0/6] ArmVirtPkg: don't forward the DT to the OS if QEMU provides ACPI

Laszlo Ersek posted 6 patches 7 years, 7 months ago
Failed in applying to current master (apply log)
There is a newer version of this series
ArmVirtPkg/ArmVirtPkg.dec                                                          | 10 ---
ArmVirtPkg/ArmVirtQemu.dsc                                                         | 10 +--
ArmVirtPkg/ArmVirtQemuKernel.dsc                                                   |  5 +-
ArmVirtPkg/ArmVirtXen.dsc                                                          |  5 +-
ArmVirtPkg/FdtClientDxe/FdtClientDxe.c                                             | 79 ++++++++++++++++++--
ArmVirtPkg/FdtClientDxe/FdtClientDxe.inf                                           |  5 +-
ArmVirtPkg/Include/Protocol/FdtClient.h                                            | 26 +++++++
ArmVirtPkg/Library/ArmVirtPL031FdtClientLib/ArmVirtPL031FdtClientLib.c             |  6 +-
ArmVirtPkg/Library/ArmVirtPL031FdtClientLib/ArmVirtPL031FdtClientLib.inf           |  3 -
ArmVirtPkg/Library/QemuFwCfgLib/{QemuFwCfgLib.inf => QemuFwCfgLibExplicitInit.inf} | 15 ++--
10 files changed, 124 insertions(+), 40 deletions(-)
copy ArmVirtPkg/Library/QemuFwCfgLib/{QemuFwCfgLib.inf => QemuFwCfgLibExplicitInit.inf} (72%)
[edk2] [PATCH 0/6] ArmVirtPkg: don't forward the DT to the OS if QEMU provides ACPI
Posted by Laszlo Ersek 7 years, 7 months ago
This series replaces the PURE_ACPI_BOOT_ENABLE build option with dynamic
behavior, matching QEMU's (inverse sense) "-no-acpi" switch. In
particular, DT and ACPI are no longer exposed to the guest at the same
time. (DT is exposed with "-no-acpi", or else ACPI is exposed without
"-no-acpi".)

Repo:   https://github.com/lersek/edk2.git
Branch: dynamic_pure_acpi
RHBZ:   https://bugzilla.redhat.com/show_bug.cgi?id=1430262

Tested with RHEL-7.3 for ARM and Fedora 24 guests (DT vs. ACPI).

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>

Thanks
Laszlo

Laszlo Ersek (6):
  ArmVirtPkg/FdtClientDxe: supplement missing EFIAPI calling conv
    specifiers
  ArmVirtPkg: introduce FDT_CLIENT_PROTOCOL.GetOsExposure() member
    function
  ArmVirtPkg/ArmVirtPL031FdtClientLib: get rid of PcdPureAcpiBoot
    dependency
  ArmVirtPkg/QemuFwCfgLib: add explicitly initialized instance
  ArmVirtPkg/FdtClientDxe: don't forward DT to OS if QEMU provides ACPI
  ArmVirtPkg: remove PURE_ACPI_BOOT_ENABLE and PcdPureAcpiBoot

 ArmVirtPkg/ArmVirtPkg.dec                                                          | 10 ---
 ArmVirtPkg/ArmVirtQemu.dsc                                                         | 10 +--
 ArmVirtPkg/ArmVirtQemuKernel.dsc                                                   |  5 +-
 ArmVirtPkg/ArmVirtXen.dsc                                                          |  5 +-
 ArmVirtPkg/FdtClientDxe/FdtClientDxe.c                                             | 79 ++++++++++++++++++--
 ArmVirtPkg/FdtClientDxe/FdtClientDxe.inf                                           |  5 +-
 ArmVirtPkg/Include/Protocol/FdtClient.h                                            | 26 +++++++
 ArmVirtPkg/Library/ArmVirtPL031FdtClientLib/ArmVirtPL031FdtClientLib.c             |  6 +-
 ArmVirtPkg/Library/ArmVirtPL031FdtClientLib/ArmVirtPL031FdtClientLib.inf           |  3 -
 ArmVirtPkg/Library/QemuFwCfgLib/{QemuFwCfgLib.inf => QemuFwCfgLibExplicitInit.inf} | 15 ++--
 10 files changed, 124 insertions(+), 40 deletions(-)
 copy ArmVirtPkg/Library/QemuFwCfgLib/{QemuFwCfgLib.inf => QemuFwCfgLibExplicitInit.inf} (72%)

-- 
2.9.3

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH 0/6] ArmVirtPkg: don't forward the DT to the OS if QEMU provides ACPI
Posted by Ard Biesheuvel 7 years, 7 months ago
On 8 March 2017 at 20:05, Laszlo Ersek <lersek@redhat.com> wrote:
> This series replaces the PURE_ACPI_BOOT_ENABLE build option with dynamic
> behavior, matching QEMU's (inverse sense) "-no-acpi" switch. In
> particular, DT and ACPI are no longer exposed to the guest at the same
> time. (DT is exposed with "-no-acpi", or else ACPI is exposed without
> "-no-acpi".)
>
> Repo:   https://github.com/lersek/edk2.git
> Branch: dynamic_pure_acpi
> RHBZ:   https://bugzilla.redhat.com/show_bug.cgi?id=1430262
>
> Tested with RHEL-7.3 for ARM and Fedora 24 guests (DT vs. ACPI).
>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>

Hi Laszlo,

This looks complicated to me. Given that it is arguably a policy to
only expose on h/w description or the other, couldn't we simply remove
the FDT config table in BDS if an ACPI/ACPI2.0 config table is
present?
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH 0/6] ArmVirtPkg: don't forward the DT to the OS if QEMU provides ACPI
Posted by Laszlo Ersek 7 years, 7 months ago
On 03/09/17 09:16, Ard Biesheuvel wrote:
> On 8 March 2017 at 20:05, Laszlo Ersek <lersek@redhat.com> wrote:
>> This series replaces the PURE_ACPI_BOOT_ENABLE build option with dynamic
>> behavior, matching QEMU's (inverse sense) "-no-acpi" switch. In
>> particular, DT and ACPI are no longer exposed to the guest at the same
>> time. (DT is exposed with "-no-acpi", or else ACPI is exposed without
>> "-no-acpi".)
>>
>> Repo:   https://github.com/lersek/edk2.git
>> Branch: dynamic_pure_acpi
>> RHBZ:   https://bugzilla.redhat.com/show_bug.cgi?id=1430262
>>
>> Tested with RHEL-7.3 for ARM and Fedora 24 guests (DT vs. ACPI).
>>
>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>>
> 
> Hi Laszlo,
> 
> This looks complicated to me. Given that it is arguably a policy to
> only expose on h/w description or the other, couldn't we simply remove
> the FDT config table in BDS if an ACPI/ACPI2.0 config table is
> present?

Technically we could do that, but I dislike it for two reasons:

- BDS is often the first victim found when looking for a driver to add
new code to that doesn't seem to fit very well elsewhere. That doesn't
make BDS any better a recipient, however. "For lack of a better driver"
is not a strong enough argument to dump code into BDS. If there's really
no better "topical" driver, then the code usually goes to PlatformDxe.

- Installing a sysconfig table (or any other system-wide resource) in
one driver, then undoing it in another driver, should be avoided as much
as possible, because it leads to non-trivial lifecycles and boggles our
minds over the longer term. If we can come to a decision that the table
shouldn't be installed in the first place, we should pursue that.

Another approach we could look into is: move the installation of the
sysconfig table from FdtClientDxe to AcpiPlatformDxe. Look for the ACPI
payload first, and fall back to installing DT (from within
AcpiPlatformDxe). However, DT should be installed even in builds (like
ARM32) that don't contain AcpiPlatformDxe at all.

This series indeed turned out a bit more complex than I had expected,
but it was the one I could post with a good conscience. Can you perhaps
identify the part(s) in more detail that seem overly complex to you?

Thanks,
Laszlo
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH 0/6] ArmVirtPkg: don't forward the DT to the OS if QEMU provides ACPI
Posted by Ard Biesheuvel 7 years, 7 months ago
On 9 March 2017 at 12:01, Laszlo Ersek <lersek@redhat.com> wrote:
> On 03/09/17 09:16, Ard Biesheuvel wrote:
>> On 8 March 2017 at 20:05, Laszlo Ersek <lersek@redhat.com> wrote:
>>> This series replaces the PURE_ACPI_BOOT_ENABLE build option with dynamic
>>> behavior, matching QEMU's (inverse sense) "-no-acpi" switch. In
>>> particular, DT and ACPI are no longer exposed to the guest at the same
>>> time. (DT is exposed with "-no-acpi", or else ACPI is exposed without
>>> "-no-acpi".)
>>>
>>> Repo:   https://github.com/lersek/edk2.git
>>> Branch: dynamic_pure_acpi
>>> RHBZ:   https://bugzilla.redhat.com/show_bug.cgi?id=1430262
>>>
>>> Tested with RHEL-7.3 for ARM and Fedora 24 guests (DT vs. ACPI).
>>>
>>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>>>
>>
>> Hi Laszlo,
>>
>> This looks complicated to me. Given that it is arguably a policy to
>> only expose on h/w description or the other, couldn't we simply remove
>> the FDT config table in BDS if an ACPI/ACPI2.0 config table is
>> present?
>
> Technically we could do that, but I dislike it for two reasons:
>
> - BDS is often the first victim found when looking for a driver to add
> new code to that doesn't seem to fit very well elsewhere. That doesn't
> make BDS any better a recipient, however. "For lack of a better driver"
> is not a strong enough argument to dump code into BDS. If there's really
> no better "topical" driver, then the code usually goes to PlatformDxe.
>
> - Installing a sysconfig table (or any other system-wide resource) in
> one driver, then undoing it in another driver, should be avoided as much
> as possible, because it leads to non-trivial lifecycles and boggles our
> minds over the longer term. If we can come to a decision that the table
> shouldn't be installed in the first place, we should pursue that.
>
> Another approach we could look into is: move the installation of the
> sysconfig table from FdtClientDxe to AcpiPlatformDxe. Look for the ACPI
> payload first, and fall back to installing DT (from within
> AcpiPlatformDxe). However, DT should be installed even in builds (like
> ARM32) that don't contain AcpiPlatformDxe at all.
>

Or we could hook to the ReadyToBoot event in FdtClientDxe, and install
the DT config table if there is no ACPI/ACPI2.0 table registered.

> This series indeed turned out a bit more complex than I had expected,
> but it was the one I could post with a good conscience. Can you perhaps
> identify the part(s) in more detail that seem overly complex to you?
>

Building the same library in two different ways, having to call a
library constructor explicitly in some cases and muck about with TPL
levels to prevent a protocol notify from triggering are all things I
would really like to avoid tbh
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH 0/6] ArmVirtPkg: don't forward the DT to the OS if QEMU provides ACPI
Posted by Laszlo Ersek 7 years, 7 months ago
On 03/09/17 13:26, Ard Biesheuvel wrote:
> On 9 March 2017 at 12:01, Laszlo Ersek <lersek@redhat.com> wrote:
>> On 03/09/17 09:16, Ard Biesheuvel wrote:
>>> On 8 March 2017 at 20:05, Laszlo Ersek <lersek@redhat.com> wrote:
>>>> This series replaces the PURE_ACPI_BOOT_ENABLE build option with dynamic
>>>> behavior, matching QEMU's (inverse sense) "-no-acpi" switch. In
>>>> particular, DT and ACPI are no longer exposed to the guest at the same
>>>> time. (DT is exposed with "-no-acpi", or else ACPI is exposed without
>>>> "-no-acpi".)
>>>>
>>>> Repo:   https://github.com/lersek/edk2.git
>>>> Branch: dynamic_pure_acpi
>>>> RHBZ:   https://bugzilla.redhat.com/show_bug.cgi?id=1430262
>>>>
>>>> Tested with RHEL-7.3 for ARM and Fedora 24 guests (DT vs. ACPI).
>>>>
>>>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>>>>
>>>
>>> Hi Laszlo,
>>>
>>> This looks complicated to me. Given that it is arguably a policy to
>>> only expose on h/w description or the other, couldn't we simply remove
>>> the FDT config table in BDS if an ACPI/ACPI2.0 config table is
>>> present?
>>
>> Technically we could do that, but I dislike it for two reasons:
>>
>> - BDS is often the first victim found when looking for a driver to add
>> new code to that doesn't seem to fit very well elsewhere. That doesn't
>> make BDS any better a recipient, however. "For lack of a better driver"
>> is not a strong enough argument to dump code into BDS. If there's really
>> no better "topical" driver, then the code usually goes to PlatformDxe.
>>
>> - Installing a sysconfig table (or any other system-wide resource) in
>> one driver, then undoing it in another driver, should be avoided as much
>> as possible, because it leads to non-trivial lifecycles and boggles our
>> minds over the longer term. If we can come to a decision that the table
>> shouldn't be installed in the first place, we should pursue that.
>>
>> Another approach we could look into is: move the installation of the
>> sysconfig table from FdtClientDxe to AcpiPlatformDxe. Look for the ACPI
>> payload first, and fall back to installing DT (from within
>> AcpiPlatformDxe). However, DT should be installed even in builds (like
>> ARM32) that don't contain AcpiPlatformDxe at all.
>>
> 
> Or we could hook to the ReadyToBoot event in FdtClientDxe, and install
> the DT config table if there is no ACPI/ACPI2.0 table registered.

Yes, that's doable in our case, because we control the full platform.

Installing tables (any kinds of tables) in ReadyToBoot and similar event
handlers is generally a bad idea, because everyone thinks, "okay I'll
wait until the rest of the system is done setting up, and I'll just add
my stuff afterwards". Obviously, this results in much of the logic being
simply moved to such event callbacks, and the invocation order of
callbacks remains unspecified.

In more precise terms, if the ACPI tables too were installed in a
ReadyToBoot callback, your suggestion above would not work. And our ACPI
tables are not installed in a ReadyToBoot callback partly because I
ultimately introduced a separate event group for "PCI bridges have been
connected", and we signal it now explicitly from BDS (device connections
are BDS jurisdiction, and QEMU's ACPI generation depends on PCI state).

I just want to point out that we have a kind of "capital" here. By
carefully coding stuff we build capital, and by hooking stuff into
ReadyToBoot callbacks we spend (hopefully not "squander") that capital.

Originally, the APM Mustang firmware (open source, so I can talk about
it) would first install ACPI tables with constant, platform-tailored
contents (built from *.asl / *.aslc files), but reusing the stock
AcpiPlatformDxe C code without customization. Then it would install a
ReadyToBoot callback which looked up the right DSDT or SSDT, by walking
the table tree manually, and then it would poke data into the installed
table (DSDT or SSDT) in-place, using the ACPI SDT protocol.

Of course it was completely bogus and unreliable, and I changed the
constant table to contain external references, and I provided those
external references in a minimal, hand- and runtime- built SSDT, right
in AcpiPlatformDxe.

I'm not trying to carefully compose a strawman argument here, just
presenting why I'm nervous about ReadyToBoot callbacks that try to rely
on ordering between system-wide resources.


Also, please don't forget about the other (current) consumer of the
feature PCD, ArmVirtPL031FdtClientLib, which is plugged into
RealTimeClockRuntimeDxe. How do you suggest to rewrite the PCD test in
that driver under the ReadyToBoot callback scenario?

RealTimeClockRuntimeDxe's dispatch order is unspecified relative to the
installation of ACPI tables, so you couldn't look at the latter's
presence to see if the DTB needs an update. (In fact, because
AcpiPlatformDxe's main actions are cued in from BDS in practice, the
tables would be guaranteed not to exist when RealTimeClockRuntimeDxe looks.)

So ArmVirtPL031FdtClientLib would have to install another ReadyToBoot
callback for modifying the DTB. And this callback could be invoked
before or after the callback to FdtClientDxe. (I guess it would be okay,
but not very intuitive.)

> 
>> This series indeed turned out a bit more complex than I had expected,
>> but it was the one I could post with a good conscience. Can you perhaps
>> identify the part(s) in more detail that seem overly complex to you?
>>
> 
> Building the same library in two different ways, having to call a
> library constructor explicitly in some cases and muck about with TPL
> levels to prevent a protocol notify from triggering are all things I
> would really like to avoid tbh

Alright; can you please post the alternative patch set? (With the
ReadyToBoot callback(s), that is, not the BDS hack.)

Thanks!
Laszlo
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH 0/6] ArmVirtPkg: don't forward the DT to the OS if QEMU provides ACPI
Posted by Leif Lindholm 7 years, 7 months ago
Hi Laszlo,

Apologies, I didn't ignore this set, I just missed it (and felt Ard's
set was a clean solution to this behaviour change).

A few comments below.

On Thu, Mar 09, 2017 at 04:30:19PM +0100, Laszlo Ersek wrote:
> On 03/09/17 13:26, Ard Biesheuvel wrote:
> >>> Hi Laszlo,
> >>>
> >>> This looks complicated to me. Given that it is arguably a policy to
> >>> only expose on h/w description or the other, couldn't we simply remove
> >>> the FDT config table in BDS if an ACPI/ACPI2.0 config table is
> >>> present?
> >>
> >> Technically we could do that, but I dislike it for two reasons:
> >>
> >> - BDS is often the first victim found when looking for a driver to add
> >> new code to that doesn't seem to fit very well elsewhere. That doesn't
> >> make BDS any better a recipient, however. "For lack of a better driver"
> >> is not a strong enough argument to dump code into BDS. If there's really
> >> no better "topical" driver, then the code usually goes to PlatformDxe.
> >>
> >> - Installing a sysconfig table (or any other system-wide resource) in
> >> one driver, then undoing it in another driver, should be avoided as much
> >> as possible, because it leads to non-trivial lifecycles and boggles our
> >> minds over the longer term. If we can come to a decision that the table
> >> shouldn't be installed in the first place, we should pursue that.
> >>
> >> Another approach we could look into is: move the installation of the
> >> sysconfig table from FdtClientDxe to AcpiPlatformDxe. Look for the ACPI
> >> payload first, and fall back to installing DT (from within
> >> AcpiPlatformDxe). However, DT should be installed even in builds (like
> >> ARM32) that don't contain AcpiPlatformDxe at all.
> >>
> > 
> > Or we could hook to the ReadyToBoot event in FdtClientDxe, and install
> > the DT config table if there is no ACPI/ACPI2.0 table registered.
> 
> Yes, that's doable in our case, because we control the full platform.
> 
> Installing tables (any kinds of tables) in ReadyToBoot and similar event
> handlers is generally a bad idea, because everyone thinks, "okay I'll
> wait until the rest of the system is done setting up, and I'll just add
> my stuff afterwards". Obviously, this results in much of the logic being
> simply moved to such event callbacks, and the invocation order of
> callbacks remains unspecified.
> 
> In more precise terms, if the ACPI tables too were installed in a
> ReadyToBoot callback, your suggestion above would not work. And our ACPI
> tables are not installed in a ReadyToBoot callback partly because I
> ultimately introduced a separate event group for "PCI bridges have been
> connected", and we signal it now explicitly from BDS (device connections
> are BDS jurisdiction, and QEMU's ACPI generation depends on PCI state).

All you say above is clearly correct.
But I am still not clear on why this is a problem.
This is a _very_ specific case, that applies only to virtual machines
(which we are in complete control of).

For hardware platforms wanting the ability to switch between different
hardware description types, as we discussed, we need a configuration
setting based on a dynamic Pcd or environment variable - so they won't
need to wait until the end.

> I just want to point out that we have a kind of "capital" here. By
> carefully coding stuff we build capital, and by hooking stuff into
> ReadyToBoot callbacks we spend (hopefully not "squander") that capital.

I fully agree with this as a strong default position. But I am
suggesting that in this case, the callback sort order genuinely does
not matter for this feature. At which point I prefer the simpler
solution of Ard's set.

That said, there are two maintainers of ArmVirtPkg, and I'm neither of
them :)

> Originally, the APM Mustang firmware (open source, so I can talk about
> it) would first install ACPI tables with constant, platform-tailored
> contents (built from *.asl / *.aslc files), but reusing the stock
> AcpiPlatformDxe C code without customization. Then it would install a
> ReadyToBoot callback which looked up the right DSDT or SSDT, by walking
> the table tree manually, and then it would poke data into the installed
> table (DSDT or SSDT) in-place, using the ACPI SDT protocol.
> 
> Of course it was completely bogus and unreliable, and I changed the
> constant table to contain external references, and I provided those
> external references in a minimal, hand- and runtime- built SSDT, right
> in AcpiPlatformDxe.
> 
> I'm not trying to carefully compose a strawman argument here, just
> presenting why I'm nervous about ReadyToBoot callbacks that try to rely
> on ordering between system-wide resources.
> 
> 
> Also, please don't forget about the other (current) consumer of the
> feature PCD, ArmVirtPL031FdtClientLib, which is plugged into
> RealTimeClockRuntimeDxe. How do you suggest to rewrite the PCD test in
> that driver under the ReadyToBoot callback scenario?
>
> RealTimeClockRuntimeDxe's dispatch order is unspecified relative to the
> installation of ACPI tables, so you couldn't look at the latter's
> presence to see if the DTB needs an update. (In fact, because
> AcpiPlatformDxe's main actions are cued in from BDS in practice, the
> tables would be guaranteed not to exist when RealTimeClockRuntimeDxe looks.)
> 
> So ArmVirtPL031FdtClientLib would have to install another ReadyToBoot
> callback for modifying the DTB. And this callback could be invoked
> before or after the callback to FdtClientDxe. (I guess it would be okay,
> but not very intuitive.)

(I think Ard's resolution of this, in 1/3, could be applied regardless
of method picked for the overall changeset.)

Regards,

Leif

> >> This series indeed turned out a bit more complex than I had expected,
> >> but it was the one I could post with a good conscience. Can you perhaps
> >> identify the part(s) in more detail that seem overly complex to you?
> >>
> > 
> > Building the same library in two different ways, having to call a
> > library constructor explicitly in some cases and muck about with TPL
> > levels to prevent a protocol notify from triggering are all things I
> > would really like to avoid tbh
> 
> Alright; can you please post the alternative patch set? (With the
> ReadyToBoot callback(s), that is, not the BDS hack.)
> 
> Thanks!
> Laszlo
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH 0/6] ArmVirtPkg: don't forward the DT to the OS if QEMU provides ACPI
Posted by Laszlo Ersek 7 years, 7 months ago
On 03/09/17 18:00, Leif Lindholm wrote:
> Hi Laszlo,
> 
> Apologies, I didn't ignore this set, I just missed it

No wonder you missed it, I didn't CC you on it :) I wondered if I
should. In general I don't want to increase other people's email load,
and you aren't (yet?) listed as an ArmVirtPkg co-maintainer, so I didn't
CC you in the end.

> (and felt Ard's
> set was a clean solution to this behaviour change).

It is a simple solution, yes; I think its simplicity is deceptive
though, to an extent. To me, ReadyToBoot callbacks are a last resort.

If you grep the UEFI spec for EFI_EVENT_GROUP_READY_TO_BOOT, among other
locations, you find

  34.1.1 User Identify

  [...] When the UEFI Boot Manager signals the
  EFI_EVENT_GROUP_READY_TO_BOOT event group, the User Identity Manager
  publishes the current user profile information in the EFI System
  Configuration Table. [...]

The rest of the language is irrelevant here; my point is that there is
"prior art" for installing sysconfig tables at Ready To Boot. That's
entirely fine. What worries me is that the dependency we evaluate in the
callback is *generally* something that could be satisfied by *another*
Ready To Boot callback, and the ordering between those is unspecified.

Given the current platform, this is not a real issue in practice (we
don't install any of our ACPI tables at Ready To Boot), which is why I'm
open to Ard's solution. I just want us to be aware of this risk.

> 
> A few comments below.
> 
> On Thu, Mar 09, 2017 at 04:30:19PM +0100, Laszlo Ersek wrote:
>> On 03/09/17 13:26, Ard Biesheuvel wrote:
>>>>> Hi Laszlo,
>>>>>
>>>>> This looks complicated to me. Given that it is arguably a policy to
>>>>> only expose on h/w description or the other, couldn't we simply remove
>>>>> the FDT config table in BDS if an ACPI/ACPI2.0 config table is
>>>>> present?
>>>>
>>>> Technically we could do that, but I dislike it for two reasons:
>>>>
>>>> - BDS is often the first victim found when looking for a driver to add
>>>> new code to that doesn't seem to fit very well elsewhere. That doesn't
>>>> make BDS any better a recipient, however. "For lack of a better driver"
>>>> is not a strong enough argument to dump code into BDS. If there's really
>>>> no better "topical" driver, then the code usually goes to PlatformDxe.
>>>>
>>>> - Installing a sysconfig table (or any other system-wide resource) in
>>>> one driver, then undoing it in another driver, should be avoided as much
>>>> as possible, because it leads to non-trivial lifecycles and boggles our
>>>> minds over the longer term. If we can come to a decision that the table
>>>> shouldn't be installed in the first place, we should pursue that.
>>>>
>>>> Another approach we could look into is: move the installation of the
>>>> sysconfig table from FdtClientDxe to AcpiPlatformDxe. Look for the ACPI
>>>> payload first, and fall back to installing DT (from within
>>>> AcpiPlatformDxe). However, DT should be installed even in builds (like
>>>> ARM32) that don't contain AcpiPlatformDxe at all.
>>>>
>>>
>>> Or we could hook to the ReadyToBoot event in FdtClientDxe, and install
>>> the DT config table if there is no ACPI/ACPI2.0 table registered.
>>
>> Yes, that's doable in our case, because we control the full platform.
>>
>> Installing tables (any kinds of tables) in ReadyToBoot and similar event
>> handlers is generally a bad idea, because everyone thinks, "okay I'll
>> wait until the rest of the system is done setting up, and I'll just add
>> my stuff afterwards". Obviously, this results in much of the logic being
>> simply moved to such event callbacks, and the invocation order of
>> callbacks remains unspecified.
>>
>> In more precise terms, if the ACPI tables too were installed in a
>> ReadyToBoot callback, your suggestion above would not work. And our ACPI
>> tables are not installed in a ReadyToBoot callback partly because I
>> ultimately introduced a separate event group for "PCI bridges have been
>> connected", and we signal it now explicitly from BDS (device connections
>> are BDS jurisdiction, and QEMU's ACPI generation depends on PCI state).
> 
> All you say above is clearly correct.
> But I am still not clear on why this is a problem.
> This is a _very_ specific case, that applies only to virtual machines
> (which we are in complete control of).

Yes, the "complete control of the platform" argument is not lost on me.

> 
> For hardware platforms wanting the ability to switch between different
> hardware description types, as we discussed, we need a configuration
> setting based on a dynamic Pcd or environment variable - so they won't
> need to wait until the end.
> 
>> I just want to point out that we have a kind of "capital" here. By
>> carefully coding stuff we build capital, and by hooking stuff into
>> ReadyToBoot callbacks we spend (hopefully not "squander") that capital.
> 
> I fully agree with this as a strong default position. But I am
> suggesting that in this case, the callback sort order genuinely does
> not matter for this feature. At which point I prefer the simpler
> solution of Ard's set.

Yes, that's a valid argument.

> 
> That said, there are two maintainers of ArmVirtPkg, and I'm neither of
> them :)
> 
>> Originally, the APM Mustang firmware (open source, so I can talk about
>> it) would first install ACPI tables with constant, platform-tailored
>> contents (built from *.asl / *.aslc files), but reusing the stock
>> AcpiPlatformDxe C code without customization. Then it would install a
>> ReadyToBoot callback which looked up the right DSDT or SSDT, by walking
>> the table tree manually, and then it would poke data into the installed
>> table (DSDT or SSDT) in-place, using the ACPI SDT protocol.
>>
>> Of course it was completely bogus and unreliable, and I changed the
>> constant table to contain external references, and I provided those
>> external references in a minimal, hand- and runtime- built SSDT, right
>> in AcpiPlatformDxe.
>>
>> I'm not trying to carefully compose a strawman argument here, just
>> presenting why I'm nervous about ReadyToBoot callbacks that try to rely
>> on ordering between system-wide resources.
>>
>>
>> Also, please don't forget about the other (current) consumer of the
>> feature PCD, ArmVirtPL031FdtClientLib, which is plugged into
>> RealTimeClockRuntimeDxe. How do you suggest to rewrite the PCD test in
>> that driver under the ReadyToBoot callback scenario?
>>
>> RealTimeClockRuntimeDxe's dispatch order is unspecified relative to the
>> installation of ACPI tables, so you couldn't look at the latter's
>> presence to see if the DTB needs an update. (In fact, because
>> AcpiPlatformDxe's main actions are cued in from BDS in practice, the
>> tables would be guaranteed not to exist when RealTimeClockRuntimeDxe looks.)
>>
>> So ArmVirtPL031FdtClientLib would have to install another ReadyToBoot
>> callback for modifying the DTB. And this callback could be invoked
>> before or after the callback to FdtClientDxe. (I guess it would be okay,
>> but not very intuitive.)
> 
> (I think Ard's resolution of this, in 1/3, could be applied regardless
> of method picked for the overall changeset.)

I think I'm less opposed to Ard's solution than he is opposed to mine,
so I guess we should roll with Ard's upcoming v2 (as long as he agrees
to own any future fallout due to ReadyToBoot ordering) :)

Thanks
Laszlo

> 
> Regards,
> 
> Leif
> 
>>>> This series indeed turned out a bit more complex than I had expected,
>>>> but it was the one I could post with a good conscience. Can you perhaps
>>>> identify the part(s) in more detail that seem overly complex to you?
>>>>
>>>
>>> Building the same library in two different ways, having to call a
>>> library constructor explicitly in some cases and muck about with TPL
>>> levels to prevent a protocol notify from triggering are all things I
>>> would really like to avoid tbh
>>
>> Alright; can you please post the alternative patch set? (With the
>> ReadyToBoot callback(s), that is, not the BDS hack.)
>>
>> Thanks!
>> Laszlo
>> _______________________________________________
>> edk2-devel mailing list
>> edk2-devel@lists.01.org
>> https://lists.01.org/mailman/listinfo/edk2-devel

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel