patina-v14.5.0
What's Changed
-
Simplify perf timer init @berlin-with0ut-return (#1068)
Change Details
## Description The perf timer used to wrap `OnceCell>`. This is unnecessary as we can use `Service::new_uninit` and `.replace` on initialization.
Fixes #1060.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
All original unit tests pass.
Integration Instructions
N/A.
-
RFC: Static Resolution and usage in the Core @Javagedes (#1041)
Change Details
## Description
Current Status: FCP
This RFC proposes a re-architecture of the current usage of statics in the core
#1049 is the reference implementation for only half of this RFC. It is the reference implementation for moving the core itself to be static, which will be the first step in moving all static members into the core.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
N/A
Integration Instructions
N/A
-
patina\_dxe\_core/perf\_timer: Fix warning about `frequency` not being used @makubacki (#1066)
Change Details
## Description
The mutable variable does not need to be mutable, but it also does not need to exist. The various branches can just return their values.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
cargo make all
Integration Instructions
- N/A
-
patina\_debugger: Code coverage for transport @cfernald (#1058)
Change Details
## Description
Add tests for the debugger transport module.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Unit Tests
Integration Instructions
N/A
-
GCD: Increase Unit Test Coverage @os-d (#1048)
Change Details
## Description
This commit adds more robust unit testing to the GCD code, moving the spin_locked_gcd.rs file from 68% coverage to 90% coverage.
Some functions are marked with #[coverage(off)] because they are wrapper functions or otherwise not useful/possible to meaningfully test.
Closes #202 .
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Unit tests pass.
Integration Instructions
N/A.
-
Replace AtomicPtr with Cell in patina\_internal\_collections. @joschock (#1050)
Change Details
## Description
Switch internal collections implementation to
CellfromAtomicPtrpursuant to RFC 0021 (#1036)- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Boot-tested on platform hardware, measured performance delta (no regression, but no marked improvement performance-wise).
Integration Instructions
N/A
-
Enable unsafe block lint [Rebase \& FF] @makubacki (#1053)
Change Details
## Description
Enables the
undocumented_unsafe_blocksclippy lint in the workspace for all crates exceptpatina_dxe_coreas tracked in #583.
Enable the undocumented_unsafe_blocks lint
Closes #761
Checks that
unsafeblocks have safety comments by enabling the
following clippy lint.https://rust-lang.github.io/rust-clippy/master/index.html#undocumented_unsafe_blocks
The lint is not enabled in
patina_dxe_coreat this time as it still
has a lot of unsafe blocks that need safety comments. Those will be
addressed in a future change.
patina_performance: Replace unsafe test code
Removes the need for unsafe by leaking the Box to get a static
reference.
Add missing unsafe safety comments
Adds safety comments missing for unsafe blocks in the following crates:
- patina
- patina_dxe_core
- patina_internal_collections
- patina_internal_cpu
- patina_internal_device_path
- patina_mm
- patina_performance
- patina_stacktrace
- patina_smbios
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
cargo make clippy
Integration Instructions
- N/A
-
Remove Duplicate MemoryType Definitions @Raymond-MS (#1044)
Change Details
## Description
Removed duplicate MemoryTypes definition from allocation.rs. Updated the EfiMemoryTypes in efi_types.rs. Updated all instances using the old version to use EfiMemoryTypes instead. Fixed some issues related to casting by explicitly adding the Sized trait.
Fixes: #505
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Built and ran to UEFI shell using QEMU SBSA.
Integration Instructions
N/A
-
Makefile.toml: Clean Coverage Artifacts Before Running Coverage @os-d (#1046)
Change Details
## Description
cargo-llvm-cov automatically cleans coverage artifacts before running in order to have accurate coverage results. However, if --no-report is passed, it does not automatically clean the coverage artifacts.
Commit da004c7 added --no-report to cargo-llvm-cov when refactoring the report output, but did not add a call to cargo llvm-cov clean first. This is fine for CI builds, but for local runs, it will produce inaccurate coverage if there are existing coverage artifacts.
This fixes that by ensuring cargo llvm-cov clean is called first.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Tested with
cargo make coveragelocally showing bad results and this fixing it.Integration Instructions
N/A.
🚀 Features & ✨ Enhancements
-
AARCH64 GIC v3: add support for booting on a primary core that is not the first entry in the GIC Redistributor. @joschock (#1063)
Change Details
## Description
The prior implementation of the gic_manager module and associated code assumed that the system boot core would be the first entry in the GIC redistributor. However, that is not always the case. This PR refactors the gic_manager module, brings it up to the most recent version of the
arm-giccrate, and adds support for booting from a core that is not the first entry in the GIC redistributor.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Verified interrupt functionality on AARCH64 hardware platform booting from a core that isn't the first entry in the GIC redistributor.
Integration Instructions
N/A
-
Improve perf timer accuracy [Rebase \& FF] @berlin-with0ut-return (#880)
Change Details
## Description On Q35 and other virtualized environments, the TSC frequency may not be accessible. This PR introduces a core configuration options, .with_timer_frequency, to allow platforms to perform their own timer frequency calculations.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Q35 now gives reasonable timings.
Integration Instructions
Platforms need to provide a frequency setting if their frequency cannot be calcaulated by default methods (cpuid on x86, aarch64 registers).
For Q35, we provide frequency through the ACPI PM timer in
patina-dxe-core-qemu:const DEFAULT_ACPI_TIMER_FREQUENCY: u64 = 3_579_545; // 3.579545 MHz pub fn calibrate_tsc_frequency(pm_timer: PmTimer) -> u64 { log::info!("Calibrating TSC frequency using PM timer at {:?}", pm_timer); // Wait for a PM timer edge to avoid partial intervals. let mut start_pm = read_pm_timer(pm_timer); let mut next_pm; loop { next_pm = read_pm_timer(pm_timer); if next_pm != start_pm { break; } } start_pm = next_pm; // Record starting TSC. let start_tsc = unsafe { x86_64::_rdtsc() }; // Hz = ticks/second. Divided by 20 ~ ticks / 50 ms. const TARGET_INTERVAL_SIZE: u64 = 20; let target_ticks = (DEFAULT_ACPI_TIMER_FREQUENCY / TARGET_INTERVAL_SIZE) as u32; let mut end_pm; loop { end_pm = read_pm_timer(pm_timer); let delta = end_pm.wrapping_sub(start_pm); if delta >= target_ticks { break; } } // Record ending TSC. let end_tsc = unsafe { x86_64::_rdtsc() }; // Time elapsed based on PM timer ticks. let delta_pm = end_pm.wrapping_sub(start_pm) as u64; let delta_time_ns = (delta_pm * 1_000_000_000) / DEFAULT_ACPI_TIMER_FREQUENCY; // Rdtsc ticks. let delta_tsc = end_tsc - start_tsc; // Frequency = Rdstc ticks / elapsed time. let freq_hz = (delta_tsc * 1_000_000_000) / delta_time_ns; freq_hz } fn read_pm_timer(pm_timer: PmTimer) -> u32 { log::info!("Reading PM timer at {:?}", pm_timer); match pm_timer { PmTimer::IoPort { port } => { let value: u32; unsafe { core::arch::asm!( "in eax, dx", in("dx") port, out("eax") value, options(nomem, nostack, preserves_flags), ); } value } PmTimer::Mmio { base } => unsafe { core::ptr::read_volatile(base as *const u32) }, } }Once this timer is integrated, the
perf_timerlib in mu_rust_helpers needs to be removed.
🐛 Bug Fixes
-
AARCH64 GIC v3: add support for booting on a primary core that is not the first entry in the GIC Redistributor. @joschock (#1063)
Change Details
## Description
The prior implementation of the gic_manager module and associated code assumed that the system boot core would be the first entry in the GIC redistributor. However, that is not always the case. This PR refactors the gic_manager module, brings it up to the most recent version of the
arm-giccrate, and adds support for booting from a core that is not the first entry in the GIC redistributor.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Verified interrupt functionality on AARCH64 hardware platform booting from a core that isn't the first entry in the GIC redistributor.
Integration Instructions
N/A
-
Service: Bugfix use before initialized panic @Javagedes (#1070)
Change Details
## Description
Services are allowed to be const-initialized (but uninitialized) to support stashing them in statics to be used in UEFI protocols. This is typically safe as this static state won't begin being used until the component starts and it can be initialized. In some rare cases (i.e. the logger), we may attempt to use this static before the component has been fully initialized. To resolve this, we add the map_or method, matching the Option type's map_or interface, to allow the user to call the service if it is initalized, otherwise use a default value.
This fixes an issue that stops all platforms using the advanced logger from booting with no indication why, as we panic when attempting to use the advanced logger, which is also how we log.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Booted to Shell, pass all CI tests
Integration Instructions
N/A
-
StackTrace: Do not terminate stack trace based on fp on X64 @vineelko (#1067)
Change Details
## Description StackTrace: Do not terminate stack trace based on fp on X64. This bug was introduced in the stacktrace aarch64 refactor.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Validated on QEMU Q35
Integration Instructions
NA
-
Bugfix for TPL change vs. interrupt enable @joschock (#1064)
Change Details
## Description
Bugfix: ensure that new TPL is written before enabling interrupts to avoid a scenario where an interrupt occurs and observe CURRENT_TPL in previous TPL state.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Booted aarch64 hardware.
Integration Instructions
N/A
📖 Documentation Updates
-
Revise Atomics RFC @joschock (#1036)
Change Details
## Description
Revise Atomics RFC to reflect findings from performance measurement and rescope the proposal in the RFC.
Original RFC: #810
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
N/A - documentation.
Integration Instructions
N/A.
-
[REBASE \& FF] Create arch abstraction doc and fixup patina\_internal\_cpu @cfernald (#1029)
Change Details
## Description
Docs: Add principles documentation for architecture abstraction
This document outlines the key principles behind the architecture abstraction
in the Patina project, specifically for core crates that must deal with
architecture-specific details.patina_internal_cpu: Cleanup conditional compilation
- Removes overly restrictive conditional compilation
- Unify ExceptionContext structure as a generic wrapper
- Isolation uefi target_os conditional for rare cases (IDT)
FIXES: #982
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Local build & QEMU boot
Integration Instructions
N/A
Full Changelog: patina-v14.4.2...v14.5.0
