Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp666994iog; Fri, 24 Jun 2022 11:17:40 -0700 (PDT) X-Google-Smtp-Source: AGRyM1sqINl3NDegiTe+Z+t9sWEnAeGTFzNzuJ8fCLimaoyS81nokrlGobePXFpVvQsGSte/aVPS X-Received: by 2002:a63:440d:0:b0:401:9e3e:7d2d with SMTP id r13-20020a63440d000000b004019e3e7d2dmr138536pga.446.1656094659637; Fri, 24 Jun 2022 11:17:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1656094659; cv=none; d=google.com; s=arc-20160816; b=gQvFoPB7wrqhQFmvXKGOUYwf0VFHrDslIqGMTM5aUqP8Mfmwn3sSZ4S1+6Ra9LWkrl Yhudkv7uXBpwAlSi4XEcj4RtZtmjl5EF7nxcPMR35vUemNkl3uluOwJl1TX4S74hhLDp 2hVMylxVHKeodTRn4NUGxF10EauD4CE0Zbjkie0N9+rE1/mneYkOatck2DlE7zjQ+GN7 7iW0c3W5e72iiYOyLl36GEbzbuS8iiJc6Fx7U5idmAiBMY4YAuSOYczulDzOLud3wN5U dikPfEo9rxD8HjRRpyXKdAhXnOTiK50sgAtLoQ9jtMIiaeHUXxMRsIuy9NNn+/hCAHiq muWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=EGWDGyrrQIL4AEMstHJtCfAVLeedRjNxRUNOHPRZxcE=; b=T72GK4Ecyoa3GDi0fTrXLNIYKgZLWfF/bCTqpm0mQCHRKULaAAnEA7viJRZGeWpWU0 9e21tIVyI4Q7ErDGZGG/ZsBc2n/RP6SvbwiULFS8AtNgOEVF2AECA0DGrtdr4mw9V0Uk Ueg+xqFF+7sbvgKCXdQ2+8oGqBu+iEGKQsi16ivP+CbAPuRAyNBFcJOEKWGmmCdzPE2d 66BsnixHj1YH5WFEXRCerlassAc18RoXxKoeswBpOGbdaoMH76cOQFZa+xrqt2aB2iDX xCjxlItUBy71WxET+JSnnu0oU4JRe+iQfLbiVantzB8ky01XDe/LHRpCbxXgyGMGrlXA CbqA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="btafN/P2"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i7-20020a17090332c700b001615059fa28si4817790plr.345.2022.06.24.11.17.27; Fri, 24 Jun 2022 11:17:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="btafN/P2"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232623AbiFXRrr (ORCPT + 99 others); Fri, 24 Jun 2022 13:47:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46884 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232285AbiFXRrq (ORCPT ); Fri, 24 Jun 2022 13:47:46 -0400 Received: from mga06.intel.com (mga06b.intel.com [134.134.136.31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 15FD3369DB; Fri, 24 Jun 2022 10:47:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1656092866; x=1687628866; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=shiV5Ay7GQ2Tu/mMj01l+eBCIevTWE/G5toVrHbXBHM=; b=btafN/P26gOL70qYu3508Depm7xGwVB1BOuS/OEjzauNePbkvmfzkVHH pEyg7Slr9Xw9YOKSvn0pozNlmrc4MQ6OGZQ5hH/27pZP+x0lclSU1x4wl pE1Qi+WThdR3pLcbXY13fZqTzW0Y/L8pb0puxI4LxCEVYg+d7YchIJXG+ LXtLSpsdP72vWgirQYnmvD0DLOvE9D/cT3RB7RPPTa76J9fjA8hA6BQR6 jVr1S6jeYqSD9IiOGD5aO/vnlOUtWmC9PNw6lFAmnuVwzygeXA76KSyQ+ soEXTcLBND8HgJ2VNQti54d46NIBWDbSiEH/vpw07K2tLLAjQRGYwDsEa A==; X-IronPort-AV: E=McAfee;i="6400,9594,10388"; a="342741407" X-IronPort-AV: E=Sophos;i="5.92,218,1650956400"; d="scan'208";a="342741407" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jun 2022 10:47:45 -0700 X-IronPort-AV: E=Sophos;i="5.92,218,1650956400"; d="scan'208";a="731410181" Received: from mdedeogl-mobl.amr.corp.intel.com (HELO [10.209.126.186]) ([10.209.126.186]) by fmsmga001-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jun 2022 10:47:43 -0700 Message-ID: <1e7ad728-d796-c84d-b7ba-b96d8f9fcd0c@intel.com> Date: Fri, 24 Jun 2022 10:47:09 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1 Subject: Re: [PATCHv7 00/14] mm, x86/cc: Implement support for unaccepted memory Content-Language: en-US To: Marc Orr Cc: Peter Gonda , "Kirill A. Shutemov" , Borislav Petkov , Andy Lutomirski , Sean Christopherson , Andrew Morton , Joerg Roedel , Ard Biesheuvel , Andi Kleen , Kuppuswamy Sathyanarayanan , David Rientjes , Vlastimil Babka , Tom Lendacky , Thomas Gleixner , Peter Zijlstra , Paolo Bonzini , Ingo Molnar , Varad Gautam , Dario Faggioli , Mike Rapoport , David Hildenbrand , Marcelo , tim.gardner@canonical.com, Khalid ElMously , philip.cox@canonical.com, the arch/x86 maintainers , linux-mm@kvack.org, linux-coco@lists.linux.dev, linux-efi@vger.kernel.org, LKML References: <20220614120231.48165-1-kirill.shutemov@linux.intel.com> <5af19000-4482-7eb9-f158-0a461891f087@intel.com> From: Dave Hansen In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/24/22 10:19, Marc Orr wrote: >> Is this a matter of >> >> can boot from a guest firmware that doesn't pre-validate all the >> guest memory? >> >> or >> >> can boot from a guest firmware that doesn't pre-validate all the >> guest memory ... with access to all of that guest's RAM? >> >> In other words, are we talking about "fails to boot" or "can't see all >> the RAM"? > Ah... yeah, you're right, Dave -- I guess it's the latter. The guest > won't have access to all of the memory that the customer is paying > for. But that's still bad. If the customer buys a 96 GB VM and can > only see 4GB because they're kernel doesn't have these patches they're > going to be confused and frustrated. They'll at least be a _bit_ less angry and frustrated than if they were staring at a blank screen. ;) But, yeah, I totally get the point. How big is the window going to be where we have guests that can have unaccepted memory, but don't have acceptance support? For TDX, it's looking like it'll probably _just_ be 5.19. Is TDX on 5.19 in shape that cloud providers can deploy it? Or, is stuff like lack of attestation a deal breaker?