Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp4881445imw; Tue, 19 Jul 2022 15:23:05 -0700 (PDT) X-Google-Smtp-Source: AGRyM1ueWoJK2KqgzfaI54p/NH/qL5cgvaRs10Qd8p0qeFXXXRwbxzkILJ0OX1q2Q6e9zUAHVzak X-Received: by 2002:a65:4cc7:0:b0:41a:4df2:4839 with SMTP id n7-20020a654cc7000000b0041a4df24839mr3956810pgt.37.1658269385455; Tue, 19 Jul 2022 15:23:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658269385; cv=none; d=google.com; s=arc-20160816; b=r5Eh/aw68Rq0Xw6Mk1he6nyNcFt18c4JjKsODO6s+cnHTAkhVs6WUqXu8gr/tz9P2m aJSs9byJcocCSzpkRwWDiz2IsH1//0b75gSBRqFJPllrTRYcqi6P10pQfQfvYGBCQGMF uYimXlJaJ+nWHubepKW535pDPSR7gyFLKCrsQT8sBSk6twKxahMaprQ082elcBkiYIrs YkPbMqL47IdaJ7JBbr+5N6jQ3bN322VsdzILAW63PF8+o2VSvZ/eS/HD9tP7tYWa3Ky+ Hf+DBrozIekFaDUPNn0IPxc4G7an+ZlVWwzDVZUF/Ef6TWxGSlXEw3n3sK6UOOyioRqc rK7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=zgdOM0wPW0ivyCAr+kbCmn0ubaFCxgd61DTDUsJxxuo=; b=wE/BPQphp1CieXSmcZFHk8shqrm7rVd6Ah3wDGYGAte2fWBhoYUs9cZdHhTb/EpKyV pf2/Bqe/xOjGp0o9ojKaFOImVY/dPk/vCJwtMFIWW+rp+gJMYZ3qMJaCt3fPZOwUSrvR WSP30ujcEu+X2sLOLheIk0EnY+UMl7VXjgW5bNAUYmCtOJ1JZwQksVgPmTsAaEWWl1UV uNrmAup0aZHhOFafJQ58Zv56PjLvB49QnsPazMB5huhHrv+osoR7BTUuL2tGNQ2Aap0h ATgXEtBG3qpEkSHQ1jJfn7/xIksmPX2fdMViDRgb9kWsFFIKP1O5oYgJ/lxRB6bKZ6Sa yf6g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=TtVDgTX2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q14-20020a170902b10e00b001620bc89356si17750661plr.482.2022.07.19.15.22.51; Tue, 19 Jul 2022 15:23:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=TtVDgTX2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238047AbiGSVg6 (ORCPT + 99 others); Tue, 19 Jul 2022 17:36:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45138 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239758AbiGSVgy (ORCPT ); Tue, 19 Jul 2022 17:36:54 -0400 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1BD205C343; Tue, 19 Jul 2022 14:36:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1658266614; x=1689802614; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=lZfxsCoZwidUXvUg1h38BCfji1GHOSEqDIubN9Z3IFE=; b=TtVDgTX2aNKX+WBJlsBLmOusKL3LgkIdb9dReAcUjpRMidATh4vxBVzM +EhEmFuxYP+zHr55nS9t1guguoacQlNKp/FwELwB6qF4q25dkXHO1Leps 1CygA7v1E9ivn+klNXMPcxhxfc1TyNY4Q/J2MFaI3JKJm4F76ix1KLHvC rT1YMjlTmQ+TDaV0NuDIb0ScDGXwsdQfhieyHaSUj44XT26vru9i/tPb9 jxHjyPMOxkUAuyxQKB185fn8rkqw7XLrgN7epIhj43h2XjznUNlT5VnVd leQaIdTMk+aqFipQEiX0htjQ2AoFlnO5n+gKespYI0lSMisXrUcBAARmR A==; X-IronPort-AV: E=McAfee;i="6400,9594,10413"; a="372916179" X-IronPort-AV: E=Sophos;i="5.92,285,1650956400"; d="scan'208";a="372916179" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Jul 2022 14:35:48 -0700 X-IronPort-AV: E=Sophos;i="5.92,285,1650956400"; d="scan'208";a="687272611" Received: from twliston-mobl1.amr.corp.intel.com (HELO [10.212.132.190]) ([10.212.132.190]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Jul 2022 14:35:45 -0700 Message-ID: Date: Tue, 19 Jul 2022 14:35:45 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1 Subject: Re: [PATCHv7 00/14] mm, x86/cc: Implement support for unaccepted memory Content-Language: en-US To: Borislav Petkov , Ard Biesheuvel Cc: Dionna Amalie Glaze , "Kirill A. Shutemov" , Peter Gonda , Andy Lutomirski , Sean Christopherson , Andrew Morton , Joerg Roedel , Andi Kleen , Kuppuswamy Sathyanarayanan , David Rientjes , Vlastimil Babka , Tom Lendacky , Thomas Gleixner , Peter Zijlstra , Paolo Bonzini , Ingo Molnar , Varad Gautam , Dario Faggioli , Mike Rapoport , David Hildenbrand , Marcelo Cerri , tim.gardner@canonical.com, Khalid ElMously , philip.cox@canonical.com, the arch/x86 maintainers , Linux Memory Management List , linux-coco@lists.linux.dev, linux-efi , LKML , "Yao, Jiewen" References: <20220627223808.ihgy3epdx6ofll43@black.fi.intel.com> <20220718172159.4vwjzrfthelovcty@black.fi.intel.com> From: Dave Hansen In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-5.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 7/19/22 14:23, Borislav Petkov wrote: > On Tue, Jul 19, 2022 at 10:45:06PM +0200, Ard Biesheuvel wrote: >> So let's define a way for the EFI stub to signal to the firmware >> (before EBS()) that it will take control of accepting memory. The >> 'bootloader that calls EBS()' case can invent something along the >> lines of what has been proposed in this thread to infer the >> capabilities of the kernel (and decide what to signal to the >> firmware). But we have no need for this additional complexity on >> Linux. > To tell you the truth, I've been perusing this thread from the sidelines > and am wondering why does this need this special dance at all? > > If EFI takes control of accepting memory, then when the guest kernel > boots, it'll find all memory accepted and not do anything. > > If EFI doesn't accept memory, then the guest kernel will boot and do the > accepting itself. > > So either I'm missing something or we're overengineering this for no > good reason... They're trying to design something that can (forever) handle guests that might not be able to accept memory. It's based on the idea that *something* needs to assume control and EFI doesn't have enough information to assume control. I wish we didn't need all this complexity, though. There are three entities that can influence how much memory is accepted: 1. The host 2. The guest firmware 3. The guest kernel (or bootloader or something after the firmware) This whole thread is about how #2 and #3 talk to each other and make sure *someone* does it. I kinda think we should just take the guest firmware out of the picture. There are only going to be a few versions of the kernel that can boot under TDX (or SEV-SNP) and *can't* handle unaccepted memory. It seems a bit silly to design this whole interface for a few versions of the OS that TDX folks tell me can't be used anyway. I think we should just say if you want to run an OS that doesn't have unaccepted memory support, you can either: 1. Deal with that at the host level configuration 2. Boot some intermediate thing like a bootloader that does acceptance before running the stupid^Wunenlightended OS 3. Live with the 4GB of pre-accepted memory you get with no OS work. Yeah, this isn't convenient for some hosts. But, really, this is preferable to doing an EFI/OS dance until the end of time.