Received: by 2002:ac0:b7d5:0:0:0:0:0 with SMTP id v21csp15846ime; Thu, 28 Jul 2022 15:19:14 -0700 (PDT) X-Google-Smtp-Source: AGRyM1s6WtCXwHncpn8+4MMIaeEBQ5QtalHqDODSDNqdzLPFXHaR3h7df13W+qUb4rZwpbeZqc7O X-Received: by 2002:a05:6402:3408:b0:43c:2dd3:d86b with SMTP id k8-20020a056402340800b0043c2dd3d86bmr1007943edc.108.1659046754394; Thu, 28 Jul 2022 15:19:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659046754; cv=none; d=google.com; s=arc-20160816; b=L/R+yRj/HzpsBo1Pin1WMcgtSvM9DL23W6/9UvUWZcsZ9RmEAgfyB1zzz9+0qr3KDy /qfPKsPdB6e1H+VeGsXlmcT9XdtiV/7T1Dbg9dNid6vSNr09DJqZbNmA8zAAE7FWDNop P1vSax/ZzFgO2zMI9i6501Xecx0eunkHy7MFVFpSJWdXl5NGoFbaS8ZBJ9WIuLJcw+I6 FGGDUw/y8OGY4iZbpoNEmyf0DfuCzMkO/7FYpPoXiq7i+02R5Fn00CSqzZPfpPUvGqBN S0B2t/7bRZvIWfWt8FPOvcAOp6c9pdRWPZKSsQmunjwUoknZ1N/+oQobiB8TsbJw9/HM ejNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=KKJMz2p0fMbqbmhUA2NRK8taNgQHWFCPCykk0R/nVkQ=; b=eWwUrJxXF09XmPqXIBp39Rvd/l52Rq0o9BMxe2rMqfGC4lxryv92QNvdE6DpLnZ9z4 KNKlxIPM795Mie0rVHm8kVbtKAD8vBXO3OcbLUVRW5ypvqyCkX/Wcj8yVCaui/6kM08w DjavX1iEuBmZxE9JktyJ3Xq1som1YJfi7m6H+t1dC2A+Xs8YIKFbLZvlnIRfOdKy0+oV G1Y8gxGAI3zbOJeHJBvSp84G8F2lO6RHlTM5DKUxH/FwR9rV7SPabiOaXse1xY5Bn4dk h8WMooS2AOW9lLfE1cag+VNQSgUbPCaJ1E2F7cCgO00dxKYPQ2Mf2wo6wnBfgZYIj2q8 d1Nw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=BIAqjFwu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ju23-20020a17090798b700b00725ea31cfbfsi1306608ejc.406.2022.07.28.15.18.49; Thu, 28 Jul 2022 15:19:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=BIAqjFwu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231214AbiG1WCK (ORCPT + 99 others); Thu, 28 Jul 2022 18:02:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44970 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230312AbiG1WCI (ORCPT ); Thu, 28 Jul 2022 18:02:08 -0400 Received: from mail-yb1-xb30.google.com (mail-yb1-xb30.google.com [IPv6:2607:f8b0:4864:20::b30]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E0BC665578 for ; Thu, 28 Jul 2022 15:02:04 -0700 (PDT) Received: by mail-yb1-xb30.google.com with SMTP id 204so4253773yba.1 for ; Thu, 28 Jul 2022 15:02:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=KKJMz2p0fMbqbmhUA2NRK8taNgQHWFCPCykk0R/nVkQ=; b=BIAqjFwuvscZyaQvaO2Pp5Tm2K8Fcr9ETnXvpU5e3wVsse21Jc6+b/sSURRzcM4QRX f+AUZdMnE7et9mw5oGUM8bOIP7AqPCPEFZ5JFqKRH4odWmwDZ0FjP8rMMLUG8y3aCwAh lwgedBwQkhfs5enr6DiCZ/gKqdYfyYsGa6781lN44ppqnMvdnKWZaI1L0KYuIh0w3h/W Ex4VAWe01YlKol56ws7q0/gUwiDhufvbMAS97qfg8YmOtZ7iNvuxcaVvr0OuapoWpqSG zk5SMyBnMxjyNUeOtF5G284TFqrCbKyKwnrUsp1SvrzycKfu/wMWOIfliAogPsiP7m2l e2ug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=KKJMz2p0fMbqbmhUA2NRK8taNgQHWFCPCykk0R/nVkQ=; b=W4w+phImbkmBtpFkWe4qURiqq7EL0i6SCAQcUasWEcTtZcWpxTb466Krzn0LUm+lSS A+5lr7bWXM/d7bNH84/2iAkdBmIA608gD0bUHUGBo60Cex3do225dX7a5FKc5Pw15TDN 4NwJyOX2BGh1zr/yQvshRUgjGvRmF/vQd5c20394wNxSNO8G6lkO9YzfpI1JEqgMaiJx i1vbv8MnWdSyBVfBOhz9n40dsjenpeDjX1vW+niVIVnoLUcm6vEv0cKUpAwXokateiCo UYRcRt07sjpQwkmKdvD4z7xJFzSu3ZbgN9d3QVFaoRH9cbjCiybYGiwCzmsrdRgPLmBn xjzw== X-Gm-Message-State: ACgBeo1WbqGWQuD11ccWxHbCYAgw/j0IAcec0NQR3o9svlEoc0lOdOcl iS6LqPBM1eRJnNtVY6D7IAenlUJRLNBwCuHmKbtaNQ== X-Received: by 2002:a05:6902:128d:b0:670:9009:f859 with SMTP id i13-20020a056902128d00b006709009f859mr549949ybu.321.1659045723977; Thu, 28 Jul 2022 15:02:03 -0700 (PDT) MIME-Version: 1.0 References: <20220627223808.ihgy3epdx6ofll43@black.fi.intel.com> <20220718172159.4vwjzrfthelovcty@black.fi.intel.com> <22d54786-bc12-ecc5-2b37-cbaa56090aa8@intel.com> In-Reply-To: From: Dionna Amalie Glaze Date: Thu, 28 Jul 2022 15:01:52 -0700 Message-ID: Subject: Re: [PATCHv7 00/14] mm, x86/cc: Implement support for unaccepted memory To: Ard Biesheuvel Cc: Dave Hansen , Marc Orr , Borislav Petkov , "Kirill A. Shutemov" , Peter Gonda , Andy Lutomirski , Sean Christopherson , Andrew Morton , Joerg Roedel , Andi Kleen , Kuppuswamy Sathyanarayanan , David Rientjes , Vlastimil Babka , Tom Lendacky , Thomas Gleixner , Peter Zijlstra , Paolo Bonzini , Ingo Molnar , Varad Gautam , Dario Faggioli , Mike Rapoport , David Hildenbrand , Marcelo Cerri , tim.gardner@canonical.com, Khalid ElMously , philip.cox@canonical.com, "the arch/x86 maintainers" , Linux Memory Management List , linux-coco@lists.linux.dev, linux-efi , LKML , "Yao, Jiewen" Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > > What I strongly object to is inventing a new bespoke way for the > firmware to make inferences about the capabilities of the image by > inspecting fields in the file representation of the image (which is > not guaranteed by EFI to be identical to its in-memory representation, > as, e.g., the PE/COFF header could be omitted by a loader without > violating the spec) > > As for the intermediate thing: yes, that would be a valuable thing to > have in OVMF (and I will gladly take EDK2 patches that implement > this). However, I'm not sure how you decide whether or not this thing > should be active or not, doesn't that just move the problem around? This does just move the problem around, but it makes correct behavior the default instead of silently ignoring most of the VM's memory and booting regularly. I have the driver mostly written to change the behavior to accept all by default unless a driver has been installed to set a particular boolean to make it not. Still that's yet another thing as you say. I agree with everyone that this situation just stinks. "Can't you just boot it?" was asked before, and yes we can, but at the scale of a CSP managing anybody's image uploads, that not-insignificant cost has to be paid by someone. It's a hard problem to route the image to the right kind of machine that's expected to be able to run it... it's a big ol' mess. One thing is for sure: these patches shouldn't be blocked by the "how do we detect it" question. I'm glad to see so much engagement with this problem, but I fear I might have delayed its progress towards a merge. I know AMD has a follow-up to add SEV-SNP accept_memory support to finish this all up. I'll try to get the ear of all the distributions that are tracking towards providing SEV-SNP-supported images for CSPs to get them on the release that includes these patches. I'll also see about upstreaming that EFI driver and EDK2 changes in case there's a slip in the kernel release and we need this workaround. -- -Dionna Glaze, PhD (she/her)