Received: by 2002:a05:6358:5282:b0:b5:90e7:25cb with SMTP id g2csp4114616rwa; Tue, 23 Aug 2022 16:45:33 -0700 (PDT) X-Google-Smtp-Source: AA6agR4nvMkcpbvQ07cTqnbPmBys2U7jaZzhQ+gWTm7pKJ35Wkp0faXRKHKPn7yuW7mieCB8mZOA X-Received: by 2002:a05:6402:34d3:b0:446:93e1:811b with SMTP id w19-20020a05640234d300b0044693e1811bmr5481219edc.160.1661298333066; Tue, 23 Aug 2022 16:45:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661298333; cv=none; d=google.com; s=arc-20160816; b=LFywHH7On8mQHglmfTg7/4q99e2G4ktEkZSxrYturFvxTk5eUykpbdazrDhhR0XDUJ t6ElWCPGB1wBAq6OoS5VqZadG3hj43Asd2Hi4oYM6B4Yol+yVS6/panISJ21mKn+MG0l GmG1oKCEBqMzqvYUawn5sfV+5xmOxDvipLAAFZd6hZjQJG/KaB4tD8b5TMCv6G9/+O7J ZUg+6TbJKumdFqBVrLiOom5QsqO9begA4Rg8aYaBFwUjTwspuNvFlOtOVUU9D5Nm/mwI ozOU29XDVrOQOPNgJLhSzl4Al71qdWPAhNYvMKkCXPsLzLgv3+t8rAnix6XgD77OuLBL XG6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=9gUcNwwoI1We4/BZdL5lGf0kg357WN6NLzm+6DIPfiE=; b=uagv2rCakwBlqyrueNQ6Wd9w5WAzovcvfk1J/13ify1kEB+KjAlB6XyO/QfEDqtRyt 2fLosf0AXRU0geJcrq1MquY6IZzvuedG93rNKVvly7PL/ASo8LdnIqglBg0tknxuBAP3 QIxUS9+KPHkTCtMo2sTpnpbvgEi/ZMr+lWMa+1wkdrtfSDUK3YE7oetS5kfDGmnKgFM9 1mXXXKQSeGTnG42ku589XUTREdR2u3gz0C4vTSBu4GlJtyapefal2lA7w5B/d7NsCF0x NhT712HO6Ty2W1wJlFW8jzgd87rxs0pMdsM6zQv+9iVGFt8m8cxMq0m1RIPc5fuxW/jJ 5EPw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=FdPXdB5n; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id nc21-20020a1709071c1500b0072af8809a85si1189858ejc.332.2022.08.23.16.45.06; Tue, 23 Aug 2022 16:45:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=FdPXdB5n; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231522AbiHWX2W (ORCPT + 99 others); Tue, 23 Aug 2022 19:28:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53822 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229558AbiHWX2S (ORCPT ); Tue, 23 Aug 2022 19:28:18 -0400 Received: from mail-yw1-x1130.google.com (mail-yw1-x1130.google.com [IPv6:2607:f8b0:4864:20::1130]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 430948035C for ; Tue, 23 Aug 2022 16:28:18 -0700 (PDT) Received: by mail-yw1-x1130.google.com with SMTP id 00721157ae682-3378303138bso379119557b3.9 for ; Tue, 23 Aug 2022 16:28:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=9gUcNwwoI1We4/BZdL5lGf0kg357WN6NLzm+6DIPfiE=; b=FdPXdB5nRB8XQbCYc2FLN9mKm1ZtF3/3Xx+rl1Kzz9rEhs5tIpy+cYyUIhJjEx/9ZN GAN8xZJ34HR8MR1b/zvAlyef2sxtNrQEC/lkB8HqYxd4d64BlTnXLVK1qPRSIs+H33Vs orQ74sd7BQR69ZLV4kccgWjWnehdx06FEvq40j1PtzDuDzrza4IO8mi+8Mld8kM0+KUN ALoIOl6fF4RDRzeISBziqde5njpHoATTMqtd+uhG+3+/FxcKYuNWcN6iQVA3k8PSUHn/ 2uS44dq3a2I7hG9L6ErzLcZEAzaVakDqLBBLIlU9y4NHOlwyZy9y2J7GxYNxZ74s+YKn 7VDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=9gUcNwwoI1We4/BZdL5lGf0kg357WN6NLzm+6DIPfiE=; b=gsfFMONey5l5DzH1sUYp7oH3vWFq7iECi2lNgnvNHOJw9DzJQvr//RRAVycb3/JUJw icNp0CI4fT8339ItI3eKdBFVMqGb0icl5Fg3tiKb9I2pIuq7n/9XLKxLQCTw9Zj9rHym 4Rw+zbV4vG5bySx8ueb/a2hkF5ILMkASVLP74ivarddZxbcn7s9BT/AhrxAGJkR5O2wI 14fdI9BO7ah85ZKs/wlAerC2ZtbRLWzJhJeEGg6UOEXxhGvDp9wnFCBCw77ctmP49xV2 XodXkAv0RFWBaj2gZVnvmqXfD+Q5puPJ7cEkOG4YnNyPPtY7Tg47QEIeoF9h70TI4bkS hvwg== X-Gm-Message-State: ACgBeo3qQj/OA19UnQ1nopx9C559LkTkZMRUsr2ZnQC6Lx4iaGOarg9+ a0qkSBw9ufZvIFwl2NA5+tr844ucx6Sdfg6ZdmGpAygYuWIyKg== X-Received: by 2002:a81:6f43:0:b0:335:9e7e:ad25 with SMTP id k64-20020a816f43000000b003359e7ead25mr28234253ywc.518.1661297297433; Tue, 23 Aug 2022 16:28:17 -0700 (PDT) MIME-Version: 1.0 References: <20220614120231.48165-1-kirill.shutemov@linux.intel.com> <44495aa8acb666b447a08a1c3af80987aa3cea3a.1659103274.git.thomas.lendacky@amd.com> In-Reply-To: <44495aa8acb666b447a08a1c3af80987aa3cea3a.1659103274.git.thomas.lendacky@amd.com> From: Dionna Amalie Glaze Date: Tue, 23 Aug 2022 16:28:06 -0700 Message-ID: Subject: Re: [PATCH v1 2/2] x86/sev: Add SNP-specific unaccepted memory support To: Tom Lendacky Cc: LKML , "the arch/x86 maintainers" , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "Kirill A. Shutemov" , "H. Peter Anvin" , Michael Roth , Joerg Roedel , Andy Lutomirski , Peter Zijlstra Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -1553,6 +1553,7 @@ config AMD_MEM_ENCRYPT > select INSTRUCTION_DECODER > select ARCH_HAS_CC_PLATFORM > select X86_MEM_ENCRYPT > + select UNACCEPTED_MEMORY > help > Say yes to enable support for the encryption of system memory. > This requires an AMD processor that supports Secure Memory At the risk of starting another centithread like on Kirill's patches for unaccepted memory, I think this needs to be brought up. By making unaccepted_memory on option rather than a dependency, we get into an inescapable situation of always needing to know whether or not the guest OS will support unaccepted memory, from within the firmware. I think that makes a UEFI specification change necessary. If we don't make this configurable, and indeed make it a dependency, then we can say SEV-SNP implies that the firmware should create unaccepted memory. We can work around the short gap of support between kernel versions. What are your thoughts on dependency versus UEFI spec change to allow this configuration to be negotiated with the firmware? -- -Dionna Glaze, PhD (she/her)