Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp3751441rwb; Mon, 16 Jan 2023 12:25:10 -0800 (PST) X-Google-Smtp-Source: AMrXdXuD35cKv4ysEK2R7czaQ+wh66drU7DN3bYD/bPY10jGZ8Y+2NL2M6UWbGa+zpnmspFdSflw X-Received: by 2002:a05:6a20:4e18:b0:b8:aad2:3407 with SMTP id gk24-20020a056a204e1800b000b8aad23407mr117441pzb.45.1673900710561; Mon, 16 Jan 2023 12:25:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673900710; cv=none; d=google.com; s=arc-20160816; b=d+hpYjkJRrGW0ZXrxh0WIKGKsw3t9Aos6xJ5hR6mb+4GVLzr0Ag5GENE2yki76W+hZ 3Cur1cl1MGziEnQEDafNc5Tg25NQln5bycplyG1l2pKaMHWFnoqZlL24kSKRAwBQkG1M MmQgtFqvNqXwLrXCB7MJvRKUfyKfmCUb1/t76vT/CU8ICXTiLdOZg5pl8jF+HKQFuVlF lOcyPQlXVMvk+jcMKJ1PBj4kmgpfP3Z/yUwBOFVfg+vF30xqqADIWnwpBrC8wsfEv+4z QU7DHMsWgV9Tr9e6DlDtrA49BrBX5SBui+M8XM9H3/IVtQrxKI3P3Kho0vyI7Ys4E3v5 FhGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=QnxAd4xLU7p98OVD+hAsykoKTEdCqXWogG3RU5BW2po=; b=mOPdB+Dv4J2wYiJZgCeu8EEafZS9eh5qqGRJjgvoyIg8mHFvJOmO4MMQMCfvBviXvG g5J/4H0NApNfSne3E/G6XOOwfDbEAVKYodKPspn1XtTPhjGghan0Ir5u+DW63En3PLLI 385vsoyhG64ZKmdBjgtQpVXkXDdP9EkRWnHcTtgYNUGifo/F0a6nRt3PFzerfARJxtn4 reZTLcWZdjDKHE7B5o8fki9t7iAtXK8sWy0xoS9c/qAhmfsbiolXHs197QGtmdtQ0G7+ 1bMxOoW9QMhUK4n+n4NqwADzPC1r9n143y9nBv2SfTrYOlPdK57StMpnz4/UpECbf+zz vnuw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=ZcgKRE6T; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o7-20020a63f147000000b0043a20d57b46si28842635pgk.826.2023.01.16.12.25.04; Mon, 16 Jan 2023 12:25:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=ZcgKRE6T; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232972AbjAPTng (ORCPT + 50 others); Mon, 16 Jan 2023 14:43:36 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50380 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232809AbjAPTn3 (ORCPT ); Mon, 16 Jan 2023 14:43:29 -0500 Received: from mail-pg1-x536.google.com (mail-pg1-x536.google.com [IPv6:2607:f8b0:4864:20::536]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CE1032BF3A for ; Mon, 16 Jan 2023 11:43:27 -0800 (PST) Received: by mail-pg1-x536.google.com with SMTP id 141so20378637pgc.0 for ; Mon, 16 Jan 2023 11:43:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=QnxAd4xLU7p98OVD+hAsykoKTEdCqXWogG3RU5BW2po=; b=ZcgKRE6TB59mnjD/69kiQ20Z15m7bNSMriL7cCAPHuh6s0qMmw+VhH9/on66EdmyjG dw+fC/siS31TgmABCX7jG5ljxR34baQbn2QAFlOMyC6RoGGt0sl6Dd01TGoSs81kW41H /m/0cOLtBkTdCpNSq4jwfCUtu7SCSzahq6v+iqF2maHjILg/pM08hFgRULqBCmUyhUsq kIukAxQBh2juj0YJZlLd3PTYG7FL7Ki0fVwqAYNnBNQCB03cmbfOtUZqOzMyI5W+mrJE p22Uh2fLoOQWfDXIUAhqVxLH/MYPc9NlmffBKuwgjR/77qDogUgwsWcBzSpIgev0q2DU 4jBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=QnxAd4xLU7p98OVD+hAsykoKTEdCqXWogG3RU5BW2po=; b=swMh94cFePgEIgz40oTtocmI2VvZUBK8npmY55xZb/P5UIMONcqd1IuxnkzjO9hJgt O3K08D+x5t2SYQMxHvOWf5wHGN/lEjonsdD6LO4xhSS/5Znnej1qM44wLZ8Bv1GslAdf lboY0M4n5KyhIFACevoRSieyEyIZX1brWlKiPw4VtSNkaY73QZtlVUDQpk9y5Sb0tMBr LwVwBWC5HUz+t7n5ULux0/ZPmvx7AxXPpKQ2XM4+9ef/2YoYV1F03aH3s5Arl8xqVrvG /309xM1CiVyiBasLf+WzCLlZUzMncGWho0EJ5hu9IlJAaTbZfoIqqXfT1kI864DDgaxM 05Kg== X-Gm-Message-State: AFqh2krKJRuf8mr31gZ3tjXXN6wV5c3/ceY+k4G/v1AEYAEdqumZB9a6 /arkAEOa4tffB0e8hDHqfW/kp1TfEidKBcoexUGwtw== X-Received: by 2002:a63:db57:0:b0:478:e542:7d77 with SMTP id x23-20020a63db57000000b00478e5427d77mr12990pgi.101.1673898207101; Mon, 16 Jan 2023 11:43:27 -0800 (PST) MIME-Version: 1.0 References: <20230113212926.2904735-1-dionnaglaze@google.com> <20230113222024.rp2erl54vx3grdbd@box.shutemov.name> <20230116105648.63hsxnmj2juwudmu@sirius.home.kraxel.org> <20230116123057.wvr6rz7y3ubgcm5z@box.shutemov.name> <20230116134246.soworigs56bz5v7o@box.shutemov.name> In-Reply-To: <20230116134246.soworigs56bz5v7o@box.shutemov.name> From: Dionna Amalie Glaze Date: Mon, 16 Jan 2023 11:43:15 -0800 Message-ID: Subject: Re: [PATCH v2] x86/efi: Safely enable unaccepted memory in UEFI To: "Kirill A. Shutemov" Cc: Ard Biesheuvel , Gerd Hoffmann , "Kirill A. Shutemov" , linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, x86@kernel.org, jiewen.yao@intel.com, devel@edk2.groups.io, "Min M. Xu" , James Bottomley , Tom Lendacky , Erdem Aktas , Dave Hansen Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > > I still don't understand why we need to support every imaginable > > combination of firmware, bootloader and OS. Unaccepted memory only > > exists on a special kind of virtual machine, which provides very > > little added value unless you opt into the security and attestation > > features, which are all heavily based on firmware protocols. So why > > should care about a EFI-aware bootloader calling ExitBootServices() > > and subsequently doing a legacy boot of Linux on such systems? > > Why break what works? Some users want it. > The users that want legacy boot features will not be broken, they'll only get a safe view of the memory map. I don't think it's right to choose unsafe behavior for a legacy setup. > This patch adds complexity, breaks what works and the only upside will > turn into a dead weight soon. > > There's alternative to add option to instruct firmware to accept all > memory from VMM side. It will serve legacy OS that doesn't know about > unaccepted memory and it is also can be use by latency-sensitive users > later on (analog of qemu -mem-prealloc). > This means that users of a distro that has not enabled unaccepted memory support cannot simply start a VM with the usual command, but instead have to know a baroque extra flag to get access to all the memory that they configured the machine (and for a CSP customer, paid for). That's not a good experience. With GCE at least, you can't (shouldn't) associate the boot feature flag with a disk image because disks are mutable. If a customer upgrades their kernel after initially starting their VM, they can't remove the flag due to the way image annotations work. All of this headache goes away by adopting a small patch to the kernel that calls a 0-ary protocol interface and keeping safe acceptance behavior in the firmware. I think Gerd is right here that we should treat it as a transition feature that we can remove later. > -- > Kiryl Shutsemau / Kirill A. Shutemov -- -Dionna Glaze, PhD (she/her)