Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp917592rwl; Wed, 5 Apr 2023 09:18:40 -0700 (PDT) X-Google-Smtp-Source: AKy350b7Qif+iQG8czbZhVZXC2ZGxZ1HcZAvpE5eVtFzufdf27zx8B3tjk1XuzxJhmUfQkLUFsC5 X-Received: by 2002:a17:906:f9d1:b0:944:49ee:aea2 with SMTP id lj17-20020a170906f9d100b0094449eeaea2mr3621266ejb.71.1680711520332; Wed, 05 Apr 2023 09:18:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680711520; cv=none; d=google.com; s=arc-20160816; b=fVy+HpARzrtGpdQFOzVrrRFryFakBvpyWOyW+jCRf6+hCEYCcupmwGP+PJ3iQAUNjO SGSs/dyqUZACxlhBuBwPle0DVPOAbS9s2YnFGO2pIVIpKPLTsuI4q66VGbHRNvOP2vUq fgRAEp0LH7+eAmD1uOuDau4M76iNojHDizYIJUpZIBNPlW2aOS1Gl/3KrvjvX3fi57hr Jxuo9o5AW+JIoqRerpClc3Vr9b8KiZvS1B9rFzuKGV9G3H+lOxHKnJOCy4AFu+hU480Y MVo25mRmoHNRTasJ70e4I97ITx5r4j5Zy+z8Phb3WHyUdkOs/hkjBmv1Gwec89lp9uF1 SmgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=KYORZeIqpzRffTUhrYdcF6BinPzIfkNwBYS/izYVnzQ=; b=RiiJkO/PM0geLqaFllIfl6m6ASD9WQ72AyZgta/bCNhfMPn2VjtlUm7fgIdcWyo8OE 2KoEqE+f3sAQVgAOr2jmOsCkfGlb8Q+66L5UZY6X2CxcCDC0E8sEPOBA4VeqMQhv3l0j Nd9LxQ8lPgaQn7jcnK1NYHElkBHx4snTWP0rU49e+43b2DE9wC0G81WwWIL0VlRrvj0C Gvw7ubbDKvH8OMwJJ1FOijBKTh3+UtwaDi7twSfFBBHqbuhjSCgiNiEwX4TB1IfeiblX ufOU1LZdezMhpqjxNQsEIG3fjiFUXzPE7AyNVTGl11r+rBWFpGk67LjUlCdyYl9xWA2f cOMQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=JA9uOR9f; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n15-20020a170906724f00b00930894e4fa9si1839302ejk.324.2023.04.05.09.18.12; Wed, 05 Apr 2023 09:18:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=JA9uOR9f; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231639AbjDEQQs (ORCPT + 99 others); Wed, 5 Apr 2023 12:16:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43284 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231965AbjDEQQH (ORCPT ); Wed, 5 Apr 2023 12:16:07 -0400 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 59AF66187 for ; Wed, 5 Apr 2023 09:15:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1680711322; x=1712247322; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=nmRCAz1HCRY9TC9EnRfgOrfkIWg8/5cMsJF1iYZbSGI=; b=JA9uOR9feTqLInqzX0f5AsqJ50BR3nnEJt88wHfp+BZLUT0FUSWQhKeF 0+iiJgOsC6Dz0YUgEGoeJaMYsGTtl4Ot5XMSuOprh6o3wN+BIDcYdx+ff 2Bq6cbH/+aCDNaa0sEtgYnKORMsxy4MX/Wkkfg0ACoKaA09YpnYOssx/E QqAZAMQK5iZzOP9rcqp5EjmqDtbbEthNUnC7CE36D/FRUfP4/wLqjFj4g ZBH4YbPMG13FW8bkI/zu0C5PeqG42tdLE7VXcUseqQ20M9yRfvhTDfs92 EqY9xX9FUWOqyGlHbnKeh/3jBkWmTbrLfvMBRTTk2PC6QSRhiO5eymCyo w==; X-IronPort-AV: E=McAfee;i="6600,9927,10671"; a="331101857" X-IronPort-AV: E=Sophos;i="5.98,321,1673942400"; d="scan'208";a="331101857" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Apr 2023 09:15:20 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10671"; a="1016531293" X-IronPort-AV: E=Sophos;i="5.98,321,1673942400"; d="scan'208";a="1016531293" Received: from kyunghyu-mobl2.amr.corp.intel.com (HELO [10.209.6.69]) ([10.209.6.69]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Apr 2023 09:15:15 -0700 Message-ID: <969a3d2a-52e7-e60e-5de6-c550c548730d@intel.com> Date: Wed, 5 Apr 2023 09:15:15 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Subject: Re: [PATCH v7 6/6] x86/efi: Safely enable unaccepted memory in UEFI Content-Language: en-US To: Ard Biesheuvel Cc: "Kirill A. Shutemov" , Tom Lendacky , linux-kernel@vger.kernel.org, x86@kernel.org, Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Michael Roth , Joerg Roedel , Dionna Glaze , Andy Lutomirski , Peter Zijlstra , "Min M. Xu" , Gerd Hoffmann , James Bottomley , Jiewen Yao , Erdem Aktas , "Kirill A. Shutemov" References: <20230330114956.20342-1-kirill.shutemov@linux.intel.com> <1d38d28c2731075d66ac65b56b813a138900f638.1680628986.git.thomas.lendacky@amd.com> <20230404174506.pjdikxvk2fsyy4au@box.shutemov.name> <20230404180917.4fsgkzcdhqvph6io@box.shutemov.name> <20230404202445.6qkl7hz67qgievqz@box.shutemov.name> <20230404210153.tll2mojlglx4rfsa@box.shutemov.name> From: Dave Hansen In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 4/5/23 06:44, Ard Biesheuvel wrote: > Given that the intent here is to retain compatibility with > unenlightened workloads (i.e., which do not upgrade their kernels), I > think it is perfectly reasonable to drop this from mainline at some > point. OK, so there are three firmware types that matter: 1. Today's SEV-SNP deployed firmware. 2. Near future SEV-SNP firmware that exposes the new ExitBootServices() protocol that allows guests that speak the protocol to boot faster by participating in the unaccepted memory dance. 3. Far future firmware that doesn't have the ExitBootServices() protocol There are also three kernel types: 1. Old kernels with zero unaccepted memory support: no ExitBootServices() protocol support and no hypercalls to accept pages 2. Kernels that can accept pages and twiddle the ExitBootServices() flag 3. Future kernels that can accept pages, but have had ExitBootServices() support removed. That leads to nine possible mix-and-match firmware/kernel combos. I'm personally assuming that folks are going to *try* to run with all of these combos and will send us kernel folks bug reports if they see regressions. Let's just enumerate all of them and their implications before we go consult our crystal balls about what folks will actually do in the future. So, here we go: | Kernel | | | | Unenlightened | Enlightened | Dropped UEFI | Firmware | ~5.19?? | ~6.4?? | protocol | |---------------+-------------+--------------| Deployed | Slow boot | Slow boot | Slow boot | Near future | Slow boot | Fast boot | Slow boot | Far future | Crashes?? | Fast Boot | Fast boot | I hope I got that all right. The thing that worries me is the "Near future firmware" where someone runs a ~6.4 kernel and has a fast boot experience. They upgrade to a newer, "dropped protocol" kernel and their boot gets slower. I'm also a little fuzzy about what an ancient enlightened kernel would do on a "far future" firmware that requires unaccepted memory support. I _think_ those kernels would hit some unaccepted memory, and #VC/#VE/#whatever and die. Is that right, or is there some fallback there?