Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp1133352rwl; Wed, 5 Apr 2023 12:16:24 -0700 (PDT) X-Google-Smtp-Source: AKy350aoWNSX/D9GxyTi6fXRt4jApxfJjMgfJlmgnmrxrLx7ZvuyF4bCuPBMGVhC7ZINR7IolCtE X-Received: by 2002:a17:90a:930c:b0:23d:35ae:5ab9 with SMTP id p12-20020a17090a930c00b0023d35ae5ab9mr3622938pjo.9.1680722184085; Wed, 05 Apr 2023 12:16:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680722184; cv=none; d=google.com; s=arc-20160816; b=Tsg4YBxb7AxeI1/Luvnr847118tKRcr7GFWkInBvitRV4XwQ5Ygp5ROouLgRaW/6UY QfjIYApODZeOhMu0j74LifQOPFM+p0XffvREkvhFQYIaT6WYu4eqt/7wM2wq+MuXA9+T Osq7JigyGyHc/OCW6cyyyKJC89g0iZlxE2GNTSuQKKN6uQPgso+G25iv3HRjh9jEjqy7 ab7j2v6kCuSq9Z8P8D+0TD5Zw6tdryW50zvBrppgtevOKFVxrbIEi2yap1DDN6/vanIE M+h8Y8htgRDxj8tLQWHgMbTgPQGaSaLK/CFCJ715jj1RA7ZxyKYAgtJrZcw6GnsS6kRb dAXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:feedback-id :dkim-signature:dkim-signature; bh=F/RoPbcbjQX3HE6jsn5qyX/YSeXkTrEhyt9jGNKrlOo=; b=a8YLq/MH0tIw85RcPHzFX66LYAF5BOFTxyMlrEq4hRlWJ5UNyUcO22cncDYy+NXhvf tM0lzBejy/3AYl8RSSImoQ+Nfnu5slej53T4Uq4m/kSPCPYq6psUarJHR3pka6Sw8pk1 /t+58X9deHkxYQWaTt0nz2lvGr9waSFy+5HAdbmkox6gEC+Pd/k39wU43C1CVfLEH6x0 Y9KA7nxwmEXLr26R3lsSrJDKkl+F3ixjmK9Xk7YdWzv3NjA9/iOSa5r6oCHawEujcm0e mMOQYSebxuUokeX9Gw12kuustc/kf4U6NgSQql+MOgFKUq/SS3S02WhrNhFRq1JHDRSt oCvA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@shutemov.name header.s=fm1 header.b=fYjhjRSd; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=oxmmX1Vh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f16-20020a63f110000000b005136f229178si13129935pgi.309.2023.04.05.12.16.11; Wed, 05 Apr 2023 12:16:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@shutemov.name header.s=fm1 header.b=fYjhjRSd; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=oxmmX1Vh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233233AbjDETGv (ORCPT + 99 others); Wed, 5 Apr 2023 15:06:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60736 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232562AbjDETGs (ORCPT ); Wed, 5 Apr 2023 15:06:48 -0400 Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 158412724 for ; Wed, 5 Apr 2023 12:06:44 -0700 (PDT) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 7A76A5C0117; Wed, 5 Apr 2023 15:06:43 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Wed, 05 Apr 2023 15:06:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov.name; h=cc:cc:content-type:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm1; t=1680721603; x= 1680808003; bh=F/RoPbcbjQX3HE6jsn5qyX/YSeXkTrEhyt9jGNKrlOo=; b=f YjhjRSdya8q8TE6XuG/6Au+MOYVtSsLEvByXLhVdqV2ME1iwvYVSqTUV8X14Y1ku hgbGsuEUP/7AACrbkOGdDes091KhreG2YOVFb+dJeDBXXxAu+jMhezpGObU8Y4MI DmKYLBRwMcJ7yFZY1M6/hqK9ngvMe506zu1wPKNr/VUmog41OnhoEsV8UtXsQnUe kKS9ojfT1wCgMAMbWcA96o3jDvkU78ybLv43Anem55lM56D5wINAC4mjaKfhsfn7 VR58ueDQeVzarXJtT9niodVSkxXXndx4SP6kG24sjfnMFk47vDAErqoGdjI2cH94 w2b0t17tWcbZidaU2FfiQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; t=1680721603; x=1680808003; bh=F/RoPbcbjQX3H E6jsn5qyX/YSeXkTrEhyt9jGNKrlOo=; b=oxmmX1Vh4iQoQIL/uxCZLHo1t3s5H KE5jLAAM+Db/e+WthY/Pl2HS/wiNsDeQ+tiIx4DStcIE4Rf+qokn3bjm4CBDTR3m UuHV2Inje7IVgBwaF1XewDCQRmADN6nQFcqbGAMdLflBrJVL7q2BX14M1HPdgk2M +T+S024gBuecNx9CfJora0JD9bE2Jk6FZqdBsxMgK/r3C19iCq715puqBgSEj4+E YZ519xmfp0Vi4WmCVxw8oUH/DiKSjfmDkzwaUmTTLhNfN4TeXSvMSoKl99HtQWEr KNzpeWgDl+M0ebgNrLVqtB8oVWUkKfCAcEGOcdQNqoLKLfSY0IFhuCz+A== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrvdejuddgudefhecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpeffhffvvefukfhfgggtuggjsehttddttddttddvnecuhfhrohhmpedfmfhi rhhilhhlucetrdcuufhhuhhtvghmohhvfdcuoehkihhrihhllhesshhhuhhtvghmohhvrd hnrghmvgeqnecuggftrfgrthhtvghrnhephfeigefhtdefhedtfedthefghedutddvueeh tedttdehjeeukeejgeeuiedvkedtnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrg hmpehmrghilhhfrhhomhepkhhirhhilhhlsehshhhuthgvmhhovhdrnhgrmhgv X-ME-Proxy: Feedback-ID: ie3994620:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 5 Apr 2023 15:06:41 -0400 (EDT) Received: by box.shutemov.name (Postfix, from userid 1000) id 26C7B102846; Wed, 5 Apr 2023 22:06:36 +0300 (+03) Date: Wed, 5 Apr 2023 22:06:36 +0300 From: "Kirill A. Shutemov" To: Dave Hansen Cc: Ard Biesheuvel , Tom Lendacky , linux-kernel@vger.kernel.org, x86@kernel.org, Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Michael Roth , Joerg Roedel , Dionna Glaze , Andy Lutomirski , Peter Zijlstra , "Min M. Xu" , Gerd Hoffmann , James Bottomley , Jiewen Yao , Erdem Aktas , "Kirill A. Shutemov" Subject: Re: [PATCH v7 6/6] x86/efi: Safely enable unaccepted memory in UEFI Message-ID: <20230405190636.4mrq2daz6a23yhvr@box.shutemov.name> References: <20230404180917.4fsgkzcdhqvph6io@box.shutemov.name> <20230404202445.6qkl7hz67qgievqz@box.shutemov.name> <20230404210153.tll2mojlglx4rfsa@box.shutemov.name> <969a3d2a-52e7-e60e-5de6-c550c548730d@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <969a3d2a-52e7-e60e-5de6-c550c548730d@intel.com> X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H2, SPF_HELO_PASS,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 05, 2023 at 09:15:15AM -0700, Dave Hansen wrote: > On 4/5/23 06:44, Ard Biesheuvel wrote: > > Given that the intent here is to retain compatibility with > > unenlightened workloads (i.e., which do not upgrade their kernels), I > > think it is perfectly reasonable to drop this from mainline at some > > point. > > OK, so there are three firmware types that matter: > > 1. Today's SEV-SNP deployed firmware. > 2. Near future SEV-SNP firmware that exposes the new ExitBootServices() > protocol that allows guests that speak the protocol to boot faster > by participating in the unaccepted memory dance. > 3. Far future firmware that doesn't have the ExitBootServices() protocol > > There are also three kernel types: > 1. Old kernels with zero unaccepted memory support: no > ExitBootServices() protocol support and no hypercalls to accept pages > 2. Kernels that can accept pages and twiddle the ExitBootServices() flag > 3. Future kernels that can accept pages, but have had ExitBootServices() > support removed. > > That leads to nine possible mix-and-match firmware/kernel combos. I'm > personally assuming that folks are going to *try* to run with all of > these combos and will send us kernel folks bug reports if they see > regressions. Let's just enumerate all of them and their implications > before we go consult our crystal balls about what folks will actually do > in the future. > > So, here we go: > > | Kernel | > | | > | Unenlightened | Enlightened | Dropped UEFI | > Firmware | ~5.19?? | ~6.4?? | protocol | > |---------------+-------------+--------------| > Deployed | Slow boot | Slow boot | Slow boot | > Near future | Slow boot | Fast boot | Slow boot | > Far future | Crashes?? | Fast Boot | Fast boot | > > I hope I got that all right. > > The thing that worries me is the "Near future firmware" where someone > runs a ~6.4 kernel and has a fast boot experience. They upgrade to a > newer, "dropped protocol" kernel and their boot gets slower. > > I'm also a little fuzzy about what an ancient enlightened kernel would > do on a "far future" firmware that requires unaccepted memory support. > I _think_ those kernels would hit some unaccepted memory, and > #VC/#VE/#whatever and die. Is that right, or is there some fallback there? The far future firmware in this scheme would expose unaccepted memory in EFI memory map without need of kernel to declare unaccepted memory support. The unenlightened kernel in this case will not be able to use the memory and consider it reserved. Only memory accepted by firmware will be accessible. Depending on how much memory firmware would pre-accept it can be OOM, but more likely it will boot fine with the fraction of memory usable. -- Kiryl Shutsemau / Kirill A. Shutemov