Re: [PATCHv7 00/14] mm, x86/cc: Implement support for unaccepted memory

From: Dave Hansen
Date: Tue Jul 19 2022 - 17:37:00 EST

Next message: Suzuki K Poulose: "Re: [PATCH v2 04/13] coresight: etm4x: Update ETM4 driver to use Trace ID API"
Previous message: Luis Chamberlain: "Re: [PATCH] module: Replace kmap() with kmap_local_page()"
In reply to: Borislav Petkov: "Re: [PATCHv7 00/14] mm, x86/cc: Implement support for unaccepted memory"
Next in thread: Borislav Petkov: "Re: [PATCHv7 00/14] mm, x86/cc: Implement support for unaccepted memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 7/19/22 14:23, Borislav Petkov wrote:
> On Tue, Jul 19, 2022 at 10:45:06PM +0200, Ard Biesheuvel wrote:
>> So let's define a way for the EFI stub to signal to the firmware
>> (before EBS()) that it will take control of accepting memory. The
>> 'bootloader that calls EBS()' case can invent something along the
>> lines of what has been proposed in this thread to infer the
>> capabilities of the kernel (and decide what to signal to the
>> firmware). But we have no need for this additional complexity on
>> Linux.
> To tell you the truth, I've been perusing this thread from the sidelines
> and am wondering why does this need this special dance at all?
>
> If EFI takes control of accepting memory, then when the guest kernel
> boots, it'll find all memory accepted and not do anything.
>
> If EFI doesn't accept memory, then the guest kernel will boot and do the
> accepting itself.
>
> So either I'm missing something or we're overengineering this for no
> good reason...

They're trying to design something that can (forever) handle guests that
might not be able to accept memory. It's based on the idea that
*something* needs to assume control and EFI doesn't have enough
information to assume control.

I wish we didn't need all this complexity, though.

There are three entities that can influence how much memory is accepted:

1. The host
2. The guest firmware
3. The guest kernel (or bootloader or something after the firmware)

This whole thread is about how #2 and #3 talk to each other and make
sure *someone* does it.

I kinda think we should just take the guest firmware out of the picture.
There are only going to be a few versions of the kernel that can boot
under TDX (or SEV-SNP) and *can't* handle unaccepted memory. It seems a
bit silly to design this whole interface for a few versions of the OS
that TDX folks tell me can't be used anyway.

I think we should just say if you want to run an OS that doesn't have
unaccepted memory support, you can either:

1. Deal with that at the host level configuration
2. Boot some intermediate thing like a bootloader that does acceptance
before running the stupid^Wunenlightended OS
3. Live with the 4GB of pre-accepted memory you get with no OS work.

Yeah, this isn't convenient for some hosts. But, really, this is
preferable to doing an EFI/OS dance until the end of time.

Next message: Suzuki K Poulose: "Re: [PATCH v2 04/13] coresight: etm4x: Update ETM4 driver to use Trace ID API"
Previous message: Luis Chamberlain: "Re: [PATCH] module: Replace kmap() with kmap_local_page()"
In reply to: Borislav Petkov: "Re: [PATCHv7 00/14] mm, x86/cc: Implement support for unaccepted memory"
Next in thread: Borislav Petkov: "Re: [PATCHv7 00/14] mm, x86/cc: Implement support for unaccepted memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]