Re: [PATCH v7 6/6] x86/efi: Safely enable unaccepted memory in UEFI

From: Kirill A. Shutemov
Date: Tue Apr 04 2023 - 13:45:22 EST

Next message: Konrad Dybcio: "Re: [PATCH] MAINTAINERS: qcom: Add reviewer for Qualcomm Chromebooks"
Previous message: Shreeya Patel: "[PATCH v2] arm64: dts: rockchip: Enable RTC support for Rock 5B"
In reply to: Tom Lendacky: "[PATCH v7 6/6] x86/efi: Safely enable unaccepted memory in UEFI"
Next in thread: Dave Hansen: "Re: [PATCH v7 6/6] x86/efi: Safely enable unaccepted memory in UEFI"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 04, 2023 at 12:23:06PM -0500, Tom Lendacky wrote:
> From: Dionna Glaze <dionnaglaze@xxxxxxxxxx>
>
> The UEFI v2.9 specification includes a new memory type to be used in
> environments where the OS must accept memory that is provided from its
> host. Before the introduction of this memory type, all memory was
> accepted eagerly in the firmware. In order for the firmware to safely
> stop accepting memory on the OS's behalf, the OS must affirmatively
> indicate support to the firmware. This is only a problem for AMD
> SEV-SNP, since Linux has had support for it since 5.19. The other
> technology that can make use of unaccepted memory, Intel TDX, does not
> yet have Linux support, so it can strictly require unaccepted memory
> support as a dependency of CONFIG_TDX and not require communication with
> the firmware.
>
> Enabling unaccepted memory requires calling a 0-argument enablement
> protocol before ExitBootServices. This call is only made if the kernel
> is compiled with UNACCEPTED_MEMORY=y
>
> This protocol will be removed after the end of life of the first LTS
> that includes it, in order to give firmware implementations an
> expiration date for it. When the protocol is removed, firmware will
> strictly infer that a SEV-SNP VM is running an OS that supports the
> unaccepted memory type. At the earliest convenience, when unaccepted
> memory support is added to Linux, SEV-SNP may take strict dependence in
> it. After the firmware removes support for the protocol, this patch
> should be reverted.
>
> [tl: address some checkscript warnings]
>
> Cc: Ard Biescheuvel <ardb@xxxxxxxxxx>
> Cc: "Min M. Xu" <min.m.xu@xxxxxxxxx>
> Cc: Gerd Hoffmann <kraxel@xxxxxxxxxx>
> Cc: James Bottomley <jejb@xxxxxxxxxxxxx>
> Cc: Tom Lendacky <Thomas.Lendacky@xxxxxxx>
> Cc: Jiewen Yao <jiewen.yao@xxxxxxxxx>
> Cc: Erdem Aktas <erdemaktas@xxxxxxxxxx>
> Cc: "Kirill A. Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx>
> Cc: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
> Cc: Borislav Petkov <bp@xxxxxxxxx>
> Signed-off-by: Dionna Glaze <dionnaglaze@xxxxxxxxxx>
> Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx>

I still think it is a bad idea.

As I asked before, please include my

Nacked-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>

into the patch.

--
Kiryl Shutsemau / Kirill A. Shutemov

Next message: Konrad Dybcio: "Re: [PATCH] MAINTAINERS: qcom: Add reviewer for Qualcomm Chromebooks"
Previous message: Shreeya Patel: "[PATCH v2] arm64: dts: rockchip: Enable RTC support for Rock 5B"
In reply to: Tom Lendacky: "[PATCH v7 6/6] x86/efi: Safely enable unaccepted memory in UEFI"
Next in thread: Dave Hansen: "Re: [PATCH v7 6/6] x86/efi: Safely enable unaccepted memory in UEFI"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]