From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com [209.85.216.45]) by mx.groups.io with SMTP id smtpd.web10.96158.1673634232593183601 for ; Fri, 13 Jan 2023 10:23:52 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@google.com header.s=20210112 header.b=XWQ6DV8V; spf=pass (domain: google.com, ip: 209.85.216.45, mailfrom: dionnaglaze@google.com) Received: by mail-pj1-f45.google.com with SMTP id v13-20020a17090a6b0d00b00219c3be9830so25191157pjj.4 for ; Fri, 13 Jan 2023 10:23:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=o5lctY+Q02nAnZdLp1KqlWyHFjBtk4F401xbTceEoFY=; b=XWQ6DV8VNStxKwJnkYm9aAlGHK9GhgFOgWc9x4Z8iC6GW5Bzy4uT1mrAnuTnGZp0BU +CL3+q0/scu4reMQTTykgIpPW7QmXK7uR529ecbcLp40g/FqND5/J2C0Y9LofJ7ijtEO QNBwDh9q1njD8qx27mJXNhi0xJkQ0FK0YvgCa1FFDaLEVB1LWrguItnWGmHkA5ikmB3t fRbsjKZ03mJAKUG9EJ6pZKI4uPQ7OUJh3tWgeZcXko5PNUvGI5zLQTV5iQtcO9Dl5BTe X84V6yGV+si83f74M+sfwxbwcsNll9gZZVJ6LZOdn+IfkutdZJPbRaaj2x4TGoABQwMN 7Hhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=o5lctY+Q02nAnZdLp1KqlWyHFjBtk4F401xbTceEoFY=; b=p/B8VJp0+91n5/gOZhg0ErAvQ9VdsI31fLcJoDNzboC+0fTxN6utvrrcB+jqRjnEVi ERIjc41jW0a1aAUgUdWtlZ4xtoXmEgK73PVBRIZHeUAUFrSM39sgeovZB2XlHSaoAeWa PJVu/ADPC3oJhopQqccAZhudMGAkza4dUsvfYnX/Qd9REmulPVjG8odIcaZysnFUkZOh h79vquXjx8+lfp1JpkkDL1Qkzdv0FCNFq0rAY9muR4+3t1+f/rFEf/9EWcteTYzXD8mh 97GlqQ5aIw24WhezlTfirtEsiWV9+LgqrIl4CCM+mpBeQWJszdr6C+DnxxxmlER5TXD4 Y9mw== X-Gm-Message-State: AFqh2kp5Xqtw54lY+U+RprTN7M+9PwvvhD9124mVVwLq5fS0153CMt7n +NB4XNZGPNbPUeC2Om1pYyROB8hA7D+ZRxrK9ps+QQ== X-Google-Smtp-Source: AMrXdXtB3Wph0e2rzPlFDP3Q6Eb3SBEz0hwGzx9Fs/WBeyEnwzQ0yHNgHRmGGVcShhig6DmhsGcuxVZW3cJAcqKQ+DY= X-Received: by 2002:a17:903:18e:b0:193:30d1:d560 with SMTP id z14-20020a170903018e00b0019330d1d560mr38232plg.105.1673634231796; Fri, 13 Jan 2023 10:23:51 -0800 (PST) MIME-Version: 1.0 References: <16581.1673625639418051810@groups.io> <0918b9db-c949-75ce-a24e-f12f03865938@intel.com> In-Reply-To: <0918b9db-c949-75ce-a24e-f12f03865938@intel.com> From: "Dionna Glaze" Date: Fri, 13 Jan 2023 10:23:40 -0800 Message-ID: Subject: Re: [edk2-devel] [PATCH v9 0/4] Add safe unaccepted memory behavior To: Dave Hansen Cc: devel@edk2.groups.io, dave.hansen@linux.intel.com, Jiewen , "Shutemov, Kirill" Content-Type: text/plain; charset="UTF-8" > Kirill's _initial_ patch does #1. If anyone desperately wants #2, they > have mechanisms available to make a kernel with only #1 approximate #2. > A user on that kernel could allocate and memset()ing a bunch of memory. > Or, they could have a firmware stub accept the memory before booting the > real kernel. > > It also doesn't rule out having a runtime knob or a boot parameter > implement #2. It's not a lot of code, but it involves new ABI. > The new ABI is the safety problem. Without the new code, you have firmware that makes all but 3 GiB of memory unusable because it's classified as an unknown type. > However, *NONE* of this points me in the direction of saying that we > should have an OS/firmware protocol to negotiate whether the firmware or > OS does page acceptance other than the existing UEFI memory map bit. We know of distributions that are going to release SEV-SNP support without unaccepted memory support, and in so doing, tie the firmware's hands in trying to maintain safe behavior through a required default behavior of accepting all memory without explicit information from the OS in the form of this protocol. TDX support may also get released this way due to unexpected requirements from the linux community that push back Kirill's patches. They still haven't been thoroughly reviewed by a memory system expert, IIRC. -- -Dionna Glaze, PhD (she/her)