lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Jul 2022 14:35:45 -0700 From: Dave Hansen <dave.hansen@...el.com> To: Borislav Petkov <bp@...en8.de>, Ard Biesheuvel <ardb@...nel.org> Cc: Dionna Amalie Glaze <dionnaglaze@...gle.com>, "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>, Peter Gonda <pgonda@...gle.com>, Andy Lutomirski <luto@...nel.org>, Sean Christopherson <seanjc@...gle.com>, Andrew Morton <akpm@...ux-foundation.org>, Joerg Roedel <jroedel@...e.de>, Andi Kleen <ak@...ux.intel.com>, Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@...ux.intel.com>, David Rientjes <rientjes@...gle.com>, Vlastimil Babka <vbabka@...e.cz>, Tom Lendacky <thomas.lendacky@....com>, Thomas Gleixner <tglx@...utronix.de>, Peter Zijlstra <peterz@...radead.org>, Paolo Bonzini <pbonzini@...hat.com>, Ingo Molnar <mingo@...hat.com>, Varad Gautam <varad.gautam@...e.com>, Dario Faggioli <dfaggioli@...e.com>, Mike Rapoport <rppt@...nel.org>, David Hildenbrand <david@...hat.com>, Marcelo Cerri <marcelo.cerri@...onical.com>, tim.gardner@...onical.com, Khalid ElMously <khalid.elmously@...onical.com>, philip.cox@...onical.com, the arch/x86 maintainers <x86@...nel.org>, Linux Memory Management List <linux-mm@...ck.org>, linux-coco@...ts.linux.dev, linux-efi <linux-efi@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, "Yao, Jiewen" <jiewen.yao@...el.com> Subject: Re: [PATCHv7 00/14] mm, x86/cc: Implement support for unaccepted memory On 7/19/22 14:23, Borislav Petkov wrote: > On Tue, Jul 19, 2022 at 10:45:06PM +0200, Ard Biesheuvel wrote: >> So let's define a way for the EFI stub to signal to the firmware >> (before EBS()) that it will take control of accepting memory. The >> 'bootloader that calls EBS()' case can invent something along the >> lines of what has been proposed in this thread to infer the >> capabilities of the kernel (and decide what to signal to the >> firmware). But we have no need for this additional complexity on >> Linux. > To tell you the truth, I've been perusing this thread from the sidelines > and am wondering why does this need this special dance at all? > > If EFI takes control of accepting memory, then when the guest kernel > boots, it'll find all memory accepted and not do anything. > > If EFI doesn't accept memory, then the guest kernel will boot and do the > accepting itself. > > So either I'm missing something or we're overengineering this for no > good reason... They're trying to design something that can (forever) handle guests that might not be able to accept memory. It's based on the idea that *something* needs to assume control and EFI doesn't have enough information to assume control. I wish we didn't need all this complexity, though. There are three entities that can influence how much memory is accepted: 1. The host 2. The guest firmware 3. The guest kernel (or bootloader or something after the firmware) This whole thread is about how #2 and #3 talk to each other and make sure *someone* does it. I kinda think we should just take the guest firmware out of the picture. There are only going to be a few versions of the kernel that can boot under TDX (or SEV-SNP) and *can't* handle unaccepted memory. It seems a bit silly to design this whole interface for a few versions of the OS that TDX folks tell me can't be used anyway. I think we should just say if you want to run an OS that doesn't have unaccepted memory support, you can either: 1. Deal with that at the host level configuration 2. Boot some intermediate thing like a bootloader that does acceptance before running the stupid^Wunenlightended OS 3. Live with the 4GB of pre-accepted memory you get with no OS work. Yeah, this isn't convenient for some hosts. But, really, this is preferable to doing an EFI/OS dance until the end of time.
Powered by blists - more mailing lists