Re: [PATCHv7 00/14] mm, x86/cc: Implement support for unaccepted memory
From: Marc Orr
Date: Tue Jul 19 2022 - 20:26:38 EST
On Tue, Jul 19, 2022 at 3:02 PM Dave Hansen <dave.hansen@xxxxxxxxx> wrote:
>
> On 7/19/22 14:50, Borislav Petkov wrote:
> > On Tue, Jul 19, 2022 at 02:35:45PM -0700, Dave Hansen wrote:
> >> They're trying to design something that can (forever) handle guests that
> >> might not be able to accept memory.
> > Wait, what?
> >
> > If you can't modify those guests to teach them to accept memory, how do
> > you add TDX or SNP guest support to them?
>
> Mainline today, for instance, doesn't have unaccepted memory support for
> TDX or SEV-SNP guests. But, they both still boot fine because folks
> either configure it on the host side not to *have* any unaccepted
> memory. Or, they just live with the small (4GB??) amount of
> pre-accepted memory, which is fine for testing things.
For us (Google cloud), "1. Deal with that at the host level
configuration" looks like:
https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features
In other words, we have to tag images with "feature tags" to
distinguish which images have kernels that support which features.
Part of the reason we need to do it this way is that we use a single
guest firmware (i.e., guest UEFI) that lives outside of the image.
These feature tags are a mess to keep track of.
All that being said, I can totally see the upstream perspective being
"not our problem". It's hard to argue with that :-).
A few more thoughts:
- If the guest-side patches weren't upstream before this patch set to
handle unaccepted memory, you're all definitely right, that this isn't
a real issue. (Maybe it still isn't...)
- Do we anticipate (many) more features for confidential compute in
the future that require code in both the guest FW and guest kernel? If
yes, then designing a FW-kernel feature negotiation could be useful
beyond this situation.
- Dave's suggestion to "2. Boot some intermediate thing like a
bootloader that does acceptance ..." is pretty clever! So if upstream
thinks this FW-kernel negotiation is not a good direction, maybe we
(Google) can pursue this idea to avoid introducing yet another tag on
our images.
Thank you all for this discussion.
Thanks,
Marc