From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S938865AbcHJSz7 (ORCPT <rfc822;w@1wt.eu>);
	Wed, 10 Aug 2016 14:55:59 -0400
Received: from mail-ua0-f172.google.com ([209.85.217.172]:32896 "EHLO
	mail-ua0-f172.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S938853AbcHJSz4 (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Wed, 10 Aug 2016 14:55:56 -0400
MIME-Version: 1.0
In-Reply-To: <20160810123058.GB3204@gmail.com>
References: <cover.1470821230.git.luto@kernel.org> <20160810123058.GB3204@gmail.com>
From: Andy Lutomirski <luto@amacapital.net>
Date: Wed, 10 Aug 2016 06:18:19 -0700
Message-ID: <CALCETrUqbmCQrWLoxw7nVQAPsu5UQ-McJx9dCsicHmH=XzzFtQ@mail.gmail.com>
Subject: Re: [PATCH v2 0/5] Allow the trampoline to use EFI boot services RAM
To: Ingo Molnar <mingo@kernel.org>
Cc: Mario Limonciello <mario_limonciello@dell.com>,
        Borislav Petkov <bp@alien8.de>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Matthew Garrett <mjg59@srcf.ucam.org>, X86 ML <x86@kernel.org>,
        "H. Peter Anvin" <hpa@zytor.com>, Matt Fleming <mfleming@suse.de>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Aug 10, 2016 3:31 PM, "Ingo Molnar" <mingo@kernel.org> wrote:
>
>
> One side note:
>
> * Andy Lutomirski <luto@kernel.org> wrote:
>
> > This series fixes it the other way: it allow the trampoline to live
> > in boot services memory.  It achieves this by deferring the panic
> > due to failure to reserve a trampoline until early_initcall time
> > and then adjusting the EFI boot services quirk to reserve space
> > for the trampoline if we haven't already found it a home.
>
> >   x86/efi: Allocate a trampoline if needed in efi_free_boot_services()
>
> Btw., this means that we first try to allocate the trampoline the old fashioned
> way, and in the rare cases this fails we allocate it from the EFI data area,
> right?

Yes, exactly.

>
> This is problematic from the probability management POV: we are creating a rare
> piece of code that will run only on a select few systems.
>
> I think it would be much better to allocate the trampoline from the EFI area on
> all EFI systems by default. Is there any reason why that would not work?

I think most EFI systems don't have any boot services below 1MB, so
that wouldn't work.

We could try allocating from EFI more generically, but that sounds
much scarier.  The EFI memory map code is tangled with the e820 code
and the memblock code, and I'd be nervous about confusing the e820
code or accidentally allocating blacklisted RAM (EBDA,
Sandybridge-quirked, etc.)  The code I wrote should only allocate the
trampoline at a different address than current kernels in cases where
current kernels would panic.

I don't like it either, but after scratching my head for a while I
didn't come up with anything better.  At least the actual special case
is only a couple lines of code.

--Andy