[edk2-devel] [RFC] Design review for Lazy Page Accept in TDVF
Gao, Jiaqi
jiaqi.gao at intel.com
Wed Sep 1 07:23:04 UTC 2021
On Tuesday, August 31, 2021 2:11 PM, Gerd Hoffmann wrote:
> > Motivation: Intel TDX provides memory encryption and integrity
> > multi-tenancy for hardware protection. A TD-guest uses TDCALL to
> > accept shared memory as private. However, accept whole system memory
> > may take a long time which will have an adverse impact on the boot
> > time performance.
>
> Which order of magnitude do we talk about?
> How long would it take to accept 2G of memory (all memory below 4g on
> qemu q35) ?
Here is some data using different guest configurations, it will take less time with more cpu cores.
For 2048MB memory it takes about 4 ~ 1.5 seconds using 1 ~ 4 cores guest to accept all.
For 4096MB memory it takes about 8 ~ 3 seconds using 1 ~ 4 cores guest.
> > We propose three options to address this issue:
>
> > 1. Modifying the memory allocation (MdeModulePkg/Core/Dxe/Mem)
> logic to accept memory when OUT_OF_RESOURCE occurs.
> > 2. Changing the process flow of QEMU direct boot and GRUB to accept
> memory when loading the image fails and returns OUT_OF_RESOURCE.
> > 3. Adding AcceptMemory() as a boot service interface to simplify the
> implementation of option 2.
> > Underlying implementation of accepting memory is provided by a protocol
> which can be installed by architecture-specific drivers such as TdxDxe.
>
> (1) Looks best to me. From a design point of view it is a very reasonable
> thing for the core memory manager to also manage the
> accepted/unaccepted state of memory. It avoids duplicating the "oom -> try
> AcceptMemoryRessource()" logic in bootloaders and will also cover other
> oom situations.
>
> take care,
> Gerd
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80059): https://edk2.groups.io/g/devel/message/80059
Mute This Topic: https://groups.io/mt/85267822/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list