On Tuesday, August 31, 2021 2:11 PM, Gerd Hoffmann wrote: > > Motivation: Intel TDX provides memory encryption and integrity > > multi-tenancy for hardware protection. A TD-guest uses TDCALL to > > accept shared memory as private. However, accept whole system memory > > may take a long time which will have an adverse impact on the boot > > time performance. > > Which order of magnitude do we talk about? > How long would it take to accept 2G of memory (all memory below 4g on > qemu q35) ?
Here is some data using different guest configurations, it will take less time with more cpu cores. For 2048MB memory it takes about 4 ~ 1.5 seconds using 1 ~ 4 cores guest to accept all. For 4096MB memory it takes about 8 ~ 3 seconds using 1 ~ 4 cores guest. > > We propose three options to address this issue: > > > 1. Modifying the memory allocation (MdeModulePkg/Core/Dxe/Mem) > logic to accept memory when OUT_OF_RESOURCE occurs. > > 2. Changing the process flow of QEMU direct boot and GRUB to accept > memory when loading the image fails and returns OUT_OF_RESOURCE. > > 3. Adding AcceptMemory() as a boot service interface to simplify the > implementation of option 2. > > Underlying implementation of accepting memory is provided by a protocol > which can be installed by architecture-specific drivers such as TdxDxe. > > (1) Looks best to me. From a design point of view it is a very reasonable > thing for the core memory manager to also manage the > accepted/unaccepted state of memory. It avoids duplicating the "oom -> try > AcceptMemoryRessource()" logic in bootloaders and will also cover other > oom situations. > > take care, > Gerd > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80059): https://edk2.groups.io/g/devel/message/80059 Mute This Topic: https://groups.io/mt/85267822/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
