| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <29b4dc97-bb01-42fd-8ccd-f4cb2886ccd3@kernel.org>
Date: Wed, 4 Feb 2026 20:59:05 +0100
From: "David Hildenbrand (arm)" <david@...nel.org>
To: Kiryl Shutsemau <kas@...nel.org>, "Pratik R. Sampat" <prsampat@....com>
Cc: linux-mm@...ck.org, linux-coco@...ts.linux.dev, x86@...nel.org,
linux-kernel@...r.kernel.org, tglx@...utronix.de, mingo@...hat.com,
bp@...en8.de, dave.hansen@...ux.intel.com, ardb@...nel.org,
akpm@...ux-foundation.org, osalvador@...e.de, thomas.lendacky@....com,
michael.roth@....com
Subject: Re: [PATCH v4 1/2] mm/memory_hotplug: Add support to accept memory
during hot-add
On 2/4/26 12:22, Kiryl Shutsemau wrote:
> On Tue, Feb 03, 2026 at 11:49:45AM -0600, Pratik R. Sampat wrote:
>> Confidential computing guests require memory to be accepted before use.
>> The unaccepted memory bitmap maintained by firmware does not track
>> most hotplugged memory ranges apart from system memory annotated to be
>> cold plugged at boot.
>>
>> Explicitly validate and transition the newly added memory to a private
>> state, making it usable by the guest.
>>
>> Signed-off-by: Pratik R. Sampat <prsampat@....com>
>> ---
>> drivers/firmware/efi/unaccepted_memory.c | 47 ++++++++++++++++++++++++
>> include/linux/mm.h | 5 +++
>> mm/memory_hotplug.c | 2 +
>> 3 files changed, 54 insertions(+)
>>
>> diff --git a/drivers/firmware/efi/unaccepted_memory.c b/drivers/firmware/efi/unaccepted_memory.c
>> index c2c067eff634..359779133cb4 100644
>> --- a/drivers/firmware/efi/unaccepted_memory.c
>> +++ b/drivers/firmware/efi/unaccepted_memory.c
>> @@ -209,6 +209,53 @@ bool range_contains_unaccepted_memory(phys_addr_t start, unsigned long size)
>> return ret;
>> }
>>
>> +/*
>> + * Unaccepted memory bitmap only covers initial boot memory and not the
>> + * hotpluggable range that is part of SRAT parsing. However, some initial memory
>> + * with the attribute EFI_MEMORY_HOT_PLUGGABLE can indicate boot time memory
>> + * that can be hot-removed. Hence post acceptance, only for that range update
>> + * the unaccepted bitmap to reflect this change.
>> + */
>> +void accept_hotplug_memory(phys_addr_t start, unsigned long size)
>> +{
>> + struct efi_unaccepted_memory *unaccepted;
>> + unsigned long range_start, range_len;
>> + phys_addr_t end = start + size;
>> + u64 phys_base, unit_size;
>> + unsigned long flags;
>> +
>> + unaccepted = efi_get_unaccepted_table();
>> + if (!unaccepted)
>> + return;
>
> This can be tricky.
>
> If we boot a VM with <4GiB of memory and all of it is pre-accepted by
> BIOS, the table will not be allocated.
>
> But it doesn't mean that hotplugged memory above should not be accepted.
>
> I don't think there is a way to detect such cases.
>
> Your check is probably the best we can do, but it means VMs are going to
> crash if memory accept is required by no table.
>
> This is ugly situation.
It's all starting to feel .... very hacky, sorry to say.
This should all be easier. If we expect memory hotplug (SRAT), why can't
we just allocate the bitmap properly?
--
Cheers,
David
Powered by blists - more mailing lists