| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aYR1jHu4oq6LXKYF@thinkstation>
Date: Thu, 5 Feb 2026 10:51:29 +0000
From: Kiryl Shutsemau <kas@...nel.org>
To: "Pratik R. Sampat" <prsampat@....com>
Cc: "David Hildenbrand (arm)" <david@...nel.org>, linux-mm@...ck.org,
linux-coco@...ts.linux.dev, x86@...nel.org, linux-kernel@...r.kernel.org, tglx@...utronix.de,
mingo@...hat.com, bp@...en8.de, dave.hansen@...ux.intel.com, ardb@...nel.org,
akpm@...ux-foundation.org, osalvador@...e.de, thomas.lendacky@....com, michael.roth@....com
Subject: Re: [PATCH v4 1/2] mm/memory_hotplug: Add support to accept memory
during hot-add
On Wed, Feb 04, 2026 at 09:50:01PM -0600, Pratik R. Sampat wrote:
>
>
> On 2/4/26 1:59 PM, David Hildenbrand (arm) wrote:
> > On 2/4/26 12:22, Kiryl Shutsemau wrote:
> >> On Tue, Feb 03, 2026 at 11:49:45AM -0600, Pratik R. Sampat wrote:
> >>> Confidential computing guests require memory to be accepted before use.
> >>> The unaccepted memory bitmap maintained by firmware does not track
> >>> most hotplugged memory ranges apart from system memory annotated to be
> >>> cold plugged at boot.
> >>>
> >>> Explicitly validate and transition the newly added memory to a private
> >>> state, making it usable by the guest.
> >>>
> >>> Signed-off-by: Pratik R. Sampat <prsampat@....com>
> >>> ---
> >>> drivers/firmware/efi/unaccepted_memory.c | 47 ++++++++++++++++++++++++
> >>> include/linux/mm.h | 5 +++
> >>> mm/memory_hotplug.c | 2 +
> >>> 3 files changed, 54 insertions(+)
> >>>
> >>> diff --git a/drivers/firmware/efi/unaccepted_memory.c b/drivers/firmware/efi/unaccepted_memory.c
> >>> index c2c067eff634..359779133cb4 100644
> >>> --- a/drivers/firmware/efi/unaccepted_memory.c
> >>> +++ b/drivers/firmware/efi/unaccepted_memory.c
> >>> @@ -209,6 +209,53 @@ bool range_contains_unaccepted_memory(phys_addr_t start, unsigned long size)
> >>> return ret;
> >>> }
> >>> +/*
> >>> + * Unaccepted memory bitmap only covers initial boot memory and not the
> >>> + * hotpluggable range that is part of SRAT parsing. However, some initial memory
> >>> + * with the attribute EFI_MEMORY_HOT_PLUGGABLE can indicate boot time memory
> >>> + * that can be hot-removed. Hence post acceptance, only for that range update
> >>> + * the unaccepted bitmap to reflect this change.
> >>> + */
> >>> +void accept_hotplug_memory(phys_addr_t start, unsigned long size)
> >>> +{
> >>> + struct efi_unaccepted_memory *unaccepted;
> >>> + unsigned long range_start, range_len;
> >>> + phys_addr_t end = start + size;
> >>> + u64 phys_base, unit_size;
> >>> + unsigned long flags;
> >>> +
> >>> + unaccepted = efi_get_unaccepted_table();
> >>> + if (!unaccepted)
> >>> + return;
> >>
> >> This can be tricky.
> >>
> >> If we boot a VM with <4GiB of memory and all of it is pre-accepted by
> >> BIOS, the table will not be allocated.
> >>
> >> But it doesn't mean that hotplugged memory above should not be accepted.
> >>
> >> I don't think there is a way to detect such cases.
> >>
> >> Your check is probably the best we can do, but it means VMs are going to
> >> crash if memory accept is required by no table.
> >>
> >> This is ugly situation.
>
> Agreed. Breaking hotplug for VMs under 4G is absolutely not the way to go.
>
> Would it be worse if we call arch_accept_memory() if the table doesn't exist?
> The table is primarily to operate on the bitmap's entry. We could wrap these
> accept calls within an arch check for TDX and SNP guest if the unaccepted table
> is NULL. Or, less preferably convert the panic() of the existing
> arch_[accept/unaccept]_memory() to a WARN() instead.
I think you try to workaround a lack of proper design. I think the right
way would be to make unaccepted hotpluggable ranges declared upfront in
the EFI memory map, so kernel can allocate bitmap for all of it on boot
and not playing guessing game.
If it required EFI spec modification, let's do it.
--
Kiryl Shutsemau / Kirill A. Shutemov
Powered by blists - more mailing lists