Re: [PATCH v2 2/2] mm/memory_hotplug: Add support to unaccept memory after hot-remove

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Kiryl Shutsemau <kas@kernel.org>
To: "Pratik R. Sampat" <prsampat@amd.com>
Cc: linux-mm@kvack.org, linux-coco@lists.linux.dev, x86@kernel.org,
	 linux-kernel@vger.kernel.org, tglx@linutronix.de,
	mingo@redhat.com, bp@alien8.de,  dave.hansen@linux.intel.com,
	ardb@kernel.org, akpm@linux-foundation.org, david@kernel.org,
	 osalvador@suse.de, thomas.lendacky@amd.com,
	michael.roth@amd.com
Subject: Re: [PATCH v2 2/2] mm/memory_hotplug: Add support to unaccept memory after hot-remove
Date: Tue, 13 Jan 2026 17:53:35 +0000	[thread overview]
Message-ID: <aWaGBandNCLT93Tm@thinkstation> (raw)
In-Reply-To: <af3bf2ef-0231-4e75-9a80-c2bd3a7e1bf1@amd.com>

On Tue, Jan 13, 2026 at 11:10:21AM -0600, Pratik R. Sampat wrote:
> 
> 
> On 1/13/2026 4:28 AM, Kiryl Shutsemau wrote:
> > On Mon, Jan 12, 2026 at 02:23:00PM -0600, Pratik R. Sampat wrote:
> > > Transition memory to the shared state during a hot-remove operation so
> > > that it can be re-used by the hypervisor. This also applies when memory
> > > is intended to be hotplugged back in later, as those pages will need to
> > > be re-accepted after crossing the trust boundary.
> > 
> > Hm. What happens when we hot-remove memory that was there at the boot
> > and there's bitmap space for it?
> > 
> 
> While hotplug ranges gotten from SRAT don't seem to overlap with the
> conventional ranges in the unaccepted table, EFI_MEMORY_HOT_PLUGGABLE
> attribute could indicate boot time memory that could be hot-removed. I
> could potentially unset the bitmap first, if the bit exists and then
> unaccept.
> 
> Similarly, I could also check if the bitmap is large enough to set the
> bit before I call arch_accept_memory() (This may not really be needed
> though).
> 
> > Also, I'm not sure why it is needed. At least in TDX case, VMM can pull
> > the memory from under guest at any time without a warning. Coverting
> > memory to shared shouldn't make a difference as along as re-adding the
> > same GPA range triggers accept.
> > 
> 
> That makes sense. The only scenario where we could run into trouble on
> SNP platforms is when we redo a qemu device_add after a device_del
> without first removing the memory object entirely since same-state
> transitions result in guest termination.
> 
> This means we must always follow a device_del with an object_del on
> removal. Otherwise, the onus would then be on the VMM to transition
> the memory back to shared before re-adding it to the guest.

This seems to be one-of-many possible ways of VMM to get guest terminated.
DoS is not in something confidential computing aims to prevent.

> However, if this flow is not a concern to begin with then I could
> probably just drop this patch?

Yes, please.

-- 
  Kiryl Shutsemau / Kirill A. Shutemov

next prev parent reply	other threads:[~2026-01-13 17:53 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-01-12 20:22 [PATCH v2 0/2] SEV-SNP Unaccepted Memory Hotplug Pratik R. Sampat
2026-01-12 20:22 ` [PATCH v2 1/2] mm/memory_hotplug: Add support to accept memory during hot-add Pratik R. Sampat
2026-01-12 21:04   ` Andrew Morton
2026-01-12 22:23     ` Pratik R. Sampat
2026-01-12 22:43       ` Andrew Morton
2026-01-13  5:52         ` Pratik R. Sampat
2026-01-13  3:52   ` kernel test robot
2026-01-13  8:56   ` kernel test robot
2026-01-14 10:30   ` David Hildenbrand (Red Hat)
2026-01-14 22:56     ` Pratik R. Sampat
2026-01-12 20:23 ` [PATCH v2 2/2] mm/memory_hotplug: Add support to unaccept memory after hot-remove Pratik R. Sampat
2026-01-13 10:28   ` Kiryl Shutsemau
2026-01-13 17:10     ` Pratik R. Sampat
2026-01-13 17:53       ` Kiryl Shutsemau [this message]
2026-01-13 18:22         ` Pratik R. Sampat
2026-01-14 10:47           ` Kiryl Shutsemau
2026-01-14 22:56             ` Pratik R. Sampat

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aWaGBandNCLT93Tm@thinkstation \
    --to=kas@kernel.org \
    --cc=akpm@linux-foundation.org \
    --cc=ardb@kernel.org \
    --cc=bp@alien8.de \
    --cc=dave.hansen@linux.intel.com \
    --cc=david@kernel.org \
    --cc=linux-coco@lists.linux.dev \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=michael.roth@amd.com \
    --cc=mingo@redhat.com \
    --cc=osalvador@suse.de \
    --cc=prsampat@amd.com \
    --cc=tglx@linutronix.de \
    --cc=thomas.lendacky@amd.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.