public inbox for linux-coco@lists.linux.dev
 help / color / mirror / Atom feed
From: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
To: "pbonzini@redhat.com" <pbonzini@redhat.com>,
	"prsampat@amd.com" <prsampat@amd.com>
Cc: "dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
	"marcandre.lureau@redhat.com" <marcandre.lureau@redhat.com>,
	"kas@kernel.org" <kas@kernel.org>, "bp@alien8.de" <bp@alien8.de>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"mingo@redhat.com" <mingo@redhat.com>,
	"x86@kernel.org" <x86@kernel.org>,
	"Qiang, Chenyi" <chenyi.qiang@intel.com>,
	"tglx@kernel.org" <tglx@kernel.org>,
	"hpa@zytor.com" <hpa@zytor.com>,
	"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
	"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>
Subject: Re: [PATCH 2/2] x86/tdx: Accept hotplugged memory before online
Date: Wed, 1 Apr 2026 15:37:26 +0000	[thread overview]
Message-ID: <49e8b24d836c1883e83ad72d1ab279f9e3eb7455.camel@intel.com> (raw)
In-Reply-To: <cab5371d-e0f4-42b7-bae9-2c7f981b26b2@amd.com>

On Mon, 2026-03-30 at 11:10 -0400, Pratik R. Sampat wrote:
> SNP likely has an analogous issue too.
> Failing to switch states on remove will cause that RMP entry to
> remain validated. A malicious hypervisor could then remap this GPA to
> another HPA which would put this in the Guest-Invalid state. On re-
> hotplug if we ignore errors suggested by Patch 1 (in our case that'd
> be PVALIDATE_FAIL_NOUPDATE error likely), we could have two RMP
> entries for the same GPA and both being validated. This is dangerous
> because hypervisor could swap these at will.

Oh, I was just wondering if we could just zero the page on accept
failure for the case of already accepted. Handle the issue internally
and actually go back to something like patch 1. Will it work for SNP?

> 
> Would it not be better to have this information in the unaccepted
> bitmap which we could explicitly query to accept/unaccept?

It makes me think about shared memory too. Should the unplug event also
signal the host to reset the memory to private? If the VMM is actually
not adjusting the guest mapping for a unplug/re-plug then the memory
would come back as shared.

But it really starts to feel like work the host should be doing.

> 
> For ACPI hardware-style hotplug I was working with the UEFI side on a
> POC to reflect SRAT hotplug windows in UEFI_UNACCEPTED_MEMORY using
> EFI_MEMORY_HOT_PLUGGABLE attribute and working to modify that spec.
> I’m less sure what this description for virtio-mem would look like
> and if it'd be possible to do this early-boot.



  reply	other threads:[~2026-04-01 15:37 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-24 15:21 [PATCH 0/2] x86/tdx: Fix memory hotplug in TDX guests Marc-André Lureau
2026-03-24 15:21 ` [PATCH 1/2] x86/tdx: Handle TDG.MEM.PAGE.ACCEPT success-with-warning returns Marc-André Lureau
2026-03-24 22:02   ` Edgecombe, Rick P
2026-03-24 15:21 ` [PATCH 2/2] x86/tdx: Accept hotplugged memory before online Marc-André Lureau
2026-03-24 22:03   ` Edgecombe, Rick P
2026-03-25 10:29     ` Marc-André Lureau
2026-03-25 17:21       ` Edgecombe, Rick P
2026-03-26 18:25         ` Paolo Bonzini
2026-03-26 20:40           ` Edgecombe, Rick P
2026-03-30 12:29             ` Kiryl Shutsemau
2026-03-30 15:10             ` Pratik R. Sampat
2026-04-01 15:37               ` Edgecombe, Rick P [this message]
2026-04-01 15:49                 ` Edgecombe, Rick P
2026-04-02  8:18                 ` Reshetova, Elena
2026-04-02 17:06                   ` Edgecombe, Rick P
2026-04-03 10:37                     ` Reshetova, Elena
2026-04-03 19:41                       ` Edgecombe, Rick P
2026-04-08  8:22                         ` Reshetova, Elena
2026-04-08 19:55                           ` Pratik R. Sampat
2026-04-09  1:35                         ` Duan, Zhenzhong
2026-04-09 15:19                           ` Marc-André Lureau
2026-04-10  1:05                             ` Duan, Zhenzhong
2026-04-10  7:49                               ` David Hildenbrand (Arm)
2026-03-27  3:05       ` Chenyi Qiang
2026-03-27  8:49         ` David Hildenbrand (Arm)
2026-03-27  8:28   ` Yan Zhao
2026-03-30 12:17     ` Marc-André Lureau

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=49e8b24d836c1883e83ad72d1ab279f9e3eb7455.camel@intel.com \
    --to=rick.p.edgecombe@intel.com \
    --cc=bp@alien8.de \
    --cc=chenyi.qiang@intel.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=hpa@zytor.com \
    --cc=kas@kernel.org \
    --cc=kvm@vger.kernel.org \
    --cc=linux-coco@lists.linux.dev \
    --cc=linux-kernel@vger.kernel.org \
    --cc=marcandre.lureau@redhat.com \
    --cc=mingo@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=prsampat@amd.com \
    --cc=tglx@kernel.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox