This RFCv2 series implements comprehensive support for virtio-mem and ACPI DIMM memory hotplug/unplug in Intel TDX confidential computing guests. It explores the start-private memory approach utilizing the native TDG.MEM.PAGE.RELEASE API.
We are seeking feedback from Kiryl on the CoCo guest implementation, MM experts on DIMM & virio-mem memory hotplug integration and broader virtio/CoCo community input on the overall approach. We are not seeking x86 maintainer review at this stage. == Changes from RFC v1 == - Eliminated callback infrastructure: Dropped plug callback and replaced unplug callback with platform-level unaccept function into core MM hotplug and virtio-mem subsystems. - Added comprehensive bitmap tracking: Introduced a "plugged" bitmap alongside the unaccepted bitmap to track populated hotplug memory states to support load_unaligned_zeropad(). - Enhanced SRAT parsing: Extended the EFI stub to parse ACPI SRAT tables early, ensuring hotpluggable ranges are tracked from initial boot. For more introduction about the background or other efforts in community, please check the RFCv1 cover letter [1]. == Technical Approach == - Early SRAT Integration: A lightweight EFI stub parser scans ACPI SRAT tables to identify hotpluggable ranges and adjust bitmap boundaries early, avoiding the overhead of the full ACPI subsystem. - Comprehensive Bitmap Tracking: Introduces a "plugged" bitmap right after the unaccepted bitmap. Both static and hotplugged memory are tracked, allowing the guest to map which ranges are populated by the VMM. This prevents acceptance beyond plugged memory boundaries due to load_unaligned_zeropad() operations. - Platform Extensibility: Exposes generic CoCo memory interfaces. Other confidential platforms (like AMD SEV-SNP) can easily adopt this by hooking their specific mechanisms into arch_unaccept_memory(). - Hotplug & Guest Control: Integrates platform-level unaccept logic into ACPI hotplug and virtio-mem handlers. Uses TDG.MEM.PAGE.RELEASE for TDX to explicitly set memory to the "unaccepted" state during unplug, removing host hole-punching dependencies. - Kexec Handover: Leverages existing EFI mechanisms to seamlessly hand over both the extended unaccepted bitmap and the new plugged bitmap across kexec boundaries. == Testing == - dimm and virtio-mem memory hotplug/unplug - lazy and eager accept - kexec/kdump with hotplugged memory This is tested with Marc-André Lureau's newest qemu series [2] Comments appreciated, thanks. Zhenzhong [1] https://lore.kernel.org/all/[email protected]/ [2] https://lore.kernel.org/all/[email protected]/ Zhenzhong Duan (6): efi/unaccepted: Support hotplug memory in unaccepted bitmap via SRAT efi/unaccepted: Set unaccepted bits for all hotplug memory efi/unaccepted: Create plugged bitmap to support hotplug memory in coco guest x86/tdx: Implement arch_unaccept_memory() mm/memory_hotplug: Support ACPI hotplug/unplug for coco guest virtio-mem: Support memory hotplug/unplug for coco guest arch/x86/include/asm/shared/tdx.h | 2 + arch/x86/include/asm/tdx.h | 2 + arch/x86/include/asm/unaccepted_memory.h | 11 ++ drivers/firmware/efi/libstub/efistub.h | 6 + include/linux/efi.h | 5 + include/linux/mm.h | 11 ++ arch/x86/boot/compressed/mem.c | 4 +- arch/x86/coco/tdx/tdx.c | 120 ++++++++++++++++ drivers/firmware/efi/efi.c | 4 +- .../firmware/efi/libstub/unaccepted_memory.c | 128 +++++++++++++++++- drivers/firmware/efi/unaccepted_memory.c | 122 ++++++++++++++++- drivers/virtio/virtio_mem.c | 8 ++ mm/memory_hotplug.c | 16 +++ 13 files changed, 425 insertions(+), 14 deletions(-) -- 2.52.0
