[RFCv2 PATCH 0/6] Support memory hotplug/unplug for TDX CoCo guests

From: Zhenzhong Duan

Date: Tue Jun 23 2026 - 06:18:10 EST


This RFCv2 series implements comprehensive support for virtio-mem and ACPI
DIMM memory hotplug/unplug in Intel TDX confidential computing guests.
It explores the start-private memory approach utilizing the native
TDG.MEM.PAGE.RELEASE API.

We are seeking feedback from Kiryl on the CoCo guest implementation, MM
experts on DIMM & virio-mem memory hotplug integration and broader
virtio/CoCo community input on the overall approach. We are not seeking
x86 maintainer review at this stage.

== Changes from RFC v1 ==

- Eliminated callback infrastructure: Dropped plug callback and replaced
unplug callback with platform-level unaccept function into core MM
hotplug and virtio-mem subsystems.
- Added comprehensive bitmap tracking: Introduced a "plugged" bitmap
alongside the unaccepted bitmap to track populated hotplug memory
states to support load_unaligned_zeropad().
- Enhanced SRAT parsing: Extended the EFI stub to parse ACPI SRAT tables
early, ensuring hotpluggable ranges are tracked from initial boot.

For more introduction about the background or other efforts in community,
please check the RFCv1 cover letter [1].

== Technical Approach ==

- Early SRAT Integration: A lightweight EFI stub parser scans ACPI SRAT
tables to identify hotpluggable ranges and adjust bitmap boundaries
early, avoiding the overhead of the full ACPI subsystem.
- Comprehensive Bitmap Tracking: Introduces a "plugged" bitmap right
after the unaccepted bitmap. Both static and hotplugged memory are
tracked, allowing the guest to map which ranges are populated by the
VMM. This prevents acceptance beyond plugged memory boundaries due to
load_unaligned_zeropad() operations.
- Platform Extensibility: Exposes generic CoCo memory interfaces. Other
confidential platforms (like AMD SEV-SNP) can easily adopt this by
hooking their specific mechanisms into arch_unaccept_memory().
- Hotplug & Guest Control: Integrates platform-level unaccept logic
into ACPI hotplug and virtio-mem handlers. Uses TDG.MEM.PAGE.RELEASE
for TDX to explicitly set memory to the "unaccepted" state during
unplug, removing host hole-punching dependencies.
- Kexec Handover: Leverages existing EFI mechanisms to seamlessly hand
over both the extended unaccepted bitmap and the new plugged bitmap
across kexec boundaries.

== Testing ==

- dimm and virtio-mem memory hotplug/unplug
- lazy and eager accept
- kexec/kdump with hotplugged memory

This is tested with Marc-André Lureau's newest qemu series [2]

Comments appreciated, thanks.

Zhenzhong

[1] https://lore.kernel.org/all/20260604093551.1511079-1-zhenzhong.duan@xxxxxxxxx/
[2] https://lore.kernel.org/all/20260604-rdm5-v5-0-5768e6a0943d@xxxxxxxxxx/

Zhenzhong Duan (6):
efi/unaccepted: Support hotplug memory in unaccepted bitmap via SRAT
efi/unaccepted: Set unaccepted bits for all hotplug memory
efi/unaccepted: Create plugged bitmap to support hotplug memory in
coco guest
x86/tdx: Implement arch_unaccept_memory()
mm/memory_hotplug: Support ACPI hotplug/unplug for coco guest
virtio-mem: Support memory hotplug/unplug for coco guest

arch/x86/include/asm/shared/tdx.h | 2 +
arch/x86/include/asm/tdx.h | 2 +
arch/x86/include/asm/unaccepted_memory.h | 11 ++
drivers/firmware/efi/libstub/efistub.h | 6 +
include/linux/efi.h | 5 +
include/linux/mm.h | 11 ++
arch/x86/boot/compressed/mem.c | 4 +-
arch/x86/coco/tdx/tdx.c | 120 ++++++++++++++++
drivers/firmware/efi/efi.c | 4 +-
.../firmware/efi/libstub/unaccepted_memory.c | 128 +++++++++++++++++-
drivers/firmware/efi/unaccepted_memory.c | 122 ++++++++++++++++-
drivers/virtio/virtio_mem.c | 8 ++
mm/memory_hotplug.c | 16 +++
13 files changed, 425 insertions(+), 14 deletions(-)

--
2.52.0