x86/tdx: Fix memory hotplug in TDX guests

[PATCH 0/2] x86/tdx: Fix memory hotplug in TDX guests
Posted by Marc-André Lureau 1 week, 2 days ago
In TDX guests, hotplugged memory (e.g., via virtio-mem) must be accepted
via TDG.MEM.PAGE.ACCEPT before use. The first access to an unaccepted
page triggers a fatal "SEPT entry in PENDING state" EPT violation and
KVM terminates the guest.

This was discovered while testing virtio-mem resize with TDX guests.
The associated QEMU virtio-mem + TDX patch series is under review at:
https://patchew.org/QEMU/20260226140001.3622334-1-marcandre.lureau@redhat.com/

The fix has two parts:

1. Handle TDG.MEM.PAGE.ACCEPT "success-with-warning" returns for pages
   that are already in MAPPED state (e.g., after offline/re-online
   cycles), instead of treating them as fatal errors.

2. Register a MEM_GOING_ONLINE memory hotplug notifier that calls
   tdx_accept_memory() before pages are freed to the buddy allocator.
   The TDCALL transparently triggers KVM-side page augmentation (AUG)
   followed by acceptance, avoiding the fatal EPT violation path.

The solution was suggested by Claude Code (Anthropic) and has been
tested with virtio-mem hot-add on a TDX guest. I did my best to review
the produced code and comments. Apologies if the agent did hallucinate.
Let me know if I need to check or correct something.

Thanks,

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
Marc-André Lureau (2):
      x86/tdx: Handle TDG.MEM.PAGE.ACCEPT success-with-warning returns
      x86/tdx: Accept hotplugged memory before online

 arch/x86/coco/tdx/tdx-shared.c |  2 +-
 arch/x86/coco/tdx/tdx.c        | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+), 1 deletion(-)
---
base-commit: c369299895a591d96745d6492d4888259b004a9e
change-id: 20260324-tdx-hotplug-fixes-644d009dad63

Best regards,
-- 
Marc-André Lureau <marcandre.lureau@redhat.com>