Re: [GIT PULL] KVM: x86: VMXON and EFER.SVME extraction for 7.1

[Paolo Bonzini]

On Sat, Apr 11, 2026 at 1:59 AM Sean Christopherson <seanjc@xxxxxxxxxx> wrote:
> Move _only_ VMXON+VMXOFF and EFER.SVME toggling out of KVM (versus all of VMX
> and SVM enabling) out of KVM and into the core kernel so that non-KVM TDX
> enabling, e.g. for trusted I/O, can make SEAMCALLs without needing to ensure
> KVM is fully loaded.
>
> TDX isn't a hypervisor, and isn't trying to be a hypervisor. Specifically, TDX

I changed TDX to TIO in this sentence. TDX is definitely trying to be
a hypervisor :) but non-KVM users in Linux don't use it as one.

Paolo

> should _never_ have it's own VMCSes (that are visible to the host; the
> TDX-Module has it's own VMCSes to do SEAMCALL/SEAMRET), and so there is simply
> no reason to move that functionality out of KVM.
>
> With that out of the way, dealing with VMXON/VMXOFF and EFER.SVME is a fairly
> simple refcounting game.
>
> ----------------------------------------------------------------
> Chao Gao (1):
>       x86/virt/tdx: KVM: Consolidate TDX CPU hotplug handling
>
> Sean Christopherson (16):
>       KVM: x86: Move kvm_rebooting to x86
>       KVM: VMX: Move architectural "vmcs" and "vmcs_hdr" structures to public vmx.h
>       KVM: x86: Move "kvm_rebooting" to kernel as "virt_rebooting"
>       KVM: VMX: Unconditionally allocate root VMCSes during boot CPU bringup
>       x86/virt: Force-clear X86_FEATURE_VMX if configuring root VMCS fails
>       KVM: VMX: Move core VMXON enablement to kernel
>       KVM: SVM: Move core EFER.SVME enablement to kernel
>       KVM: x86: Move bulk of emergency virtualizaton logic to virt subsystem
>       x86/virt: Add refcounting of VMX/SVM usage to support multiple in-kernel users
>       x86/virt/tdx: Drop the outdated requirement that TDX be enabled in IRQ context
>       KVM: x86/tdx: Do VMXON and TDX-Module initialization during subsys init
>       x86/virt/tdx: Tag a pile of functions as __init, and globals as __ro_after_init
>       x86/virt/tdx: Use ida_is_empty() to detect if any TDs may be running
>       KVM: Bury kvm_{en,dis}able_virtualization() in kvm_main.c once more
>       KVM: TDX: Fold tdx_bringup() into tdx_hardware_setup()
>       x86/virt: Treat SVM as unsupported when running as an SEV+ guest
>
>  Documentation/arch/x86/tdx.rst              |  36 +--
>  arch/x86/events/intel/pt.c                  |   1 -
>  arch/x86/include/asm/kvm_host.h             |   3 +-
>  arch/x86/include/asm/reboot.h               |  11 -
>  arch/x86/include/asm/tdx.h                  |   4 -
>  arch/x86/include/asm/virt.h                 |  26 ++
>  arch/x86/include/asm/vmx.h                  |  11 +
>  arch/x86/kernel/cpu/common.c                |   2 +
>  arch/x86/kernel/crash.c                     |   3 +-
>  arch/x86/kernel/reboot.c                    |  63 +----
>  arch/x86/kernel/smp.c                       |   5 +-
>  arch/x86/kvm/svm/svm.c                      |  35 +--
>  arch/x86/kvm/svm/vmenter.S                  |  10 +-
>  arch/x86/kvm/vmx/main.c                     |  19 +-
>  arch/x86/kvm/vmx/tdx.c                      | 210 ++--------------
>  arch/x86/kvm/vmx/tdx.h                      |   8 +-
>  arch/x86/kvm/vmx/vmcs.h                     |  11 -
>  arch/x86/kvm/vmx/vmenter.S                  |   2 +-
>  arch/x86/kvm/vmx/vmx.c                      | 138 +----------
>  arch/x86/kvm/x86.c                          |  29 ++-
>  arch/x86/virt/Makefile                      |   2 +
>  arch/x86/virt/hw.c                          | 360 ++++++++++++++++++++++++++++
>  arch/x86/virt/vmx/tdx/tdx.c                 | 326 ++++++++++++++-----------
>  arch/x86/virt/vmx/tdx/tdx.h                 |   8 -
>  arch/x86/virt/vmx/tdx/tdx_global_metadata.c |  10 +-
>  include/linux/kvm_host.h                    |  16 +-
>  virt/kvm/kvm_main.c                         |  31 ++-
>  27 files changed, 720 insertions(+), 660 deletions(-)
>  create mode 100644 arch/x86/include/asm/virt.h
>  create mode 100644 arch/x86/virt/hw.c
>