Re: [PATCH v19 085/130] KVM: TDX: Complete interrupts after tdexit

[Binbin Wu]

On 4/17/2024 2:23 AM, Reinette Chatre wrote:
> Hi Isaku,
>
> (In shortlog "tdexit" can be "TD exit" to be consistent with
> documentation.)
>
> On 2/26/2024 12:26 AM, isaku.yamahata@xxxxxxxxx wrote:
> > From: Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
> >
> > This corresponds to VMX __vmx_complete_interrupts().  Because TDX
> > virtualize vAPIC, KVM only needs to care NMI injection.
> This seems to be the first appearance of NMI and the changelog
> is very brief. How about expending it with:
>
> "This corresponds to VMX __vmx_complete_interrupts().  Because TDX
>   virtualize vAPIC, KVM only needs to care about NMI injection.
  ^
  virtualizes

Also, does it need to mention that non-NMI interrupts are handled by 
posted-interrupt mechanism?

For example:

"This corresponds to VMX __vmx_complete_interrupts().  Because TDX
 virtualizes vAPIC, and non-NMI interrupts are delivered using 
posted-interrupt
 mechanism, KVM only needs to care about NMI injection.
..
"

>   KVM can request TDX to inject an NMI into a guest TD vCPU when the
>   vCPU is not active. TDX will attempt to inject an NMI as soon as
>   possible on TD entry. NMI injection is managed by writing to (to
>   inject NMI) and reading from (to get status of NMI injection)
>   the PEND_NMI field within the TDX vCPU scope metadata (Trust
>   Domain Virtual Processor State (TDVPS)).
>
>   Update KVM's NMI status on TD exit by checking whether a requested
>   NMI has been injected into the TD. Reading the metadata via SEAMCALL
>   is expensive so only perform the check if an NMI was injected.
>
>   This is the first need to access vCPU scope metadata in the
>   "management" class. Ensure that needed accessor is available.
> "