Re: [PATCH v2 08/17] KVM: TDX: Complete interrupts after TD exit

[Binbin Wu]

On 2/13/2025 4:20 PM, Chao Gao wrote:
> > +static void tdx_complete_interrupts(struct kvm_vcpu *vcpu)
> > +{
> > +	/* Avoid costly SEAMCALL if no NMI was injected. */
> > +	if (vcpu->arch.nmi_injected) {
> > +		/*
> > +		 * No need to request KVM_REQ_EVENT because PEND_NMI is still
> > +		 * set if NMI re-injection needed.  No other event types need
> > +		 * to be handled because TDX doesn't support injection of
> > +		 * exception, SMI or interrupt (via event injection).
> > +		 */
> > +		vcpu->arch.nmi_injected = td_management_read8(to_tdx(vcpu),
> > +							      TD_VCPU_PEND_NMI);
> > +	}
> Why does KVM care whether/when an NMI is injected by the TDX module?
>
> I think we can simply set nmi_injected to false unconditionally here, or even in
> tdx_inject_nmi(). From KVM's perspective, NMI injection is complete right after
> writing to PEND_NMI. It is the TDX module that should inject the NMI at the
> right time and do the re-injection.
Yes, it can/should be cleared unconditionally here.

Previously (v19 and before), nmi_injected will impact the limit of pending nmi.
Now, we don't care the limit of pending nmi because more pending NMIs will be
collapsed to the one pending in the TDX module.

Will update it.
Thanks!

> > +}
> > +