Re: [PATCH v3 00/16] KVM: x86/tdx: Have TDX handle VMXON during bringup

From: dan.j.williams

Date: Mon Feb 16 2026 - 17:59:46 EST

Sean Christopherson wrote:
> Assuming I didn't break anything between v2 and v3, I think this is ready to
> rip. Given the scope of the KVM changes, and that they extend outside of x86,
> my preference is to take this through the KVM tree. But a stable topic branch
> in tip would work too, though I think we'd want it sooner than later so that
> it can be used as a base.
>
> Chao, I deliberately omitted your Tested-by, as I shuffled things around enough
> while splitting up the main patch that I'm not 100% positive I didn't regress
> anything relative to v2.
>
>
> The idea here is to extract _only_ VMXON+VMXOFF and EFER.SVME toggling. AFAIK
> there's no second user of SVM, i.e. no equivalent to TDX, but I wanted to keep
> things as symmetrical as possible.
>
> TDX isn't a hypervisor, and isn't trying to be a hypervisor. Specifically, TDX
> should _never_ have it's own VMCSes (that are visible to the host; the
> TDX-Module has it's own VMCSes to do SEAMCALL/SEAMRET), and so there is simply
> no reason to move that functionality out of KVM.
>
> With that out of the way, dealing with VMXON/VMXOFF and EFER.SVME is a fairly
> simple refcounting game.
>
> v3:
> - https://lore.kernel.org/all/20251206011054.494190-1-seanjc@xxxxxxxxxx
> - Split up the move from KVM => virt into smaller patches. [Dan]
> - Collect reviews. [Dan, Chao, Dave]
> - Update sample dmesg output and hotplug angle in docs. [Chao]
> - Add comments in kvm_arch_shutdown() to try and explain the madness. [Dave]
> - Add a largely superfluous smp_wmb() in kvm_arch_shutdown() to provide a
> convienent location for documenting the flow. [Dave]
> - Disable preemption in x86_virt_{get,put}_ref() so that changes in how
> KVM and/or TDX use the APIs doesn't result in bugs. [Xu]
> - Add a patch to drop the bogus "IRQs must be disabled" rule in
> tdx_cpu_enable().
> - Tag more TDX helpers as __init. [Chao]
> - Don't treat loading kvm-intel.ko with tdx=1 as fatal if the system doesn't
> have a TDX-Module available. [Chao]

I went through the rest of the patches, the finer grained splits make
sense. No significant concerns, so for the series:

Reviewed-by: Dan Williams <dan.j.williams@xxxxxxxxx>

...I expect Chao or Yilun to have a chance to offer a Tested-by per your
comment above.