Re: [PATCH v3 08/16] KVM: x86: Move bulk of emergency virtualizaton logic to virt subsystem

From: Chao Gao

Date: Thu Feb 26 2026 - 04:09:19 EST

On Fri, Feb 13, 2026 at 05:26:54PM -0800, Sean Christopherson wrote:
>Move the majority of the code related to disabling hardware virtualization
>in emergency from KVM into the virt subsystem so that virt can take full
>ownership of the state of SVM/VMX. This will allow refcounting usage of
>SVM/VMX so that KVM and the TDX subsystem can enable VMX without stomping
>on each other.
>
>To route the emergency callback to the "right" vendor code, add to avoid

^^^ and

>-void cpu_emergency_disable_virtualization(void)
>-{
>- cpu_emergency_virt_cb *callback;
>-
>- /*
>- * IRQs must be disabled as KVM enables virtualization in hardware via
>- * function call IPIs, i.e. IRQs need to be disabled to guarantee
>- * virtualization stays disabled.
>- */
>- lockdep_assert_irqs_disabled();
>-
>- rcu_read_lock();
>- callback = rcu_dereference(cpu_emergency_virt_callback);
>- if (callback)
>- callback();
>- rcu_read_unlock();

...

>+static void x86_virt_invoke_kvm_emergency_callback(void)
>+{
>+ cpu_emergency_virt_cb *kvm_callback;
>+
>+ kvm_callback = rcu_dereference(kvm_emergency_callback);
>+ if (kvm_callback)
>+ kvm_callback();

The RCU lock is dropped here. I assume this is intentional since the function
is only called with IRQs disabled, in which case the RCU lock isn't needed.

<snip>

>+int x86_virt_emergency_disable_virtualization_cpu(void)
>+{
>+ /* Ensure the !feature check can't get false positives. */
>+ BUILD_BUG_ON(!X86_FEATURE_SVM || !X86_FEATURE_VMX);
>+
>+ if (!virt_ops.feature)
>+ return -EOPNOTSUPP;
>+
>+ /*
>+ * IRQs must be disabled as virtualization is enabled in hardware via
>+ * function call IPIs, i.e. IRQs need to be disabled to guarantee
>+ * virtualization stays disabled.
>+ */

The comment is stale. Since this patch just moves the comment, it should be
fine to keep it as-is and fix it in a separate series.

>+ lockdep_assert_irqs_disabled();
>+
>+ /*
>+ * Do the NMI shootdown even if virtualization is off on _this_ CPU, as
>+ * other CPUs may have virtualization enabled.
>+ *
>+ * TODO: Track whether or not virtualization might be enabled on other
>+ * CPUs? May not be worth avoiding the NMI shootdown...
>+ */
>+ virt_ops.emergency_disable_virtualization_cpu();
>+ return 0;
>+}
>+
> void __init x86_virt_init(void)
> {
>- x86_vmx_init();
>+ /*
>+ * Attempt to initialize both SVM and VMX, and simply use whichever one
>+ * is present. Rsefuse to enable/use SVM or VMX if both are somehow

^^^^^^^ Refuse

LGTM aside from the two typos above.

Reviewed-by: Chao Gao <chao.gao@xxxxxxxxx>