The idea here is to extract _only_ VMXON+VMXOFF and EFER.SVME toggling. AFAIK
there's no second user of SVM, i.e. no equivalent to TDX, but I wanted to keep
things as symmetrical as possible.
TDX isn't a hypervisor, and isn't trying to be a hypervisor. Specifically, TDX
should _never_ have it's own VMCSes (that are visible to the host; the
TDX-Module has it's own VMCSes to do SEAMCALL/SEAMRET), and so there is simply
no reason to move that functionality out of KVM.
With that out of the way, dealing with VMXON/VMXOFF and EFER.SVME is a fairly
simple refcounting game.
Decently tested, and it seems like the core idea is sound, so I dropped the
RFC. But the side of things definitely needs testing.
Note, this is based on kvm-x86/next, which doesn't have
EXPORT_SYMBOL_FOR_KVM(), and so the virt/hw.c exports need to be fixed up.
I'm sending now instead of waiting for -rc1 because I'm assuming I'll need to
spin at least v3 anyways :-)
v2:
- Initialize the TDX-Module via subsys initcall instead of during
tdx_init(). [Rick]
- Isolate the __init and __ro_after_init changes. [Rick]
- Use ida_is_empty() instead of manually tracking HKID usage. [Dan]
- Don't do weird things with the refcounts when virt_rebooting is
true. [Chao]
- Drop unnecessary setting of virt_rebooting in KVM code. [Chao]
- Rework things to have less X86_FEATURE_FOO code. [Rick]
- Consolidate the CPU hotplug callbacks. [Chao]
v1 (RFC):
- https://lore.kernel.org/all/20251010220403.987927-1-seanjc@google.com
Chao Gao (1):
x86/virt/tdx: KVM: Consolidate TDX CPU hotplug handling
Sean Christopherson (6):
KVM: x86: Move kvm_rebooting to x86
KVM: x86: Extract VMXON and EFER.SVME enablement to kernel
KVM: x86/tdx: Do VMXON and TDX-Module initialization during subsys
init
x86/virt/tdx: Tag a pile of functions as __init, and globals as
__ro_after_init
x86/virt/tdx: Use ida_is_empty() to detect if any TDs may be running
KVM: Bury kvm_{en,dis}able_virtualization() in kvm_main.c once more
Documentation/arch/x86/tdx.rst | 26 --
arch/x86/events/intel/pt.c | 1 -
arch/x86/include/asm/kvm_host.h | 3 +-
arch/x86/include/asm/reboot.h | 11 -
arch/x86/include/asm/tdx.h | 4 -
arch/x86/include/asm/virt.h | 26 ++
arch/x86/include/asm/vmx.h | 11 +
arch/x86/kernel/cpu/common.c | 2 +
arch/x86/kernel/crash.c | 3 +-
arch/x86/kernel/reboot.c | 63 +---
arch/x86/kernel/smp.c | 5 +-
arch/x86/kvm/svm/svm.c | 34 +-
arch/x86/kvm/svm/vmenter.S | 10 +-
arch/x86/kvm/vmx/tdx.c | 209 ++----------
arch/x86/kvm/vmx/vmcs.h | 11 -
arch/x86/kvm/vmx/vmenter.S | 2 +-
arch/x86/kvm/vmx/vmx.c | 127 +-------
arch/x86/kvm/x86.c | 20 +-
arch/x86/virt/Makefile | 2 +
arch/x86/virt/hw.c | 340 ++++++++++++++++++++
arch/x86/virt/vmx/tdx/tdx.c | 315 ++++++++++--------
arch/x86/virt/vmx/tdx/tdx.h | 8 -
arch/x86/virt/vmx/tdx/tdx_global_metadata.c | 10 +-
include/linux/kvm_host.h | 10 +-
virt/kvm/kvm_main.c | 31 +-
25 files changed, 657 insertions(+), 627 deletions(-)
create mode 100644 arch/x86/include/asm/virt.h
create mode 100644 arch/x86/virt/hw.c
base-commit: 5d3e2d9ba9ed68576c70c127e4f7446d896f2af2
--
2.52.0.223.gf5cc29aaa4-goog