From nobody Thu Apr 2 23:54:05 2026 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6AB152F616A for ; Sat, 14 Feb 2026 01:27:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771032457; cv=none; b=X3nq/9TChGa2GkOcUlmeLrVSeNzKgyjE52KRa9wGbRZwO/Tgxamouzh6dGVRBGo3L2WjmOKQjNGwZSIYbSLYDPAAHzlYrUbi+Vvqopkrkv4ReK22YdUL8RRq7mXPyMvA6gOniSIPioC/zN0zdGWUPpklKLV1E6S2ocJlmNXgOwQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771032457; c=relaxed/simple; bh=s3lzO/bXszH5OMIQQtWSrd06VzARWtW4CDEP6dETZYo=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=SuJ7kY9nUrMWAvJIiRVdFpOeeUIpnlM6mREfvMSbqsbr8x2OZvWwXmgvuJOnrhn8uI0XEeMgXbVAeQoWx3f58hTsavRnYG1YtihLvGXfCh9V6Ozin81tupg2Xf+IOwXy0tdVtiBPPxnS5nRMYannW8x3j+RdCk6vAjHaHxGMHMM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=u3jchCRW; arc=none smtp.client-ip=209.85.214.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="u3jchCRW" Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-2a90510a6d1so12699895ad.0 for ; Fri, 13 Feb 2026 17:27:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1771032455; x=1771637255; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=bpLFx/BKr4BaXcZ20UtDSNr2VDzmqXClfDpQcpkuB30=; b=u3jchCRWSjlhw4SO8ogo0t9LqP4/TSEeWmQq2iV5VmviyERvFTEdMmaBGMXzB4B+EG F7ijZ+dlCl6VNQ9rHIXEFS1plCtRX6edTH6h/7SopPg1FrwKthgionnx4l1IsP3X+2jd Cm21j1Vi+Zv1rRDgE94V7WCmZql5mkUXdJ4tSu1FSdTwTeEXgXqAH2lDa89sS1MFuZNS zjf/izj8IxYVzLhWPuLhehKjyairXYuHfrgwRyh6pOKWq1oC4/oh/oibm70ojAqwB6AJ WQJB2LZnKo0haAR4NgBIzZwYsRBkDnMlIzRqN/Qe7OY1j37HslYn3X9YVOU4ETy/xorZ rNyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771032455; x=1771637255; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=bpLFx/BKr4BaXcZ20UtDSNr2VDzmqXClfDpQcpkuB30=; b=anZPHiYu6NW1hOcSXlVS6T8CGw1OwrhGWDSc3iw052uAtxCs52r3/OqVCdbkYkNQsc bViuOpzq8slcNIeOX9rK9QqI5z5ascuj0GLAVhBZZojFy8BXktrCTf/NhrGPy3SSoRlD gj2xBOyxwLJnGPQQZp3NgDEYlnYNocljg5Zs7WshIJDyzm2XS9JAqzD9KDcSEFKcqk1T Ewq2SdCqlytvsTXY5bcwJwCSHn3AOxJmtXbHWzFHuUOszBNqeM/LyUO0/sRTr+vIdHkE lFGqthcK3rs0rH2tpWQluiD3bga1FQTCSxe6ZMbvkGoAkOWF3CYHYYVHdNWXakq+vppT sF1A== X-Gm-Message-State: AOJu0YytYlJKXwBtFwuca8RWvZlBtEW1FoEt0ezSA0yXyGvP1KkEDnrv WqlEwJ4xgddOm1V0zS1i9FkDN2kxrLteCdy4oW++XpS+CMPHokSCQWFlWozq7Fv8sY3CST3HqJC BElbD0w== X-Received: from plrt19.prod.google.com ([2002:a17:902:b213:b0:2aa:d3a6:c339]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:903:984:b0:2aa:e4f2:f076 with SMTP id d9443c01a7336-2ac974316f2mr20540065ad.8.1771032454516; Fri, 13 Feb 2026 17:27:34 -0800 (PST) Reply-To: Sean Christopherson Date: Fri, 13 Feb 2026 17:27:02 -0800 In-Reply-To: <20260214012702.2368778-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260214012702.2368778-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.310.g728cabbaf7-goog Message-ID: <20260214012702.2368778-17-seanjc@google.com> Subject: [PATCH v3 16/16] KVM: TDX: Fold tdx_bringup() into tdx_hardware_setup() From: Sean Christopherson To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, Kiryl Shutsemau , Peter Zijlstra , Arnaldo Carvalho de Melo , Namhyung Kim , Sean Christopherson , Paolo Bonzini Cc: linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev, kvm@vger.kernel.org, linux-perf-users@vger.kernel.org, Chao Gao , Xu Yilun , Dan Williams Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Now that TDX doesn't need to manually enable virtualization through _KVM_ APIs during setup, fold tdx_bringup() into tdx_hardware_setup() where the code belongs, e.g. so that KVM doesn't leave the S-EPT kvm_x86_ops wired up when TDX is disabled. The weird ordering (and naming) was necessary to allow KVM TDX to use kvm_enable_virtualization(), which in turn had a hard dependency on kvm_x86_ops.enable_virtualization_cpu and thus kvm_x86_vendor_init(). Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/main.c | 19 ++++++++----------- arch/x86/kvm/vmx/tdx.c | 39 +++++++++++++++------------------------ arch/x86/kvm/vmx/tdx.h | 8 ++------ 3 files changed, 25 insertions(+), 41 deletions(-) diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c index a46ccd670785..dbebddf648be 100644 --- a/arch/x86/kvm/vmx/main.c +++ b/arch/x86/kvm/vmx/main.c @@ -29,10 +29,15 @@ static __init int vt_hardware_setup(void) if (ret) return ret; =20 + return enable_tdx ? tdx_hardware_setup() : 0; +} + +static void vt_hardware_unsetup(void) +{ if (enable_tdx) - tdx_hardware_setup(); + tdx_hardware_unsetup(); =20 - return 0; + vmx_hardware_unsetup(); } =20 static int vt_vm_init(struct kvm *kvm) @@ -869,7 +874,7 @@ struct kvm_x86_ops vt_x86_ops __initdata =3D { =20 .check_processor_compatibility =3D vmx_check_processor_compat, =20 - .hardware_unsetup =3D vmx_hardware_unsetup, + .hardware_unsetup =3D vt_op(hardware_unsetup), =20 .enable_virtualization_cpu =3D vmx_enable_virtualization_cpu, .disable_virtualization_cpu =3D vt_op(disable_virtualization_cpu), @@ -1029,7 +1034,6 @@ struct kvm_x86_init_ops vt_init_ops __initdata =3D { static void __exit vt_exit(void) { kvm_exit(); - tdx_cleanup(); vmx_exit(); } module_exit(vt_exit); @@ -1043,11 +1047,6 @@ static int __init vt_init(void) if (r) return r; =20 - /* tdx_init() has been taken */ - r =3D tdx_bringup(); - if (r) - goto err_tdx_bringup; - /* * TDX and VMX have different vCPU structures. Calculate the * maximum size/align so that kvm_init() can use the larger @@ -1074,8 +1073,6 @@ static int __init vt_init(void) return 0; =20 err_kvm_init: - tdx_cleanup(); -err_tdx_bringup: vmx_exit(); return r; } diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index fea3dfc7ac8b..d354022ba9c9 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -3285,7 +3285,12 @@ int tdx_gmem_max_mapping_level(struct kvm *kvm, kvm_= pfn_t pfn, bool is_private) return PG_LEVEL_4K; } =20 -static int __init __tdx_bringup(void) +void tdx_hardware_unsetup(void) +{ + misc_cg_set_capacity(MISC_CG_RES_TDX, 0); +} + +static int __init __tdx_hardware_setup(void) { const struct tdx_sys_info_td_conf *td_conf; int i; @@ -3359,7 +3364,7 @@ static int __init __tdx_bringup(void) return 0; } =20 -int __init tdx_bringup(void) +int __init tdx_hardware_setup(void) { int r, i; =20 @@ -3395,7 +3400,7 @@ int __init tdx_bringup(void) goto success_disable_tdx; } =20 - r =3D __tdx_bringup(); + r =3D __tdx_hardware_setup(); if (r) { /* * Disable TDX only but don't fail to load module if the TDX @@ -3409,31 +3414,12 @@ int __init tdx_bringup(void) */ if (r =3D=3D -ENODEV) goto success_disable_tdx; + + return r; } =20 - return r; - -success_disable_tdx: - enable_tdx =3D 0; - return 0; -} - -void tdx_cleanup(void) -{ - if (!enable_tdx) - return; - - misc_cg_set_capacity(MISC_CG_RES_TDX, 0); -} - -void __init tdx_hardware_setup(void) -{ KVM_SANITY_CHECK_VM_STRUCT_SIZE(kvm_tdx); =20 - /* - * Note, if the TDX module can't be loaded, KVM TDX support will be - * disabled but KVM will continue loading (see tdx_bringup()). - */ vt_x86_ops.vm_size =3D max_t(unsigned int, vt_x86_ops.vm_size, sizeof(str= uct kvm_tdx)); =20 vt_x86_ops.link_external_spt =3D tdx_sept_link_private_spt; @@ -3441,4 +3427,9 @@ void __init tdx_hardware_setup(void) vt_x86_ops.free_external_spt =3D tdx_sept_free_private_spt; vt_x86_ops.remove_external_spte =3D tdx_sept_remove_private_spte; vt_x86_ops.protected_apic_has_interrupt =3D tdx_protected_apic_has_interr= upt; + return 0; + +success_disable_tdx: + enable_tdx =3D 0; + return 0; } diff --git a/arch/x86/kvm/vmx/tdx.h b/arch/x86/kvm/vmx/tdx.h index 45b5183ccb36..b5cd2ffb303e 100644 --- a/arch/x86/kvm/vmx/tdx.h +++ b/arch/x86/kvm/vmx/tdx.h @@ -8,9 +8,8 @@ #ifdef CONFIG_KVM_INTEL_TDX #include "common.h" =20 -void tdx_hardware_setup(void); -int tdx_bringup(void); -void tdx_cleanup(void); +int tdx_hardware_setup(void); +void tdx_hardware_unsetup(void); =20 extern bool enable_tdx; =20 @@ -187,9 +186,6 @@ TDX_BUILD_TDVPS_ACCESSORS(8, MANAGEMENT, management); TDX_BUILD_TDVPS_ACCESSORS(64, STATE_NON_ARCH, state_non_arch); =20 #else -static inline int tdx_bringup(void) { return 0; } -static inline void tdx_cleanup(void) {} - #define enable_tdx 0 =20 struct kvm_tdx { --=20 2.53.0.310.g728cabbaf7-goog