Move the MMU lockdep assert in set_external_spte_present() into the TDX
specific op because the assert is TDX specific in intention.

The TDP MMU has many lockdep asserts for various scenarios, and in fact
the callchains that are used for TDX already have a lockdep assert which
cover the case in set_external_spte_present(). However, these asserts are
for management of the TDP root owned by KVM. In the
set_external_spte_present() assert case, it is helping with a scheme to
avoid contention in the TDX module during zap operations. That is very
TDX specific.

One option would be to just remove the assert in
set_external_spte_present() and rely on the other ones in the TDP MMU. But
that assert is for an a different intention, and too far away from the
SEAMCALL that needs it. So move just move it to TDX code.

Suggested-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
---
 arch/x86/kvm/mmu/tdp_mmu.c | 2 --
 arch/x86/kvm/vmx/tdx.c     | 3 ++-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kvm/mmu/tdp_mmu.c b/arch/x86/kvm/mmu/tdp_mmu.c
index 6dc08fe22841..6763537098ee 100644
--- a/arch/x86/kvm/mmu/tdp_mmu.c
+++ b/arch/x86/kvm/mmu/tdp_mmu.c
@@ -498,8 +498,6 @@ static int __must_check set_external_spte_present(struct kvm *kvm,
 						  gfn_t gfn, u64 old_spte,
 						  u64 new_spte, int level)
 {
-	lockdep_assert_held(&kvm->mmu_lock);
-
 	return kvm_x86_call(set_external_spte)(kvm, gfn, level, new_spte);
 }
 
diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
index 361a75b42ae7..b44a9c96c89e 100644
--- a/arch/x86/kvm/vmx/tdx.c
+++ b/arch/x86/kvm/vmx/tdx.c
@@ -1722,10 +1722,11 @@ static int tdx_sept_map_leaf_spte(struct kvm *kvm, gfn_t gfn, enum pg_level leve
 static int tdx_sept_set_private_spte(struct kvm *kvm, gfn_t gfn,
 				     enum pg_level level, u64 mirror_spte)
 {
-
 	if (KVM_BUG_ON(!is_shadow_present_pte(mirror_spte), kvm))
 		return -EIO;
 
+	lockdep_assert_held(&kvm->mmu_lock);
+
 	if (!is_last_spte(mirror_spte, level))
 		return tdx_sept_link_private_spt(kvm, gfn, level, mirror_spte);
 
-- 
2.53.0

On Fri, 2026-03-27 at 13:14 -0700, Rick Edgecombe wrote:
> Move the MMU lockdep assert in set_external_spte_present() into the TDX
> specific op because the assert is TDX specific in intention.
> 
> The TDP MMU has many lockdep asserts for various scenarios, and in fact
> the callchains that are used for TDX already have a lockdep assert which
> cover the case in set_external_spte_present(). 
> 

cover -> covers

> However, these asserts are
> for management of the TDP root owned by KVM. In the
> set_external_spte_present() assert case, it is helping with a scheme to
> avoid contention in the TDX module during zap operations. That is very
> TDX specific.
> 
> One option would be to just remove the assert in
> set_external_spte_present() and rely on the other ones in the TDP MMU. But
> that assert is for an a different intention, and too far away from the

"an a" -> a

> SEAMCALL that needs it. 
> 

> So move just move it to TDX code.

So just move it ...

On Fri, 2026-03-27 at 13:14 -0700, Rick Edgecombe wrote:
>  static int tdx_sept_set_private_spte(struct kvm *kvm, gfn_t gfn,
>  				     enum pg_level level, u64 mirror_spte)
>  {
> -
>  	if (KVM_BUG_ON(!is_shadow_present_pte(mirror_spte), kvm))
>  		return -EIO;

This line deleting isn't needed if it wasn't introduced in the previous
patch.

On Tue, 2026-03-31 at 10:30 +0000, Huang, Kai wrote:
> On Fri, 2026-03-27 at 13:14 -0700, Rick Edgecombe wrote:
> >  static int tdx_sept_set_private_spte(struct kvm *kvm, gfn_t gfn,
> >  				     enum pg_level level, u64 mirror_spte)
> >  {
> > -
> >  	if (KVM_BUG_ON(!is_shadow_present_pte(mirror_spte), kvm))
> >  		return -EIO;
> 
> This line deleting isn't needed if it wasn't introduced in the previous
> patch.


Oops, will fix.