From: Sean Christopherson <seanjc@google.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Sean Christopherson <seanjc@google.com>
Subject: [GIT PULL] KVM: x86: VMXON and EFER.SVME extraction for 7.1
Date: Fri, 10 Apr 2026 16:58:30 -0700 [thread overview]
Message-ID: <20260410235832.2312342-12-seanjc@google.com> (raw)
In-Reply-To: <20260410235832.2312342-1-seanjc@google.com>
Move VMXON and EFER.SVME handling out of KVM and into the core kernel so that
core TDX code can do SEAMCALLs without needing to ensure KVM is loaded.
As noted in the full "svm" PULL request, there's a superficial conflict with
the OSVW changes.
The following changes since commit 11439c4635edd669ae435eec308f4ab8a0804808:
Linux 7.0-rc2 (2026-03-01 15:39:31 -0800)
are available in the Git repository at:
https://github.com/kvm-x86/linux.git tags/kvm-x86-vmxon-7.1
for you to fetch changes up to e30aa03d032df0f3ee5efb1995a7a2fe662177be:
x86/virt: Treat SVM as unsupported when running as an SEV+ guest (2026-04-09 12:21:53 -0700)
----------------------------------------------------------------
KVM x86 VMXON and EFER.SVME extraction for 7.1
Move _only_ VMXON+VMXOFF and EFER.SVME toggling out of KVM (versus all of VMX
and SVM enabling) out of KVM and into the core kernel so that non-KVM TDX
enabling, e.g. for trusted I/O, can make SEAMCALLs without needing to ensure
KVM is fully loaded.
TDX isn't a hypervisor, and isn't trying to be a hypervisor. Specifically, TDX
should _never_ have it's own VMCSes (that are visible to the host; the
TDX-Module has it's own VMCSes to do SEAMCALL/SEAMRET), and so there is simply
no reason to move that functionality out of KVM.
With that out of the way, dealing with VMXON/VMXOFF and EFER.SVME is a fairly
simple refcounting game.
----------------------------------------------------------------
Chao Gao (1):
x86/virt/tdx: KVM: Consolidate TDX CPU hotplug handling
Sean Christopherson (16):
KVM: x86: Move kvm_rebooting to x86
KVM: VMX: Move architectural "vmcs" and "vmcs_hdr" structures to public vmx.h
KVM: x86: Move "kvm_rebooting" to kernel as "virt_rebooting"
KVM: VMX: Unconditionally allocate root VMCSes during boot CPU bringup
x86/virt: Force-clear X86_FEATURE_VMX if configuring root VMCS fails
KVM: VMX: Move core VMXON enablement to kernel
KVM: SVM: Move core EFER.SVME enablement to kernel
KVM: x86: Move bulk of emergency virtualizaton logic to virt subsystem
x86/virt: Add refcounting of VMX/SVM usage to support multiple in-kernel users
x86/virt/tdx: Drop the outdated requirement that TDX be enabled in IRQ context
KVM: x86/tdx: Do VMXON and TDX-Module initialization during subsys init
x86/virt/tdx: Tag a pile of functions as __init, and globals as __ro_after_init
x86/virt/tdx: Use ida_is_empty() to detect if any TDs may be running
KVM: Bury kvm_{en,dis}able_virtualization() in kvm_main.c once more
KVM: TDX: Fold tdx_bringup() into tdx_hardware_setup()
x86/virt: Treat SVM as unsupported when running as an SEV+ guest
Documentation/arch/x86/tdx.rst | 36 +--
arch/x86/events/intel/pt.c | 1 -
arch/x86/include/asm/kvm_host.h | 3 +-
arch/x86/include/asm/reboot.h | 11 -
arch/x86/include/asm/tdx.h | 4 -
arch/x86/include/asm/virt.h | 26 ++
arch/x86/include/asm/vmx.h | 11 +
arch/x86/kernel/cpu/common.c | 2 +
arch/x86/kernel/crash.c | 3 +-
arch/x86/kernel/reboot.c | 63 +----
arch/x86/kernel/smp.c | 5 +-
arch/x86/kvm/svm/svm.c | 35 +--
arch/x86/kvm/svm/vmenter.S | 10 +-
arch/x86/kvm/vmx/main.c | 19 +-
arch/x86/kvm/vmx/tdx.c | 210 ++--------------
arch/x86/kvm/vmx/tdx.h | 8 +-
arch/x86/kvm/vmx/vmcs.h | 11 -
arch/x86/kvm/vmx/vmenter.S | 2 +-
arch/x86/kvm/vmx/vmx.c | 138 +----------
arch/x86/kvm/x86.c | 29 ++-
arch/x86/virt/Makefile | 2 +
arch/x86/virt/hw.c | 360 ++++++++++++++++++++++++++++
arch/x86/virt/vmx/tdx/tdx.c | 326 ++++++++++++++-----------
arch/x86/virt/vmx/tdx/tdx.h | 8 -
arch/x86/virt/vmx/tdx/tdx_global_metadata.c | 10 +-
include/linux/kvm_host.h | 16 +-
virt/kvm/kvm_main.c | 31 ++-
27 files changed, 720 insertions(+), 660 deletions(-)
create mode 100644 arch/x86/include/asm/virt.h
create mode 100644 arch/x86/virt/hw.c
next prev parent reply other threads:[~2026-04-10 23:58 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-10 23:58 [GIT PULL] KVM: x86 pull requests for 7.1 Sean Christopherson
2026-04-10 23:58 ` [GIT PULL] KVM: x86: A lonely fix " Sean Christopherson
2026-04-10 23:58 ` [GIT PULL] KVM: guest_memfd change " Sean Christopherson
2026-04-10 23:58 ` [GIT PULL] KVM: x86: Misc changes " Sean Christopherson
2026-04-10 23:58 ` [GIT PULL] KVM: x86: Emulated MMIO " Sean Christopherson
2026-04-10 23:58 ` [GIT PULL] KVM: x86: MMU " Sean Christopherson
2026-04-10 23:58 ` [GIT PULL] KVM: x86: Nested SVM " Sean Christopherson
2026-04-10 23:58 ` [GIT PULL] KVM: Selftests " Sean Christopherson
2026-04-10 23:58 ` [GIT PULL] KVM: x86: SVM+SEV changes Sean Christopherson
2026-04-10 23:58 ` [GIT PULL] KVM: x86: SVM changes for 7.1 (short version) Sean Christopherson
2026-04-10 23:58 ` [GIT PULL] KVM: x86: VMX changes for 7.1 Sean Christopherson
2026-04-10 23:58 ` Sean Christopherson [this message]
2026-04-11 0:02 ` [GIT PULL] KVM: x86: VMXON and EFER.SVME extraction " Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260410235832.2312342-12-seanjc@google.com \
--to=seanjc@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox