KVM: TDX: Fold tdx_bringup() into tdx_hardware_setup()

Now that TDX doesn't need to manually enable virtualization through _KVM_
APIs during setup, fold tdx_bringup() into tdx_hardware_setup() where the
code belongs, e.g. so that KVM doesn't leave the S-EPT kvm_x86_ops wired
up when TDX is disabled.

The weird ordering (and naming) was necessary to allow KVM TDX to use
kvm_enable_virtualization(), which in turn had a hard dependency on
kvm_x86_ops.enable_virtualization_cpu and thus kvm_x86_vendor_init().

Tested-by: Chao Gao <chao.gao@intel.com>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Tested-by: Sagi Shahar <sagis@google.com>
Link: https://patch.msgid.link/20260214012702.2368778-17-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>

diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c
index a46ccd6707859f69db4166e72d636939fdb0a5f7..dbebddf648be738db9e77ff4ab0b79651e75f8a9 100644 (file)
--- a/arch/x86/kvm/vmx/main.c
+++ b/arch/x86/kvm/vmx/main.c
@@ -29,10 +29,15 @@ static __init int vt_hardware_setup(void)
        if (ret)
                return ret;
 
+       return enable_tdx ? tdx_hardware_setup() : 0;
+}
+
+static void vt_hardware_unsetup(void)
+{
        if (enable_tdx)
-               tdx_hardware_setup();
+               tdx_hardware_unsetup();
 
-       return 0;
+       vmx_hardware_unsetup();
 }
 
 static int vt_vm_init(struct kvm *kvm)
@@ -869,7 +874,7 @@ struct kvm_x86_ops vt_x86_ops __initdata = {
 
        .check_processor_compatibility = vmx_check_processor_compat,
 
-       .hardware_unsetup = vmx_hardware_unsetup,
+       .hardware_unsetup = vt_op(hardware_unsetup),
 
        .enable_virtualization_cpu = vmx_enable_virtualization_cpu,
        .disable_virtualization_cpu = vt_op(disable_virtualization_cpu),
@@ -1029,7 +1034,6 @@ struct kvm_x86_init_ops vt_init_ops __initdata = {
 static void __exit vt_exit(void)
 {
        kvm_exit();
-       tdx_cleanup();
        vmx_exit();
 }
 module_exit(vt_exit);
@@ -1043,11 +1047,6 @@ static int __init vt_init(void)
        if (r)
                return r;
 
-       /* tdx_init() has been taken */
-       r = tdx_bringup();
-       if (r)
-               goto err_tdx_bringup;
-
        /*
         * TDX and VMX have different vCPU structures.  Calculate the
         * maximum size/align so that kvm_init() can use the larger
@@ -1074,8 +1073,6 @@ static int __init vt_init(void)
        return 0;
 
 err_kvm_init:
-       tdx_cleanup();
-err_tdx_bringup:
        vmx_exit();
        return r;
 }

diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
index 520d85a2974aea694920c4b6f57bc96103055e3c..b7264b533feb8baa35eb9095f27ab18caa7761c7 100644 (file)
--- a/arch/x86/kvm/vmx/tdx.c
+++ b/arch/x86/kvm/vmx/tdx.c
@@ -3284,7 +3284,12 @@ int tdx_gmem_max_mapping_level(struct kvm *kvm, kvm_pfn_t pfn, bool is_private)
        return PG_LEVEL_4K;
 }
 
-static int __init __tdx_bringup(void)
+void tdx_hardware_unsetup(void)
+{
+       misc_cg_set_capacity(MISC_CG_RES_TDX, 0);
+}
+
+static int __init __tdx_hardware_setup(void)
 {
        const struct tdx_sys_info_td_conf *td_conf;
        int i;
@@ -3358,7 +3363,7 @@ static int __init __tdx_bringup(void)
        return 0;
 }
 
-int __init tdx_bringup(void)
+int __init tdx_hardware_setup(void)
 {
        int r, i;
 
@@ -3394,7 +3399,7 @@ int __init tdx_bringup(void)
                goto success_disable_tdx;
        }
 
-       r = __tdx_bringup();
+       r = __tdx_hardware_setup();
        if (r) {
                /*
                 * Disable TDX only but don't fail to load module if the TDX
@@ -3408,31 +3413,12 @@ int __init tdx_bringup(void)
                 */
                if (r == -ENODEV)
                        goto success_disable_tdx;
-       }
-
-       return r;
-
-success_disable_tdx:
-       enable_tdx = 0;
-       return 0;
-}
-
-void tdx_cleanup(void)
-{
-       if (!enable_tdx)
-               return;
 
-       misc_cg_set_capacity(MISC_CG_RES_TDX, 0);
-}
+               return r;
+       }
 
-void __init tdx_hardware_setup(void)
-{
        KVM_SANITY_CHECK_VM_STRUCT_SIZE(kvm_tdx);
 
-       /*
-        * Note, if the TDX module can't be loaded, KVM TDX support will be
-        * disabled but KVM will continue loading (see tdx_bringup()).
-        */
        vt_x86_ops.vm_size = max_t(unsigned int, vt_x86_ops.vm_size, sizeof(struct kvm_tdx));
 
        vt_x86_ops.link_external_spt = tdx_sept_link_private_spt;
@@ -3440,4 +3426,9 @@ void __init tdx_hardware_setup(void)
        vt_x86_ops.free_external_spt = tdx_sept_free_private_spt;
        vt_x86_ops.remove_external_spte = tdx_sept_remove_private_spte;
        vt_x86_ops.protected_apic_has_interrupt = tdx_protected_apic_has_interrupt;
+       return 0;
+
+success_disable_tdx:
+       enable_tdx = 0;
+       return 0;
 }

diff --git a/arch/x86/kvm/vmx/tdx.h b/arch/x86/kvm/vmx/tdx.h
index 45b5183ccb36c6e2f21a11fa453938d4ebc2a2dc..b5cd2ffb303e5fb43cf94cc41eabb1c36ffd9692 100644 (file)
--- a/arch/x86/kvm/vmx/tdx.h
+++ b/arch/x86/kvm/vmx/tdx.h
@@ -8,9 +8,8 @@
 #ifdef CONFIG_KVM_INTEL_TDX
 #include "common.h"
 
-void tdx_hardware_setup(void);
-int tdx_bringup(void);
-void tdx_cleanup(void);
+int tdx_hardware_setup(void);
+void tdx_hardware_unsetup(void);
 
 extern bool enable_tdx;
 
@@ -187,9 +186,6 @@ TDX_BUILD_TDVPS_ACCESSORS(8, MANAGEMENT, management);
 TDX_BUILD_TDVPS_ACCESSORS(64, STATE_NON_ARCH, state_non_arch);
 
 #else
-static inline int tdx_bringup(void) { return 0; }
-static inline void tdx_cleanup(void) {}
-
 #define enable_tdx     0
 
 struct kvm_tdx {