[RFC PATCH v2 05/10] KVM: TDX: Allow vCPUs to be created for migration

Wed, 11 Jun 2025 14:18:45 -0700 

During migration, vCPUs need to be created for an uninitialized VM.

This commit moves the TDX vCPU setup that requires an initialized VM
out of tdx_vcpu_create() and into tdx_td_vcpu_init().

Signed-off-by: Ryan Afranji <afra...@google.com>
---
 arch/x86/kvm/vmx/tdx.c | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
index 07583a11d6e3..4582f94175b7 100644
--- a/arch/x86/kvm/vmx/tdx.c
+++ b/arch/x86/kvm/vmx/tdx.c
@@ -664,9 +664,6 @@ int tdx_vcpu_create(struct kvm_vcpu *vcpu)
        struct kvm_tdx *kvm_tdx = to_kvm_tdx(vcpu->kvm);
        struct vcpu_tdx *tdx = to_tdx(vcpu);
 
-       if (kvm_tdx->state != TD_STATE_INITIALIZED)
-               return -EIO;
-
        /*
         * TDX module mandates APICv, which requires an in-kernel local APIC.
         * Disallow an in-kernel I/O APIC, because level-triggered interrupts
@@ -692,12 +689,6 @@ int tdx_vcpu_create(struct kvm_vcpu *vcpu)
        vcpu->arch.tsc_scaling_ratio = kvm_tdx->tsc_multiplier;
        vcpu->arch.l1_tsc_scaling_ratio = kvm_tdx->tsc_multiplier;
 
-       vcpu->arch.guest_state_protected =
-               !(to_kvm_tdx(vcpu->kvm)->attributes & TDX_TD_ATTR_DEBUG);
-
-       if ((kvm_tdx->xfam & XFEATURE_MASK_XTILE) == XFEATURE_MASK_XTILE)
-               vcpu->arch.xfd_no_write_intercept = true;
-
        tdx->vt.pi_desc.nv = POSTED_INTR_VECTOR;
        __pi_set_sn(&tdx->vt.pi_desc);
 
@@ -3003,8 +2994,9 @@ static int tdx_vcpu_get_cpuid(struct kvm_vcpu *vcpu, 
struct kvm_tdx_cmd *cmd)
 
 static int tdx_vcpu_init(struct kvm_vcpu *vcpu, struct kvm_tdx_cmd *cmd)
 {
-       u64 apic_base;
+       struct kvm_tdx *kvm_tdx = to_kvm_tdx(vcpu->kvm);
        struct vcpu_tdx *tdx = to_tdx(vcpu);
+       u64 apic_base;
        int ret;
 
        if (cmd->flags)
@@ -3013,6 +3005,15 @@ static int tdx_vcpu_init(struct kvm_vcpu *vcpu, struct 
kvm_tdx_cmd *cmd)
        if (tdx->state != VCPU_TD_STATE_UNINITIALIZED)
                return -EINVAL;
 
+       if (kvm_tdx->state != TD_STATE_INITIALIZED)
+               return -EIO;
+
+       vcpu->arch.guest_state_protected = !(kvm_tdx->attributes &
+                                            TDX_TD_ATTR_DEBUG);
+
+       if ((kvm_tdx->xfam & XFEATURE_MASK_XTILE) == XFEATURE_MASK_XTILE)
+               vcpu->arch.xfd_no_write_intercept = true;
+
        /*
         * TDX requires X2APIC, userspace is responsible for configuring guest
         * CPUID accordingly.
-- 
2.50.0.rc1.591.g9c95f17f64-goog

Reply via email to