On Fri, Jun 05, 2026, Ackerley Tng wrote: > Lisa Wang <[email protected]> writes: > > > From: Sagi Shahar <[email protected]> > > > > Finalize TDX VM after creation to make it runnable. > > > > Signed-off-by: Sagi Shahar <[email protected]> > > Reviewed-by: Ira Weiny <[email protected]> > > Signed-off-by: Lisa Wang <[email protected]> > > --- > > tools/testing/selftests/kvm/lib/x86/processor.c | 6 ++++++ > > 1 file changed, 6 insertions(+) > > > > diff --git a/tools/testing/selftests/kvm/lib/x86/processor.c > > b/tools/testing/selftests/kvm/lib/x86/processor.c > > index d84c629a1945..842cac168e99 100644 > > --- a/tools/testing/selftests/kvm/lib/x86/processor.c > > +++ b/tools/testing/selftests/kvm/lib/x86/processor.c > > @@ -1479,6 +1479,12 @@ bool kvm_arch_has_default_irqchip(void) > > return true; > > } > > > > +void kvm_arch_vm_finalize_vcpus(struct kvm_vm *vm) > > +{ > > + if (is_tdx_vm(vm)) > > + tdx_vm_finalize(vm); > > +} > > + > > This doesn't necessarily block this series, we could (re)move this > later: I'm not sure if kvm_arch_vm_finalize_vcpus() is the correct place > to be finalizing the VM. > > Was kvm_arch_vm_finalize_vcpus() supposed to be for finalizing vCPUs > instead? > > The awkward part is that kvm_arch_vm_finalize_vcpus() is called from > __vm_create_with_vcpus(). > > While building this POC to test conversions [1] I only wanted to create > the vm and vcpus and didn't want to finalize yet, since I still needed > to do more mappings in the guest (and I needed the vm pointer to do > mappings in the guest).
Hmm, I would argue this is a flaw in the selftests infrastructure. IMO, as a developer, it's quite surprising that the current value of a global variable doesn't show up in the VM automagically. I totally understand why selftests work that way, but it's certainly odd and annoying. If _that_ were solved, then the kludginess of what you're doing goes away. The other way this could be solved is by adding support for annotating globals with a __shared flag, a la the kernel's __bss_decrypted, so that loading memory into the VM can automatically mark the associated globals' pages as shared. > Would calling tdx_vm_finalize() from within vcpu_run(), just once, be > too magical? Yes. > It's also possible to have some kvm_vm_finalize() call that can be > explicitly and manually invoked from selftests just for CoCo selftests. Why bother? It's obviously possible to all kvm_arch_vm_finalize_vcpus() directly.
