Re: [PATCH v13 19/22] KVM: selftests: Finalize TD memory as part of kvm_arch_vm_finalize_vcpus
From: Sean Christopherson
Date: Fri Jun 05 2026 - 14:03:24 EST
On Fri, Jun 05, 2026, Ackerley Tng wrote:
> Lisa Wang <wyihan@xxxxxxxxxx> writes:
>
> > From: Sagi Shahar <sagis@xxxxxxxxxx>
> >
> > Finalize TDX VM after creation to make it runnable.
> >
> > Signed-off-by: Sagi Shahar <sagis@xxxxxxxxxx>
> > Reviewed-by: Ira Weiny <ira.weiny@xxxxxxxxx>
> > Signed-off-by: Lisa Wang <wyihan@xxxxxxxxxx>
> > ---
> > tools/testing/selftests/kvm/lib/x86/processor.c | 6 ++++++
> > 1 file changed, 6 insertions(+)
> >
> > diff --git a/tools/testing/selftests/kvm/lib/x86/processor.c b/tools/testing/selftests/kvm/lib/x86/processor.c
> > index d84c629a1945..842cac168e99 100644
> > --- a/tools/testing/selftests/kvm/lib/x86/processor.c
> > +++ b/tools/testing/selftests/kvm/lib/x86/processor.c
> > @@ -1479,6 +1479,12 @@ bool kvm_arch_has_default_irqchip(void)
> > return true;
> > }
> >
> > +void kvm_arch_vm_finalize_vcpus(struct kvm_vm *vm)
> > +{
> > + if (is_tdx_vm(vm))
> > + tdx_vm_finalize(vm);
> > +}
> > +
>
> This doesn't necessarily block this series, we could (re)move this
> later: I'm not sure if kvm_arch_vm_finalize_vcpus() is the correct place
> to be finalizing the VM.
>
> Was kvm_arch_vm_finalize_vcpus() supposed to be for finalizing vCPUs
> instead?
>
> The awkward part is that kvm_arch_vm_finalize_vcpus() is called from
> __vm_create_with_vcpus().
>
> While building this POC to test conversions [1] I only wanted to create
> the vm and vcpus and didn't want to finalize yet, since I still needed
> to do more mappings in the guest (and I needed the vm pointer to do
> mappings in the guest).
Hmm, I would argue this is a flaw in the selftests infrastructure. IMO, as a
developer, it's quite surprising that the current value of a global variable
doesn't show up in the VM automagically. I totally understand why selftests
work that way, but it's certainly odd and annoying. If _that_ were solved, then
the kludginess of what you're doing goes away.
The other way this could be solved is by adding support for annotating globals
with a __shared flag, a la the kernel's __bss_decrypted, so that loading memory
into the VM can automatically mark the associated globals' pages as shared.
> Would calling tdx_vm_finalize() from within vcpu_run(), just once, be
> too magical?
Yes.
> It's also possible to have some kvm_vm_finalize() call that can be
> explicitly and manually invoked from selftests just for CoCo selftests.
Why bother? It's obviously possible to all kvm_arch_vm_finalize_vcpus() directly.