On Tue, Jun 16, 2026, Ackerley Tng wrote:
> >> 1. What do you think of a kvm_arch_vm_finalize() that calls
> >> vm_sev_launch() and tdx_vm_finalize()? My key issue is that
> >> kvm_arch_vm_finalize_*vcpus*() seems to be for finalizing vCPUs
> >> rather than the whole VM.
> >
> > Key word "seems". I'm pretty sure Oliver picked
> > kvm_arch_vm_finalize_vcpus() as
> > the name in commit 8911c7dbc607 ("KVM: arm64: selftests: Create a VGICv3 for
> > 'default' VMs") for the same reasons I think it's a good fit for coco VMs:
> > like
> > finalizing TDX VMs, initializing the vGIC effectively finalizes vCPUs.
> >
> > We could rename it to kvm_arch_vm_finalize(), but that won't change the
> > fact that
> > we'll need to decide between automagic vs. manual finalization, and it
> > definitely
> > should be a separate discussion.
> >
>
> This definitely should not block this series.
>
> It's coming together for me now with your explanation:
> kvm_arch_vm_finalize_vcpus() actually means finalizing vCPUs! vGIC ==
> Virtual Generic Interrupt Controller, which has to be done after all the
> vCPUs are set up. Since the name is describing where in the VM
> creation/setup flow the hook is called (after creating VM and after
> creating vCPUs), maybe something like kvm_arch_vm_post_vcpu_create()?
No, because I would expect post_vcpu_create() to run after creating each vCPU,
not after creating all vCPUs. E.g. see KVM's kvm_arch_vcpu_{pre,post}create().
> Renaming this to kvm_arch_vm_finalize() makes it sound like it is
> finalizing the VM, but this function shouldn't finalize the VM since for
> CoCo finalizing the VM also loads the guest image into the guest - deals
> with memory, not just vCPUs.
>
> 8911c7dbc607 ("KVM: arm64: selftests: Create a VGICv3 for 'default'
> VMs") also includes a test_disable_default_vgic() function, we could
> also use something like that to skip CoCo VM finalization for some
> tests? Maybe that's a good middle ground.
That probably won't work well, and in practice it's just shuffling deck chairs
on the Titanic. For vGIC, and pre-create hook works because the tests that opt
out of automatic vGIC instantiation want that behavior to apply to all VMs that
the test creates. That's not the case for sev_smoke_test though, because some
testcases need deferred launch (test_sync_vmsa()), whereas others can use
automatic launch (test_sev()).
The other wrinkle is that SEV at least needs to provide the policy, which again
varies per VM within a single test.
