On 2023-07-21 at 13:18:50 -0700, Sean Christopherson wrote: > Now that VMX is disabled in emergencies via the virt callbacks, move the > VMXOFF helpers into KVM, the only remaining user. Not sure if it's too early to mention. Intel TDX Connect could be a future user, it is the TDX extension for device security. TDX uses SEAMCALL to interact with TDX Module, and SEAMCALL execution requires VMXON. This is also true for TDX Connect. But TDX Connect covers more controls out of KVM scope, like PCI IDE, SPDM, IOMMU. IOW, other driver modules may use SEAMCALLs and in turn use VMXON/OFF for TDX Connect. I'm wondering if then we should again move VMXON/OFF helpers back to virtext.h Or, could we just keep vmxoff unchanged now? Thanks, Yilun
