>+static void tdx_complete_interrupts(struct kvm_vcpu *vcpu)
>+{
>+ /* Avoid costly SEAMCALL if no NMI was injected. */
>+ if (vcpu->arch.nmi_injected) {
>+ /*
>+ * No need to request KVM_REQ_EVENT because PEND_NMI is still
>+ * set if NMI re-injection needed. No other event types need
>+ * to be handled because TDX doesn't support injection of
>+ * exception, SMI or interrupt (via event injection).
>+ */
>+ vcpu->arch.nmi_injected = td_management_read8(to_tdx(vcpu),
>+ TD_VCPU_PEND_NMI);
>+ }
Why does KVM care whether/when an NMI is injected by the TDX module?
I think we can simply set nmi_injected to false unconditionally here, or even in
tdx_inject_nmi(). From KVM's perspective, NMI injection is complete right after
writing to PEND_NMI. It is the TDX module that should inject the NMI at the
right time and do the re-injection.
>+}
>+
