On Tue, Dec 14, 2021, Sean Christopherson wrote: > Assuming there is exactly one helper, that would also address my > concerns with kvm_tdp_mmu_zap_invalidated_roots() being unsafe to call in parallel, > e.g. two zappers processing an invalid root would both put the last reference to > a root and trigger use-after-free of a different kind. I take that back. So long as both callers grabbed a reference to the root, multiple instances are ok. I forgot that kvm_tdp_mmu_zap_invalidated_roots() doesn't take roots off the list directly, that's handled by kvm_tdp_mmu_put_root().
