On Thu, Apr 14, 2022 at 5:08 PM Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote: > > On 4/14/22 11:07, Lai Jiangshan wrote: > >> I don't think this will work for shadow paging. CR3 only has to be 32-byte aligned > >> for PAE paging. Unless I'm missing something subtle in the code, KVM will incorrectly > >> reuse a pae_root if the guest puts multiple PAE CR3s on a single page because KVM's > >> gfn calculation will drop bits 11:5. > > > > I forgot about it. > > > Isn't the pae_root always rebuilt by > > if (!tdp_enabled && memcmp(mmu->pdptrs, pdpte, sizeof(mmu->pdptrs))) > kvm_mmu_free_roots(vcpu->kvm, mmu, KVM_MMU_ROOT_CURRENT); > > in load_pdptrs? I think reuse cannot happen. > In this patchset, root sp can be reused if it is found from the hash, including new pae root. All new kinds of sp added in this patchset are in the hash too. No more special root pages. kvm_mmu_free_roots() can not free those new types of sp if they are still valid. And different vcpu can use the same pae root sp if the guest cr3 of the vcpus are the same. And new pae root can be put in prev_root too (not implemented yet) because they are not too special anymore. As long as sp->gfn, sp->pae_off, sp->role are matched, they can be reused.