On Tue, Aug 09, 2022, Paolo Bonzini wrote:
> On 8/6/22 01:05, Sean Christopherson wrote:
> > !is_large_pte(spte)) {
> > + u64 page_mask;
> > +
> > + /*
> > + * Ensure nx_huge_page_disallowed is read after checking for a
> > + * present shadow page. A different vCPU may be concurrently
> > + * installing the shadow page if mmu_lock is held for read.
> > + * Pairs with the smp_wmb() in kvm_tdp_mmu_map().
> > + */
> > + smp_rmb();
> > +
> > + if (!spte_to_child_sp(spte)->nx_huge_page_disallowed)
> > + return;
> > +
>
> I wonder if the barrier shouldn't be simply in to_shadow_page(), i.e. always
> assume in the TDP MMU code that sp->xyz is read after the SPTE that points
> to that struct kvm_mmu_page.
If we can get away with it, I'd prefer to rely on the READ_ONCE() in
kvm_tdp_mmu_read_spte() and required ordering of:
READ_ONCE() => PRESENT => spte_to_child_sp()
