On Mon, 2024-06-24 at 16:30 +0800, Yan Zhao wrote:
> On Wed, Jun 19, 2024 at 03:36:10PM -0700, Rick Edgecombe wrote:
> > diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
> > index e9c1783a8743..287dcc2685e4 100644
> > --- a/arch/x86/kvm/mmu/mmu.c
> > +++ b/arch/x86/kvm/mmu/mmu.c
> > @@ -3701,7 +3701,9 @@ static int mmu_alloc_direct_roots(struct kvm_vcpu
> > *vcpu)
> > int r;
> >
> > if (tdp_mmu_enabled) {
> > - kvm_tdp_mmu_alloc_root(vcpu);
> > + if (kvm_has_mirrored_tdp(vcpu->kvm))
> > + kvm_tdp_mmu_alloc_root(vcpu, true);
> > + kvm_tdp_mmu_alloc_root(vcpu, false);
> > return 0;
> > }
> mmu_alloc_direct_roots() is called when vcpu->arch.mmu->root.hpa is
> INVALID_PAGE
> in kvm_mmu_reload(), which could happen after direct root is invalidated.
>
> > -void kvm_tdp_mmu_alloc_root(struct kvm_vcpu *vcpu)
> > +void kvm_tdp_mmu_alloc_root(struct kvm_vcpu *vcpu, bool mirror)
> > {
> > struct kvm_mmu *mmu = vcpu->arch.mmu;
> > union kvm_mmu_page_role role = mmu->root_role;
> > @@ -241,6 +246,9 @@ void kvm_tdp_mmu_alloc_root(struct kvm_vcpu *vcpu)
> > struct kvm *kvm = vcpu->kvm;
> > struct kvm_mmu_page *root;
> >
> > + if (mirror)
> > + role.is_mirror = 1;
> > +
> Could we add a validity check of mirror_root_hpa to prevent an incorrect ref
> count increment of the mirror root?
I was originally suspicious of the asymmetry of the tear down of mirror and
direct roots vs the allocation. Do you see a concrete problem, or just
advocating for safety?
>
> + if (mirror) {
> + if (mmu->mirror_root_hpa != INVALID_PAGE)
> + return;
> +
> role.is_mirror = true;
> + }
