On Tue, Jan 07, 2025 at 03:02:28PM +0100, Paolo Bonzini wrote: > On Tue, Jan 7, 2025 at 8:45 AM Yan Zhao <yan.y.zhao@xxxxxxxxx> wrote: > > > @@ -1715,8 +1715,8 @@ static int tdx_gmem_post_populate(struct kvm *kvm, gfn_t gfn, kvm_pfn_t pfn, > > > goto out; > > > } > > > - WARN_ON_ONCE(!atomic64_read(&kvm_tdx->nr_premapped)); > > > - atomic64_dec(&kvm_tdx->nr_premapped); > > > + if (!WARN_ON_ONCE(!atomic64_read(&kvm_tdx->nr_premapped))) > > > + atomic64_dec(&kvm_tdx->nr_premapped); > > One concern here. > > If tdx_gmem_post_populate() is called when kvm_tdx->nr_premapped is 0, it will > > trigger the WARN_ON here, indicating that something has gone wrong. > > Should KVM refuse to start the TD in this case? > > > > If we don't decrease kvm_tdx->nr_premapped in that case, it will remain 0, > > allowing it to pass the check in tdx_td_finalize(). > > Let's make it a KVM_BUG_ON then. Ok. Fair enough.
