Re: [PATCH 02/17] KVM: x86/mmu: Update iter->old_spte if cmpxchg64 on mirror SPTE "fails"

Next message: Lorenzo Stoakes (Oracle): "[PATCH] fix"
Previous message: Zongmin Zhou: "[PATCH v3] usbip: tools: add hint when no exported devices are found"
In reply to: Yan Zhao: "Re: [PATCH 02/17] KVM: x86/mmu: Update iter-&gt;old_spte if cmpxchg64 on mirror SPTE &quot;fails&quot;"
Next in thread: Yan Zhao: "Re: [PATCH 02/17] KVM: x86/mmu: Update iter-&gt;old_spte if cmpxchg64 on mirror SPTE &quot;fails&quot;"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Huang, Kai

Date: Tue Mar 31 2026 - 06:01:13 EST

> >
> > The __tdp_mmu_set_spte_atomic() has a WARN() at the beginning to check the
> > iter->old_spte isn't a frozen SPTE:
> >
> > WARN_ON_ONCE(iter->yielded || is_frozen_spte(iter->old_spte));
> >
> > Thinking more, I _think_ this patch could potentially trigger this WARNING
> > due to now set_external_spte_present() will set iter->old_spte to
> > FROZEN_SPTE when try_cmpxchg64() fails.
> >
> > Consider there are 3 vCPUs trying to accept the same GFN, and they all reach
> > __tdp_mmu_set_spte_atomic() simultaneously. Assuming vCPU1 does the
> >
> > if (!try_cmpxchg64(rcu_dereference(sptep), old_spte, FROZEN_SPTE))
> > return -EBUSY;
> >
> > .. successfully in set_external_spte_present(), then vCPU2 will fail on the
> > try_cmpxchg64(), but this will cause iter->old_spte to be updated to
> > FROZEN_SPTE.
> >
> > Then when vCPU3 enters __tdp_mmu_set_spte_atomic(), AFAICT the WARNING will
> > be triggered due to is_frozen_spte(iter->old_spte) will now return true.
>
> The failed caller needs to check "if (is_frozen_spte(iter.old_spte))" before
> retrying, as in kvm_tdp_mmu_map()?

It's possible the vCPU3 is already about to go into
__tdp_mmu_set_spte_atomic() when iter.old_spte becomes FROZEN_SPTE.