KVM: x86/mmu: WARN if TDP MMU SP disallows hugepage after being zapped

Extend the accounting sanity check in kvm_recover_nx_huge_pages() to the
TDP MMU, i.e. verify that zapping a shadow page unaccounts the disallowed
NX huge page regardless of the MMU type.  Recovery runs while holding
mmu_lock for write and so it should be impossible to get false positives
on the WARN.

Suggested-by: Yan Zhao <yan.y.zhao@intel.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20221019165618.927057-9-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
index efce5e4..93c389e 100644 (file)
--- a/arch/x86/kvm/mmu/mmu.c
+++ b/arch/x86/kvm/mmu/mmu.c
@@ -6875,12 +6875,11 @@ static void kvm_recover_nx_huge_pages(struct kvm *kvm)
                                      struct kvm_mmu_page,
                                      possible_nx_huge_page_link);
                WARN_ON_ONCE(!sp->nx_huge_page_disallowed);
-               if (is_tdp_mmu_page(sp)) {
+               if (is_tdp_mmu_page(sp))
                        flush |= kvm_tdp_mmu_zap_sp(kvm, sp);
-               } else {
+               else
                        kvm_mmu_prepare_zap_page(kvm, sp, &invalid_list);
-                       WARN_ON_ONCE(sp->nx_huge_page_disallowed);
-               }
+               WARN_ON_ONCE(sp->nx_huge_page_disallowed);
 
                if (need_resched() || rwlock_needbreak(&kvm->mmu_lock)) {
                        kvm_mmu_remote_flush_or_zap(kvm, &invalid_list, flush);