kvm-for-linux-v5.5.patch

From c0a3c88a7bf864146e3ab5b2521afbd570ffd4b3 Mon Sep 17 00:00:00 2001
From: Dongli Zhang <dongli.zhang0129@gmail.com>
Date: Sun, 26 Apr 2020 17:41:15 -0700
Subject: [PATCH 1/1] kvm for linux v5.5

Signed-off-by: Dongli Zhang <dongli.zhang0129@gmail.com>
---
 arch/x86/include/asm/kvm_host.h      |  20 +
 arch/x86/include/uapi/asm/kvm_para.h |  35 ++
 arch/x86/kernel/kvm.c                | 116 ++++++
 arch/x86/kernel/kvmclock.c           |  80 ++++
 arch/x86/kvm/cpuid.c                 |   7 +
 arch/x86/kvm/cpuid.h                 |   4 +
 arch/x86/kvm/hyperv.c                |  14 +
 arch/x86/kvm/lapic.c                 |  34 ++
 arch/x86/kvm/lapic.h                 |  64 +++
 arch/x86/kvm/mmu.h                   |   6 +
 arch/x86/kvm/mmu/mmu.c               |  38 ++
 arch/x86/kvm/vmx/vmcs.h              |   9 +
 arch/x86/kvm/vmx/vmenter.S           | 102 +++++
 arch/x86/kvm/vmx/vmx.c               |  43 ++
 arch/x86/kvm/x86.c                   | 589 +++++++++++++++++++++++++++
 drivers/cpuidle/driver.c             |   9 +
 drivers/vfio/pci/vfio_pci.c          |  45 ++
 drivers/vfio/pci/vfio_pci_config.c   |   4 +
 drivers/vfio/pci/vfio_pci_intrs.c    |  45 ++
 drivers/vfio/pci/vfio_pci_private.h  |  43 ++
 drivers/vfio/pci/vfio_pci_rdwr.c     |  27 ++
 drivers/vfio/vfio.c                  |  93 +++++
 drivers/vfio/vfio_iommu_type1.c      |  48 +++
 include/linux/kvm_host.h             |   8 +
 include/linux/kvm_para.h             |  22 +
 include/uapi/linux/kvm.h             |  20 +
 virt/kvm/eventfd.c                   |  18 +
 virt/kvm/irqchip.c                   |  12 +
 virt/kvm/kvm_main.c                  |   9 +
 29 files changed, 1564 insertions(+)

diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index b79cd6aa4075..8e8635661e64 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -662,6 +662,14 @@ struct kvm_vcpu_arch {
 		u8 nr;
 	} interrupt;
 
+	/*
+	 * 在以下使用halt_request:
+	 *   - arch/x86/kvm/vmx/vmx.c|4552| <<handle_rmode_exception>> if (vcpu->arch.halt_request) {
+	 *   - arch/x86/kvm/vmx/vmx.c|4553| <<handle_rmode_exception>> vcpu->arch.halt_request = 0;
+	 *   - arch/x86/kvm/vmx/vmx.c|5242| <<handle_invalid_guest_state>> if (vcpu->arch.halt_request) {
+	 *   - arch/x86/kvm/vmx/vmx.c|5243| <<handle_invalid_guest_state>> vcpu->arch.halt_request = 0;
+	 *   - arch/x86/kvm/x86.c|6334| <<emulator_halt>> emul_to_vcpu(ctxt)->arch.halt_request = 1;
+	 */
 	int halt_request; /* real mode on Intel only */
 
 	int cpuid_nent;
@@ -943,6 +951,18 @@ struct kvm_arch {
 
 	u64 disabled_quirks;
 
+	/*
+	 * 在以下设置irqchip_mode:
+	 *   - arch/x86/kvm/x86.c|4790| <<kvm_vm_ioctl_enable_cap>> kvm->arch.irqchip_mode = KVM_IRQCHIP_SPLIT;
+	 *   - arch/x86/kvm/x86.c|4911| <<kvm_arch_vm_ioctl>> kvm->arch.irqchip_mode = KVM_IRQCHIP_KERNEL;
+	 *
+	 * 在以下使用irqchip_mode:
+	 *   - arch/x86/kvm/ioapic.h|111| <<ioapic_in_kernel>> int mode = kvm->arch.irqchip_mode;
+	 *   - arch/x86/kvm/irq.h|71| <<pic_in_kernel>> int mode = kvm->arch.irqchip_mode;
+	 *   - arch/x86/kvm/irq.h|80| <<irqchip_split>> int mode = kvm->arch.irqchip_mode;
+	 *   - arch/x86/kvm/irq.h|89| <<irqchip_kernel>> int mode = kvm->arch.irqchip_mode;
+	 *   - arch/x86/kvm/irq.h|98| <<irqchip_in_kernel>> int mode = kvm->arch.irqchip_mode;
+	 */
 	enum kvm_irqchip_mode irqchip_mode;
 	u8 nr_reserved_ioapic_pins;
 
diff --git a/arch/x86/include/uapi/asm/kvm_para.h b/arch/x86/include/uapi/asm/kvm_para.h
index 2a8e0b6b9805..4129b082b711 100644
--- a/arch/x86/include/uapi/asm/kvm_para.h
+++ b/arch/x86/include/uapi/asm/kvm_para.h
@@ -32,6 +32,36 @@
 #define KVM_FEATURE_POLL_CONTROL	12
 #define KVM_FEATURE_PV_SCHED_YIELD	13
 
+/*
+ * commit a4429e53c9b3082b05e51224c3d58dbdd39306c5
+ * Author: Wanpeng Li <wanpengli@tencent.com>
+ * Date:   Tue Feb 13 09:05:40 2018 +0800
+ *
+ * KVM: Introduce paravirtualization hints and KVM_HINTS_DEDICATED
+ *
+ * This patch introduces kvm_para_has_hint() to query for hints about
+ * the configuration of the guests.  The first hint KVM_HINTS_DEDICATED,
+ * is set if the guest has dedicated physical CPUs for each vCPU (i.e.
+ * pinning and no over-commitment).  This allows optimizing spinlocks
+ * and tells the guest to avoid PV TLB flush.
+ *
+ * Cc: Paolo Bonzini <pbonzini@redhat.com>
+ * Cc: Radim Krčmář <rkrcmar@redhat.com>
+ * Cc: Eduardo Habkost <ehabkost@redhat.com>
+ * Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
+ * Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+ * Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
+ *
+ * 名字改成了KVM_HINTS_REALTIME
+ *
+ * 在以下使用KVM_HINTS_REALTIME:
+ *   - arch/x86/kernel/kvm.c|534| <<kvm_smp_prepare_cpus>> if (kvm_para_has_hint(KVM_HINTS_REALTIME))
+ *   - arch/x86/kernel/kvm.c|627| <<kvm_guest_init>> !kvm_para_has_hint(KVM_HINTS_REALTIME) &&
+ *   - arch/x86/kernel/kvm.c|640| <<kvm_guest_init>> !kvm_para_has_hint(KVM_HINTS_REALTIME) &&
+ *   - arch/x86/kernel/kvm.c|744| <<kvm_setup_pv_tlb_flush>> !kvm_para_has_hint(KVM_HINTS_REALTIME) &&
+ *   - arch/x86/kernel/kvm.c|839| <<kvm_spinlock_init>> if (kvm_para_has_hint(KVM_HINTS_REALTIME))
+ *   - drivers/cpuidle/cpuidle-haltpoll.c|105| <<haltpoll_init>> !kvm_para_has_hint(KVM_HINTS_REALTIME))
+ */
 #define KVM_HINTS_REALTIME      0
 
 /* The last 8 bits are used to indicate how to interpret the flags field
@@ -79,6 +109,11 @@ struct kvm_clock_pairing {
 #define KVM_MAX_MMU_OP_BATCH           32
 
 #define KVM_ASYNC_PF_ENABLED			(1 << 0)
+/*
+ * 在以下使用KVM_ASYNC_PF_SEND_ALWAYS:
+ *   - arch/x86/kernel/kvm.c|316| <<kvm_guest_cpu_init>> pa |= KVM_ASYNC_PF_SEND_ALWAYS;
+ *   - arch/x86/kvm/x86.c|2564| <<kvm_pv_enable_async_pf>> vcpu->arch.apf.send_user_only = !(data & KVM_ASYNC_PF_SEND_ALWAYS);
+ */
 #define KVM_ASYNC_PF_SEND_ALWAYS		(1 << 1)
 #define KVM_ASYNC_PF_DELIVERY_AS_PF_VMEXIT	(1 << 2)
 
diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c
index 32ef1ee733b7..f74cbac85c01 100644
--- a/arch/x86/kernel/kvm.c
+++ b/arch/x86/kernel/kvm.c
@@ -35,6 +35,56 @@
 #include <asm/tlb.h>
 #include <asm/cpuidle_haltpoll.h>
 
+/*
+ * Documentation/virt/kvm/msr.txt
+ * kvm的pv选项:
+ *   - apf
+ *   - steal clock
+ *   - pv-eoi
+ *   - pv-ipi
+ */
+/*
+ * apf
+ *
+ * 1. 进程访问被swap出去的内存页从而触发page fault,kvm mmu尝试apf方式.
+ * 2. 将具体的处理逻辑交给apf worker,然后通过注入page not present的异常通知guest.
+ * 3. guest进入异常处理逻辑,将该进程block住,然后reschedule运行其他进程.
+ * 4. apf work完成page换进工作后通知guest,page页已经准备好.guest重新将block的进程调度进来,使该进程正常进行.
+ *
+ * https://terenceli.github.io/%E6%8A%80%E6%9C%AF/2019/03/24/kvm-async-page-fault
+ * https://www.linux-kvm.org/images/a/ac/2010-forum-Async-page-faults.pdf
+ * https://www.kernelnote.com/entry/kvmguestswap
+ */
+/*
+ * pv-eoi (减少vmexit的数量)
+ *
+ * x86 PC体系架构中的中断控制器,早先是8259A,现在更普遍使用的是APIC,他们处理中断的流程遵循如下流程:
+ *
+ * 1. 外部设备产生一个中断,如果该中断没有被屏蔽掉,中断控制器将IRR寄存器中相应的位置1,表示收到中断,但是还未提交给CPU处理.
+ * 2. 中断控制器将该中断提交给CPU,CPU收到中断请求后,会应答中断控制器.
+ * 3. 中断控制器收到CPU的中断应答后,将IRR寄存器中相应的位清0,并将ISR寄存器相应的位置1,表示CPU正在处理该中断.
+ * 4. 当该中断的处理程序结束以前,需要将中断控制器的EOI寄存器对应的位置1,表示CPU完成了对该中断的处理.
+ * 5. 中断控制器收到EOI后,ISR寄存器中相应的位清0，允许下次中断.
+ * 6. 在虚拟化场景中,该流程至少会导致两次VM Exit: 第一次是VMM截获到设备中断的时候,通知客户机退出,将这个中断注入到客户机中;
+ *    另外一次是当客户机操作系统处理完该中断后,写中断控制器的EOI寄存器,这是个MMIO操作,也会导致客户机退出.
+ *    在一个外部IO比较频繁的场景中,外部中断会导致大量的VM Exit,影响客户机的整体性能.
+ *
+ * PV-EOI其实就是通过半虚拟化的办法来优化上述的VM Exit影响,virtio也是使用这个思想来优化网络和磁盘;就EOI的优化来说,其思想本质上很简单:
+ *
+ * 1. 客户机和VMM协商,首先确定双方是否都能支持PV-EOI特性,如果成功,则进一步协商一块2 bytes的内存区间作为双方处理EOI的共享缓存;
+ * 2. 在VMM向客户机注入中断之前,会把缓存的最低位置1,表示客户机不需要通过写EOI寄存器;
+ * 3. 客户机在写EOI之前,如果发现该位被设置,则将该位清0;VMM轮询这个标志位,当检查到清0后,会更新模拟中断控制器中的EOI寄存器;
+ *    如果客户机发现该位未被设置,则继续使用MMIO或者MSR写EOI寄存器;
+ *
+ * 需要注意的是,为了保证客户机和VMM同时处理共享内存的性能和可靠性,目前KVM的PV-EOF方案采用了如下的优化措施:
+ *
+ * 1. VMM保障仅会在客户机VCPU的上下文中更改共享内存中的最低位,从而避免了客户机采用任何锁机制来与VMM进行同步;
+ * 2. 客户机必须使用原子的test_and_clear操作来更改共享内存中的最低位,这是因为VMM在任何时候都有可能设置或者清除该位;
+ *
+ * https://blog.csdn.net/luo_brian/article/details/8744025?utm_source=tuicool&utm_medium=referral
+ * https://fedoraproject.org/wiki/QA:Testcase_Virtualization_PV_EOI
+ */
+
 static int kvmapf = 1;
 
 static int __init parse_no_kvmapf(char *arg)
@@ -293,6 +343,22 @@ static void kvm_register_steal_time(void)
 
 static DEFINE_PER_CPU_DECRYPTED(unsigned long, kvm_apic_eoi) = KVM_PV_EOI_DISABLED;
 
+/*
+ * PV-EOI其实就是通过半虚拟化的办法来优化上述的VM Exit影响,virtio也是使用这个思想来优化网络和磁盘;就EOI的优化来说,其思想本质上很简单:
+ *
+ * 1. 客户机和VMM协商,首先确定双方是否都能支持PV-EOI特性,如果成功,则进一步协商一块2 bytes的内存区间作为双方处理EOI的共享缓存;
+ * 2. 在VMM向客户机注入中断之前,会把缓存的最低位置1,表示客户机不需要通过写EOI寄存器;
+ * 3. 客户机在写EOI之前,如果发现该位被设置,则将该位清0;VMM轮询这个标志位,当检查到清0后,会更新模拟中断控制器中的EOI寄存器;
+ *    如果客户机发现该位未被设置,则继续使用MMIO或者MSR写EOI寄存器;
+ *
+ * 需要注意的是,为了保证客户机和VMM同时处理共享内存的性能和可靠性,目前KVM的PV-EOF方案采用了如下的优化措施:
+ *
+ * 1. VMM保障仅会在客户机VCPU的上下文中更改共享内存中的最低位,从而避免了客户机采用任何锁机制来与VMM进行同步;
+ * 2. 客户机必须使用原子的test_and_clear操作来更改共享内存中的最低位,这是因为VMM在任何时候都有可能设置或者清除该位;
+ *
+ * https://blog.csdn.net/luo_brian/article/details/8744025?utm_source=tuicool&utm_medium=referral
+ * https://fedoraproject.org/wiki/QA:Testcase_Virtualization_PV_EOI
+ */
 static notrace void kvm_guest_apic_eoi_write(u32 reg, u32 val)
 {
 	/**
@@ -581,6 +647,31 @@ static void __init kvm_apf_trap_init(void)
 
 static DEFINE_PER_CPU(cpumask_var_t, __pv_tlb_mask);
 
+/*
+ * commit 858a43aae23672d46fe802a41f4748f322965182
+ * Author: Wanpeng Li <wanpeng.li@hotmail.com>
+ * Date:   Tue Dec 12 17:33:02 2017 -0800
+ *
+ * KVM: X86: use paravirtualized TLB Shootdown
+ *
+ * Remote TLB flush does a busy wait which is fine in bare-metal
+ * scenario. But with-in the guest, the vcpus might have been pre-empted or
+ * blocked. In this scenario, the initator vcpu would end up busy-waiting
+ * for a long amount of time; it also consumes CPU unnecessarily to wake
+ * up the target of the shootdown.
+ *
+ * This patch set adds support for KVM's new paravirtualized TLB flush;
+ * remote TLB flush does not wait for vcpus that are sleeping, instead
+ * KVM will flush the TLB as soon as the vCPU starts running again.
+ *
+ * The improvement is clearly visible when the host is overcommitted; in this
+ * case, the PV TLB flush (in addition to avoiding the wait on the main CPU)
+ * prevents preempted vCPUs from stealing precious execution time from the
+ * running ones.
+ *
+ * Testing on a Xeon Gold 6142 2.6GHz 2 sockets, 32 cores, 64 threads,
+ * so 64 pCPUs, and each VM is 64 vCPUs.
+ */
 static void kvm_flush_tlb_others(const struct cpumask *cpumask,
 			const struct flush_tlb_info *info)
 {
@@ -736,6 +827,31 @@ static __init int activate_jump_labels(void)
 }
 arch_initcall(activate_jump_labels);
 
+/*
+ * commit 858a43aae23672d46fe802a41f4748f322965182
+ * Author: Wanpeng Li <wanpeng.li@hotmail.com>
+ * Date:   Tue Dec 12 17:33:02 2017 -0800
+ *
+ * KVM: X86: use paravirtualized TLB Shootdown
+ *
+ * Remote TLB flush does a busy wait which is fine in bare-metal
+ * scenario. But with-in the guest, the vcpus might have been pre-empted or
+ * blocked. In this scenario, the initator vcpu would end up busy-waiting
+ * for a long amount of time; it also consumes CPU unnecessarily to wake
+ * up the target of the shootdown.
+ *
+ * This patch set adds support for KVM's new paravirtualized TLB flush;
+ * remote TLB flush does not wait for vcpus that are sleeping, instead
+ * KVM will flush the TLB as soon as the vCPU starts running again.
+ *
+ * The improvement is clearly visible when the host is overcommitted; in this
+ * case, the PV TLB flush (in addition to avoiding the wait on the main CPU)
+ * prevents preempted vCPUs from stealing precious execution time from the
+ * running ones.
+ *
+ * Testing on a Xeon Gold 6142 2.6GHz 2 sockets, 32 cores, 64 threads,
+ * so 64 pCPUs, and each VM is 64 vCPUs.
+ */
 static __init int kvm_setup_pv_tlb_flush(void)
 {
 	int cpu;
diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c
index 904494b924c1..9359910bbb52 100644
--- a/arch/x86/kernel/kvmclock.c
+++ b/arch/x86/kernel/kvmclock.c
@@ -23,7 +23,87 @@
 #include <asm/reboot.h>
 #include <asm/kvmclock.h>
 
+/*
+ * FROM SUSE!!!
+ * When using kvm-clock, it is not recommended to use NTP in the VM Guest, as
+ * well. Using NTP on the VM Host Server, however, is still recommended.
+ */
+
+/*
+ * Clocksource is a device that can give a timestamp whenever you need it. In
+ * other words, Clocksource is any ticking counter that allows you to get its
+ * value.
+ *
+ * Clockevent device is an alarm clock—you ask the device to signal a time in
+ * the future (e.g., "wake me up in 1ms") and when the alarm is triggered, you
+ * get the signal.
+ *
+ * sched_clock() function is similar to clocksource, but this particular one
+ * should be "cheap" to read (meaning that one can get its value fast), as
+ * sched_clock() is used for task-scheduling purposes and scheduling happens
+ * often. We're ready to sacrifice accuracy and other characteristics for
+ * speed.
+ *
+ * > CLOCK_REALTIME clock gives the time passed since January 1, 1970. This
+ *   clock is affected by NTP adjustments and can jump forward and backward when
+ *   a system administrator adjusts system time.
+ *
+ * > CLOCK_MONOTONIC clock gives the time since a fixed starting point-usually
+ *   since you booted the system. This clock is affected by NTP, but it can't
+ *   jump backward.
+ *
+ * > CLOCK_MONOTONIC_RAW clock gives the same time as CLOCK_MONOTONIC, but this
+ *   clock is not affected by NTP adjustments.
+ *
+ * > CLOCK_REALTIME_COARSE and CLOCK_MONOTONIC_COARSE are faster but
+ *   less-accurate variants of CLOCK_REALTIME and CLOCK_MONOTONIC.
+ *
+ * Hardware extensions for virtualizing TSC
+ *
+ * Since the early days of hardware-assisted virtualization, Intel was
+ * supplying an option to do TSC offsetting for virtual guests in hardware,
+ * which would mean that a guest's rdtsc reading will return a host's TSC value
+ * + offset. Unfortunately, this wasn't enough to support migration between
+ * different hosts because TSC frequency may differ, so pvclock and TSC page
+ * protocol were introduced. In late 2015, Intel introduced the TSC scaling
+ * feature (which was already present in AMD processors for several years) and,
+ * in theory, this is a game changer making pvclock and TSC page protocols
+ * redundant. However, an immediate switch to using plain TSC as a clocksource
+ * for virtualized guests seems impractical; one must be sure that all
+ * potential migration recipient hosts support the feature, but it is not yet
+ * widely available. Extensive testing also must be performed to make sure
+ * there are no drawbacks to switching from paravirtualized protocols.
+ */
+
+/*
+ * To get the current TSC reading, guests must do the following math:
+ *
+ * PerCPUTime = ((RDTSC() - tsc_timestamp) >> tsc_shift) * tsc_to_system_mul + system_time
+ *
+ *
+ *
+ * kvmclock or KVM pvclock lets guests read the host's wall clock time. It's
+ * really very simple: the guest sets aside a page of its RAM and asks the host
+ * to write time into that page (using an MSR). The host writes a structure
+ * containing the current time to this page - in theory the host updates this
+ * page constantly, but in reality that would be wasteful and the structure is
+ * only updated just before reentering the guest after some VM event.
+ * host更新clock的时间的函数在kvm_guest_time_update(), 只被vcpu_enter_guest()调用
+ */
+
 static int kvmclock __initdata = 1;
+/*
+ * commit 3dc4f7cfb7441e5e0fed3a02fc81cdaabd28300a
+ * Author: Marcelo Tosatti <mtosatti@redhat.com>
+ * Date:   Tue Nov 27 23:28:56 2012 -0200
+ *
+ * x86: kvm guest: pvclock vsyscall support
+ *
+ * Hook into generic pvclock vsyscall code, with the aim to
+ * allow userspace to have visibility into pvclock data.
+ *
+ * Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+ */
 static int kvmclock_vsyscall __initdata = 1;
 static int msr_kvm_system_time __ro_after_init = MSR_KVM_SYSTEM_TIME;
 static int msr_kvm_wall_clock __ro_after_init = MSR_KVM_WALL_CLOCK;
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index cf55629ff0ff..af7e5c07999f 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -994,6 +994,13 @@ static bool cpuid_function_in_range(struct kvm_vcpu *vcpu, u32 function)
 	return max && function <= max->eax;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/cpuid.c|1063| <<kvm_emulate_cpuid>> kvm_cpuid(vcpu, &eax, &ebx, &ecx, &edx, true);
+ *   - arch/x86/kvm/svm.c|2122| <<svm_vcpu_reset>> kvm_cpuid(vcpu, &eax, &dummy, &dummy, &dummy, true);
+ *   - arch/x86/kvm/trace.h|153| <<__field>> TRACE_EVENT(kvm_cpuid,
+ *   - arch/x86/kvm/x86.c|6347| <<emulator_get_cpuid>> return kvm_cpuid(emul_to_vcpu(ctxt), eax, ebx, ecx, edx, check_limit);
+ */
 bool kvm_cpuid(struct kvm_vcpu *vcpu, u32 *eax, u32 *ebx,
 	       u32 *ecx, u32 *edx, bool check_limit)
 {
diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h
index d78a61408243..248931e1891b 100644
--- a/arch/x86/kvm/cpuid.h
+++ b/arch/x86/kvm/cpuid.h
@@ -132,6 +132,10 @@ static inline int guest_cpuid_family(struct kvm_vcpu *vcpu)
 	return x86_family(best->eax);
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/svm.c|4213| <<svm_get_msr>> model = guest_cpuid_model(vcpu);
+ */
 static inline int guest_cpuid_model(struct kvm_vcpu *vcpu)
 {
 	struct kvm_cpuid_entry2 *best;
diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c
index 23ff65504d7e..601d5170de86 100644
--- a/arch/x86/kvm/hyperv.c
+++ b/arch/x86/kvm/hyperv.c
@@ -199,6 +199,20 @@ static void synic_exit(struct kvm_vcpu_hv_synic *synic, u32 msr)
 	kvm_make_request(KVM_REQ_HV_EXIT, vcpu);
 }
 
+/*
+ * [0] kvm_hv_set_msr_common
+ * [0] kvm_set_msr_common
+ * [0] vmx_set_msr
+ * [0] __kvm_set_msr
+ * [0] msr_io
+ * [0] kvm_arch_vcpu_ioctl
+ * [0] kvm_vcpu_ioctl
+ * [0] do_vfs_ioctl
+ * [0] ksys_ioctl
+ * [0] __x64_sys_ioctl
+ * [0] do_syscall_64
+ * [0] entry_SYSCALL_64_after_hwframe
+ */
 static int synic_set_msr(struct kvm_vcpu_hv_synic *synic,
 			 u32 msr, u64 data, bool host)
 {
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index cf9177b4a07f..8c38c9ff1019 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -96,6 +96,15 @@ static inline int __apic_test_and_clear_vector(int vec, void *bitmap)
 	return __test_and_clear_bit(VEC_POS(vec), (bitmap) + REG_POS(vec));
 }
 
+/*
+ * 在以下使用apic_hw_disabled:
+ *   - arch/x86/kvm/lapic.c|2098| <<kvm_free_lapic>> static_key_slow_dec_deferred(&apic_hw_disabled);
+ *   - arch/x86/kvm/lapic.c|2175| <<kvm_lapic_set_base>> static_key_slow_dec_deferred(&apic_hw_disabled);
+ *   - arch/x86/kvm/lapic.c|2177| <<kvm_lapic_set_base>> static_key_slow_inc(&apic_hw_disabled.key);
+ *   - arch/x86/kvm/lapic.c|2795| <<kvm_lapic_init>> jump_label_rate_limit(&apic_hw_disabled, HZ);
+ *   - arch/x86/kvm/lapic.c|2801| <<kvm_lapic_exit>> static_key_deferred_flush(&apic_hw_disabled);
+ *   - arch/x86/kvm/lapic.h|175| <<kvm_apic_hw_enabled>> if (static_key_false(&apic_hw_disabled.key))
+ */
 struct static_key_deferred apic_hw_disabled __read_mostly;
 struct static_key_deferred apic_sw_disabled __read_mostly;
 
@@ -425,6 +434,14 @@ static inline int apic_search_irr(struct kvm_lapic *apic)
 	return find_highest_vector(apic->regs + APIC_IRR);
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/lapic.c|455| <<apic_clear_irr>> apic_find_highest_irr(apic));
+ *   - arch/x86/kvm/lapic.c|543| <<kvm_lapic_find_highest_irr>> return apic_find_highest_irr(vcpu->arch.apic);
+ *   - arch/x86/kvm/lapic.c|665| <<apic_has_interrupt_for_ppr>> highest_irr = apic_find_highest_irr(apic);
+ *   - arch/x86/kvm/lapic.c|2496| <<kvm_apic_set_state>> apic_find_highest_irr(apic));
+ *   - arch/x86/kvm/lapic.c|2614| <<kvm_lapic_sync_to_vapic>> max_irr = apic_find_highest_irr(apic);
+ */
 static inline int apic_find_highest_irr(struct kvm_lapic *apic)
 {
 	int result;
@@ -2144,6 +2161,13 @@ u64 kvm_lapic_get_cr8(struct kvm_vcpu *vcpu)
 	return (tpr & 0xf0) >> 4;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/lapic.c|2208| <<kvm_lapic_reset>> kvm_lapic_set_base(vcpu, APIC_DEFAULT_PHYS_BASE |
+ *   - arch/x86/kvm/lapic.c|2244| <<kvm_lapic_reset>> kvm_lapic_set_base(vcpu,
+ *   - arch/x86/kvm/lapic.c|2485| <<kvm_apic_set_state>> kvm_lapic_set_base(vcpu, vcpu->arch.apic_base);
+ *   - arch/x86/kvm/x86.c|349| <<kvm_set_apic_base>> kvm_lapic_set_base(vcpu, msr_info->data);
+ */
 void kvm_lapic_set_base(struct kvm_vcpu *vcpu, u64 value)
 {
 	u64 old_value = vcpu->arch.apic_base;
@@ -2268,6 +2292,12 @@ int apic_has_pending_timer(struct kvm_vcpu *vcpu)
 	return 0;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/lapic.c|1576| <<kvm_apic_inject_pending_timer_irqs>> kvm_apic_local_deliver(apic, APIC_LVTT);
+ *   - arch/x86/kvm/lapic.c|2291| <<kvm_apic_nmi_wd_deliver>> kvm_apic_local_deliver(apic, APIC_LVT0);
+ *   - arch/x86/kvm/pmu.c|382| <<kvm_pmu_deliver_pmi>> kvm_apic_local_deliver(vcpu->arch.apic, APIC_LVTPC);
+ */
 int kvm_apic_local_deliver(struct kvm_lapic *apic, int lvt_type)
 {
 	u32 reg = kvm_lapic_get_reg(apic, lvt_type);
@@ -2599,6 +2629,10 @@ static void apic_sync_pv_eoi_to_guest(struct kvm_vcpu *vcpu,
 	pv_eoi_set_pending(apic->vcpu);
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|8145| <<vcpu_enter_guest>> kvm_lapic_sync_to_vapic(vcpu);
+ */
 void kvm_lapic_sync_to_vapic(struct kvm_vcpu *vcpu)
 {
 	u32 data, tpr;
diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h
index 39925afdfcdc..2c6ab1d4ac5f 100644
--- a/arch/x86/kvm/lapic.h
+++ b/arch/x86/kvm/lapic.h
@@ -159,19 +159,62 @@ static inline void kvm_lapic_set_reg(struct kvm_lapic *apic, int reg_off, u32 va
 	*((u32 *) (apic->regs + reg_off)) = val;
 }
 
+/*
+ * 在以下使用kvm_no_apic_vcpu:
+ *   - arch/x86/kvm/lapic.h|166| <<lapic_in_kernel>> if (static_key_false(&kvm_no_apic_vcpu))
+ *   - arch/x86/kvm/x86.c|9438| <<kvm_arch_vcpu_init>> static_key_slow_inc(&kvm_no_apic_vcpu);
+ *   - arch/x86/kvm/x86.c|9497| <<kvm_arch_vcpu_uninit>> static_key_slow_dec(&kvm_no_apic_vcpu);
+ */
 extern struct static_key kvm_no_apic_vcpu;
 
 static inline bool lapic_in_kernel(struct kvm_vcpu *vcpu)
 {
+	/*
+	 * 9419 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
+	 * ... ...
+	 * 9443         if (irqchip_in_kernel(vcpu->kvm)) {
+	 * 9444                 vcpu->arch.apicv_active = kvm_x86_ops->get_enable_apicv(vcpu->kvm);
+	 * 9445                 r = kvm_create_lapic(vcpu, lapic_timer_advance_ns);
+	 * 9446                 if (r < 0)
+	 * 9447                         goto fail_mmu_destroy;
+	 * 9448         } else
+	 * 9449                 static_key_slow_inc(&kvm_no_apic_vcpu);
+	 *
+	 * 在以下使用kvm_no_apic_vcpu:
+	 *   - arch/x86/kvm/lapic.h|166| <<lapic_in_kernel>> if (static_key_false(&kvm_no_apic_vcpu))
+	 *   - arch/x86/kvm/x86.c|9438| <<kvm_arch_vcpu_init>> static_key_slow_inc(&kvm_no_apic_vcpu);
+	 *   - arch/x86/kvm/x86.c|9497| <<kvm_arch_vcpu_uninit>> static_key_slow_dec(&kvm_no_apic_vcpu);
+	 *
+	 * 如果kvm_no_apic_vcpu是false, 说明kvm_arch_vcpu_init()->kvm_create_lapic()被调用了
+	 * 初始化了vcpu->arch.apic
+	 */
 	if (static_key_false(&kvm_no_apic_vcpu))
 		return vcpu->arch.apic;
 	return true;
 }
 
+/*
+ * 在以下使用apic_hw_disabled:
+ *   - arch/x86/kvm/lapic.c|2098| <<kvm_free_lapic>> static_key_slow_dec_deferred(&apic_hw_disabled);
+ *   - arch/x86/kvm/lapic.c|2175| <<kvm_lapic_set_base>> static_key_slow_dec_deferred(&apic_hw_disabled);
+ *   - arch/x86/kvm/lapic.c|2177| <<kvm_lapic_set_base>> static_key_slow_inc(&apic_hw_disabled.key);
+ *   - arch/x86/kvm/lapic.c|2795| <<kvm_lapic_init>> jump_label_rate_limit(&apic_hw_disabled, HZ);
+ *   - arch/x86/kvm/lapic.c|2801| <<kvm_lapic_exit>> static_key_deferred_flush(&apic_hw_disabled);
+ *   - arch/x86/kvm/lapic.h|175| <<kvm_apic_hw_enabled>> if (static_key_false(&apic_hw_disabled.key))
+ */
 extern struct static_key_deferred apic_hw_disabled;
 
 static inline int kvm_apic_hw_enabled(struct kvm_lapic *apic)
 {
+	/*
+	 * 在以下使用apic_hw_disabled:
+	 *   - arch/x86/kvm/lapic.c|2098| <<kvm_free_lapic>> static_key_slow_dec_deferred(&apic_hw_disabled);
+	 *   - arch/x86/kvm/lapic.c|2175| <<kvm_lapic_set_base>> static_key_slow_dec_deferred(&apic_hw_disabled);
+	 *   - arch/x86/kvm/lapic.c|2177| <<kvm_lapic_set_base>> static_key_slow_inc(&apic_hw_disabled.key);
+	 *   - arch/x86/kvm/lapic.c|2795| <<kvm_lapic_init>> jump_label_rate_limit(&apic_hw_disabled, HZ);
+	 *   - arch/x86/kvm/lapic.c|2801| <<kvm_lapic_exit>> static_key_deferred_flush(&apic_hw_disabled);
+	 *   - arch/x86/kvm/lapic.h|175| <<kvm_apic_hw_enabled>> if (static_key_false(&apic_hw_disabled.key))
+	 */
 	if (static_key_false(&apic_hw_disabled.key))
 		return apic->vcpu->arch.apic_base & MSR_IA32_APICBASE_ENABLE;
 	return MSR_IA32_APICBASE_ENABLE;
@@ -186,8 +229,29 @@ static inline bool kvm_apic_sw_enabled(struct kvm_lapic *apic)
 	return true;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/irq_comm.c|67| <<kvm_irq_delivery_to_apic>> if (!kvm_apic_present(vcpu))
+ *   - arch/x86/kvm/irq_comm.c|334| <<kvm_intr_is_single_vcpu>> if (!kvm_apic_present(vcpu))
+ *   - arch/x86/kvm/lapic.c|189| <<recalculate_apic_map>> if (kvm_apic_present(vcpu))
+ *   - arch/x86/kvm/lapic.c|209| <<recalculate_apic_map>> if (!kvm_apic_present(vcpu))
+ *   - arch/x86/kvm/lapic.c|1168| <<kvm_bitmap_or_dest_vcpus>> if (!kvm_apic_present(vcpu))
+ *   - arch/x86/kvm/lapic.h|217| <<kvm_lapic_enabled>> return kvm_apic_present(vcpu) && kvm_apic_sw_enabled(vcpu->arch.apic);
+ *   - arch/x86/kvm/x86.c|7912| <<vcpu_scan_ioapic>> if (!kvm_apic_present(vcpu))
+ */
 static inline bool kvm_apic_present(struct kvm_vcpu *vcpu)
 {
+	/*
+	 * 9419 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
+	 * ... ...
+	 * 9443         if (irqchip_in_kernel(vcpu->kvm)) {
+	 * 9444                 vcpu->arch.apicv_active = kvm_x86_ops->get_enable_apicv(vcpu->kvm);
+	 * 9445                 r = kvm_create_lapic(vcpu, lapic_timer_advance_ns);
+	 * 9446                 if (r < 0)
+	 * 9447                         goto fail_mmu_destroy;
+	 * 9448         } else
+	 * 9449                 static_key_slow_inc(&kvm_no_apic_vcpu);
+	 */
 	return lapic_in_kernel(vcpu) && kvm_apic_hw_enabled(vcpu->arch.apic);
 }
 
diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h
index d55674f44a18..51db11a6e926 100644
--- a/arch/x86/kvm/mmu.h
+++ b/arch/x86/kvm/mmu.h
@@ -73,6 +73,12 @@ static inline unsigned long kvm_mmu_available_pages(struct kvm *kvm)
 	return 0;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/vmx/nested.c|5234| <<nested_vmx_eptp_switching>> kvm_mmu_reload(vcpu);
+ *   - arch/x86/kvm/x86.c|8142| <<vcpu_enter_guest>> r = kvm_mmu_reload(vcpu);
+ *   - arch/x86/kvm/x86.c|10009| <<kvm_arch_async_page_ready>> r = kvm_mmu_reload(vcpu);
+ */
 static inline int kvm_mmu_reload(struct kvm_vcpu *vcpu)
 {
 	if (likely(vcpu->arch.mmu->root_hpa != INVALID_PAGE))
diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
index 6f92b40d798c..45d86f27bb08 100644
--- a/arch/x86/kvm/mmu/mmu.c
+++ b/arch/x86/kvm/mmu/mmu.c
@@ -4183,6 +4183,15 @@ static int kvm_arch_setup_async_pf(struct kvm_vcpu *vcpu, gva_t gva, gfn_t gfn)
 	return kvm_setup_async_pf(vcpu, gva, kvm_vcpu_gfn_to_hva(vcpu, gfn), &arch);
 }
 
+/*
+ * 1. 根据gfn找到对应的memslot
+ * 2. 用memslot的起始hva(userspace_addr)+(gfn-slot中的起始gfn(base_gfn))*页大小(PAGE_SIZE)
+ *    得到gfn对应的起始hva
+ * 3. 为该hva分配一个物理页,有hva_to_pfn_fast()和hva_to_pfn_slow()两种,hva_to_pfn_fast()
+ *    实际上是调用__get_user_pages_fast(),会尝试去pin该page,即确保该地址所在的物理页在内存中.
+ *    如果失败,退化到hva_to_pfn_slow(),会先去拿mm->mmap_sem的锁然后调用__get_user_pages()来pin
+ * 4. 如果分配成功,对其返回的struct page调用page_to_pfn()得到对应的pfn
+ */
 static bool try_async_pf(struct kvm_vcpu *vcpu, bool prefault, gfn_t gfn,
 			 gva_t gva, kvm_pfn_t *pfn, bool write, bool *writable)
 {
@@ -5257,6 +5266,11 @@ void kvm_mmu_reset_context(struct kvm_vcpu *vcpu)
 }
 EXPORT_SYMBOL_GPL(kvm_mmu_reset_context);
 
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu.h|81| <<kvm_mmu_reload>> return kvm_mmu_load(vcpu);
+ *   - arch/x86/kvm/svm.c|3442| <<nested_svm_vmexit>> kvm_mmu_load(&svm->vcpu);
+ */
 int kvm_mmu_load(struct kvm_vcpu *vcpu)
 {
 	int r;
@@ -5516,6 +5530,30 @@ static int make_mmu_pages_available(struct kvm_vcpu *vcpu)
 	return 0;
 }
 
+/*
+ * kvm mmio处理:
+ *
+ * 开始的时候mmio的内存都没有kvm_memory_slot, pte也都不存在,所以访问的时候会ept violation.
+ * handle_ept_violation()会调用kvm_mmu_page_fault().因为handle_ept_violation()不会为
+ * error_code设置PFERR_RSVD_MASK,所以kvm_mmu_page_fault()调用tdp_page_fault().
+ *
+ * tdp_page_fault()-->try_async_pf()-->__gfn_to_pfn_memslot()-->__gfn_to_hva_many().
+ * __gfn_to_hva_many()返回KVM_HVA_ERR_BAD=PAGE_OFFSET,所以__gfn_to_pfn_memslot()返回
+ * KVM_PFN_NOSLOT.
+ *
+ * 然后tdp_page_fault()-->__direct_map(),通过mmu_set_spte()-->set_mmio_spte()设置对应
+ * 的pte为mmio类型,也就是:
+ *
+ * 1. SPTE_SPECIAL_MASK(1往左移62位)是1
+ * 2. 结尾是110
+ * 3. 还有gen的信息
+ *
+ * 最后进行RET_PF_EMULATE
+ *
+ * 等到下一次page fault的时候,mmio的内存会触发handle_ept_misconfig()-->kvm_mmu_page_fault().
+ * 因为这次handle_ept_misconfig()设置error_code=PFERR_RSVD_MASK,kvm_mmu_page_fault()会调
+ * 用handle_mmio_page_fault(),返回进行emulate.
+ */
 int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u64 error_code,
 		       void *insn, int insn_len)
 {
diff --git a/arch/x86/kvm/vmx/vmcs.h b/arch/x86/kvm/vmx/vmcs.h
index 481ad879197b..667b168190ca 100644
--- a/arch/x86/kvm/vmx/vmcs.h
+++ b/arch/x86/kvm/vmx/vmcs.h
@@ -59,6 +59,15 @@ struct loaded_vmcs {
 	struct vmcs *vmcs;
 	struct vmcs *shadow_vmcs;
 	int cpu;
+	/*
+	 * 在以下使用launched:
+	 *   - arch/x86/kvm/vmx/nested.c|3008| <<nested_vmx_check_vmentry_hw>> [launched]"i"(offsetof(struct loaded_vmcs, launched)),
+	 *   - arch/x86/kvm/vmx/vmx.c|660| <<loaded_vmcs_init>> if (loaded_vmcs->shadow_vmcs && loaded_vmcs->launched)
+	 *   - arch/x86/kvm/vmx/vmx.c|663| <<loaded_vmcs_init>> loaded_vmcs->launched = 0;
+	 *   - arch/x86/kvm/vmx/vmx.c|6596| <<vmx_vcpu_run>> vmx->loaded_vmcs->launched);
+	 *   - arch/x86/kvm/vmx/vmx.c|6678| <<vmx_vcpu_run>> vmx->loaded_vmcs->launched = 1;
+	 *   - 在arch/x86/kvm/vmx/vmenter.S中也用到, 标志是应该vmresume还是vmlaunch
+	 */
 	bool launched;
 	bool nmi_known_unmasked;
 	bool hv_timer_soft_disabled;
diff --git a/arch/x86/kvm/vmx/vmenter.S b/arch/x86/kvm/vmx/vmenter.S
index 81ada2ce99e7..db945eb46778 100644
--- a/arch/x86/kvm/vmx/vmenter.S
+++ b/arch/x86/kvm/vmx/vmenter.S
@@ -7,6 +7,28 @@
 
 #define WORD_SIZE (BITS_PER_LONG / 8)
 
+/*
+ * #define __VCPU_REGS_RAX  0
+ * #define __VCPU_REGS_RCX  1
+ * #define __VCPU_REGS_RDX  2
+ * #define __VCPU_REGS_RBX  3
+ * #define __VCPU_REGS_RSP  4
+ * #define __VCPU_REGS_RBP  5
+ * #define __VCPU_REGS_RSI  6
+ * #define __VCPU_REGS_RDI  7
+ *
+ * #ifdef CONFIG_X86_64
+ * #define __VCPU_REGS_R8   8
+ * #define __VCPU_REGS_R9   9
+ * #define __VCPU_REGS_R10 10
+ * #define __VCPU_REGS_R11 11
+ * #define __VCPU_REGS_R12 12
+ * #define __VCPU_REGS_R13 13
+ * #define __VCPU_REGS_R14 14
+ * #define __VCPU_REGS_R15 15
+ * #endif
+ */
+
 #define VCPU_RAX	__VCPU_REGS_RAX * WORD_SIZE
 #define VCPU_RCX	__VCPU_REGS_RCX * WORD_SIZE
 #define VCPU_RDX	__VCPU_REGS_RDX * WORD_SIZE
@@ -44,6 +66,15 @@
  * to vmx_vmexit.
  */
 SYM_FUNC_START(vmx_vmenter)
+	/*
+	 * 在以下使用launched:
+	 *   - arch/x86/kvm/vmx/nested.c|3008| <<nested_vmx_check_vmentry_hw>> [launched]"i"(offsetof(struct loaded_vmcs, launched)),
+	 *   - arch/x86/kvm/vmx/vmx.c|660| <<loaded_vmcs_init>> if (loaded_vmcs->shadow_vmcs && loaded_vmcs->launched)
+	 *   - arch/x86/kvm/vmx/vmx.c|663| <<loaded_vmcs_init>> loaded_vmcs->launched = 0;
+	 *   - arch/x86/kvm/vmx/vmx.c|6596| <<vmx_vcpu_run>> vmx->loaded_vmcs->launched);
+	 *   - arch/x86/kvm/vmx/vmx.c|6678| <<vmx_vcpu_run>> vmx->loaded_vmcs->launched = 1;
+	 *   - 在arch/x86/kvm/vmx/vmenter.S中也用到, 标志是应该vmresume还是vmlaunch
+	 */
 	/* EFLAGS.ZF is set if VMCS.LAUNCHED == 0 */
 	je 2f
 
@@ -62,6 +93,18 @@ SYM_FUNC_START(vmx_vmenter)
 5:	jmp 3b
 	.popsection
 
+	/*
+	 * https://lwn.net/Articles/531148/
+	 * 
+	 * The _ASM_EXTABLE(addr1, addr2) macro allows the page fault exception
+	 * handler to determine whether an exception was caused by a kernel
+	 * instruction at address addr1 while trying to read or write a byte
+	 * into a process address space. If so, the kernel jumps to addr2 that
+	 * contains the fixup code, otherwise a kernel oops occurs. The
+	 * delimiters of the __ex_table special section (see the previous
+	 * linker script example) set the range of critical kernel instructions
+	 * that transfer bytes from or to user space.
+	 */
 	_ASM_EXTABLE(1b, 5b)
 	_ASM_EXTABLE(2b, 5b)
 
@@ -77,6 +120,10 @@ SYM_FUNC_END(vmx_vmenter)
  * here after hardware loads the host's state, i.e. this is the destination
  * referred to by VMCS.HOST_RIP.
  */
+/*
+ * 在以下使用vmx_vmexit:
+ *   - arch/x86/kvm/vmx/vmx.c|3923| <<vmx_set_constant_host_state>> vmcs_writel(HOST_RIP, (unsigned long )vmx_vmexit);
+ */
 SYM_FUNC_START(vmx_vmexit)
 #ifdef CONFIG_RETPOLINE
 	ALTERNATIVE "jmp .Lvmexit_skip_rsb", "", X86_FEATURE_RETPOLINE
@@ -101,6 +148,19 @@ SYM_FUNC_END(vmx_vmexit)
  * Returns:
  *	0 on VM-Exit, 1 on VM-Fail
  */
+/*
+ * bool __vmx_vcpu_run(struct vcpu_vmx *vmx, unsigned long *regs, bool launched);
+ *
+ * vmx_vcpu_run()调用:
+ * 6595         vmx->fail = __vmx_vcpu_run(vmx, (unsigned long *)&vcpu->arch.regs,
+ * 6596                                    vmx->loaded_vmcs->launched);
+ *
+ * calling convention: RDI, RSI, RDX, RCX, R8, R9, [XYZ]MM0–7
+ *
+ * rdi: struct vcpu_vmx *vmx
+ * rsi: unsigned long *regs
+ * rdx: bool launched
+ */
 SYM_FUNC_START(__vmx_vcpu_run)
 	push %_ASM_BP
 	mov  %_ASM_SP, %_ASM_BP
@@ -119,18 +179,46 @@ SYM_FUNC_START(__vmx_vcpu_run)
 	 * Save @regs, _ASM_ARG2 may be modified by vmx_update_host_rsp() and
 	 * @regs is needed after VM-Exit to save the guest's register values.
 	 */
+	/* x86_64下的定义是_ASM_SI, 第二个参数(unsigned long *)&vcpu->arch.regs */
 	push %_ASM_ARG2
 
 	/* Copy @launched to BL, _ASM_ARG3 is volatile. */
+	/* x86_64下的定义是dl, 第三个参数vmx->loaded_vmcs->launched */
 	mov %_ASM_ARG3B, %bl
 
 	/* Adjust RSP to account for the CALL to vmx_vmenter(). */
+	/*
+	 * %_ASM_ARG2在x86_64下的定义是_ASM_SI,
+	 * 这里相当于把host的rsp地址(其实不包括(unsigned long *)&vcpu->arch.regs)放入_ASM_SI
+	 * 作为vmx_update_host_rsp()的参数"unsigned long host_rsp"
+	 */
 	lea -WORD_SIZE(%_ASM_SP), %_ASM_ARG2
+	/*
+	 * 6486 void vmx_update_host_rsp(struct vcpu_vmx *vmx, unsigned long host_rsp)
+	 * 6487 {
+	 * 6488         if (unlikely(host_rsp != vmx->loaded_vmcs->host_state.rsp)) {
+	 * 6489                 vmx->loaded_vmcs->host_state.rsp = host_rsp;
+	 * 6490                 vmcs_writel(HOST_RSP, host_rsp);
+	 * 6491         }
+	 * 6492 }
+	 */
 	call vmx_update_host_rsp
 
 	/* Load @regs to RAX. */
+	/*
+	 * 和上面的"lea -WORD_SIZE(%_ASM_SP), %_ASM_ARG2"对应
+	 */
 	mov (%_ASM_SP), %_ASM_AX
 
+	/*
+	 * 在以下使用launched:
+	 *   - arch/x86/kvm/vmx/nested.c|3008| <<nested_vmx_check_vmentry_hw>> [launched]"i"(offsetof(struct loaded_vmcs, launched)),
+	 *   - arch/x86/kvm/vmx/vmx.c|660| <<loaded_vmcs_init>> if (loaded_vmcs->shadow_vmcs && loaded_vmcs->launched)
+	 *   - arch/x86/kvm/vmx/vmx.c|663| <<loaded_vmcs_init>> loaded_vmcs->launched = 0;
+	 *   - arch/x86/kvm/vmx/vmx.c|6596| <<vmx_vcpu_run>> vmx->loaded_vmcs->launched);
+	 *   - arch/x86/kvm/vmx/vmx.c|6678| <<vmx_vcpu_run>> vmx->loaded_vmcs->launched = 1;
+	 *   - 在arch/x86/kvm/vmx/vmenter.S中也用到, 标志是应该vmresume还是vmlaunch
+	 */
 	/* Check if vmlaunch or vmresume is needed */
 	cmpb $0, %bl
 
@@ -154,6 +242,20 @@ SYM_FUNC_START(__vmx_vcpu_run)
 	/* Load guest RAX.  This kills the @regs pointer! */
 	mov VCPU_RAX(%_ASM_AX), %_ASM_AX
 
+	/*
+	 * vmx_vmenter - VM-Enter the current loaded VMCS
+	 *
+	 * %RFLAGS.ZF:  !VMCS.LAUNCHED, i.e. controls VMLAUNCH vs. VMRESUME
+	 *
+	 * Returns:
+	 *      %RFLAGS.CF is set on VM-Fail Invalid
+	 *      %RFLAGS.ZF is set on VM-Fail Valid
+	 *      %RFLAGS.{CF,ZF} are cleared on VM-Success, i.e. VM-Exit
+	 *
+	 * Note that VMRESUME/VMLAUNCH fall-through and return directly if
+	 * they VM-Fail, whereas a successful VM-Enter + VM-Exit will jump
+	 * to vmx_vmexit.
+	 */
 	/* Enter guest mode */
 	call vmx_vmenter
 
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index e3394c839dea..75ccdef59989 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -1085,6 +1085,10 @@ static inline void pt_save_msr(struct pt_ctx *ctx, u32 addr_range)
 	}
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/vmx/vmx.c|6547| <<vmx_vcpu_run>> pt_guest_enter(vmx);
+ */
 static void pt_guest_enter(struct vcpu_vmx *vmx)
 {
 	if (pt_mode == PT_MODE_SYSTEM)
@@ -2622,6 +2626,12 @@ static void free_kvm_area(void)
 	}
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/vmx/vmx.c|7747| <<hardware_setup>> r = alloc_kvm_area();
+ *
+ * 分配vmxon_region
+ */
 static __init int alloc_kvm_area(void)
 {
 	int cpu;
@@ -5062,6 +5072,9 @@ static int handle_apic_write(struct kvm_vcpu *vcpu)
 	return 1;
 }
 
+/*
+ * kvm_vmx_exit_handlers[EXIT_REASON_TASK_SWITCH] = handle_task_switch()
+ */
 static int handle_task_switch(struct kvm_vcpu *vcpu)
 {
 	struct vcpu_vmx *vmx = to_vmx(vcpu);
@@ -5119,6 +5132,13 @@ static int handle_task_switch(struct kvm_vcpu *vcpu)
 			       reason, has_error_code, error_code);
 }
 
+/*
+ * 当Guest第一次访问某个页面时,由于没有GVA到GPA的映射,触发Guest OS的page fault.
+ * 于是Guest OS会建立对应的pte并修复好各级页表,最后访问对应的GPA.由于没有建立
+ * GPA到HVA的映射,于是触发EPT Violation,VMEXIT到KVM.  KVM在vmx_handle_exit中执
+ * 行kvm_vmx_exit_handlers[exit_reason],发现exit_reason是
+ * EXIT_REASON_EPT_VIOLATION,因此调用 handle_ept_violation.
+ */
 static int handle_ept_violation(struct kvm_vcpu *vcpu)
 {
 	unsigned long exit_qualification;
@@ -5191,6 +5211,10 @@ static int handle_nmi_window(struct kvm_vcpu *vcpu)
 	return 1;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/vmx/vmx.c|5845| <<vmx_handle_exit>> return handle_invalid_guest_state(vcpu);
+ */
 static int handle_invalid_guest_state(struct kvm_vcpu *vcpu)
 {
 	struct vcpu_vmx *vmx = to_vmx(vcpu);
@@ -6469,6 +6493,9 @@ void vmx_update_host_rsp(struct vcpu_vmx *vmx, unsigned long host_rsp)
 
 bool __vmx_vcpu_run(struct vcpu_vmx *vmx, unsigned long *regs, bool launched);
 
+/*
+ * struct kvm_x86_ops vmx_x86_ops.run = vmx_vcpu_run()
+ */
 static void vmx_vcpu_run(struct kvm_vcpu *vcpu)
 {
 	struct vcpu_vmx *vmx = to_vmx(vcpu);
@@ -6553,6 +6580,18 @@ static void vmx_vcpu_run(struct kvm_vcpu *vcpu)
 	if (vcpu->arch.cr2 != read_cr2())
 		write_cr2(vcpu->arch.cr2);
 
+	/*
+	 * arch/x86/kvm/vmx/vmenter.S:
+	 * __vmx_vcpu_run - Run a vCPU via a transition to VMX guest mode
+	 * @vmx:        struct vcpu_vmx * (forwarded to vmx_update_host_rsp)
+	 * @regs:       unsigned long * (to guest registers)
+	 * @launched:   %true if the VMCS has been launched
+	 *
+	 * Returns:
+	 *      0 on VM-Exit, 1 on VM-Fail
+	 *
+	 * 只在这里调用__vmx_vcpu_run()
+	 */
 	vmx->fail = __vmx_vcpu_run(vmx, (unsigned long *)&vcpu->arch.regs,
 				   vmx->loaded_vmcs->launched);
 
@@ -6672,6 +6711,10 @@ static void vmx_free_vcpu(struct kvm_vcpu *vcpu)
 	kmem_cache_free(kvm_vcpu_cache, vmx);
 }
 
+/*
+ * x86下的调用:
+ *   - arch/x86/kvm/x86.c|9132| <<kvm_arch_vcpu_create>> vcpu = kvm_x86_ops->vcpu_create(kvm, id);
+ */
 static struct kvm_vcpu *vmx_create_vcpu(struct kvm *kvm, unsigned int id)
 {
 	int err;
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index cf917139de6b..a28ee5c341a8 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -74,8 +74,21 @@
 #define CREATE_TRACE_POINTS
 #include "trace.h"
 
+/*
+ * 在以下使用MAX_IO_MSRS:
+ *   - arch/x86/kvm/x86.c|3188| <<msr_io>> if (msrs.nmsrs >= MAX_IO_MSRS)
+ * 
+ * KVM_SET_MSRS和KVM_GET_MSRS一次从用户空间可以来的最多的
+ */
 #define MAX_IO_MSRS 256
 #define KVM_MAX_MCE_BANKS 32
+/*
+ * 在以下使用kvm_mce_cap_supported:
+ *   - arch/x86/kvm/vmx/vmx.c|7748| <<hardware_setup>> kvm_mce_cap_supported |= MCG_LMCE_P;
+ *   - arch/x86/kvm/x86.c|3410| <<kvm_arch_dev_ioctl>> if (copy_to_user(argp, &kvm_mce_cap_supported,
+ *   - arch/x86/kvm/x86.c|3411| <<kvm_arch_dev_ioctl>> sizeof(kvm_mce_cap_supported)))
+ *   - arch/x86/kvm/x86.c|3660| <<kvm_vcpu_ioctl_x86_setup_mce>> if (mcg_cap & ~(kvm_mce_cap_supported | 0xff | 0xff0000))
+ */
 u64 __read_mostly kvm_mce_cap_supported = MCG_CTL_P | MCG_SER_P;
 EXPORT_SYMBOL_GPL(kvm_mce_cap_supported);
 
@@ -87,6 +100,12 @@ EXPORT_SYMBOL_GPL(kvm_mce_cap_supported);
  * - enable LME and LMA per default on 64 bit KVM
  */
 #ifdef CONFIG_X86_64
+/*
+ * 在以下使用efer_reserved_bits:
+ *   - arch/x86/kvm/x86.c|1378| <<kvm_valid_efer>> if (efer & efer_reserved_bits)
+ *   - arch/x86/kvm/x86.c|1390| <<set_efer>> if (efer & efer_reserved_bits)
+ *   - arch/x86/kvm/x86.c|1416| <<kvm_enable_efer_bits>> efer_reserved_bits &= ~mask;
+ */
 static
 u64 __read_mostly efer_reserved_bits = ~((u64)(EFER_SCE | EFER_LME | EFER_LMA));
 #else
@@ -229,6 +248,13 @@ EXPORT_SYMBOL_GPL(x86_fpu_cache);
 
 static int emulator_fix_hypercall(struct x86_emulate_ctxt *ctxt);
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|785| <<kvm_set_cr0>> kvm_async_pf_hash_reset(vcpu);
+ *   - arch/x86/kvm/x86.c|2560| <<kvm_pv_enable_async_pf>> kvm_async_pf_hash_reset(vcpu);
+ *   - arch/x86/kvm/x86.c|9289| <<kvm_vcpu_reset>> kvm_async_pf_hash_reset(vcpu);
+ *   - arch/x86/kvm/x86.c|9557| <<kvm_arch_vcpu_init>> kvm_async_pf_hash_reset(vcpu);
+ */
 static inline void kvm_async_pf_hash_reset(struct kvm_vcpu *vcpu)
 {
 	int i;
@@ -236,6 +262,11 @@ static inline void kvm_async_pf_hash_reset(struct kvm_vcpu *vcpu)
 		vcpu->arch.apf.gfns[i] = ~0;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|330| <<kvm_set_shared_msr>> smsr->urn.on_user_return = kvm_on_user_return;
+ *   - arch/x86/kvm/x86.c|344| <<drop_user_return_notifiers>> kvm_on_user_return(&smsr->urn);
+ */
 static void kvm_on_user_return(struct user_return_notifier *urn)
 {
 	unsigned slot;
@@ -286,6 +317,11 @@ static void kvm_shared_msr_cpu_online(void)
 	}
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/vmx/vmx.c|648| <<vmx_set_guest_msr>> ret = kvm_set_shared_msr(msr->index, msr->data,
+ *   - arch/x86/kvm/vmx/vmx.c|1167| <<vmx_prepare_switch_to_guest>> kvm_set_shared_msr(vmx->guest_msrs[i].index,
+ */
 int kvm_set_shared_msr(unsigned slot, u64 value, u64 mask)
 {
 	unsigned int cpu = smp_processor_id();
@@ -309,6 +345,10 @@ int kvm_set_shared_msr(unsigned slot, u64 value, u64 mask)
 }
 EXPORT_SYMBOL_GPL(kvm_set_shared_msr);
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|9463| <<kvm_arch_hardware_disable>> drop_user_return_notifiers();
+ */
 static void drop_user_return_notifiers(void)
 {
 	unsigned int cpu = smp_processor_id();
@@ -324,12 +364,23 @@ u64 kvm_get_apic_base(struct kvm_vcpu *vcpu)
 }
 EXPORT_SYMBOL_GPL(kvm_get_apic_base);
 
+/*
+ * called by:
+ *   - arch/x86/kvm/vmx/vmx.c|6056| <<vmx_set_virtual_apic_mode>> switch (kvm_get_apic_mode(vcpu)) {
+ *   - arch/x86/kvm/x86.c|339| <<kvm_set_apic_base>> enum lapic_mode old_mode = kvm_get_apic_mode(vcpu);
+ */
 enum lapic_mode kvm_get_apic_mode(struct kvm_vcpu *vcpu)
 {
 	return kvm_apic_mode(kvm_get_apic_base(vcpu));
 }
 EXPORT_SYMBOL_GPL(kvm_get_apic_mode);
 
+/*
+ * called by:
+ *   - arch/x86/kvm/vmx/vmx.c|4285| <<vmx_vcpu_reset>> kvm_set_apic_base(vcpu, &apic_base_msr);
+ *   - arch/x86/kvm/x86.c|2719| <<kvm_set_msr_common>> return kvm_set_apic_base(vcpu, msr_info);
+ *   - arch/x86/kvm/x86.c|8944| <<__set_sregs>> if (kvm_set_apic_base(vcpu, &apic_base_msr))
+ */
 int kvm_set_apic_base(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 {
 	enum lapic_mode old_mode = kvm_get_apic_mode(vcpu);
@@ -351,6 +402,12 @@ int kvm_set_apic_base(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 }
 EXPORT_SYMBOL_GPL(kvm_set_apic_base);
 
+/*
+ * called by:
+ *   - arch/x86/kvm/vmx/ops.h|137| <<vmx_asm1>> kvm_spurious_fault(); \
+ *   - arch/x86/kvm/vmx/ops.h|152| <<vmx_asm2>> kvm_spurious_fault(); \
+ *   - arch/x86/kvm/vmx/vmx.c|358| <<vmread_error>> kvm_spurious_fault();
+ */
 asmlinkage __visible void kvm_spurious_fault(void)
 {
 	/* Fault while not rebooting.  We want the trace. */
@@ -384,6 +441,12 @@ static int exception_class(int vector)
 #define EXCPT_ABORT		2
 #define EXCPT_INTERRUPT		3
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|6761| <<x86_emulate_instruction>> exception_type(ctxt->exception.vector) == EXCPT_TRAP);
+ *   - arch/x86/kvm/x86.c|6844| <<x86_emulate_instruction>> exception_type(ctxt->exception.vector) == EXCPT_TRAP) {
+ *   - arch/x86/kvm/x86.c|7652| <<inject_pending_event>> if (exception_type(vcpu->arch.exception.nr) == EXCPT_FAULT)
+ */
 static int exception_type(int vector)
 {
 	unsigned int mask;
@@ -404,6 +467,13 @@ static int exception_type(int vector)
 	return EXCPT_FAULT;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/svm.c|821| <<svm_queue_exception>> kvm_deliver_exception_payload(&svm->vcpu);
+ *   - arch/x86/kvm/vmx/vmx.c|1619| <<vmx_queue_exception>> kvm_deliver_exception_payload(vcpu);
+ *   - arch/x86/kvm/x86.c|534| <<kvm_multiple_exception>> kvm_deliver_exception_payload(vcpu);
+ *   - arch/x86/kvm/x86.c|7667| <<inject_pending_event>> kvm_deliver_exception_payload(vcpu);
+ */
 void kvm_deliver_exception_payload(struct kvm_vcpu *vcpu)
 {
 	unsigned nr = vcpu->arch.exception.nr;
@@ -534,6 +604,37 @@ static void kvm_multiple_exception(struct kvm_vcpu *vcpu,
 		goto queue;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/hyperv.c|1621| <<kvm_hv_hypercall>> kvm_queue_exception(vcpu, UD_VECTOR);
+ *   - arch/x86/kvm/svm.c|2740| <<db_interception>> kvm_queue_exception(&svm->vcpu, DB_VECTOR);
+ *   - arch/x86/kvm/svm.c|3015| <<nested_svm_check_permissions>> kvm_queue_exception(&svm->vcpu, UD_VECTOR);
+ *   - arch/x86/kvm/svm.c|3829| <<skinit_interception>> kvm_queue_exception(&svm->vcpu, UD_VECTOR);
+ *   - arch/x86/kvm/svm.c|3852| <<rdpru_interception>> kvm_queue_exception(&svm->vcpu, UD_VECTOR);
+ *   - arch/x86/kvm/svm.c|4032| <<cr_interception>> kvm_queue_exception(&svm->vcpu, UD_VECTOR);
+ *   - arch/x86/kvm/svm.c|4054| <<cr_interception>> kvm_queue_exception(&svm->vcpu, UD_VECTOR);
+ *   - arch/x86/kvm/vmx/nested.c|3143| <<nested_vmx_check_permission>> kvm_queue_exception(vcpu, UD_VECTOR);
+ *   - arch/x86/kvm/vmx/nested.c|4364| <<get_vmx_mem_address>> kvm_queue_exception(vcpu, UD_VECTOR);
+ *   - arch/x86/kvm/vmx/nested.c|4604| <<handle_vmon>> kvm_queue_exception(vcpu, UD_VECTOR);
+ *   - arch/x86/kvm/vmx/nested.c|5074| <<handle_invept>> kvm_queue_exception(vcpu, UD_VECTOR);
+ *   - arch/x86/kvm/vmx/nested.c|5133| <<handle_invvpid>> kvm_queue_exception(vcpu, UD_VECTOR);
+ *   - arch/x86/kvm/vmx/nested.c|5252| <<handle_vmfunc>> kvm_queue_exception(vcpu, UD_VECTOR);
+ *   - arch/x86/kvm/vmx/vmx.c|4566| <<handle_rmode_exception>> kvm_queue_exception(vcpu, vec);
+ *   - arch/x86/kvm/vmx/vmx.c|4672| <<handle_exception_nmi>> kvm_queue_exception(vcpu, DB_VECTOR);
+ *   - arch/x86/kvm/vmx/vmx.c|4914| <<handle_dr>> kvm_queue_exception(vcpu, DB_VECTOR);
+ *   - arch/x86/kvm/vmx/vmx.c|5357| <<handle_invalid_op>> kvm_queue_exception(vcpu, UD_VECTOR);
+ *   - arch/x86/kvm/vmx/vmx.c|5387| <<handle_invpcid>> kvm_queue_exception(vcpu, UD_VECTOR);
+ *   - arch/x86/kvm/vmx/vmx.c|5514| <<handle_vmx_instruction>> kvm_queue_exception(vcpu, UD_VECTOR);
+ *   - arch/x86/kvm/vmx/vmx.c|5525| <<handle_encls>> kvm_queue_exception(vcpu, UD_VECTOR);
+ *   - arch/x86/kvm/x86.c|705| <<kvm_require_dr>> kvm_queue_exception(vcpu, UD_VECTOR);
+ *   - arch/x86/kvm/x86.c|3786| <<kvm_vcpu_ioctl_x86_set_mce>> kvm_queue_exception(vcpu, MC_VECTOR);
+ *   - arch/x86/kvm/x86.c|6400| <<inject_emulated_exception>> kvm_queue_exception(vcpu, ctxt->exception.vector);
+ *   - arch/x86/kvm/x86.c|6472| <<handle_emulation_failure>> kvm_queue_exception(vcpu, UD_VECTOR);
+ *   - arch/x86/kvm/x86.c|6704| <<kvm_vcpu_check_breakpoint>> kvm_queue_exception(vcpu, DB_VECTOR);
+ *   - arch/x86/kvm/x86.c|6797| <<x86_emulate_instruction>> kvm_queue_exception(vcpu, UD_VECTOR);
+ *   - arch/x86/kvm/x86.c|9090| <<kvm_arch_vcpu_ioctl_set_guest_debug>> kvm_queue_exception(vcpu, DB_VECTOR);
+ *   - arch/x86/kvm/x86.c|9092| <<kvm_arch_vcpu_ioctl_set_guest_debug>> kvm_queue_exception(vcpu, BP_VECTOR);
+ */
 void kvm_queue_exception(struct kvm_vcpu *vcpu, unsigned nr)
 {
 	kvm_multiple_exception(vcpu, nr, false, 0, false, 0, false);
@@ -618,6 +719,11 @@ EXPORT_SYMBOL_GPL(kvm_requeue_exception_e);
  * Checks if cpl <= required_cpl; if true, return true.  Otherwise queue
  * a #GP and return false.
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/cpuid.c|1058| <<kvm_emulate_cpuid>> if (cpuid_fault_enabled(vcpu) && !kvm_require_cpl(vcpu, 0))
+ *   - arch/x86/kvm/vmx/vmx.c|4895| <<handle_dr>> if (!kvm_require_cpl(vcpu, 0))
+ */
 bool kvm_require_cpl(struct kvm_vcpu *vcpu, int required_cpl)
 {
 	if (kvm_x86_ops->get_cpl(vcpu) <= required_cpl)
@@ -627,6 +733,12 @@ bool kvm_require_cpl(struct kvm_vcpu *vcpu, int required_cpl)
 }
 EXPORT_SYMBOL_GPL(kvm_require_cpl);
 
+/*
+ * called by:
+ *   - arch/x86/kvm/svm.c|4085| <<dr_interception>> if (!kvm_require_dr(&svm->vcpu, dr - 16))
+ *   - arch/x86/kvm/svm.c|4090| <<dr_interception>> if (!kvm_require_dr(&svm->vcpu, dr))
+ *   - arch/x86/kvm/vmx/vmx.c|4891| <<handle_dr>> if (!kvm_require_dr(vcpu, dr))
+ */
 bool kvm_require_dr(struct kvm_vcpu *vcpu, int dr)
 {
 	if ((dr != 4 && dr != 5) || !kvm_read_cr4_bits(vcpu, X86_CR4_DE))
@@ -677,6 +789,15 @@ static inline u64 pdptr_rsvd_bits(struct kvm_vcpu *vcpu)
 /*
  * Load the pae pdptrs.  Return 1 if they are all valid, 0 otherwise.
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/svm.c|2382| <<svm_cache_reg>> load_pdptrs(vcpu, vcpu->arch.walk_mmu, kvm_read_cr3(vcpu));
+ *   - arch/x86/kvm/vmx/nested.c|1106| <<nested_vmx_load_cr3>> if (CC(!load_pdptrs(vcpu, vcpu->arch.walk_mmu, cr3))) {
+ *   - arch/x86/kvm/x86.c|839| <<kvm_set_cr0>> if (is_pae(vcpu) && !load_pdptrs(vcpu, vcpu->arch.walk_mmu,
+ *   - arch/x86/kvm/x86.c|995| <<kvm_set_cr4>> && !load_pdptrs(vcpu, vcpu->arch.walk_mmu,
+ *   - arch/x86/kvm/x86.c|1046| <<kvm_set_cr3>> !load_pdptrs(vcpu, vcpu->arch.walk_mmu, cr3))
+ *   - arch/x86/kvm/x86.c|9025| <<__set_sregs>> load_pdptrs(vcpu, vcpu->arch.walk_mmu, kvm_read_cr3(vcpu));
+ */
 int load_pdptrs(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, unsigned long cr3)
 {
 	gfn_t pdpt_gfn = cr3 >> PAGE_SHIFT;
@@ -868,6 +989,11 @@ static int __kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr)
 	return 0;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/svm.c|3843| <<xsetbv_interception>> if (kvm_set_xcr(&svm->vcpu, index, new_bv) == 0) {
+ *   - arch/x86/kvm/vmx/vmx.c|5024| <<handle_xsetbv>> if (kvm_set_xcr(vcpu, index, new_bv) == 0)
+ */
 int kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr)
 {
 	if (kvm_x86_ops->get_cpl(vcpu) != 0 ||
@@ -949,6 +1075,14 @@ int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
 }
 EXPORT_SYMBOL_GPL(kvm_set_cr4);
 
+/*
+ * called by:
+ *   - arch/x86/kvm/svm.c|3427| <<nested_svm_vmexit>> (void )kvm_set_cr3(&svm->vcpu, hsave->save.cr3);
+ *   - arch/x86/kvm/svm.c|3531| <<enter_svm_guest_mode>> (void )kvm_set_cr3(&svm->vcpu, nested_vmcb->save.cr3);
+ *   - arch/x86/kvm/svm.c|4022| <<cr_interception>> err = kvm_set_cr3(&svm->vcpu, val);
+ *   - arch/x86/kvm/vmx/vmx.c|4823| <<handle_cr>> err = kvm_set_cr3(vcpu, val);
+ *   - arch/x86/kvm/x86.c|6173| <<emulator_set_cr>> res = kvm_set_cr3(vcpu, val);
+ */
 int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
 {
 	bool skip_tlb_flush = false;
@@ -1074,6 +1208,18 @@ static int __kvm_set_dr(struct kvm_vcpu *vcpu, int dr, unsigned long val)
 	return 0;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/svm.c|4088| <<dr_interception>> kvm_set_dr(&svm->vcpu, dr - 16, val);
+ *   - arch/x86/kvm/vmx/nested.c|2435| <<prepare_vmcs02>> kvm_set_dr(vcpu, 7, vmcs12->guest_dr7);
+ *   - arch/x86/kvm/vmx/nested.c|2438| <<prepare_vmcs02>> kvm_set_dr(vcpu, 7, vcpu->arch.dr7);
+ *   - arch/x86/kvm/vmx/nested.c|4051| <<load_vmcs12_host_state>> kvm_set_dr(vcpu, 7, 0x400);
+ *   - arch/x86/kvm/vmx/nested.c|4103| <<nested_vmx_restore_host_state>> kvm_set_dr(vcpu, 7, DR7_FIXED_1);
+ *   - arch/x86/kvm/vmx/nested.c|4105| <<nested_vmx_restore_host_state>> WARN_ON(kvm_set_dr(vcpu, 7, vmcs_readl(GUEST_DR7)));
+ *   - arch/x86/kvm/vmx/vmx.c|4939| <<handle_dr>> if (kvm_set_dr(vcpu, dr, kvm_register_readl(vcpu, reg)))
+ *
+ * DR0..DR7
+ */
 int kvm_set_dr(struct kvm_vcpu *vcpu, int dr, unsigned long val)
 {
 	if (__kvm_set_dr(vcpu, dr, val)) {
@@ -1135,6 +1281,17 @@ EXPORT_SYMBOL_GPL(kvm_rdpmc);
  * may depend on host virtualization features rather than host cpu features.
  */
 
+/*
+ * 在以下使用msrs_to_save_all:
+ *   - arch/x86/kvm/x86.c|1325| <<global>> static u32 msrs_to_save[ARRAY_SIZE(msrs_to_save_all)];
+ *   - arch/x86/kvm/x86.c|5332| <<kvm_init_msr_list>> for (i = 0; i < ARRAY_SIZE(msrs_to_save_all); i++) {
+ *   - arch/x86/kvm/x86.c|5333| <<kvm_init_msr_list>> if (rdmsr_safe(msrs_to_save_all[i], &dummy[0], &dummy[1]) < 0)
+ *   - arch/x86/kvm/x86.c|5340| <<kvm_init_msr_list>> switch (msrs_to_save_all[i]) {
+ *   - arch/x86/kvm/x86.c|5368| <<kvm_init_msr_list>> msrs_to_save_all[i] - MSR_IA32_RTIT_ADDR0_A >=
+ *   - arch/x86/kvm/x86.c|5373| <<kvm_init_msr_list>> if (msrs_to_save_all[i] - MSR_ARCH_PERFMON_PERFCTR0 >=
+ *   - arch/x86/kvm/x86.c|5378| <<kvm_init_msr_list>> if (msrs_to_save_all[i] - MSR_ARCH_PERFMON_EVENTSEL0 >=
+ *   - arch/x86/kvm/x86.c|5386| <<kvm_init_msr_list>> msrs_to_save[num_msrs_to_save++] = msrs_to_save_all[i];
+ */
 static const u32 msrs_to_save_all[] = {
 	MSR_IA32_SYSENTER_CS, MSR_IA32_SYSENTER_ESP, MSR_IA32_SYSENTER_EIP,
 	MSR_STAR,
@@ -1176,9 +1333,21 @@ static const u32 msrs_to_save_all[] = {
 	MSR_ARCH_PERFMON_EVENTSEL0 + 16, MSR_ARCH_PERFMON_EVENTSEL0 + 17,
 };
 
+/*
+ * 在以下使用msrs_to_save:
+ *   - arch/x86/kvm/x86.c|3529| <<kvm_arch_dev_ioctl>> if (copy_to_user(user_msr_list->indices, &msrs_to_save,
+ *   - arch/x86/kvm/x86.c|5386| <<kvm_init_msr_list>> msrs_to_save[num_msrs_to_save++] = msrs_to_save_all[i];
+ */
 static u32 msrs_to_save[ARRAY_SIZE(msrs_to_save_all)];
 static unsigned num_msrs_to_save;
 
+/*
+ * 在以下使用emulated_msrs_all:
+ *   - arch/x86/kvm/x86.c|1402| <<global>> static u32 emulated_msrs[ARRAY_SIZE(emulated_msrs_all)];
+ *   - arch/x86/kvm/x86.c|5410| <<kvm_init_msr_list>> for (i = 0; i < ARRAY_SIZE(emulated_msrs_all); i++) {
+ *   - arch/x86/kvm/x86.c|5411| <<kvm_init_msr_list>> if (!kvm_x86_ops->has_emulated_msr(emulated_msrs_all[i]))
+ *   - arch/x86/kvm/x86.c|5414| <<kvm_init_msr_list>> emulated_msrs[num_emulated_msrs++] = emulated_msrs_all[i];
+ */
 static const u32 emulated_msrs_all[] = {
 	MSR_KVM_SYSTEM_TIME, MSR_KVM_WALL_CLOCK,
 	MSR_KVM_SYSTEM_TIME_NEW, MSR_KVM_WALL_CLOCK_NEW,
@@ -1237,6 +1406,11 @@ static const u32 emulated_msrs_all[] = {
 	MSR_KVM_POLL_CONTROL,
 };
 
+/*
+ * 在以下使用emulated_msrs:
+ *   - arch/x86/kvm/x86.c|3554| <<kvm_arch_dev_ioctl>> &emulated_msrs,
+ *   - arch/x86/kvm/x86.c|5414| <<kvm_init_msr_list>> emulated_msrs[num_emulated_msrs++] = emulated_msrs_all[i];
+ */
 static u32 emulated_msrs[ARRAY_SIZE(emulated_msrs_all)];
 static unsigned num_emulated_msrs;
 
@@ -1244,6 +1418,13 @@ static unsigned num_emulated_msrs;
  * List of msr numbers which are used to expose MSR-based features that
  * can be used by a hypervisor to validate requested CPU features.
  */
+/*
+ * 在以下使用msr_based_features_all:
+ *   - arch/x86/kvm/x86.c|1439| <<global>> static u32 msr_based_features[ARRAY_SIZE(msr_based_features_all)];
+ *   - arch/x86/kvm/x86.c|5417| <<kvm_init_msr_list>> for (i = 0; i < ARRAY_SIZE(msr_based_features_all); i++) {
+ *   - arch/x86/kvm/x86.c|5420| <<kvm_init_msr_list>> msr.index = msr_based_features_all[i];
+ *   - arch/x86/kvm/x86.c|5424| <<kvm_init_msr_list>> msr_based_features[num_msr_based_features++] = msr_based_features_all[i];
+ */
 static const u32 msr_based_features_all[] = {
 	MSR_IA32_VMX_BASIC,
 	MSR_IA32_VMX_TRUE_PINBASED_CTLS,
@@ -1269,9 +1450,19 @@ static const u32 msr_based_features_all[] = {
 	MSR_IA32_ARCH_CAPABILITIES,
 };
 
+/*
+ * 在以下使用msr_based_features:
+ *   - arch/x86/kvm/x86.c|3582| <<kvm_arch_dev_ioctl>> if (copy_to_user(user_msr_list->indices, &msr_based_features,
+ *   - arch/x86/kvm/x86.c|5403| <<kvm_init_msr_list>> msr_based_features[num_msr_based_features++] = msr_based_features_all[i];
+ */
 static u32 msr_based_features[ARRAY_SIZE(msr_based_features_all)];
 static unsigned int num_msr_based_features;
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|1513| <<kvm_get_msr_feature>> msr->data = kvm_get_arch_capabilities();
+ *   - arch/x86/kvm/x86.c|9461| <<kvm_arch_vcpu_setup>> vcpu->arch.arch_capabilities = kvm_get_arch_capabilities();
+ */
 static u64 kvm_get_arch_capabilities(void)
 {
 	u64 data = 0;
@@ -1484,6 +1675,14 @@ int kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data)
 }
 EXPORT_SYMBOL_GPL(kvm_get_msr);
 
+/*
+ * called by:
+ *   - arch/x86/kvm/vmx/nested.c|33| <<SET_MSR_OR_WARN>> bool failed = kvm_set_msr(vcpu, idx, data); \
+ *   - arch/x86/kvm/vmx/nested.c|931| <<nested_vmx_load_msr>> if (kvm_set_msr(vcpu, e.index, e.value)) {
+ *   - arch/x86/kvm/vmx/nested.c|4178| <<nested_vmx_restore_host_state>> if (kvm_set_msr(vcpu, h.index, h.value)) {
+ *   - arch/x86/kvm/x86.c|1703| <<kvm_emulate_wrmsr>> if (kvm_set_msr(vcpu, ecx, data)) {
+ *   - arch/x86/kvm/x86.c|6355| <<emulator_set_msr>> return kvm_set_msr(emul_to_vcpu(ctxt), msr_index, data);
+ */
 int kvm_set_msr(struct kvm_vcpu *vcpu, u32 index, u64 data)
 {
 	return __kvm_set_msr(vcpu, index, data, false);
@@ -1509,6 +1708,12 @@ int kvm_emulate_rdmsr(struct kvm_vcpu *vcpu)
 }
 EXPORT_SYMBOL_GPL(kvm_emulate_rdmsr);
 
+/*
+ * called by:
+ *   - arch/x86/kvm/svm.c|4426| <<wrmsr_interception>> return kvm_emulate_wrmsr(&svm->vcpu);
+ *   - arch/x86/kvm/vmx/vmx.c|5922| <<vmx_handle_exit>> return kvm_emulate_wrmsr(vcpu);
+ *   - arch/x86/kvm/vmx/vmx.c|5544| <<global>> kvm_vmx_exit_handlers[EXIT_REASON_MSR_WRITE] = kvm_emulate_wrmsr,
+ */
 int kvm_emulate_wrmsr(struct kvm_vcpu *vcpu)
 {
 	u32 ecx = kvm_rcx_read(vcpu);
@@ -1533,11 +1738,20 @@ static int do_get_msr(struct kvm_vcpu *vcpu, unsigned index, u64 *data)
 	return __kvm_get_msr(vcpu, index, data, true);
 }
 
+/*
+ * 在以下使用do_set_msr():
+ *   - arch/x86/kvm/x86.c|4436| <<kvm_arch_vcpu_ioctl(KVM_SET_MSRS)>> r = msr_io(vcpu, argp, do_set_msr, 0);
+ */
 static int do_set_msr(struct kvm_vcpu *vcpu, unsigned index, u64 *data)
 {
 	return __kvm_set_msr(vcpu, index, *data, true);
 }
 
+/*
+ * =====================================================
+ * 下面的是kvm/time/clock/tsc
+ */
+
 #ifdef CONFIG_X86_64
 struct pvclock_clock {
 	int vclock_mode;
@@ -1562,6 +1776,10 @@ struct pvclock_gtod_data {
 
 static struct pvclock_gtod_data pvclock_gtod_data;
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|7421| <<pvclock_gtod_notify>> update_pvclock_gtod(tk);
+ */
 static void update_pvclock_gtod(struct timekeeper *tk)
 {
 	struct pvclock_gtod_data *vdata = &pvclock_gtod_data;
@@ -2304,6 +2522,10 @@ static void kvm_setup_pvclock_page(struct kvm_vcpu *v)
 				sizeof(vcpu->hv_clock.version));
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|8296| <<vcpu_enter_guest>> r = kvm_guest_time_update(vcpu);
+ */
 static int kvm_guest_time_update(struct kvm_vcpu *v)
 {
 	unsigned long flags, tgt_tsc_khz;
@@ -2451,6 +2673,11 @@ static void kvmclock_sync_fn(struct work_struct *work)
 					KVMCLOCK_SYNC_PERIOD);
 }
 
+/*
+ * 上面的是kvm/time/clock/tsc
+ * =====================================================
+ */
+
 /*
  * On AMD, HWCR[McStatusWrEn] controls whether setting MCi_STATUS results in #GP.
  */
@@ -2510,6 +2737,10 @@ static int set_msr_mce(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 	return 0;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|3116| <<kvm_set_msr_common>> return xen_hvm_config(vcpu, data);
+ */
 static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
 {
 	struct kvm *kvm = vcpu->kvm;
@@ -2573,12 +2804,21 @@ static void kvmclock_reset(struct kvm_vcpu *vcpu)
 	vcpu->arch.time = 0;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|2820| <<record_steal_time>> kvm_vcpu_flush_tlb(vcpu, false);
+ *   - arch/x86/kvm/x86.c|8345| <<vcpu_enter_guest>> kvm_vcpu_flush_tlb(vcpu, true); --> 处理KVM_REQ_TLB_FLUSH
+ */
 static void kvm_vcpu_flush_tlb(struct kvm_vcpu *vcpu, bool invalidate_gpa)
 {
 	++vcpu->stat.tlb_flush;
 	kvm_x86_ops->tlb_flush(vcpu, invalidate_gpa);
 }
 
+/*
+ * 处理KVM_REQ_STEAL_UPDATE:
+ *   - arch/x86/kvm/x86.c|8364| <<vcpu_enter_guest>> record_steal_time(vcpu);
+ */
 static void record_steal_time(struct kvm_vcpu *vcpu)
 {
 	if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED))
@@ -2622,6 +2862,15 @@ static void record_steal_time(struct kvm_vcpu *vcpu)
 		&vcpu->arch.st.steal, sizeof(struct kvm_steal_time));
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/svm.c|4419| <<svm_set_msr>> return kvm_set_msr_common(vcpu, msr);
+ *   - arch/x86/kvm/vmx/vmx.c|1934| <<vmx_set_msr>> ret = kvm_set_msr_common(vcpu, msr_info);
+ *   - arch/x86/kvm/vmx/vmx.c|1969| <<vmx_set_msr>> ret = kvm_set_msr_common(vcpu, msr_info);
+ *   - arch/x86/kvm/vmx/vmx.c|2069| <<vmx_set_msr>> ret = kvm_set_msr_common(vcpu, msr_info);
+ *   - arch/x86/kvm/vmx/vmx.c|2072| <<vmx_set_msr>> ret = kvm_set_msr_common(vcpu, msr_info);
+ *   - arch/x86/kvm/vmx/vmx.c|2169| <<vmx_set_msr>> ret = kvm_set_msr_common(vcpu, msr_info);
+ */
 int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 {
 	bool pr = false;
@@ -3151,6 +3400,10 @@ EXPORT_SYMBOL_GPL(kvm_get_msr_common);
  *
  * @return number of msrs set successfully.
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|3435| <<msr_io>> r = n = __msr_io(vcpu, &msrs, entries, do_msr);
+ */
 static int __msr_io(struct kvm_vcpu *vcpu, struct kvm_msrs *msrs,
 		    struct kvm_msr_entry *entries,
 		    int (*do_msr)(struct kvm_vcpu *vcpu,
@@ -3170,6 +3423,12 @@ static int __msr_io(struct kvm_vcpu *vcpu, struct kvm_msrs *msrs,
  *
  * @return number of msrs set successfully.
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|3432| <<kvm_arch_dev_ioctl(KVM_GET_MSRS)>> r = msr_io(NULL, argp, do_get_msr_feature, 1);
+ *   - arch/x86/kvm/x86.c|4233| <<kvm_arch_vcpu_ioctl(KVM_GET_MSRS)>> r = msr_io(vcpu, argp, do_get_msr, 1);
+ *   - arch/x86/kvm/x86.c|4239| <<kvm_arch_vcpu_ioctl(KVM_SET_MSRS)>> r = msr_io(vcpu, argp, do_set_msr, 0);
+ */
 static int msr_io(struct kvm_vcpu *vcpu, struct kvm_msrs __user *user_msrs,
 		  int (*do_msr)(struct kvm_vcpu *vcpu,
 				unsigned index, u64 *data),
@@ -3211,6 +3470,11 @@ static int msr_io(struct kvm_vcpu *vcpu, struct kvm_msrs __user *user_msrs,
 	return r;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|3541| <<kvm_vm_ioctl_check_extension>> if(kvm_can_mwait_in_guest())
+ *   - arch/x86/kvm/x86.c|5069| <<kvm_vm_ioctl_enable_cap>> kvm_can_mwait_in_guest())
+ */
 static inline bool kvm_can_mwait_in_guest(void)
 {
 	return boot_cpu_has(X86_FEATURE_MWAIT) &&
@@ -3218,6 +3482,10 @@ static inline bool kvm_can_mwait_in_guest(void)
 		boot_cpu_has(X86_FEATURE_ARAT);
 }
 
+/*
+ * called by:
+ *   - virt/kvm/kvm_main.c|3260| <<kvm_vm_ioctl_check_extension_generic>> return kvm_vm_ioctl_check_extension(kvm, arg);
+ */
 int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
 {
 	int r = 0;
@@ -3342,6 +3610,10 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
 
 }
 
+/*
+ * calld by (处理default):
+ *   - virt/kvm/kvm_main.c|3602| <<kvm_dev_ioctl>> return kvm_arch_dev_ioctl(filp, ioctl, arg);
+ */
 long kvm_arch_dev_ioctl(struct file *filp,
 			unsigned int ioctl, unsigned long arg)
 {
@@ -3874,6 +4146,10 @@ static void kvm_vcpu_ioctl_x86_get_debugregs(struct kvm_vcpu *vcpu,
 	memset(&dbgregs->reserved, 0, sizeof(dbgregs->reserved));
 }
 
+/*
+ * 处理KVM_SET_DEBUGREGS:
+ *   - arch/x86/kvm/x86.c|4592| <<kvm_arch_vcpu_ioctl>> r = kvm_vcpu_ioctl_x86_set_debugregs(vcpu, &dbgregs);
+ */
 static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
 					    struct kvm_debugregs *dbgregs)
 {
@@ -4908,6 +5184,18 @@ long kvm_arch_vm_ioctl(struct file *filp,
 		}
 		/* Write kvm->irq_routing before enabling irqchip_in_kernel. */
 		smp_wmb();
+		/*
+		 * 在以下设置irqchip_mode:
+		 *   - arch/x86/kvm/x86.c|4790| <<kvm_vm_ioctl_enable_cap>> kvm->arch.irqchip_mode = KVM_IRQCHIP_SPLIT;
+		 *   - arch/x86/kvm/x86.c|4911| <<kvm_arch_vm_ioctl>> kvm->arch.irqchip_mode = KVM_IRQCHIP_KERNEL;
+		 *
+		 * 在以下使用irqchip_mode:
+		 *   - arch/x86/kvm/ioapic.h|111| <<ioapic_in_kernel>> int mode = kvm->arch.irqchip_mode;
+		 *   - arch/x86/kvm/irq.h|71| <<pic_in_kernel>> int mode = kvm->arch.irqchip_mode;
+		 *   - arch/x86/kvm/irq.h|80| <<irqchip_split>> int mode = kvm->arch.irqchip_mode;
+		 *   - arch/x86/kvm/irq.h|89| <<irqchip_kernel>> int mode = kvm->arch.irqchip_mode;
+		 *   - arch/x86/kvm/irq.h|98| <<irqchip_in_kernel>> int mode = kvm->arch.irqchip_mode;
+		 */
 		kvm->arch.irqchip_mode = KVM_IRQCHIP_KERNEL;
 	create_irqchip_unlock:
 		mutex_unlock(&kvm->lock);
@@ -5141,6 +5429,15 @@ long kvm_arch_vm_ioctl(struct file *filp,
 	return r;
 }
 
+/*
+ * 上面都是ioctl的handler
+ * ==================================================
+ */
+
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|9659| <<kvm_arch_hardware_setup>> kvm_init_msr_list();
+ */
 static void kvm_init_msr_list(void)
 {
 	struct x86_pmu_capability x86_pmu;
@@ -5231,6 +5528,10 @@ static void kvm_init_msr_list(void)
 	}
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|5905| <<write_mmio>> return vcpu_mmio_write(vcpu, gpa, bytes, val);
+ */
 static int vcpu_mmio_write(struct kvm_vcpu *vcpu, gpa_t addr, int len,
 			   const void *v)
 {
@@ -5491,6 +5792,11 @@ int kvm_write_guest_virt_system(struct kvm_vcpu *vcpu, gva_t addr, void *val,
 }
 EXPORT_SYMBOL_GPL(kvm_write_guest_virt_system);
 
+/*
+ * called by:
+ *   - arch/x86/kvm/svm.c|2774| <<ud_interception>> return handle_ud(&svm->vcpu);
+ *   - arch/x86/kvm/vmx/vmx.c|4610| <<handle_exception_nmi>> return handle_ud(vcpu);
+ */
 int handle_ud(struct kvm_vcpu *vcpu)
 {
 	static const char kvm_emulate_prefix[] = { __KVM_EMULATE_PREFIX };
@@ -5510,6 +5816,11 @@ int handle_ud(struct kvm_vcpu *vcpu)
 }
 EXPORT_SYMBOL_GPL(handle_ud);
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|5851| <<vcpu_mmio_gva_to_gpa>> return vcpu_is_mmio_gpa(vcpu, gva, *gpa, write);
+ *   - arch/x86/kvm/x86.c|5961| <<emulator_read_write_onepage>> ret = vcpu_is_mmio_gpa(vcpu, addr, gpa, write);
+ */
 static int vcpu_is_mmio_gpa(struct kvm_vcpu *vcpu, unsigned long gva,
 			    gpa_t gpa, bool write)
 {
@@ -6227,6 +6538,10 @@ static int emulator_set_xcr(struct x86_emulate_ctxt *ctxt, u32 index, u64 xcr)
 	return __kvm_set_xcr(emul_to_vcpu(ctxt), index, xcr);
 }
 
+/*
+ * 在以下使用emulate_ops:
+ *   - arch/x86/kvm/x86.c|9639| <<kvm_arch_vcpu_init>> vcpu->arch.emulate_ctxt.ops = &emulate_ops;
+ */
 static const struct x86_emulate_ops emulate_ops = {
 	.read_gpr            = emulator_read_gpr,
 	.write_gpr           = emulator_write_gpr,
@@ -6271,6 +6586,10 @@ static const struct x86_emulate_ops emulate_ops = {
 	.set_xcr             = emulator_set_xcr,
 };
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|7107| <<x86_emulate_instruction>> toggle_interruptibility(vcpu, ctxt->interruptibility);
+ */
 static void toggle_interruptibility(struct kvm_vcpu *vcpu, u32 mask)
 {
 	u32 int_shadow = kvm_x86_ops->get_interrupt_shadow(vcpu);
@@ -6304,6 +6623,12 @@ static bool inject_emulated_exception(struct kvm_vcpu *vcpu)
 	return false;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|6651| <<kvm_inject_realmode_interrupt>> init_emulate_ctxt(vcpu);
+ *   - arch/x86/kvm/x86.c|6989| <<x86_emulate_instruction>> init_emulate_ctxt(vcpu);
+ *   - arch/x86/kvm/x86.c|9155| <<kvm_task_switch>> init_emulate_ctxt(vcpu);
+ */
 static void init_emulate_ctxt(struct kvm_vcpu *vcpu)
 {
 	struct x86_emulate_ctxt *ctxt = &vcpu->arch.emulate_ctxt;
@@ -6328,6 +6653,12 @@ static void init_emulate_ctxt(struct kvm_vcpu *vcpu)
 	vcpu->arch.emulate_regs_need_sync_from_vcpu = false;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/vmx/vmx.c|1630| <<vmx_queue_exception>> kvm_inject_realmode_interrupt(vcpu, nr, inc_eip);
+ *   - arch/x86/kvm/vmx/vmx.c|4388| <<vmx_inject_irq>> kvm_inject_realmode_interrupt(vcpu, irq, inc_eip);
+ *   - arch/x86/kvm/vmx/vmx.c|4424| <<vmx_inject_nmi>> kvm_inject_realmode_interrupt(vcpu, NMI_VECTOR, 0);
+ */
 void kvm_inject_realmode_interrupt(struct kvm_vcpu *vcpu, int irq, int inc_eip)
 {
 	struct x86_emulate_ctxt *ctxt = &vcpu->arch.emulate_ctxt;
@@ -6350,6 +6681,11 @@ void kvm_inject_realmode_interrupt(struct kvm_vcpu *vcpu, int irq, int inc_eip)
 }
 EXPORT_SYMBOL_GPL(kvm_inject_realmode_interrupt);
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|6717| <<x86_emulate_instruction>> return handle_emulation_failure(vcpu, emulation_type);
+ *   - arch/x86/kvm/x86.c|6763| <<x86_emulate_instruction>> return handle_emulation_failure(vcpu, emulation_type);
+ */
 static int handle_emulation_failure(struct kvm_vcpu *vcpu, int emulation_type)
 {
 	++vcpu->stat.insn_emulation_fail;
@@ -6453,6 +6789,10 @@ static bool reexecute_instruction(struct kvm_vcpu *vcpu, gva_t cr2,
 	return !write_fault_to_shadow_pgtable;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|7053| <<x86_emulate_instruction>> if (retry_instruction(ctxt, cr2, emulation_type))
+ */
 static bool retry_instruction(struct x86_emulate_ctxt *ctxt,
 			      unsigned long cr2,  int emulation_type)
 {
@@ -6546,6 +6886,51 @@ static int kvm_vcpu_do_singlestep(struct kvm_vcpu *vcpu)
 	return 1;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/cpuid.c|1075| <<kvm_emulate_cpuid>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/hyperv.c|1563| <<kvm_hv_hypercall_complete>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/svm.c|3622| <<nested_svm_vmrun>> return kvm_skip_emulated_instruction(&svm->vcpu);
+ *   - arch/x86/kvm/svm.c|3625| <<nested_svm_vmrun>> ret = kvm_skip_emulated_instruction(&svm->vcpu);
+ *   - arch/x86/kvm/svm.c|3727| <<vmload_interception>> ret = kvm_skip_emulated_instruction(&svm->vcpu);
+ *   - arch/x86/kvm/svm.c|3753| <<vmsave_interception>> ret = kvm_skip_emulated_instruction(&svm->vcpu);
+ *   - arch/x86/kvm/svm.c|3783| <<stgi_interception>> ret = kvm_skip_emulated_instruction(&svm->vcpu);
+ *   - arch/x86/kvm/svm.c|3798| <<clgi_interception>> ret = kvm_skip_emulated_instruction(&svm->vcpu);
+ *   - arch/x86/kvm/svm.c|3822| <<invlpga_interception>> return kvm_skip_emulated_instruction(&svm->vcpu);
+ *   - arch/x86/kvm/svm.c|3844| <<xsetbv_interception>> return kvm_skip_emulated_instruction(&svm->vcpu);
+ *   - arch/x86/kvm/svm.c|3941| <<invlpg_interception>> return kvm_skip_emulated_instruction(&svm->vcpu);
+ *   - arch/x86/kvm/svm.c|4096| <<dr_interception>> return kvm_skip_emulated_instruction(&svm->vcpu);
+ *   - arch/x86/kvm/svm.c|4461| <<nop_interception>> return kvm_skip_emulated_instruction(&(svm->vcpu));
+ *   - arch/x86/kvm/vmx/nested.c|169| <<nested_vmx_succeed>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/vmx/nested.c|178| <<nested_vmx_failInvalid>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/vmx/nested.c|202| <<nested_vmx_failValid>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/vmx/nested.c|5189| <<handle_invvpid>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/vmx/nested.c|5268| <<handle_vmfunc>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/vmx/vmx.c|4851| <<handle_cr>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/vmx/vmx.c|4859| <<handle_cr>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/vmx/vmx.c|4864| <<handle_cr>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/vmx/vmx.c|4872| <<handle_cr>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/vmx/vmx.c|4942| <<handle_dr>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/vmx/vmx.c|5003| <<handle_invlpg>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/vmx/vmx.c|5025| <<handle_xsetbv>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/vmx/vmx.c|5045| <<handle_apic_access>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/vmx/vmx.c|5187| <<handle_ept_misconfig>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/vmx/vmx.c|5341| <<handle_pause>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/vmx/vmx.c|5346| <<handle_nop>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/vmx/vmx.c|5427| <<handle_invpcid>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/vmx/vmx.c|5452| <<handle_invpcid>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/vmx/vmx.c|5465| <<handle_invpcid>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/x86.c|668| <<kvm_complete_insn_gp>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/x86.c|1707| <<kvm_emulate_rdmsr>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/x86.c|1729| <<kvm_emulate_wrmsr>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/x86.c|6260| <<kvm_emulate_wbinvd>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/x86.c|7176| <<complete_fast_pio_out>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/x86.c|7196| <<kvm_fast_pio_out>> kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/x86.c|7227| <<complete_fast_pio_in>> return kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/x86.c|7260| <<kvm_fast_pio>> return ret && kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/x86.c|7657| <<kvm_emulate_halt>> int ret = kvm_skip_emulated_instruction(vcpu);
+ *   - arch/x86/kvm/x86.c|7806| <<kvm_emulate_hypercall>> return kvm_skip_emulated_instruction(vcpu);
+ */
 int kvm_skip_emulated_instruction(struct kvm_vcpu *vcpu)
 {
 	unsigned long rflags = kvm_x86_ops->get_rflags(vcpu);
@@ -6569,6 +6954,10 @@ int kvm_skip_emulated_instruction(struct kvm_vcpu *vcpu)
 }
 EXPORT_SYMBOL_GPL(kvm_skip_emulated_instruction);
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|6998| <<x86_emulate_instruction>> kvm_vcpu_check_breakpoint(vcpu, &r))
+ */
 static bool kvm_vcpu_check_breakpoint(struct kvm_vcpu *vcpu, int *r)
 {
 	if (unlikely(vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP) &&
@@ -6639,6 +7028,12 @@ static bool is_vmware_backdoor_opcode(struct x86_emulate_ctxt *ctxt)
 	return false;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/mmu.c|5594| <<kvm_mmu_page_fault>> return x86_emulate_instruction(vcpu, cr2, emulation_type, insn,
+ *   - arch/x86/kvm/x86.c|6824| <<kvm_emulate_instruction>> return x86_emulate_instruction(vcpu, 0, emulation_type, NULL, 0);
+ *   - arch/x86/kvm/x86.c|6831| <<kvm_emulate_instruction_from_buffer>> return x86_emulate_instruction(vcpu, 0, 0, insn, insn_len);
+ */
 int x86_emulate_instruction(struct kvm_vcpu *vcpu,
 			    unsigned long cr2,
 			    int emulation_type,
@@ -6802,6 +7197,25 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu,
 	return r;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/svm.c|792| <<skip_emulated_instruction>> if (!kvm_emulate_instruction(vcpu, EMULTYPE_SKIP))
+ *   - arch/x86/kvm/svm.c|2798| <<gp_interception>> return kvm_emulate_instruction(vcpu, EMULTYPE_VMWARE_GP);
+ *   - arch/x86/kvm/svm.c|2896| <<io_interception>> return kvm_emulate_instruction(vcpu, 0);
+ *   - arch/x86/kvm/svm.c|3938| <<invlpg_interception>> return kvm_emulate_instruction(&svm->vcpu, 0);
+ *   - arch/x86/kvm/svm.c|3946| <<emulate_on_interception>> return kvm_emulate_instruction(&svm->vcpu, 0);
+ *   - arch/x86/kvm/svm.c|4740| <<avic_unaccelerated_access_interception>> ret = kvm_emulate_instruction(&svm->vcpu, 0);
+ *   - arch/x86/kvm/vmx/vmx.c|1588| <<skip_emulated_instruction>> if (!kvm_emulate_instruction(vcpu, EMULTYPE_SKIP))
+ *   - arch/x86/kvm/vmx/vmx.c|4551| <<handle_rmode_exception>> if (kvm_emulate_instruction(vcpu, 0)) {
+ *   - arch/x86/kvm/vmx/vmx.c|4628| <<handle_exception_nmi>> return kvm_emulate_instruction(vcpu, EMULTYPE_VMWARE_GP);
+ *   - arch/x86/kvm/vmx/vmx.c|4725| <<handle_io>> return kvm_emulate_instruction(vcpu, 0);
+ *   - arch/x86/kvm/vmx/vmx.c|4799| <<handle_desc>> return kvm_emulate_instruction(vcpu, 0);
+ *   - arch/x86/kvm/vmx/vmx.c|4995| <<handle_invd>> return kvm_emulate_instruction(vcpu, 0);
+ *   - arch/x86/kvm/vmx/vmx.c|5048| <<handle_apic_access>> return kvm_emulate_instruction(vcpu, 0);
+ *   - arch/x86/kvm/vmx/vmx.c|5230| <<handle_invalid_guest_state>> if (!kvm_emulate_instruction(vcpu, 0))
+ *   - arch/x86/kvm/x86.c|5521| <<handle_ud>> return kvm_emulate_instruction(vcpu, emul_type);
+ *   - arch/x86/kvm/x86.c|8458| <<complete_emulated_io>> r = kvm_emulate_instruction(vcpu, EMULTYPE_NO_DECODE);
+ */
 int kvm_emulate_instruction(struct kvm_vcpu *vcpu, int emulation_type)
 {
 	return x86_emulate_instruction(vcpu, 0, emulation_type, NULL, 0);
@@ -6904,6 +7318,11 @@ static int kvm_fast_pio_in(struct kvm_vcpu *vcpu, int size,
 	return 0;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/svm.c|2902| <<io_interception>> return kvm_fast_pio(&svm->vcpu, size, port, in);
+ *   - arch/x86/kvm/vmx/vmx.c|4731| <<handle_io>> return kvm_fast_pio(vcpu, size, port, in);
+ */
 int kvm_fast_pio(struct kvm_vcpu *vcpu, int size, unsigned short port, int in)
 {
 	int ret;
@@ -7100,14 +7519,37 @@ static void kvm_timer_init(void)
 			  kvmclock_cpu_online, kvmclock_cpu_down_prep);
 }
 
+/*
+ * 在以下使用current_vcpu:
+ *   - arch/x86/kvm/x86.h|351| <<global>> DECLARE_PER_CPU(struct kvm_vcpu *, current_vcpu);
+ *   - arch/x86/kvm/hyperv.c|1364| <<kvm_hv_flush_tlb>> static u64 kvm_hv_flush_tlb(struct kvm_vcpu *current_vcpu, u64 ingpa,
+ *   - arch/x86/kvm/hyperv.c|1367| <<kvm_hv_flush_tlb>> struct kvm *kvm = current_vcpu->kvm;
+ *   - arch/x86/kvm/hyperv.c|1368| <<kvm_hv_flush_tlb>> struct kvm_vcpu_hv *hv_vcpu = &current_vcpu->arch.hyperv;
+ *   - arch/x86/kvm/hyperv.c|1467| <<kvm_hv_send_ipi>> static u64 kvm_hv_send_ipi(struct kvm_vcpu *current_vcpu, u64 ingpa, u64 outgpa,
+ *   - arch/x86/kvm/hyperv.c|1470| <<kvm_hv_send_ipi>> struct kvm *kvm = current_vcpu->kvm;
+ *   - arch/x86/kvm/x86.c|7527| <<kvm_is_in_guest>> return __this_cpu_read(current_vcpu) != NULL;
+ *   - arch/x86/kvm/x86.c|7534| <<kvm_is_user_mode>> if (__this_cpu_read(current_vcpu))
+ *   - arch/x86/kvm/x86.c|7535| <<kvm_is_user_mode>> user_mode = kvm_x86_ops->get_cpl(__this_cpu_read(current_vcpu));
+ *   - arch/x86/kvm/x86.c|7544| <<kvm_get_guest_ip>> if (__this_cpu_read(current_vcpu))
+ *   - arch/x86/kvm/x86.c|7545| <<kvm_get_guest_ip>> ip = kvm_rip_read(__this_cpu_read(current_vcpu));
+ *   - arch/x86/kvm/x86.c|7552| <<kvm_handle_intel_pt_intr>> struct kvm_vcpu *vcpu = __this_cpu_read(current_vcpu);
+ *   - arch/x86/kvm/x86.h|355| <<kvm_before_interrupt>> __this_cpu_write(current_vcpu, vcpu);
+ *   - arch/x86/kvm/x86.h|360| <<kvm_after_interrupt>> __this_cpu_write(current_vcpu, NULL);
+ */
 DEFINE_PER_CPU(struct kvm_vcpu *, current_vcpu);
 EXPORT_PER_CPU_SYMBOL_GPL(current_vcpu);
 
+/*
+ * struct perf_guest_info_callbacks kvm_guest_cbs.is_in_guest = kvm_is_in_guest;
+ */
 int kvm_is_in_guest(void)
 {
 	return __this_cpu_read(current_vcpu) != NULL;
 }
 
+/*
+ * struct perf_guest_info_callbacks kvm_guest_cbs.is_user_mode = kvm_is_user_mode();
+ */
 static int kvm_is_user_mode(void)
 {
 	int user_mode = 3;
@@ -7118,6 +7560,9 @@ static int kvm_is_user_mode(void)
 	return user_mode != 0;
 }
 
+/*
+ * struct perf_guest_info_callbacks kvm_guest_cbs.get_guest_ip = kvm_get_guest_ip();
+ */
 static unsigned long kvm_get_guest_ip(void)
 {
 	unsigned long ip = 0;
@@ -7128,6 +7573,9 @@ static unsigned long kvm_get_guest_ip(void)
 	return ip;
 }
 
+/*
+ * struct perf_guest_info_callbacks kvm_guest_cbs.handle_intel_pt_intr = kvm_handle_intel_pt_intr();
+ */
 static void kvm_handle_intel_pt_intr(void)
 {
 	struct kvm_vcpu *vcpu = __this_cpu_read(current_vcpu);
@@ -7137,6 +7585,11 @@ static void kvm_handle_intel_pt_intr(void)
 			(unsigned long *)&vcpu->arch.pmu.global_status);
 }
 
+/*
+ * 在以下使用kvm_guest_cbs:
+ *   - arch/x86/kvm/x86.c|7664| <<kvm_arch_init>> perf_register_guest_info_callbacks(&kvm_guest_cbs);
+ *   - arch/x86/kvm/x86.c|7696| <<kvm_arch_exit>> perf_unregister_guest_info_callbacks(&kvm_guest_cbs);
+ */
 static struct perf_guest_info_callbacks kvm_guest_cbs = {
 	.is_in_guest		= kvm_is_in_guest,
 	.is_user_mode		= kvm_is_user_mode,
@@ -7183,6 +7636,11 @@ static int pvclock_gtod_notify(struct notifier_block *nb, unsigned long unused,
 	return 0;
 }
 
+/*
+ * 在以下使用pvclock_gtod_notifier:
+ *   - arch/x86/kvm/x86.c|7683| <<kvm_arch_init>> pvclock_gtod_register_notifier(&pvclock_gtod_notifier);
+ *   - arch/x86/kvm/x86.c|7713| <<kvm_arch_exit>> pvclock_gtod_unregister_notifier(&pvclock_gtod_notifier);
+ */
 static struct notifier_block pvclock_gtod_notifier = {
 	.notifier_call = pvclock_gtod_notify,
 };
@@ -7307,6 +7765,12 @@ int kvm_vcpu_halt(struct kvm_vcpu *vcpu)
 }
 EXPORT_SYMBOL_GPL(kvm_vcpu_halt);
 
+/*
+ * called by:
+ *   - arch/x86/kvm/vmx/vmx.c|5546| <<global>> kvm_vmx_exit_handlers[EXIT_REASON_HLT] = kvm_emulate_halt,
+ *   - arch/x86/kvm/svm.c|2923| <<halt_interception>> return kvm_emulate_halt(&svm->vcpu);
+ *   - arch/x86/kvm/vmx/vmx.c|5930| <<vmx_handle_exit>> return kvm_emulate_halt(vcpu);
+ */
 int kvm_emulate_halt(struct kvm_vcpu *vcpu)
 {
 	int ret = kvm_skip_emulated_instruction(vcpu);
@@ -7380,6 +7844,11 @@ void kvm_vcpu_deactivate_apicv(struct kvm_vcpu *vcpu)
 	kvm_x86_ops->refresh_apicv_exec_ctrl(vcpu);
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|7860| <<kvm_emulate_hypercall>> kvm_sched_yield(vcpu->kvm, a1);
+ *   - arch/x86/kvm/x86.c|7872| <<kvm_emulate_hypercall>> kvm_sched_yield(vcpu->kvm, a0);
+ */
 static void kvm_sched_yield(struct kvm *kvm, unsigned long dest_id)
 {
 	struct kvm_vcpu *target = NULL;
@@ -7519,6 +7988,10 @@ static void update_cr8_intercept(struct kvm_vcpu *vcpu)
 	kvm_x86_ops->update_cr8_intercept(vcpu, tpr, max_irr);
 }
 
+/*
+ * 处理KVM_REQ_EVENT:
+ *   - arch/x86/kvm/x86.c|8608| <<vcpu_enter_guest>> if (inject_pending_event(vcpu, req_int_win) != 0)
+ */
 static int inject_pending_event(struct kvm_vcpu *vcpu, bool req_int_win)
 {
 	int r;
@@ -7631,6 +8104,12 @@ static int inject_pending_event(struct kvm_vcpu *vcpu, bool req_int_win)
 	return 0;
 }
 
+/*
+ * KVM_REQ_NMI:
+ *   - arch/x86/kvm/x86.c|3989| <<kvm_vcpu_ioctl_x86_get_vcpu_events>> process_nmi(vcpu);
+ *   - arch/x86/kvm/x86.c|4080| <<kvm_vcpu_ioctl_x86_set_vcpu_events>> process_nmi(vcpu);
+ *   - arch/x86/kvm/x86.c|8550| <<vcpu_enter_guest>> process_nmi(vcpu); --> 处理KVM_REQ_NMI
+ */
 static void process_nmi(struct kvm_vcpu *vcpu)
 {
 	unsigned limit = 2;
@@ -7902,11 +8381,34 @@ void kvm_make_scan_ioapic_request_mask(struct kvm *kvm,
 	free_cpumask_var(cpus);
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/ioapic.c|267| <<kvm_arch_post_irq_ack_notifier_list_update>> kvm_make_scan_ioapic_request(kvm);
+ *   - arch/x86/kvm/ioapic.c|353| <<ioapic_write_indirect>> kvm_make_scan_ioapic_request(ioapic->kvm);
+ *   - arch/x86/kvm/ioapic.c|694| <<kvm_set_ioapic>> kvm_make_scan_ioapic_request(kvm);
+ *   - arch/x86/kvm/irq_comm.c|394| <<kvm_arch_post_irq_routing_update>> kvm_make_scan_ioapic_request(kvm);
+ *   - arch/x86/kvm/lapic.c|256| <<recalculate_apic_map>> kvm_make_scan_ioapic_request(kvm);
+ */
 void kvm_make_scan_ioapic_request(struct kvm *kvm)
 {
 	kvm_make_all_cpus_request(kvm, KVM_REQ_SCAN_IOAPIC);
 }
 
+/*
+ * [0] vcpu_scan_ioapic
+ * [0] kvm_arch_vcpu_ioctl_run
+ * [0] kvm_vcpu_ioctl
+ * [0] do_vfs_ioctl
+ * [0] ksys_ioctl
+ * [0] __x64_sys_ioctl
+ * [0] do_syscall_64
+ * [0] entry_SYSCALL_64_after_hwframe
+ *
+ * called by:
+ *   - arch/x86/kvm/x86.c|8075| <<vcpu_enter_guest>> vcpu_scan_ioapic(vcpu);
+ * 8074                 if (kvm_check_request(KVM_REQ_SCAN_IOAPIC, vcpu))
+ * 8075                         vcpu_scan_ioapic(vcpu);
+ */
 static void vcpu_scan_ioapic(struct kvm_vcpu *vcpu)
 {
 	if (!kvm_apic_present(vcpu))
@@ -7991,6 +8493,10 @@ EXPORT_SYMBOL_GPL(__kvm_request_immediate_exit);
  * exiting to the userspace.  Otherwise, the value will be returned to the
  * userspace.
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|8859| <<vcpu_run>> r = vcpu_enter_guest(vcpu);
+ */
 static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
 {
 	int r;
@@ -8000,6 +8506,13 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
 
 	bool req_immediate_exit = false;
 
+	/*
+	 * x86下调用的例子:
+	 *   - arch/x86/kvm/x86.c|8003| <<vcpu_enter_guest>> if (kvm_request_pending(vcpu)) {
+	 *   - arch/x86/kvm/x86.c|8182| <<vcpu_enter_guest>> if (vcpu->mode == EXITING_GUEST_MODE || kvm_request_pending(vcpu)
+	 *
+	 * 返回vcpu->requests (u64)
+	 */
 	if (kvm_request_pending(vcpu)) {
 		if (kvm_check_request(KVM_REQ_GET_VMCS12_PAGES, vcpu)) {
 			if (unlikely(!kvm_x86_ops->get_vmcs12_pages(vcpu))) {
@@ -8139,6 +8652,12 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
 		}
 	}
 
+	/*
+	 * called by:
+	 *   - arch/x86/kvm/vmx/nested.c|5234| <<nested_vmx_eptp_switching>> kvm_mmu_reload(vcpu);
+	 *   - arch/x86/kvm/x86.c|8142| <<vcpu_enter_guest>> r = kvm_mmu_reload(vcpu);
+	 *   - arch/x86/kvm/x86.c|10009| <<kvm_arch_async_page_ready>> r = kvm_mmu_reload(vcpu);
+	 */
 	r = kvm_mmu_reload(vcpu);
 	if (unlikely(r)) {
 		goto cancel_injection;
@@ -8146,6 +8665,10 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
 
 	preempt_disable();
 
+	/*
+	 * vmx_prepare_switch_to_guest()
+	 * svm_prepare_guest_switch()
+	 */
 	kvm_x86_ops->prepare_guest_switch(vcpu);
 
 	/*
@@ -8211,6 +8734,10 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
 		vcpu->arch.switch_db_regs &= ~KVM_DEBUGREG_RELOAD;
 	}
 
+	/*
+	 * vmx_vcpu_run()
+	 * svm_vcpu_run()
+	 */
 	kvm_x86_ops->run(vcpu);
 
 	/*
@@ -8243,6 +8770,10 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
 	vcpu->mode = OUTSIDE_GUEST_MODE;
 	smp_wmb();
 
+	/*
+	 * vmx_handle_exit_irqoff()
+	 * svm_handle_exit_irqoff()
+	 */
 	kvm_x86_ops->handle_exit_irqoff(vcpu);
 
 	/*
@@ -8287,6 +8818,10 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
 		kvm_lapic_sync_from_vapic(vcpu);
 
 	vcpu->arch.gpa_available = false;
+	/*
+	 * vmx: vmx_handle_exit()
+	 * svm: handle_exit()
+	 */
 	r = kvm_x86_ops->handle_exit(vcpu);
 	return r;
 
@@ -8332,6 +8867,11 @@ static inline int vcpu_block(struct kvm *kvm, struct kvm_vcpu *vcpu)
 	return 1;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|8858| <<vcpu_run>> if (kvm_vcpu_running(vcpu)) {
+ *   - arch/x86/kvm/x86.c|10452| <<kvm_arch_vcpu_runnable>> return kvm_vcpu_running(vcpu) || kvm_vcpu_has_events(vcpu);
+ */
 static inline bool kvm_vcpu_running(struct kvm_vcpu *vcpu)
 {
 	if (is_guest_mode(vcpu) && kvm_x86_ops->check_nested_events)
@@ -8341,6 +8881,10 @@ static inline bool kvm_vcpu_running(struct kvm_vcpu *vcpu)
 		!vcpu->arch.apf.halted);
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|9085| <<kvm_arch_vcpu_ioctl_run>> r = vcpu_run(vcpu);
+ */
 static int vcpu_run(struct kvm_vcpu *vcpu)
 {
 	int r;
@@ -8426,6 +8970,11 @@ static int complete_emulated_pio(struct kvm_vcpu *vcpu)
  *       copy data
  *       exit
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|7168| <<x86_emulate_instruction>> vcpu->arch.complete_userspace_io = complete_emulated_mmio;
+ *   - arch/x86/kvm/x86.c|8994| <<complete_emulated_mmio>> vcpu->arch.complete_userspace_io = complete_emulated_mmio;
+ */
 static int complete_emulated_mmio(struct kvm_vcpu *vcpu)
 {
 	struct kvm_run *run = vcpu->run;
@@ -8760,6 +9309,11 @@ int kvm_arch_vcpu_ioctl_set_mpstate(struct kvm_vcpu *vcpu,
 	return ret;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/svm.c|3916| <<task_switch_interception>> return kvm_task_switch(&svm->vcpu, tss_selector, int_vec, reason,
+ *   - arch/x86/kvm/vmx/vmx.c|5123| <<handle_task_switch>> return kvm_task_switch(vcpu, tss_selector,
+ */
 int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int idt_index,
 		    int reason, bool has_error_code, u32 error_code)
 {
@@ -9092,6 +9646,10 @@ void kvm_arch_vcpu_free(struct kvm_vcpu *vcpu)
 	free_cpumask_var(wbinvd_dirty_mask);
 }
 
+/*
+ * called by:
+ *   - virt/kvm/kvm_main.c|2734| <<kvm_vm_ioctl_create_vcpu>> vcpu = kvm_arch_vcpu_create(kvm, id);
+ */
 struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm,
 						unsigned int id)
 {
@@ -9364,6 +9922,7 @@ int kvm_arch_hardware_setup(void)
 	if (boot_cpu_has(X86_FEATURE_XSAVES))
 		rdmsrl(MSR_IA32_XSS, host_xss);
 
+	/* 只在这里调用 */
 	kvm_init_msr_list();
 	return 0;
 }
@@ -9389,9 +9948,20 @@ bool kvm_vcpu_is_bsp(struct kvm_vcpu *vcpu)
 	return (vcpu->arch.apic_base & MSR_IA32_APICBASE_BSP) != 0;
 }
 
+/*
+ * 在以下使用kvm_no_apic_vcpu:
+ *   - arch/x86/kvm/lapic.h|166| <<lapic_in_kernel>> if (static_key_false(&kvm_no_apic_vcpu))
+ *   - arch/x86/kvm/x86.c|9438| <<kvm_arch_vcpu_init>> static_key_slow_inc(&kvm_no_apic_vcpu);
+ *   - arch/x86/kvm/x86.c|9497| <<kvm_arch_vcpu_uninit>> static_key_slow_dec(&kvm_no_apic_vcpu);
+ */
 struct static_key kvm_no_apic_vcpu __read_mostly;
 EXPORT_SYMBOL_GPL(kvm_no_apic_vcpu);
 
+/*
+ * mips, powerpc, s390和arm也都有对应的实现
+ * called by:
+ *   - virt/kvm/kvm_main.c|353| <<kvm_vcpu_init>> r = kvm_arch_vcpu_init(vcpu);
+ */
 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
 {
 	struct page *page;
@@ -9998,6 +10568,11 @@ void kvm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags)
 }
 EXPORT_SYMBOL_GPL(kvm_set_rflags);
 
+/*
+ * =======================================
+ * 下面是apf
+ */
+
 void kvm_arch_async_page_ready(struct kvm_vcpu *vcpu, struct kvm_async_pf *work)
 {
 	int r;
@@ -10199,6 +10774,11 @@ bool kvm_arch_can_inject_async_page_present(struct kvm_vcpu *vcpu)
 		return kvm_can_do_async_pf(vcpu);
 }
 
+/*
+ * 上面是apf
+ * =====================================
+ */
+
 void kvm_arch_start_assignment(struct kvm *kvm)
 {
 	atomic_inc(&kvm->arch.assigned_device_count);
@@ -10240,6 +10820,10 @@ bool kvm_arch_has_irq_bypass(void)
 	return true;
 }
 
+/*
+ * called by:
+ *   - virt/kvm/eventfd.c|423| <<kvm_irqfd_assign>> irqfd->consumer.add_producer = kvm_arch_irq_bypass_add_producer;
+ */
 int kvm_arch_irq_bypass_add_producer(struct irq_bypass_consumer *cons,
 				      struct irq_bypass_producer *prod)
 {
@@ -10280,6 +10864,11 @@ int kvm_arch_update_irqfd_routing(struct kvm *kvm, unsigned int host_irq,
 	return kvm_x86_ops->update_pi_irte(kvm, host_irq, guest_irq, set);
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/irq_comm.c|79| <<kvm_irq_delivery_to_apic>> if (!kvm_vector_hashing_enabled()) {
+ *   - arch/x86/kvm/lapic.c|923| <<kvm_apic_map_get_dest_lapic>> if (!kvm_vector_hashing_enabled()) {
+ */
 bool kvm_vector_hashing_enabled(void)
 {
 	return vector_hashing;
diff --git a/drivers/cpuidle/driver.c b/drivers/cpuidle/driver.c
index ce6a5f80fb83..56ddf3e8c720 100644
--- a/drivers/cpuidle/driver.c
+++ b/drivers/cpuidle/driver.c
@@ -262,6 +262,15 @@ static void __cpuidle_unregister_driver(struct cpuidle_driver *drv)
  * Returns 0 on success, a negative error code (returned by
  * __cpuidle_register_driver()) otherwise.
  */
+/*
+ * called by:
+ *   - arch/x86/kernel/apm_32.c|2378| <<apm_init>> if (!cpuidle_register_driver(&apm_idle_driver))
+ *   - drivers/acpi/processor_idle.c|1458| <<acpi_processor_power_init>> retval = cpuidle_register_driver(&acpi_idle_driver);
+ *   - drivers/cpuidle/cpuidle-cps.c|152| <<cps_cpuidle_init>> err = cpuidle_register_driver(&cps_driver);
+ *   - drivers/cpuidle/cpuidle-haltpoll.c|108| <<haltpoll_init>> ret = cpuidle_register_driver(drv);
+ *   - drivers/cpuidle/cpuidle.c|699| <<cpuidle_register>> ret = cpuidle_register_driver(drv);
+ *   - drivers/idle/intel_idle.c|1445| <<intel_idle_init>> retval = cpuidle_register_driver(&intel_idle_driver);
+ */
 int cpuidle_register_driver(struct cpuidle_driver *drv)
 {
 	struct cpuidle_governor *gov;
diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c
index 379a02c36e37..4541d9813197 100644
--- a/drivers/vfio/pci/vfio_pci.c
+++ b/drivers/vfio/pci/vfio_pci.c
@@ -260,6 +260,10 @@ int vfio_pci_set_power_state(struct vfio_pci_device *vdev, pci_power_t state)
 	return ret;
 }
 
+/*
+ * called by:
+ *   - drivers/vfio/pci/vfio_pci.c|496| <<vfio_pci_open>> ret = vfio_pci_enable(vdev);
+ */
 static int vfio_pci_enable(struct vfio_pci_device *vdev)
 {
 	struct pci_dev *pdev = vdev->pdev;
@@ -466,6 +470,8 @@ static void vfio_pci_disable(struct vfio_pci_device *vdev)
 		vfio_pci_set_power_state(vdev, PCI_D3hot);
 }
 
+/*struct vfio_device_ops vfio_pci_ops.release = vfio_pci_release()
+ */
 static void vfio_pci_release(void *device_data)
 {
 	struct vfio_pci_device *vdev = device_data;
@@ -482,6 +488,9 @@ static void vfio_pci_release(void *device_data)
 	module_put(THIS_MODULE);
 }
 
+/*
+ * struct vfio_device_ops vfio_pci_ops.open = vfio_pci_open()
+ */
 static int vfio_pci_open(void *device_data)
 {
 	struct vfio_pci_device *vdev = device_data;
@@ -691,6 +700,9 @@ int vfio_pci_register_dev_region(struct vfio_pci_device *vdev,
 	return 0;
 }
 
+/*
+ * struct vfio_device_ops vfio_pci_ops.ioctl = vfio_pci_ioctl()
+ */
 static long vfio_pci_ioctl(void *device_data,
 			   unsigned int cmd, unsigned long arg)
 {
@@ -1145,6 +1157,11 @@ static long vfio_pci_ioctl(void *device_data,
 	return -ENOTTY;
 }
 
+/*
+ * called by:
+ *   - drivers/vfio/pci/vfio_pci.c|1186| <<vfio_pci_read>> return vfio_pci_rw(device_data, buf, count, ppos, false);
+ *   - drivers/vfio/pci/vfio_pci.c|1195| <<vfio_pci_write>> return vfio_pci_rw(device_data, (char __user *)buf, count, ppos, true);
+ */
 static ssize_t vfio_pci_rw(void *device_data, char __user *buf,
 			   size_t count, loff_t *ppos, bool iswrite)
 {
@@ -1177,6 +1194,9 @@ static ssize_t vfio_pci_rw(void *device_data, char __user *buf,
 	return -EINVAL;
 }
 
+/*
+ * struct vfio_device_ops vfio_pci_ops.read = vfio_pci_read()
+ */
 static ssize_t vfio_pci_read(void *device_data, char __user *buf,
 			     size_t count, loff_t *ppos)
 {
@@ -1186,6 +1206,9 @@ static ssize_t vfio_pci_read(void *device_data, char __user *buf,
 	return vfio_pci_rw(device_data, buf, count, ppos, false);
 }
 
+/*
+ * struct vfio_device_ops vfio_pci_ops.write = vfio_pci_write()
+ */
 static ssize_t vfio_pci_write(void *device_data, const char __user *buf,
 			      size_t count, loff_t *ppos)
 {
@@ -1195,6 +1218,9 @@ static ssize_t vfio_pci_write(void *device_data, const char __user *buf,
 	return vfio_pci_rw(device_data, (char __user *)buf, count, ppos, true);
 }
 
+/*
+ * struct vfio_device_ops vfio_pci_ops.mmap = vfio_pci_mmap()
+ */
 static int vfio_pci_mmap(void *device_data, struct vm_area_struct *vma)
 {
 	struct vfio_pci_device *vdev = device_data;
@@ -1253,10 +1279,25 @@ static int vfio_pci_mmap(void *device_data, struct vm_area_struct *vma)
 	vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
 	vma->vm_pgoff = (pci_resource_start(pdev, index) >> PAGE_SHIFT) + pgoff;
 
+	/*
+	 * remap_pfn_range - remap kernel memory to userspace
+	 * @vma: user vma to map to
+	 * @addr: target user address to start at
+	 * @pfn: physical address of kernel memory
+	 * @size: size of map area
+	 * @prot: page protection flags for this mapping
+	 *
+	 * Note: this is only safe if the mm semaphore is held when called.
+	 *
+	 * Return: %0 on success, negative error code otherwise.
+	 */
 	return remap_pfn_range(vma, vma->vm_start, vma->vm_pgoff,
 			       req_len, vma->vm_page_prot);
 }
 
+/*
+ * struct vfio_device_ops vfio_pci_ops.request = vfio_pci_request()
+ */
 static void vfio_pci_request(void *device_data, unsigned int count)
 {
 	struct vfio_pci_device *vdev = device_data;
@@ -1278,6 +1319,10 @@ static void vfio_pci_request(void *device_data, unsigned int count)
 	mutex_unlock(&vdev->igate);
 }
 
+/*
+ * 在以下使用vfio_pci_ops:
+ *   - drivers/vfio/pci/vfio_pci.c|1334| <<vfio_pci_probe>> ret = vfio_add_group_dev(&pdev->dev, &vfio_pci_ops, vdev);
+ */
 static const struct vfio_device_ops vfio_pci_ops = {
 	.name		= "vfio-pci",
 	.open		= vfio_pci_open,
diff --git a/drivers/vfio/pci/vfio_pci_config.c b/drivers/vfio/pci/vfio_pci_config.c
index 90c0b80f8acf..2472e638796b 100644
--- a/drivers/vfio/pci/vfio_pci_config.c
+++ b/drivers/vfio/pci/vfio_pci_config.c
@@ -1831,6 +1831,10 @@ static ssize_t vfio_config_do_rw(struct vfio_pci_device *vdev, char __user *buf,
 	return ret;
 }
 
+/*
+ * called by (只在vfio_pci_rw()处理VFIO_PCI_CONFIG_REGION_INDEX):
+ *   - drivers/vfio/pci/vfio_pci.c|1164| <<vfio_pci_rw>> return vfio_pci_config_rw(vdev, buf, count, ppos, iswrite);
+ */
 ssize_t vfio_pci_config_rw(struct vfio_pci_device *vdev, char __user *buf,
 			   size_t count, loff_t *ppos, bool iswrite)
 {
diff --git a/drivers/vfio/pci/vfio_pci_intrs.c b/drivers/vfio/pci/vfio_pci_intrs.c
index 2056f3f85f59..980c3caad1d9 100644
--- a/drivers/vfio/pci/vfio_pci_intrs.c
+++ b/drivers/vfio/pci/vfio_pci_intrs.c
@@ -25,6 +25,14 @@
 /*
  * INTx
  */
+/*
+ * called by:
+ *   - drivers/vfio/pci/vfio_pci_intrs.c|113| <<vfio_pci_intx_unmask>> vfio_send_intx_eventfd(vdev, NULL);
+ *   - drivers/vfio/pci/vfio_pci_intrs.c|137| <<vfio_intx_handler>> vfio_send_intx_eventfd(vdev, NULL);
+ *   - drivers/vfio/pci/vfio_pci_intrs.c|441| <<vfio_pci_set_intx_unmask>> vfio_send_intx_eventfd, NULL,
+ *   - drivers/vfio/pci/vfio_pci_intrs.c|504| <<vfio_pci_set_intx_trigger>> vfio_send_intx_eventfd(vdev, NULL);
+ *   - drivers/vfio/pci/vfio_pci_intrs.c|508| <<vfio_pci_set_intx_trigger>> vfio_send_intx_eventfd(vdev, NULL);
+ */
 static void vfio_send_intx_eventfd(void *opaque, void *unused)
 {
 	struct vfio_pci_device *vdev = opaque;
@@ -113,6 +121,10 @@ void vfio_pci_intx_unmask(struct vfio_pci_device *vdev)
 		vfio_send_intx_eventfd(vdev, NULL);
 }
 
+/*
+ * 在以下使用vfio_intx_handler():
+ *   - drivers/vfio/pci/vfio_pci_intrs.c|205| <<vfio_intx_set_signal>> ret = request_irq(pdev->irq, vfio_intx_handler,
+ */
 static irqreturn_t vfio_intx_handler(int irq, void *dev_id)
 {
 	struct vfio_pci_device *vdev = dev_id;
@@ -168,6 +180,12 @@ static int vfio_intx_enable(struct vfio_pci_device *vdev)
 	return 0;
 }
 
+/*
+ * called by:
+ *   - drivers/vfio/pci/vfio_pci_intrs.c|230| <<vfio_intx_disable>> vfio_intx_set_signal(vdev, -1);
+ *   - drivers/vfio/pci/vfio_pci_intrs.c|487| <<vfio_pci_set_intx_trigger>> return vfio_intx_set_signal(vdev, fd);
+ *   - drivers/vfio/pci/vfio_pci_intrs.c|493| <<vfio_pci_set_intx_trigger>> ret = vfio_intx_set_signal(vdev, fd);
+ */
 static int vfio_intx_set_signal(struct vfio_pci_device *vdev, int fd)
 {
 	struct pci_dev *pdev = vdev->pdev;
@@ -236,6 +254,10 @@ static void vfio_intx_disable(struct vfio_pci_device *vdev)
 /*
  * MSI/MSI-X
  */
+/*
+ * 在以下使用vfio_msihandler:
+ *   - drivers/vfio/pci/vfio_pci_intrs.c|333| <<vfio_msi_set_vector_signal>> ret = request_irq(irq, vfio_msihandler, 0,
+ */
 static irqreturn_t vfio_msihandler(int irq, void *arg)
 {
 	struct eventfd_ctx *trigger = arg;
@@ -244,6 +266,10 @@ static irqreturn_t vfio_msihandler(int irq, void *arg)
 	return IRQ_HANDLED;
 }
 
+/*
+ * called by:
+ *   - drivers/vfio/pci/vfio_pci_intrs.c|532| <<vfio_pci_set_msi_trigger>> ret = vfio_msi_enable(vdev, start + count, msix);
+ */
 static int vfio_msi_enable(struct vfio_pci_device *vdev, int nvec, bool msix)
 {
 	struct pci_dev *pdev = vdev->pdev;
@@ -281,6 +307,11 @@ static int vfio_msi_enable(struct vfio_pci_device *vdev, int nvec, bool msix)
 	return 0;
 }
 
+/*
+ * called by:
+ *   - drivers/vfio/pci/vfio_pci_intrs.c|364| <<vfio_msi_set_block>> ret = vfio_msi_set_vector_signal(vdev, j, fd, msix);
+ *   - drivers/vfio/pci/vfio_pci_intrs.c|369| <<vfio_msi_set_block>> vfio_msi_set_vector_signal(vdev, j, -1, msix);
+ */
 static int vfio_msi_set_vector_signal(struct vfio_pci_device *vdev,
 				      int vector, int fd, bool msix)
 {
@@ -351,6 +382,12 @@ static int vfio_msi_set_vector_signal(struct vfio_pci_device *vdev,
 	return 0;
 }
 
+/*
+ * called by:
+ *   - drivers/vfio/pci/vfio_pci_intrs.c|385| <<vfio_msi_disable>> vfio_msi_set_block(vdev, 0, vdev->num_ctx, NULL, msix);
+ *   - drivers/vfio/pci/vfio_pci_intrs.c|514| <<vfio_pci_set_msi_trigger>> return vfio_msi_set_block(vdev, start, count,
+ *   - drivers/vfio/pci/vfio_pci_intrs.c|521| <<vfio_pci_set_msi_trigger>> ret = vfio_msi_set_block(vdev, start, count, fds, msix);
+ */
 static int vfio_msi_set_block(struct vfio_pci_device *vdev, unsigned start,
 			      unsigned count, int32_t *fds, bool msix)
 {
@@ -428,6 +465,10 @@ static int vfio_pci_set_intx_unmask(struct vfio_pci_device *vdev,
 	return 0;
 }
 
+/*
+ * called by:
+ *   - drivers/vfio/pci/vfio_pci_intrs.c|663| <<vfio_pci_set_irqs_ioctl>> func = vfio_pci_set_intx_trigger;
+ */
 static int vfio_pci_set_intx_mask(struct vfio_pci_device *vdev,
 				  unsigned index, unsigned start,
 				  unsigned count, uint32_t flags, void *data)
@@ -491,6 +532,10 @@ static int vfio_pci_set_intx_trigger(struct vfio_pci_device *vdev,
 	return 0;
 }
 
+/*
+ * called by:
+ *   - drivers/vfio/pci/vfio_pci_intrs.c|667| <<vfio_pci_set_irqs_ioctl>> func = vfio_pci_set_msi_trigger;
+ */
 static int vfio_pci_set_msi_trigger(struct vfio_pci_device *vdev,
 				    unsigned index, unsigned start,
 				    unsigned count, uint32_t flags, void *data)
diff --git a/drivers/vfio/pci/vfio_pci_private.h b/drivers/vfio/pci/vfio_pci_private.h
index 8a2c7607d513..8e5928eb42ef 100644
--- a/drivers/vfio/pci/vfio_pci_private.h
+++ b/drivers/vfio/pci/vfio_pci_private.h
@@ -86,8 +86,36 @@ struct vfio_pci_reflck {
 
 struct vfio_pci_device {
 	struct pci_dev		*pdev;
+	/*
+	 * 在以下使用barmap[PCI_STD_NUM_BARS]:
+	 *   - drivers/vfio/pci/vfio_pci.c|410| <<vfio_pci_disable>> if (!vdev->barmap[bar])
+	 *   - drivers/vfio/pci/vfio_pci.c|412| <<vfio_pci_disable>> pci_iounmap(pdev, vdev->barmap[bar]);
+	 *   - drivers/vfio/pci/vfio_pci.c|414| <<vfio_pci_disable>> vdev->barmap[bar] = NULL;
+	 *   - drivers/vfio/pci/vfio_pci.c|1254| <<vfio_pci_mmap>> if (!vdev->barmap[index]) {
+	 *   - drivers/vfio/pci/vfio_pci.c|1260| <<vfio_pci_mmap>> vdev->barmap[index] = pci_iomap(pdev, index, 0);
+	 *   - drivers/vfio/pci/vfio_pci.c|1261| <<vfio_pci_mmap>> if (!vdev->barmap[index]) {
+	 *   - drivers/vfio/pci/vfio_pci_rdwr.c|138| <<vfio_pci_setup_barmap>> if (vdev->barmap[bar])
+	 *   - drivers/vfio/pci/vfio_pci_rdwr.c|151| <<vfio_pci_setup_barmap>> vdev->barmap[bar] = io;
+	 *   - drivers/vfio/pci/vfio_pci_rdwr.c|200| <<vfio_pci_bar_rw>> io = vdev->barmap[bar];
+	 *   - drivers/vfio/pci/vfio_pci_rdwr.c|370| <<vfio_pci_ioeventfd>> ioeventfd->addr = vdev->barmap[bar] + pos;
+	 */
 	void __iomem		*barmap[PCI_STD_NUM_BARS];
 	bool			bar_mmap_supported[PCI_STD_NUM_BARS];
+	/*
+	 * 在以下使用pci_config_map:
+	 *   - drivers/vfio/pci/vfio_pci_config.c|1045| <<vfio_find_cap_start>> cap = vdev->pci_config_map[pos];
+	 *   - drivers/vfio/pci/vfio_pci_config.c|1051| <<vfio_find_cap_start>> while (pos - 1 >= base && vdev->pci_config_map[pos - 1] == cap)
+	 *   - drivers/vfio/pci/vfio_pci_config.c|1430| <<vfio_cap_init>> u8 *map = vdev->pci_config_map;
+	 *   - drivers/vfio/pci/vfio_pci_config.c|1515| <<vfio_ecap_init>> u8 *map = vdev->pci_config_map;
+	 *   - drivers/vfio/pci/vfio_pci_config.c|1654| <<vfio_config_init>> vdev->pci_config_map = map;
+	 *   - drivers/vfio/pci/vfio_pci_config.c|1719| <<vfio_config_init>> vdev->pci_config_map = NULL;
+	 *   - drivers/vfio/pci/vfio_pci_config.c|1729| <<vfio_config_free>> kfree(vdev->pci_config_map);
+	 *   - drivers/vfio/pci/vfio_pci_config.c|1730| <<vfio_config_free>> vdev->pci_config_map = NULL;
+	 *   - drivers/vfio/pci/vfio_pci_config.c|1742| <<vfio_pci_cap_remaining_dword>> u8 cap = vdev->pci_config_map[pos];
+	 *   - drivers/vfio/pci/vfio_pci_config.c|1745| <<vfio_pci_cap_remaining_dword>> for (i = 1; (pos + i) % 4 && vdev->pci_config_map[pos + i] == cap; i++)
+	 *   - drivers/vfio/pci/vfio_pci_config.c|1779| <<vfio_config_do_rw>> cap_id = vdev->pci_config_map[*ppos];
+	 *   - drivers/vfio/pci/vfio_pci_igd.c|104| <<vfio_pci_igd_opregion_init>> memset(vdev->pci_config_map + OPREGION_PCI_ADDR,
+	 */
 	u8			*pci_config_map;
 	u8			*vconfig;
 	struct perm_bits	*msi_perm;
@@ -99,6 +127,14 @@ struct vfio_pci_device {
 	int			num_regions;
 	struct vfio_pci_region	*region;
 	u8			msi_qmax;
+	/*
+	 * 在以下使用msix_bar:
+	 *   - drivers/vfio/pci/vfio_pci.c|327| <<vfio_pci_enable>> vdev->msix_bar = table & PCI_MSIX_TABLE_BIR;
+	 *   - drivers/vfio/pci/vfio_pci.c|331| <<vfio_pci_enable>> vdev->msix_bar = 0xFF;
+	 *   - drivers/vfio/pci/vfio_pci.c|762| <<vfio_pci_ioctl>> if (info.index == vdev->msix_bar) {
+	 *   - drivers/vfio/pci/vfio_pci_rdwr.c|203| <<vfio_pci_bar_rw>> if (bar == vdev->msix_bar) {
+	 *   - drivers/vfio/pci/vfio_pci_rdwr.c|322| <<vfio_pci_ioeventfd>> if (bar == vdev->msix_bar &&
+	 */
 	u8			msix_bar;
 	u16			msix_size;
 	u32			msix_offset;
@@ -121,6 +157,13 @@ struct vfio_pci_device {
 	struct eventfd_ctx	*req_trigger;
 	struct list_head	dummy_resources_list;
 	struct mutex		ioeventfds_lock;
+	/*
+	 * 在以下使用ioeventfds_list:
+	 *   - drivers/vfio/pci/vfio_pci.c|390| <<vfio_pci_disable>> &vdev->ioeventfds_list, next) {
+	 *   - drivers/vfio/pci/vfio_pci.c|1351| <<vfio_pci_probe>> INIT_LIST_HEAD(&vdev->ioeventfds_list);
+	 *   - drivers/vfio/pci/vfio_pci_rdwr.c|338| <<vfio_pci_ioeventfd>> list_for_each_entry(ioeventfd, &vdev->ioeventfds_list, next) {
+	 *   - drivers/vfio/pci/vfio_pci_rdwr.c|383| <<vfio_pci_ioeventfd>> list_add(&ioeventfd->next, &vdev->ioeventfds_list);
+	 */
 	struct list_head	ioeventfds_list;
 };
 
diff --git a/drivers/vfio/pci/vfio_pci_rdwr.c b/drivers/vfio/pci/vfio_pci_rdwr.c
index 0120d8324a40..e7d9d83bdbd1 100644
--- a/drivers/vfio/pci/vfio_pci_rdwr.c
+++ b/drivers/vfio/pci/vfio_pci_rdwr.c
@@ -43,6 +43,11 @@
  * reads with -1.  This is intended for handling MSI-X vector tables and
  * leftover space for ROM BARs.
  */
+/*
+ * called by:
+ *   - drivers/vfio/pci/vfio_pci_rdwr.c|208| <<vfio_pci_bar_rw>> done = do_io_rw(io, buf, pos, count, x_start, x_end, iswrite);
+ *   - drivers/vfio/pci/vfio_pci_rdwr.c|270| <<vfio_pci_vga_rw>> done = do_io_rw(iomem, buf, off, count, 0, 0, iswrite);
+ */
 static ssize_t do_io_rw(void __iomem *io, char __user *buf,
 			loff_t off, size_t count, size_t x_start,
 			size_t x_end, bool iswrite)
@@ -129,6 +134,11 @@ static ssize_t do_io_rw(void __iomem *io, char __user *buf,
 	return done;
 }
 
+/*
+ * called by:
+ *   - drivers/vfio/pci/vfio_pci_rdwr.c|196| <<vfio_pci_bar_rw>> int ret = vfio_pci_setup_barmap(vdev, bar);
+ *   - drivers/vfio/pci/vfio_pci_rdwr.c|336| <<vfio_pci_ioeventfd>> ret = vfio_pci_setup_barmap(vdev, bar);
+ */
 static int vfio_pci_setup_barmap(struct vfio_pci_device *vdev, int bar)
 {
 	struct pci_dev *pdev = vdev->pdev;
@@ -153,6 +163,11 @@ static int vfio_pci_setup_barmap(struct vfio_pci_device *vdev, int bar)
 	return 0;
 }
 
+/*
+ * 处理VFIO_PCI_ROM_REGION_INDEX或者VFIO_PCI_BAR0_REGION_INDEX ... VFIO_PCI_BAR5_REGION_INDEX:
+ *   - drivers/vfio/pci/vfio_pci.c|1164| <<vfio_pci_rw>> return vfio_pci_bar_rw(vdev, buf, count, ppos, false);
+ *   - drivers/vfio/pci/vfio_pci.c|1167| <<vfio_pci_rw>> return vfio_pci_bar_rw(vdev, buf, count, ppos, iswrite);
+ */
 ssize_t vfio_pci_bar_rw(struct vfio_pci_device *vdev, char __user *buf,
 			size_t count, loff_t *ppos, bool iswrite)
 {
@@ -211,6 +226,10 @@ ssize_t vfio_pci_bar_rw(struct vfio_pci_device *vdev, char __user *buf,
 	return done;
 }
 
+/*
+ * called by:
+ *   - drivers/vfio/pci/vfio_pci.c|1182| <<vfio_pci_rw>> return vfio_pci_vga_rw(vdev, buf, count, ppos, iswrite);
+ */
 ssize_t vfio_pci_vga_rw(struct vfio_pci_device *vdev, char __user *buf,
 			       size_t count, loff_t *ppos, bool iswrite)
 {
@@ -274,6 +293,10 @@ ssize_t vfio_pci_vga_rw(struct vfio_pci_device *vdev, char __user *buf,
 	return done;
 }
 
+/*
+ * 在以下使用vfio_pci_ioeventfd_handler():
+ *   - drivers/vfio/pci/vfio_pci_rdwr.c|380| <<vfio_pci_ioeventfd>> ret = vfio_virqfd_enable(ioeventfd, vfio_pci_ioeventfd_handler,
+ */
 static int vfio_pci_ioeventfd_handler(void *opaque, void *unused)
 {
 	struct vfio_pci_ioeventfd *ioeventfd = opaque;
@@ -298,6 +321,10 @@ static int vfio_pci_ioeventfd_handler(void *opaque, void *unused)
 	return 0;
 }
 
+/*
+ * 用来处理VFIO_DEVICE_IOEVENTFD:
+ *   - drivers/vfio/pci/vfio_pci.c|1148| <<vfio_pci_ioctl>> return vfio_pci_ioeventfd(vdev, ioeventfd.offset,
+ */
 long vfio_pci_ioeventfd(struct vfio_pci_device *vdev, loff_t offset,
 			uint64_t data, int count, int fd)
 {
diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c
index c8482624ca34..3ee62fff8e6f 100644
--- a/drivers/vfio/vfio.c
+++ b/drivers/vfio/vfio.c
@@ -37,8 +37,46 @@
 #define DRIVER_AUTHOR	"Alex Williamson <alex.williamson@redhat.com>"
 #define DRIVER_DESC	"VFIO - User Level meta-driver"
 
+/*
+ * [    1.243470] pci 0000:00:00.0: Adding to iommu group 0
+ * [    1.248484] pci 0000:00:02.0: Adding to iommu group 1
+ * [    1.248572] pci 0000:00:08.0: Adding to iommu group 2
+ * [    1.248644] pci 0000:00:12.0: Adding to iommu group 3
+ * [    1.248776] pci 0000:00:14.0: Adding to iommu group 4
+ * [    1.248789] pci 0000:00:14.2: Adding to iommu group 4
+ * [    1.248829] pci 0000:00:14.3: Adding to iommu group 4
+ * [    1.248910] pci 0000:00:15.0: Adding to iommu group 5
+ * [    1.248977] pci 0000:00:16.0: Adding to iommu group 6
+ * [    1.248989] pci 0000:00:16.3: Adding to iommu group 6
+ * [    1.249069] pci 0000:00:17.0: Adding to iommu group 7
+ * [    1.249143] pci 0000:00:1b.0: Adding to iommu group 8
+ * [    1.251231] pci 0000:00:1f.0: Adding to iommu group 9
+ * [    1.251245] pci 0000:00:1f.3: Adding to iommu group 9
+ * [    1.251257] pci 0000:00:1f.4: Adding to iommu group 9
+ * [    1.251270] pci 0000:00:1f.5: Adding to iommu group 9
+ * [    1.251283] pci 0000:00:1f.6: Adding to iommu group 9
+ * [    1.251365] pci 0000:01:00.0: Adding to iommu group 10
+
+ * # echo 0000:01:00.0 > /sys/bus/pci/devices/0000\:01\:00.0/driver/unbind
+ * # lspci -ns 01:00.0
+ * 01:00.0 0108: 1179:011a
+ * # echo "1179 011a" > /sys/bus/pci/drivers/vfio-pci/new_id
+ *
+ * # ls /dev/vfio/
+ * 10    vfio  ----> 10是group
+ */
+
 static struct vfio {
 	struct class			*class;
+	/*
+	 * 在以下使用iommu_drivers_list:
+	 *   - drivers/vfio/vfio.c|235| <<vfio_register_iommu_driver>> list_for_each_entry(tmp, &vfio.iommu_drivers_list, vfio_next) {
+	 *   - drivers/vfio/vfio.c|243| <<vfio_register_iommu_driver>> list_add(&driver->vfio_next, &vfio.iommu_drivers_list);
+	 *   - drivers/vfio/vfio.c|256| <<vfio_unregister_iommu_driver>> list_for_each_entry(driver, &vfio.iommu_drivers_list, vfio_next) {
+	 *   - drivers/vfio/vfio.c|1025| <<vfio_ioctl_check_extension>> list_for_each_entry(driver, &vfio.iommu_drivers_list,
+	 *   - drivers/vfio/vfio.c|1103| <<vfio_ioctl_set_iommu>> list_for_each_entry(driver, &vfio.iommu_drivers_list, vfio_next) {
+	 *   - drivers/vfio/vfio.c|2173| <<vfio_init>> INIT_LIST_HEAD(&vfio.iommu_drivers_list);
+	 */
 	struct list_head		iommu_drivers_list;
 	struct mutex			iommu_drivers_lock;
 	struct list_head		group_list;
@@ -58,6 +96,11 @@ struct vfio_container {
 	struct kref			kref;
 	struct list_head		group_list;
 	struct rw_semaphore		group_lock;
+	/*
+	 * 在以下设置iommu_driver:
+	 *   - drivers/vfio/vfio.c|1144| <<vfio_ioctl_set_iommu>> container->iommu_driver = driver;
+	 *   - drivers/vfio/vfio.c|1308| <<__vfio_group_unset_container>> container->iommu_driver = NULL;
+	 */
 	struct vfio_iommu_driver	*iommu_driver;
 	void				*iommu_data;
 	bool				noiommu;
@@ -74,6 +117,15 @@ struct vfio_group {
 	atomic_t			container_users;
 	struct iommu_group		*iommu_group;
 	struct vfio_container		*container;
+	/*
+	 * 在以下使用device_list:
+	 *   - drivers/vfio/vfio.c|354| <<vfio_create_group>> INIT_LIST_HEAD(&group->device_list);
+	 *   - drivers/vfio/vfio.c|426| <<vfio_group_release>> WARN_ON(!list_empty(&group->device_list));
+	 *   - drivers/vfio/vfio.c|577| <<vfio_group_create_device>> list_add(&device->group_next, &group->device_list);
+	 *   - drivers/vfio/vfio.c|621| <<vfio_group_get_device>> list_for_each_entry(device, &group->device_list, group_next) {
+	 *   - drivers/vfio/vfio.c|901| <<vfio_device_get_from_name>> list_for_each_entry(it, &group->device_list, group_next) {
+	 *   - drivers/vfio/vfio.c|1012| <<vfio_del_group_dev>> if (list_empty(&group->device_list))
+	 */
 	struct list_head		device_list;
 	struct mutex			device_lock;
 	struct device			*dev;
@@ -219,6 +271,12 @@ static const struct vfio_iommu_driver_ops vfio_noiommu_ops = {
 /**
  * IOMMU driver registration
  */
+/*
+ * called by:
+ *   - drivers/vfio/vfio.c|2203| <<vfio_init>> vfio_register_iommu_driver(&vfio_noiommu_ops);
+ *   - drivers/vfio/vfio_iommu_spapr_tce.c|1374| <<tce_iommu_init>> return vfio_register_iommu_driver(&tce_iommu_driver_ops);
+ *   - drivers/vfio/vfio_iommu_type1.c|2345| <<vfio_iommu_type1_init>> return vfio_register_iommu_driver(&vfio_iommu_driver_ops_type1);
+ */
 int vfio_register_iommu_driver(const struct vfio_iommu_driver_ops *ops)
 {
 	struct vfio_iommu_driver *driver, *tmp;
@@ -531,6 +589,10 @@ static struct vfio_group *vfio_group_get_from_dev(struct device *dev)
 /**
  * Device objects - create, release, get, put, search
  */
+/*
+ * called by:
+ *   - drivers/vfio/vfio.c|855| <<vfio_add_group_dev>> device = vfio_group_create_device(group, dev, ops, device_data);
+ */
 static
 struct vfio_device *vfio_group_create_device(struct vfio_group *group,
 					     struct device *dev,
@@ -797,6 +859,12 @@ static int vfio_iommu_group_notifier(struct notifier_block *nb,
 /**
  * VFIO driver API
  */
+/*
+ * called by:
+ *   - drivers/vfio/mdev/vfio_mdev.c|115| <<vfio_mdev_probe>> return vfio_add_group_dev(dev, &vfio_mdev_dev_ops, mdev);
+ *   - drivers/vfio/pci/vfio_pci.c|1334| <<vfio_pci_probe>> ret = vfio_add_group_dev(&pdev->dev, &vfio_pci_ops, vdev);
+ *   - drivers/vfio/platform/vfio_platform_common.c|689| <<vfio_platform_probe_common>> ret = vfio_add_group_dev(dev, &vfio_platform_ops, vdev);
+ */
 int vfio_add_group_dev(struct device *dev,
 		       const struct vfio_device_ops *ops, void *device_data)
 {
@@ -1184,6 +1252,9 @@ static long vfio_fops_unl_ioctl(struct file *filep,
 	return ret;
 }
 
+/*
+ * 核心思想是分配一个struct vfio_container用来设置为这个file的private_data
+ */
 static int vfio_fops_open(struct inode *inode, struct file *filep)
 {
 	struct vfio_container *container;
@@ -1259,6 +1330,15 @@ static int vfio_fops_mmap(struct file *filep, struct vm_area_struct *vma)
 	return ret;
 }
 
+/*
+ * static struct miscdevice vfio_dev = {
+ *	.minor = VFIO_MINOR,
+ *	.name = "vfio",
+ *	.fops = &vfio_fops,
+ *	.nodename = "vfio/vfio",
+ *	.mode = S_IRUGO | S_IWUGO,
+ * };
+ */
 static const struct file_operations vfio_fops = {
 	.owner		= THIS_MODULE,
 	.open		= vfio_fops_open,
@@ -1597,6 +1677,12 @@ static int vfio_group_fops_release(struct inode *inode, struct file *filep)
 	return 0;
 }
 
+/*
+ * 在以下使用vfio_group_fops:
+ *   - drivers/vfio/vfio.c|1710| <<vfio_group_get_external_user>> if (filep->f_op != &vfio_group_fops)
+ *   - drivers/vfio/vfio.c|1735| <<vfio_external_group_match_file>> return (filep->f_op == &vfio_group_fops) && (group == test_group);
+ *   - drivers/vfio/vfio.c|2177| <<vfio_init>> cdev_init(&vfio.group_cdev, &vfio_group_fops);
+ */
 static const struct file_operations vfio_group_fops = {
 	.owner		= THIS_MODULE,
 	.unlocked_ioctl	= vfio_group_fops_unl_ioctl,
@@ -2131,6 +2217,10 @@ EXPORT_SYMBOL(vfio_unregister_notifier);
 /**
  * Module/class support
  */
+/*
+ * 在以下使用vfio_devnode():
+ *   - drivers/vfio/vfio.c|2212| <<vfio_init>> vfio.class->devnode = vfio_devnode;
+ */
 static char *vfio_devnode(struct device *dev, umode_t *mode)
 {
 	return kasprintf(GFP_KERNEL, "vfio/%s", dev_name(dev));
@@ -2148,6 +2238,9 @@ static int __init vfio_init(void)
 {
 	int ret;
 
+	/*
+	 * struct vfio vfio在文件的一开始定义
+	 */
 	idr_init(&vfio.group_idr);
 	mutex_init(&vfio.group_lock);
 	mutex_init(&vfio.iommu_drivers_lock);
diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
index 2ada8e6cdb88..25101cedb504 100644
--- a/drivers/vfio/vfio_iommu_type1.c
+++ b/drivers/vfio/vfio_iommu_type1.c
@@ -520,6 +520,9 @@ static int vfio_unpin_page_external(struct vfio_dma *dma, dma_addr_t iova,
 	return unlocked;
 }
 
+/*
+ * struct vfio_iommu_driver_ops vfio_iommu_driver_ops_type1.pin_pages = vfio_iommu_type1_pin_pages()
+ */
 static int vfio_iommu_type1_pin_pages(void *iommu_data,
 				      unsigned long *user_pfn,
 				      int npage, int prot,
@@ -606,6 +609,9 @@ static int vfio_iommu_type1_pin_pages(void *iommu_data,
 	return ret;
 }
 
+/*
+ * struct vfio_iommu_driver_ops vfio_iommu_driver_ops_type1.unpin_pages = vfio_iommu_type1_unpin_pages()
+ */
 static int vfio_iommu_type1_unpin_pages(void *iommu_data,
 					unsigned long *user_pfn,
 					int npage)
@@ -964,6 +970,10 @@ static int vfio_dma_do_unmap(struct vfio_iommu *iommu,
 	return ret;
 }
 
+/*
+ * called by:
+ *   - drivers/vfio/vfio_iommu_type1.c|1018| <<vfio_pin_map_dma>> ret = vfio_iommu_map(iommu, iova + dma->size, pfn, npage,
+ */
 static int vfio_iommu_map(struct vfio_iommu *iommu, dma_addr_t iova,
 			  unsigned long pfn, long npage, int prot)
 {
@@ -1418,6 +1428,13 @@ static int vfio_mdev_iommu_device(struct device *dev, void *data)
  * or with any existing dma mappings. The list is also modified to
  * exclude any reserved regions associated with the device group.
  */
+/*
+ * called by:
+ *   - drivers/vfio/vfio_iommu_type1.c|1482| <<vfio_iommu_aper_resize>> return vfio_iommu_iova_insert(iova, start, end);
+ *   - drivers/vfio/vfio_iommu_type1.c|1566| <<vfio_iommu_resv_exclude>> ret = vfio_iommu_iova_insert(&n->list, n->start,
+ *   - drivers/vfio/vfio_iommu_type1.c|1569| <<vfio_iommu_resv_exclude>> ret = vfio_iommu_iova_insert(&n->list, end + 1,
+ *   - drivers/vfio/vfio_iommu_type1.c|1613| <<vfio_iommu_iova_get_copy>> ret = vfio_iommu_iova_insert(iova_copy, n->start, n->end);
+ */
 static int vfio_iommu_iova_insert(struct list_head *head,
 				  dma_addr_t start, dma_addr_t end)
 {
@@ -1631,6 +1648,13 @@ static void vfio_iommu_iova_insert_copy(struct vfio_iommu *iommu,
 
 	list_splice_tail(iova_copy, iova);
 }
+/*
+ * called by:
+ *   - drivers/vfio/vfio.c|1085| <<__vfio_container_attach_groups>> ret = driver->ops->attach_group(data, group->iommu_group);
+ *   - drivers/vfio/vfio.c|1406| <<vfio_group_set_container>> ret = driver->ops->attach_group(container->iommu_data,
+ *
+ * struct vfio_iommu_driver_ops vfio_iommu_driver_ops_type1.attach_group = vfio_iommu_type1_attach_group()
+ */
 static int vfio_iommu_type1_attach_group(void *iommu_data,
 					 struct iommu_group *iommu_group)
 {
@@ -1961,6 +1985,9 @@ static int vfio_iommu_resv_refresh(struct vfio_iommu *iommu,
 	return ret;
 }
 
+/*
+ * struct vfio_iommu_driver_ops vfio_iommu_driver_ops_type1.detach_group = vfio_iommu_type1_detach_group()
+ */
 static void vfio_iommu_type1_detach_group(void *iommu_data,
 					  struct iommu_group *iommu_group)
 {
@@ -2036,6 +2063,9 @@ static void vfio_iommu_type1_detach_group(void *iommu_data,
 	mutex_unlock(&iommu->lock);
 }
 
+/*
+ * struct vfio_iommu_driver_ops vfio_iommu_driver_ops_type1.open = vfio_iommu_type1_open()
+ */
 static void *vfio_iommu_type1_open(unsigned long arg)
 {
 	struct vfio_iommu *iommu;
@@ -2084,6 +2114,9 @@ static void vfio_release_domain(struct vfio_domain *domain, bool external)
 		iommu_domain_free(domain->domain);
 }
 
+/*
+ * struct vfio_iommu_driver_ops vfio_iommu_driver_ops_type1.release = vfio_iommu_type1_release()
+ */
 static void vfio_iommu_type1_release(void *iommu_data)
 {
 	struct vfio_iommu *iommu = iommu_data;
@@ -2193,6 +2226,9 @@ static int vfio_iommu_iova_build_caps(struct vfio_iommu *iommu,
 	return ret;
 }
 
+/*
+ * struct vfio_iommu_driver_ops vfio_iommu_driver_ops_type1.ioctl = vfio_iommu_type1_ioctl()
+ */
 static long vfio_iommu_type1_ioctl(void *iommu_data,
 				   unsigned int cmd, unsigned long arg)
 {
@@ -2302,6 +2338,9 @@ static long vfio_iommu_type1_ioctl(void *iommu_data,
 	return -ENOTTY;
 }
 
+/*
+ * struct vfio_iommu_driver_ops vfio_iommu_driver_ops_type1.register_notifier = vfio_iommu_type1_register_notifier()
+ */
 static int vfio_iommu_type1_register_notifier(void *iommu_data,
 					      unsigned long *events,
 					      struct notifier_block *nb)
@@ -2318,6 +2357,9 @@ static int vfio_iommu_type1_register_notifier(void *iommu_data,
 	return blocking_notifier_chain_register(&iommu->notifier, nb);
 }
 
+/*
+ * struct vfio_iommu_driver_ops vfio_iommu_driver_ops_type1.unregister_notifier = vfio_iommu_type1_unregister_notifier()
+ */
 static int vfio_iommu_type1_unregister_notifier(void *iommu_data,
 						struct notifier_block *nb)
 {
@@ -2342,6 +2384,12 @@ static const struct vfio_iommu_driver_ops vfio_iommu_driver_ops_type1 = {
 
 static int __init vfio_iommu_type1_init(void)
 {
+	/*
+	 * called by:
+	 *   - drivers/vfio/vfio.c|2203| <<vfio_init>> vfio_register_iommu_driver(&vfio_noiommu_ops);
+	 *   - drivers/vfio/vfio_iommu_spapr_tce.c|1374| <<tce_iommu_init>> return vfio_register_iommu_driver(&tce_iommu_driver_ops);
+	 *   - drivers/vfio/vfio_iommu_type1.c|2345| <<vfio_iommu_type1_init>> return vfio_register_iommu_driver(&vfio_iommu_driver_ops_type1);
+	 */
 	return vfio_register_iommu_driver(&vfio_iommu_driver_ops_type1);
 }
 
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 538c25e778c0..667f26b67bf9 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -219,6 +219,8 @@ int kvm_async_pf_wakeup_all(struct kvm_vcpu *vcpu);
 
 enum {
 	OUTSIDE_GUEST_MODE,
+	/*
+	 */
 	IN_GUEST_MODE,
 	EXITING_GUEST_MODE,
 	READING_SHADOW_PAGE_TABLES,
@@ -1221,8 +1223,14 @@ static inline void kvm_make_request(int req, struct kvm_vcpu *vcpu)
 	set_bit(req & KVM_REQUEST_MASK, (void *)&vcpu->requests);
 }
 
+/*
+ * x86下调用的例子:
+ *   - arch/x86/kvm/x86.c|8003| <<vcpu_enter_guest>> if (kvm_request_pending(vcpu)) {
+ *   - arch/x86/kvm/x86.c|8182| <<vcpu_enter_guest>> if (vcpu->mode == EXITING_GUEST_MODE || kvm_request_pending(vcpu)
+ */
 static inline bool kvm_request_pending(struct kvm_vcpu *vcpu)
 {
+	/* u64 requests */
 	return READ_ONCE(vcpu->requests);
 }
 
diff --git a/include/linux/kvm_para.h b/include/linux/kvm_para.h
index f23b90b02898..df64a3ca69a0 100644
--- a/include/linux/kvm_para.h
+++ b/include/linux/kvm_para.h
@@ -10,6 +10,28 @@ static inline bool kvm_para_has_feature(unsigned int feature)
 	return !!(kvm_arch_para_features() & (1UL << feature));
 }
 
+/*
+ * commit a4429e53c9b3082b05e51224c3d58dbdd39306c5
+ * Author: Wanpeng Li <wanpengli@tencent.com>
+ * Date:   Tue Feb 13 09:05:40 2018 +0800
+ *
+ * KVM: Introduce paravirtualization hints and KVM_HINTS_DEDICATED
+ *
+ * This patch introduces kvm_para_has_hint() to query for hints about
+ * the configuration of the guests.  The first hint KVM_HINTS_DEDICATED,
+ * is set if the guest has dedicated physical CPUs for each vCPU (i.e.
+ * pinning and no over-commitment).  This allows optimizing spinlocks
+ * and tells the guest to avoid PV TLB flush.
+ *
+ * Cc: Paolo Bonzini <pbonzini@redhat.com>
+ * Cc: Radim Krčmář <rkrcmar@redhat.com>
+ * Cc: Eduardo Habkost <ehabkost@redhat.com>
+ * Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
+ * Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+ * Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
+ *
+ * 名字改成了KVM_HINTS_REALTIME
+ */
 static inline bool kvm_para_has_hint(unsigned int feature)
 {
 	return !!(kvm_arch_para_hints() & (1UL << feature));
diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
index f0a16b4adbbd..b8854286d3b2 100644
--- a/include/uapi/linux/kvm.h
+++ b/include/uapi/linux/kvm.h
@@ -224,6 +224,18 @@ struct kvm_hyperv_exit {
 #define KVM_EXIT_S390_RESET       14
 #define KVM_EXIT_DCR              15 /* deprecated */
 #define KVM_EXIT_NMI              16
+/*
+ * x86在以下使用KVM_EXIT_INTERNAL_ERROR:
+ *   - arch/x86/kvm/svm.c|5000| <<handle_exit>> vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
+ *   - arch/x86/kvm/vmx/nested.c|3081| <<nested_get_vmcs12_pages>> vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
+ *   - arch/x86/kvm/vmx/vmx.c|4638| <<handle_exception_nmi>> vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
+ *   - arch/x86/kvm/vmx/vmx.c|5228| <<handle_invalid_guest_state>> vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
+ *   - arch/x86/kvm/vmx/vmx.c|5878| <<vmx_handle_exit>> vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
+ *   - arch/x86/kvm/vmx/vmx.c|5932| <<vmx_handle_exit>> vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
+ *   - arch/x86/kvm/x86.c|6376| <<handle_emulation_failure>> vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
+ *   - arch/x86/kvm/x86.c|6385| <<handle_emulation_failure>> vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
+ *   - arch/x86/kvm/x86.c|8822| <<kvm_task_switch>> vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
+ */
 #define KVM_EXIT_INTERNAL_ERROR   17
 #define KVM_EXIT_OSI              18
 #define KVM_EXIT_PAPR_HCALL	  19
@@ -239,6 +251,14 @@ struct kvm_hyperv_exit {
 
 /* For KVM_EXIT_INTERNAL_ERROR */
 /* Emulate instruction failed. */
+/*
+ * x86下的使用KVM_INTERNAL_ERROR_EMULATION的地方:
+ *   - arch/x86/kvm/vmx/nested.c|3083| <<nested_get_vmcs12_pages>> KVM_INTERNAL_ERROR_EMULATION;
+ *   - arch/x86/kvm/vmx/vmx.c|5230| <<handle_invalid_guest_state>> KVM_INTERNAL_ERROR_EMULATION;
+ *   - arch/x86/kvm/x86.c|6377| <<handle_emulation_failure>> vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION;
+ *   - arch/x86/kvm/x86.c|6386| <<handle_emulation_failure>> vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION;
+ *   - arch/x86/kvm/x86.c|8823| <<kvm_task_switch>> vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION;
+ */
 #define KVM_INTERNAL_ERROR_EMULATION	1
 /* Encounter unexpected simultaneous exceptions. */
 #define KVM_INTERNAL_ERROR_SIMUL_EX	2
diff --git a/virt/kvm/eventfd.c b/virt/kvm/eventfd.c
index 67b6fc153e9c..1aa6e9099bdc 100644
--- a/virt/kvm/eventfd.c
+++ b/virt/kvm/eventfd.c
@@ -38,6 +38,16 @@ kvm_arch_irqfd_allowed(struct kvm *kvm, struct kvm_irqfd *args)
 	return true;
 }
 
+/*
+ * 在以下使用irqfd->inject:
+ *   - virt/kvm/eventfd.c|136| <<irqfd_shutdown>> flush_work(&irqfd->inject);
+ *   - virt/kvm/eventfd.c|209| <<irqfd_wakeup>> schedule_work(&irqfd->inject);
+ *   - virt/kvm/eventfd.c|308| <<kvm_irqfd_assign>> INIT_WORK(&irqfd->inject, irqfd_inject);
+ *   - virt/kvm/eventfd.c|408| <<kvm_irqfd_assign>> schedule_work(&irqfd->inject);
+ *
+ * 在以下使用irqfd_inject():
+ *   - virt/kvm/eventfd.c|304| <<kvm_irqfd_assign>> INIT_WORK(&irqfd->inject, irqfd_inject);
+ */
 static void
 irqfd_inject(struct work_struct *work)
 {
@@ -181,6 +191,10 @@ int __attribute__((weak)) kvm_arch_set_irq_inatomic(
 /*
  * Called with wqh->lock held and interrupts disabled
  */
+/*
+ * 在以下使用irqfd_wakeup():
+ *   - virt/kvm/eventfd.c|379| <<kvm_irqfd_assign>> init_waitqueue_func_entry(&irqfd->wait, irqfd_wakeup);
+ */
 static int
 irqfd_wakeup(wait_queue_entry_t *wait, unsigned mode, int sync, void *key)
 {
@@ -952,6 +966,10 @@ kvm_assign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
 	return ret;
 }
 
+/*
+ * called by (处理KVM_IOEVENTFD):
+ *   - virt/kvm/kvm_main.c|3364| <<kvm_vm_ioctl>> r = kvm_ioeventfd(kvm, &data);
+ */
 int
 kvm_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args)
 {
diff --git a/virt/kvm/irqchip.c b/virt/kvm/irqchip.c
index 58e4f88b2b9f..2a28cba67930 100644
--- a/virt/kvm/irqchip.c
+++ b/virt/kvm/irqchip.c
@@ -68,6 +68,18 @@ int kvm_send_userspace_msi(struct kvm *kvm, struct kvm_msi *msi)
  *  = 0   Interrupt was coalesced (previous irq is still pending)
  *  > 0   Number of CPUs interrupt was delivered to
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/i8254.c|250| <<pit_do_work>> kvm_set_irq(kvm, pit->irq_source_id, 0, 1, false);
+ *   - arch/x86/kvm/i8254.c|251| <<pit_do_work>> kvm_set_irq(kvm, pit->irq_source_id, 0, 0, false);
+ *   - arch/x86/kvm/x86.c|4756| <<kvm_vm_ioctl_irq_line>> irq_event->status = kvm_set_irq(kvm, KVM_USERSPACE_IRQ_SOURCE_ID,
+ *   - include/trace/events/kvm.h|66| <<__field>> TRACE_EVENT(kvm_set_irq,
+ *   - virt/kvm/eventfd.c|53| <<irqfd_inject>> kvm_set_irq(kvm, KVM_USERSPACE_IRQ_SOURCE_ID, irqfd->gsi, 1,
+ *   - virt/kvm/eventfd.c|55| <<irqfd_inject>> kvm_set_irq(kvm, KVM_USERSPACE_IRQ_SOURCE_ID, irqfd->gsi, 0,
+ *   - virt/kvm/eventfd.c|58| <<irqfd_inject>> kvm_set_irq(kvm, KVM_IRQFD_RESAMPLE_IRQ_SOURCE_ID,
+ *   - virt/kvm/eventfd.c|79| <<irqfd_resampler_ack>> kvm_set_irq(kvm, KVM_IRQFD_RESAMPLE_IRQ_SOURCE_ID,
+ *   - virt/kvm/eventfd.c|104| <<irqfd_resampler_shutdown>> kvm_set_irq(kvm, KVM_IRQFD_RESAMPLE_IRQ_SOURCE_ID,
+ */
 int kvm_set_irq(struct kvm *kvm, int irq_source_id, u32 irq, int level,
 		bool line_status)
 {
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 00268290dcbd..1890c8bab13b 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -322,6 +322,11 @@ void kvm_reload_remote_mmus(struct kvm *kvm)
 	kvm_make_all_cpus_request(kvm, KVM_REQ_MMU_RELOAD);
 }
 
+/*
+ * x86下的调用:
+ *   - arch/x86/kvm/svm.c|2181| <<svm_create_vcpu>> err = kvm_vcpu_init(&svm->vcpu, kvm, id);
+ *   - arch/x86/kvm/vmx/vmx.c|6713| <<vmx_create_vcpu>> err = kvm_vcpu_init(&vmx->vcpu, kvm, id);
+ */
 int kvm_vcpu_init(struct kvm_vcpu *vcpu, struct kvm *kvm, unsigned id)
 {
 	struct page *page;
@@ -2714,6 +2719,10 @@ static void kvm_create_vcpu_debugfs(struct kvm_vcpu *vcpu)
 /*
  * Creates some virtual cpus.  Good luck creating more than one.
  */
+/*
+ * called by:
+ *   - virt/kvm/kvm_main.c|3287| <<kvm_vm_ioctl(KVM_CREATE_VCPU)>> r = kvm_vm_ioctl_create_vcpu(kvm, arg);
+ */
 static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, u32 id)
 {
 	int r;
-- 
2.17.1