linux-v5.19.patch

From b91271ad11a71ced1e7eaaab144070813c3c164f Mon Sep 17 00:00:00 2001
From: Dongli Zhang <dongli.zhang0129@gmail.com>
Date: Sun, 25 Sep 2022 18:27:48 -0700
Subject: [PATCH 1/1] linux v5.19

Signed-off-by: Dongli Zhang <dongli.zhang0129@gmail.com>
---
 arch/x86/events/core.c             |  92 ++++++++++++++++++
 arch/x86/events/intel/core.c       |  64 ++++++++++++
 arch/x86/events/perf_event.h       |  50 ++++++++++
 arch/x86/include/asm/kvm_host.h    |  37 +++++++
 arch/x86/include/asm/perf_event.h  |  23 +++++
 arch/x86/include/asm/spec-ctrl.h   |   4 +
 arch/x86/kernel/cpu/bugs.c         |   5 +
 arch/x86/kernel/kvm.c              |   4 +
 arch/x86/kvm/lapic.c               |   5 +
 arch/x86/kvm/mmu/mmu.c             |  28 ++++++
 arch/x86/kvm/mmu/spte.c            |  14 +++
 arch/x86/kvm/mmu/spte.h            |   7 ++
 arch/x86/kvm/mmu/tdp_iter.c        | 150 ++++++++++++++++++++++++++++-
 arch/x86/kvm/mmu/tdp_iter.h        |  79 +++++++++++++++
 arch/x86/kvm/mmu/tdp_mmu.c         | 109 +++++++++++++++++++++
 arch/x86/kvm/pmu.c                 |  77 +++++++++++++++
 arch/x86/kvm/pmu.h                 |  12 +++
 arch/x86/kvm/svm/svm.c             |  23 +++++
 arch/x86/kvm/vmx/nested.c          |  19 ++++
 arch/x86/kvm/vmx/pmu_intel.c       |   4 +
 arch/x86/kvm/vmx/vmcs12.h          |   9 ++
 arch/x86/kvm/vmx/vmx.c             |  13 +++
 arch/x86/kvm/x86.c                 |  37 +++++++
 drivers/acpi/cppc_acpi.c           |   6 ++
 drivers/net/virtio_net.c           |   4 +
 drivers/virtio/virtio_ring.c       | 114 ++++++++++++++++++++++
 include/linux/kvm_para.h           |  48 +++++++++
 kernel/events/core.c               |  98 +++++++++++++++++++
 tools/perf/arch/x86/util/evlist.c  |   8 ++
 tools/perf/arch/x86/util/topdown.c |   8 ++
 tools/perf/builtin-stat.c          |  39 ++++++++
 tools/perf/util/evlist.c           |   5 +
 tools/perf/util/evsel.c            |   7 ++
 tools/perf/util/parse-events.c     |   9 ++
 tools/perf/util/pmu.c              |   4 +
 virt/kvm/kvm_main.c                |  21 ++++
 36 files changed, 1235 insertions(+), 1 deletion(-)

diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c
index 30788894124f..d64ff2280223 100644
--- a/arch/x86/events/core.c
+++ b/arch/x86/events/core.c
@@ -54,6 +54,19 @@ DEFINE_PER_CPU(struct cpu_hw_events, cpu_hw_events) = {
 
 DEFINE_STATIC_KEY_FALSE(rdpmc_never_available_key);
 DEFINE_STATIC_KEY_FALSE(rdpmc_always_available_key);
+/*
+ * 在以下使用perf_is_hybrid:
+ *   - arch/x86/events/core.c|57| <<global>> DEFINE_STATIC_KEY_FALSE(perf_is_hybrid);
+ *   - arch/x86/events/intel/core.c|6257| <<intel_pmu_init>> static_branch_enable(&perf_is_hybrid);
+ *   - arch/x86/events/perf_event.h|679| <<is_hybrid>> #define is_hybrid() static_branch_unlikely(&perf_is_hybrid)
+ *
+ * 在下面的情况会intel_pmu_init()-->static_branch_enable(&perf_is_hybrid)
+ * case INTEL_FAM6_ALDERLAKE:
+ * case INTEL_FAM6_ALDERLAKE_L:
+ * case INTEL_FAM6_ALDERLAKE_N:
+ * case INTEL_FAM6_RAPTORLAKE:
+ * case INTEL_FAM6_RAPTORLAKE_P:
+ */
 DEFINE_STATIC_KEY_FALSE(perf_is_hybrid);
 
 /*
@@ -470,6 +483,11 @@ void x86_del_exclusive(unsigned int what)
 	atomic_dec(&x86_pmu.lbr_exclusive[what]);
 }
 
+/*
+ * called by:
+ *   - arch/x86/events/core.c|657| <<x86_pmu_hw_config>> return x86_setup_perfctr(event);
+ *   - arch/x86/events/intel/p4.c|850| <<p4_hw_config>> rc = x86_setup_perfctr(event);
+ */
 int x86_setup_perfctr(struct perf_event *event)
 {
 	struct perf_event_attr *attr = &event->attr;
@@ -496,6 +514,9 @@ int x86_setup_perfctr(struct perf_event *event)
 	/*
 	 * The generic map:
 	 */
+	/*
+	 * intel_pmu_event_map()
+	 */
 	config = x86_pmu.event_map(attr->config);
 
 	if (config == 0)
@@ -557,6 +578,15 @@ int x86_pmu_max_precise(void)
 	return precise;
 }
 
+/*
+ * 在以下使用x86_pmu_hw_config():
+ *   - arch/x86/events/intel/knc.c|297| <<global>> .hw_config = x86_pmu_hw_config,
+ *   - arch/x86/events/intel/p6.c|208| <<global>> .hw_config = x86_pmu_hw_config,
+ *   - arch/x86/events/zhaoxin/core.c|466| <<global>> .hw_config = x86_pmu_hw_config,
+ *   - arch/x86/events/amd/core.c|444| <<amd_pmu_hw_config>> ret = x86_pmu_hw_config(event);
+ *   - arch/x86/events/intel/core.c|3778| <<core_pmu_hw_config>> int ret = x86_pmu_hw_config(event);
+ *   - arch/x86/events/intel/core.c|3825| <<intel_pmu_hw_config>> int ret = x86_pmu_hw_config(event);
+ */
 int x86_pmu_hw_config(struct perf_event *event)
 {
 	if (event->attr.precise_ip) {
@@ -647,6 +677,10 @@ int x86_pmu_hw_config(struct perf_event *event)
 /*
  * Setup the hardware configuration for a given attr_type
  */
+/*
+ * called by:
+ *   - arch/x86/events/core.c|2483| <<x86_pmu_event_init>> err = __x86_pmu_event_init(event);
+ */
 static int __x86_pmu_event_init(struct perf_event *event)
 {
 	int err;
@@ -669,6 +703,9 @@ static int __x86_pmu_event_init(struct perf_event *event)
 	event->hw.extra_reg.idx = EXTRA_REG_NONE;
 	event->hw.branch_reg.idx = EXTRA_REG_NONE;
 
+	/*
+	 * intel_pmu_hw_config()
+	 */
 	return x86_pmu.hw_config(event);
 }
 
@@ -1434,6 +1471,11 @@ int x86_perf_event_set_period(struct perf_event *event)
 	return ret;
 }
 
+/*
+ * called by:
+ *   - arch/x86/events/amd/core.c|768| <<amd_pmu_enable_event>> x86_pmu_enable_event(event);
+ *   - arch/x86/events/intel/core.c|3997| <<core_pmu_enable_event>> x86_pmu_enable_event(event);
+ */
 void x86_pmu_enable_event(struct perf_event *event)
 {
 	if (__this_cpu_read(cpu_hw_events.enabled))
@@ -1529,6 +1571,12 @@ static void x86_pmu_start(struct perf_event *event, int flags)
 	perf_event_update_userpage(event);
 }
 
+/*
+ * called by:
+ *   - arch/x86/events/intel/core.c|3036| <<intel_pmu_handle_irq>> perf_event_print_debug();
+ *   - arch/x86/events/intel/knc.c|236| <<knc_pmu_handle_irq>> perf_event_print_debug();
+ *   - drivers/tty/sysrq.c|294| <<sysrq_handle_showregs>> perf_event_print_debug();
+ */
 void perf_event_print_debug(void)
 {
 	u64 ctrl, status, overflow, pmc_ctrl, pmc_count, prev_left, fixed;
@@ -1762,6 +1810,40 @@ perf_event_nmi_handler(unsigned int cmd, struct pt_regs *regs)
 }
 NOKPROBE_SYMBOL(perf_event_nmi_handler);
 
+/*
+ * 5.4的例子.
+ * crash> unconstrained
+ * unconstrained = $1 = {
+ *   {
+ *     idxmsk = {255},
+ *     idxmsk64 = 255
+ *   },
+ *   code = 0,
+ *   cmask = 0,
+ *   weight = 8,
+ *   overlap = 0,
+ *   flags = 0,
+ *   size = 0
+ * }
+ * crash> emptyconstraint
+ * emptyconstraint = $2 = {
+ *   {
+ *     idxmsk = {0},
+ *     idxmsk64 = 0
+ *   },
+ *   code = 0,
+ *   cmask = 0,
+ *   weight = 0,
+ *   overlap = 0,
+ *   flags = 0,
+ *   size = 0
+ * }
+ *
+ * 在以下设置unconstrained:
+ *   - arch/x86/events/core.c|2159| <<init_hw_perf_events>> unconstrained = (struct event_constraint)
+ *   - arch/x86/events/intel/core.c|6331| <<intel_pmu_init>> pmu->unconstrained = (struct event_constraint)
+ *   - arch/x86/events/intel/core.c|6352| <<intel_pmu_init>> pmu->unconstrained = (struct event_constraint)
+ */
 struct event_constraint emptyconstraint;
 struct event_constraint unconstrained;
 
@@ -2367,6 +2449,10 @@ static struct cpu_hw_events *allocate_fake_cpuc(struct pmu *event_pmu)
 /*
  * validate that we can schedule this event
  */
+/*
+ * called by:
+ *   - arch/x86/events/core.c|2488| <<x86_pmu_event_init>> err = validate_event(event);
+ */
 static int validate_event(struct perf_event *event)
 {
 	struct cpu_hw_events *fake_cpuc;
@@ -2377,6 +2463,9 @@ static int validate_event(struct perf_event *event)
 	if (IS_ERR(fake_cpuc))
 		return PTR_ERR(fake_cpuc);
 
+	/*
+	 * hsw_get_event_constraints()
+	 */
 	c = x86_pmu.get_event_constraints(fake_cpuc, 0, event);
 
 	if (!c || !c->weight)
@@ -2453,6 +2542,9 @@ static int validate_group(struct perf_event *event)
 	return ret;
 }
 
+/*
+ * struct pmu pmu.event_init = x86_pmu_event_init()
+ */
 static int x86_pmu_event_init(struct perf_event *event)
 {
 	struct x86_hybrid_pmu *pmu = NULL;
diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c
index 45024abd929f..f5a35f0e6dc6 100644
--- a/arch/x86/events/intel/core.c
+++ b/arch/x86/events/intel/core.c
@@ -39,6 +39,10 @@ static u64 intel_perfmon_event_map[PERF_COUNT_HW_MAX] __read_mostly =
 	[PERF_COUNT_HW_REF_CPU_CYCLES]		= 0x0300, /* pseudo-encoding */
 };
 
+/*
+ * 是用在"core"的.
+ * struct x86_pmu core_pmu.event_constraints = intel_core_event_constraints
+ */
 static struct event_constraint intel_core_event_constraints[] __read_mostly =
 {
 	INTEL_EVENT_CONSTRAINT(0x11, 0x2), /* FP_ASSIST */
@@ -2404,6 +2408,10 @@ static inline void intel_clear_masks(struct perf_event *event, int idx)
 	__clear_bit(idx, (unsigned long *)&cpuc->intel_cp_status);
 }
 
+/*
+ * called by:
+ *   - arch/x86/events/intel/core.c|2449| <<intel_pmu_disable_event>> intel_pmu_disable_fixed(event);
+ */
 static void intel_pmu_disable_fixed(struct perf_event *event)
 {
 	struct hw_perf_event *hwc = &event->hw;
@@ -2748,8 +2756,33 @@ static void intel_pmu_enable_fixed(struct perf_event *event)
 	wrmsrl(hwc->config_base, ctrl_val);
 }
 
+/*
+ * 4.14的例子
+ * intel_pmu_enable_event
+ * x86_pmu_enable
+ * perf_pmu_enable
+ * ctx_resched
+ * __perf_event_enable
+ * event_function
+ * remote_function
+ * flush_smp_call_function_queue
+ * generic_smp_call_function_single_interrupt
+ * smp_call_function_single_interrupt
+ * call_function_single_interrupt
+ * cpuidle_enter_state
+ * cpuidle_enter
+ * call_cpuidle
+ * do_idle
+ * cpu_startup_entry
+ * start_secondary
+ * secondary_startup_64
+ */
 static void intel_pmu_enable_event(struct perf_event *event)
 {
+	/*
+	 * struct perf_event *event:
+	 * -> struct hw_perf_event hw;
+	 */
 	struct hw_perf_event *hwc = &event->hw;
 	int idx = hwc->idx;
 
@@ -3245,11 +3278,19 @@ struct event_constraint *
 x86_get_event_constraints(struct cpu_hw_events *cpuc, int idx,
 			  struct perf_event *event)
 {
+	/*
+	 * 不是hybrid的话返回x86_pmu.event_constraints
+	 */
 	struct event_constraint *event_constraints = hybrid(cpuc->pmu, event_constraints);
 	struct event_constraint *c;
 
 	if (event_constraints) {
 		for_each_event_constraint(c, event_constraints) {
+			/*
+			 * struct perf_event *event:
+			 * -> struct hw_perf_event hw;
+			 *    -> (union) u64 config;
+			 */
 			if (constraint_match(c, event->hw.config)) {
 				event->hw.flags |= c->flags;
 				return c;
@@ -5502,6 +5543,11 @@ static void intel_pmu_check_num_counters(int *num_counters,
 	*intel_ctrl |= fixed_mask << INTEL_PMC_IDX_FIXED;
 }
 
+/*
+ * called by:
+ *   - arch/x86/events/intel/core.c|5630| <<intel_pmu_check_hybrid_pmus>> intel_pmu_check_event_constraints(pmu->event_constraints,
+ *   - arch/x86/events/intel/core.c|6432| <<intel_pmu_init>> intel_pmu_check_event_constraints(x86_pmu.event_constraints,
+ */
 static void intel_pmu_check_event_constraints(struct event_constraint *event_constraints,
 					      int num_counters,
 					      int num_counters_fixed,
@@ -5526,6 +5572,9 @@ static void intel_pmu_check_event_constraints(struct event_constraint *event_con
 			 * Disable topdown slots and metrics events,
 			 * if slots event is not in CPUID.
 			 */
+			/*
+			 * 1 << 35
+			 */
 			if (!(INTEL_PMC_MSK_FIXED_SLOTS & intel_ctrl))
 				c->idxmsk64 = 0;
 			c->weight = hweight64(c->idxmsk64);
@@ -5569,6 +5618,10 @@ static void intel_pmu_check_extra_regs(struct extra_reg *extra_regs)
 	}
 }
 
+/*
+ * called by:
+ *   - arch/x86/events/intel/core.c|6480| <<intel_pmu_init>> intel_pmu_check_hybrid_pmus((u64)fixed_mask);
+ */
 static void intel_pmu_check_hybrid_pmus(u64 fixed_mask)
 {
 	struct x86_hybrid_pmu *pmu;
@@ -5631,6 +5684,13 @@ __init int intel_pmu_init(void)
 	 * Check whether the Architectural PerfMon supports
 	 * Branch Misses Retired hw_event or not.
 	 */
+	/*
+	 * 一个例子
+	 * # cpuid -l 0xa -1 -r
+	 * Disclaimer: cpuid may not support decoding of all cpuid registers.
+	 * CPU:
+	 *    0x0000000a 0x00: eax=0x08300802 ebx=0x00000000 ecx=0x00000000 edx=0x00000603
+	 */
 	cpuid(10, &eax.full, &ebx.full, &fixed_mask, &edx.full);
 	if (eax.split.mask_length < ARCH_PERFMON_EVENTS_COUNT)
 		return -ENODEV;
@@ -5661,6 +5721,10 @@ __init int intel_pmu_init(void)
 		x86_pmu.num_counters_fixed =
 			max((int)edx.split.num_counters_fixed, assume);
 
+		/*
+		 * 1 << 3 是 1000
+		 * (1 << 3) - 1 是 111
+		 */
 		fixed_mask = (1L << x86_pmu.num_counters_fixed) - 1;
 	} else if (version >= 5)
 		x86_pmu.num_counters_fixed = fls(fixed_mask);
diff --git a/arch/x86/events/perf_event.h b/arch/x86/events/perf_event.h
index 21a5482bcf84..d298fd698d2c 100644
--- a/arch/x86/events/perf_event.h
+++ b/arch/x86/events/perf_event.h
@@ -246,6 +246,9 @@ struct cpu_hw_events {
 	u64			tags[X86_PMC_IDX_MAX];
 
 	struct perf_event	*event_list[X86_PMC_IDX_MAX]; /* in enabled order */
+	/*
+	 * #define X86_PMC_IDX_MAX 64
+	 */
 	struct event_constraint	*event_constraint[X86_PMC_IDX_MAX];
 
 	int			n_excl; /* the number of exclusive events */
@@ -672,6 +675,19 @@ static __always_inline struct x86_hybrid_pmu *hybrid_pmu(struct pmu *pmu)
 	return container_of(pmu, struct x86_hybrid_pmu, pmu);
 }
 
+/*
+ * 在以下使用perf_is_hybrid:
+ *   - arch/x86/events/core.c|57| <<global>> DEFINE_STATIC_KEY_FALSE(perf_is_hybrid);
+ *   - arch/x86/events/intel/core.c|6257| <<intel_pmu_init>> static_branch_enable(&perf_is_hybrid);
+ *   - arch/x86/events/perf_event.h|679| <<is_hybrid>> #define is_hybrid() static_branch_unlikely(&perf_is_hybrid)
+ *
+ * 在下面的情况会intel_pmu_init()-->static_branch_enable(&perf_is_hybrid)
+ * case INTEL_FAM6_ALDERLAKE:
+ * case INTEL_FAM6_ALDERLAKE_L:
+ * case INTEL_FAM6_ALDERLAKE_N:
+ * case INTEL_FAM6_RAPTORLAKE:
+ * case INTEL_FAM6_RAPTORLAKE_P:
+ */
 extern struct static_key_false perf_is_hybrid;
 #define is_hybrid()		static_branch_unlikely(&perf_is_hybrid)
 
@@ -1070,6 +1086,23 @@ extern u64 __read_mostly hw_cache_extra_regs
 
 u64 x86_perf_event_update(struct perf_event *event);
 
+/*
+ * called by:
+ *   - arch/x86/events/core.c|214| <<reserve_pmc_hardware>> if (!reserve_evntsel_nmi(x86_pmu_config_addr(i)))
+ *   - arch/x86/events/core.c|222| <<reserve_pmc_hardware>> release_evntsel_nmi(x86_pmu_config_addr(i));
+ *   - arch/x86/events/core.c|239| <<release_pmc_hardware>> release_evntsel_nmi(x86_pmu_config_addr(i));
+ *   - arch/x86/events/core.c|262| <<check_hw_exists>> reg = x86_pmu_config_addr(i);
+ *   - arch/x86/events/core.c|686| <<x86_pmu_disable_all>> rdmsrl(x86_pmu_config_addr(idx), val);
+ *   - arch/x86/events/core.c|690| <<x86_pmu_disable_all>> wrmsrl(x86_pmu_config_addr(idx), val);
+ *   - arch/x86/events/core.c|692| <<x86_pmu_disable_all>> wrmsrl(x86_pmu_config_addr(idx + 1), 0);
+ *   - arch/x86/events/core.c|1242| <<x86_assign_hw_event>> hwc->config_base = x86_pmu_config_addr(hwc->idx);
+ *   - arch/x86/events/core.c|1572| <<perf_event_print_debug>> rdmsrl(x86_pmu_config_addr(idx), pmc_ctrl);
+ *   - arch/x86/events/intel/core.c|2828| <<intel_pmu_reset>> wrmsrl_safe(x86_pmu_config_addr(idx), 0ull);
+ *   - arch/x86/events/intel/core.c|3975| <<core_guest_get_msrs>> arr[idx].msr = x86_pmu_config_addr(idx);
+ *   - arch/x86/events/intel/p4.c|1382| <<p4_pmu_init>> reg = x86_pmu_config_addr(i);
+ *   - arch/x86/events/perf_event.h|1134| <<__x86_pmu_enable_event>> wrmsrl(x86_pmu_config_addr(hwc->idx + 1), x86_pmu.perf_ctr_pair_en);
+ *   - arch/x86/events/perf_event.h|1155| <<x86_pmu_disable_event>> wrmsrl(x86_pmu_config_addr(hwc->idx + 1), 0);
+ */
 static inline unsigned int x86_pmu_config_addr(int index)
 {
 	return x86_pmu.eventsel + (x86_pmu.addr_offset ?
@@ -1118,6 +1151,16 @@ static inline bool is_counter_pair(struct hw_perf_event *hwc)
 	return hwc->flags & PERF_X86_EVENT_PAIR;
 }
 
+/*
+ * called by:
+ *   - arch/x86/events/amd/core.c|799| <<amd_pmu_v2_enable_event>> __x86_pmu_enable_event(hwc, ARCH_PERFMON_EVENTSEL_ENABLE);
+ *   - arch/x86/events/core.c|743| <<x86_pmu_enable_all>> __x86_pmu_enable_event(hwc, ARCH_PERFMON_EVENTSEL_ENABLE);
+ *   - arch/x86/events/core.c|1440| <<x86_pmu_enable_event>> __x86_pmu_enable_event(&event->hw,
+ *   - arch/x86/events/intel/core.c|2320| <<intel_pmu_nhm_workaround>> __x86_pmu_enable_event(&event->hw,
+ *   - arch/x86/events/intel/core.c|2762| <<intel_pmu_enable_event>> __x86_pmu_enable_event(hwc, ARCH_PERFMON_EVENTSEL_ENABLE);
+ *   - arch/x86/events/intel/core.c|4012| <<core_pmu_enable_all>> __x86_pmu_enable_event(hwc, ARCH_PERFMON_EVENTSEL_ENABLE);
+ *   - arch/x86/events/zhaoxin/core.c|347| <<zhaoxin_pmu_enable_event>> __x86_pmu_enable_event(hwc, ARCH_PERFMON_EVENTSEL_ENABLE);
+ */
 static inline void __x86_pmu_enable_event(struct hw_perf_event *hwc,
 					  u64 enable_mask)
 {
@@ -1144,6 +1187,13 @@ int x86_schedule_events(struct cpu_hw_events *cpuc, int n, int *assign);
 
 void x86_pmu_stop(struct perf_event *event, int flags);
 
+/*
+ * 在以下使用:
+ *   - struct x86_pmu core_pmu.disable = x86_pmu_disable_event()
+ *   - arch/x86/events/amd/core.c|809| <<amd_pmu_disable_event>> x86_pmu_disable_event(event);
+ *   - arch/x86/events/intel/core.c|2441| <<intel_pmu_disable_event>> x86_pmu_disable_event(event);
+ *   - arch/x86/events/zhaoxin/core.c|310| <<zhaoxin_pmu_disable_event>> x86_pmu_disable_event(event);
+ */
 static inline void x86_pmu_disable_event(struct perf_event *event)
 {
 	u64 disable_mask = __this_cpu_read(cpu_hw_events.perf_ctr_virt_mask);
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 9217bd6cf0d1..751ebef8d4bf 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -494,6 +494,18 @@ struct kvm_pmc {
 	 * eventsel value for general purpose counters,
 	 * ctrl value for fixed counters.
 	 */
+	/*
+	 * 在以下使用kvm_pmc->current_config:
+	 *   - arch/x86/kvm/pmu.c|268| <<reprogram_gp_counter>> if (pmc->current_config == eventsel && pmc_resume_counter(pmc)) 
+	 *   - arch/x86/kvm/pmu.c|273| <<reprogram_gp_counter>> pmc->current_config = eventsel; 
+	 *   - arch/x86/kvm/pmu.c|308| <<reprogram_fixed_counter>> if (pmc->current_config == (u64)ctrl && pmc_resume_counter(pmc))
+	 *   - arch/x86/kvm/pmu.c|313| <<reprogram_fixed_counter>> pmc->current_config = (u64)ctrl;
+	 *   - arch/x86/kvm/pmu.c|568| <<cpl_is_matched>> u64 config = pmc->current_config;
+	 *   - arch/x86/kvm/pmu.h|74| <<pmc_release_perf_event>> pmc->current_config = 0;
+	 *   - arch/x86/kvm/svm/pmu.c|328| <<amd_pmu_init>> pmu->gp_counters[i].current_config = 0;
+	 *   - arch/x86/kvm/vmx/pmu_intel.c|570| <<intel_pmu_init>> pmu->gp_counters[i].current_config = 0;
+	 *   - arch/x86/kvm/vmx/pmu_intel.c|577| <<intel_pmu_init>> pmu->fixed_counters[i].current_config = 0;
+	 */
 	u64 current_config;
 	bool is_paused;
 	bool intr;
@@ -507,6 +519,20 @@ struct kvm_pmu {
 	u64 fixed_ctr_ctrl;
 	u64 global_ctrl;
 	u64 global_status;
+	/*
+	 * 在以下使用kvm_pmu->counter_bitmask[2]:
+	 *   - arch/x86/kvm/pmu.h|48| <<pmc_bitmask>> return pmu->counter_bitmask[pmc->type];
+	 *   - arch/x86/kvm/svm/pmu.c|306| <<amd_pmu_refresh>> pmu->counter_bitmask[KVM_PMC_GP] = ((u64)1 << 48) - 1;
+	 *   - arch/x86/kvm/svm/pmu.c|311| <<amd_pmu_refresh>> pmu->counter_bitmask[KVM_PMC_FIXED] = 0;
+	 *   - arch/x86/kvm/vmx/pmu_intel.c|149| <<intel_rdpmc_ecx_to_pmc>> *mask &= pmu->counter_bitmask[fixed ? KVM_PMC_FIXED : KVM_PMC_GP];
+	 *   - arch/x86/kvm/vmx/pmu_intel.c|373| <<intel_pmu_get_msr>> val & pmu->counter_bitmask[KVM_PMC_GP];
+	 *   - arch/x86/kvm/vmx/pmu_intel.c|378| <<intel_pmu_get_msr>> val & pmu->counter_bitmask[KVM_PMC_FIXED];
+	 *   - arch/x86/kvm/vmx/pmu_intel.c|432| <<intel_pmu_set_msr>> (data & ~pmu->counter_bitmask[KVM_PMC_GP]))
+	 *   - arch/x86/kvm/vmx/pmu_intel.c|489| <<intel_pmu_refresh>> pmu->counter_bitmask[KVM_PMC_GP] = 0;
+	 *   - arch/x86/kvm/vmx/pmu_intel.c|490| <<intel_pmu_refresh>> pmu->counter_bitmask[KVM_PMC_FIXED] = 0;
+	 *   - arch/x86/kvm/vmx/pmu_intel.c|510| <<intel_pmu_refresh>> pmu->counter_bitmask[KVM_PMC_GP] = ((u64)1 << eax.split.bit_width) - 1;
+	 *   - arch/x86/kvm/vmx/pmu_intel.c|524| <<intel_pmu_refresh>> pmu->counter_bitmask[KVM_PMC_FIXED] = ((u64)1 << edx.split.bit_width_fixed) - 1;
+	 */
 	u64 counter_bitmask[2];
 	u64 global_ctrl_mask;
 	u64 global_ovf_ctrl_mask;
@@ -1271,6 +1297,17 @@ struct kvm_arch {
 	 * count to zero should removed the root from the list and clean
 	 * it up, freeing the root after an RCU grace period.
 	 */
+	/*
+	 * 在以下使用kvm_arch->tdp_mmu_roots:
+	 *   - arch/x86/kvm/mmu/tdp_mmu.c|30| <<kvm_mmu_init_tdp_mmu>> INIT_LIST_HEAD(&kvm->arch.tdp_mmu_roots);
+	 *   - arch/x86/kvm/mmu/tdp_mmu.c|58| <<kvm_mmu_uninit_tdp_mmu>> WARN_ON(!list_empty(&kvm->arch.tdp_mmu_roots));
+	 *   - arch/x86/kvm/mmu/tdp_mmu.c|213| <<tdp_mmu_next_root>> next_root = list_next_or_null_rcu(&kvm->arch.tdp_mmu_roots,
+	 *   - arch/x86/kvm/mmu/tdp_mmu.c|217| <<tdp_mmu_next_root>> next_root = list_first_or_null_rcu(&kvm->arch.tdp_mmu_roots,
+	 *   - arch/x86/kvm/mmu/tdp_mmu.c|225| <<tdp_mmu_next_root>> next_root = list_next_or_null_rcu(&kvm->arch.tdp_mmu_roots,
+	 *   - arch/x86/kvm/mmu/tdp_mmu.c|269| <<for_each_tdp_mmu_root>> list_for_each_entry(_root, &_kvm->arch.tdp_mmu_roots, link) \
+	 *   - arch/x86/kvm/mmu/tdp_mmu.c|335| <<kvm_tdp_mmu_get_vcpu_root_hpa>> list_add_rcu(&root->link, &kvm->arch.tdp_mmu_roots);
+	 *   - arch/x86/kvm/mmu/tdp_mmu.c|1052| <<kvm_tdp_mmu_invalidate_all_roots>> list_for_each_entry(root, &kvm->arch.tdp_mmu_roots, link) {
+	 */
 	struct list_head tdp_mmu_roots;
 
 	/*
diff --git a/arch/x86/include/asm/perf_event.h b/arch/x86/include/asm/perf_event.h
index 409725e86f42..ce1c5b5af527 100644
--- a/arch/x86/include/asm/perf_event.h
+++ b/arch/x86/include/asm/perf_event.h
@@ -252,7 +252,20 @@ struct x86_pmu_capability {
 
 /* TOPDOWN.SLOTS: event=0x00,umask=0x4 (pseudo-encoding) */
 #define MSR_ARCH_PERFMON_FIXED_CTR3	0x30c
+/*
+ * INTEL_PMC_IDX_FIXED = 32
+ * 32 + 3 = 35
+ */
 #define INTEL_PMC_IDX_FIXED_SLOTS	(INTEL_PMC_IDX_FIXED + 3)
+/*
+ * 在以下使用INTEL_PMC_MSK_FIXED_SLOTS:
+ *   - arch/x86/events/intel/core.c|5571| <<intel_pmu_check_event_constraints>> if (!(INTEL_PMC_MSK_FIXED_SLOTS & intel_ctrl))
+ *   - arch/x86/events/intel/core.c|5633| <<intel_pmu_check_hybrid_pmus>> pmu->intel_ctrl |= INTEL_PMC_MSK_FIXED_SLOTS;
+ *   - arch/x86/include/asm/perf_event.h|294| <<INTEL_PMC_MSK_TOPDOWN>> #define INTEL_PMC_MSK_TOPDOWN ((0xffull << INTEL_PMC_IDX_METRIC_BASE) | INTEL_PMC_MSK_FIXED_SLOTS)
+ */
+/*
+ * 1 << 35
+ */
 #define INTEL_PMC_MSK_FIXED_SLOTS	(1ULL << INTEL_PMC_IDX_FIXED_SLOTS)
 
 static inline bool use_fixed_pseudo_encoding(u64 code)
@@ -275,6 +288,9 @@ static inline bool use_fixed_pseudo_encoding(u64 code)
  *
  * Internally the TopDown metric events are mapped to the FxCtr 3 (SLOTS).
  */
+/*
+ * 32 + 16 = 48
+ */
 #define INTEL_PMC_IDX_METRIC_BASE		(INTEL_PMC_IDX_FIXED + 16)
 #define INTEL_PMC_IDX_TD_RETIRING		(INTEL_PMC_IDX_METRIC_BASE + 0)
 #define INTEL_PMC_IDX_TD_BAD_SPEC		(INTEL_PMC_IDX_METRIC_BASE + 1)
@@ -285,6 +301,13 @@ static inline bool use_fixed_pseudo_encoding(u64 code)
 #define INTEL_PMC_IDX_TD_FETCH_LAT		(INTEL_PMC_IDX_METRIC_BASE + 6)
 #define INTEL_PMC_IDX_TD_MEM_BOUND		(INTEL_PMC_IDX_METRIC_BASE + 7)
 #define INTEL_PMC_IDX_METRIC_END		INTEL_PMC_IDX_TD_MEM_BOUND
+/*
+ * 在以下使用INTEL_PMC_MSK_TOPDOWN:
+ *   - arch/x86/events/intel/core.c|5566| <<intel_pmu_check_event_constraints>> if (c->idxmsk64 & INTEL_PMC_MSK_TOPDOWN) {
+ *   - arch/x86/include/asm/perf_event.h|326| <<INTEL_PMC_OTHER_TOPDOWN_BITS>> (~(0x1ull << bit) & INTEL_PMC_MSK_TOPDOWN)
+ *
+ * (0xff << 48) | (1 << 35) = 0xff000000000000 | 0x800000000 = 0xff000800000000
+ */
 #define INTEL_PMC_MSK_TOPDOWN			((0xffull << INTEL_PMC_IDX_METRIC_BASE) | \
 						INTEL_PMC_MSK_FIXED_SLOTS)
 
diff --git a/arch/x86/include/asm/spec-ctrl.h b/arch/x86/include/asm/spec-ctrl.h
index 5393babc0598..afca3741b702 100644
--- a/arch/x86/include/asm/spec-ctrl.h
+++ b/arch/x86/include/asm/spec-ctrl.h
@@ -23,6 +23,10 @@ extern void x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bo
  *
  * Avoids writing to the MSR if the content/bits are the same
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/svm/svm.c|3854| <<svm_vcpu_run>> x86_spec_ctrl_set_guest(svm->spec_ctrl, svm->virt_spec_ctrl);
+ */
 static inline
 void x86_spec_ctrl_set_guest(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl)
 {
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 6761668100b9..f9f0fb5a1ca4 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -199,6 +199,11 @@ void __init check_bugs(void)
  * NOTE: This function is *only* called for SVM.  VMX spec_ctrl handling is
  * done in vmenter.S.
  */
+/*
+ * called by:
+ *   - arch/x86/include/asm/spec-ctrl.h|29| <<x86_spec_ctrl_set_guest>> x86_virt_spec_ctrl(guest_spec_ctrl, guest_virt_spec_ctrl, true);
+ *   - arch/x86/include/asm/spec-ctrl.h|43| <<x86_spec_ctrl_restore_host>> x86_virt_spec_ctrl(guest_spec_ctrl, guest_virt_spec_ctrl, false);
+ */
 void
 x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest)
 {
diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c
index 1a3658f7e6d9..4e8c068b7924 100644
--- a/arch/x86/kernel/kvm.c
+++ b/arch/x86/kernel/kvm.c
@@ -645,6 +645,10 @@ static void kvm_smp_send_call_func_ipi(const struct cpumask *mask)
 	}
 }
 
+/*
+ * 在以下使用kvm_flush_tlb_multi():
+ *   - arch/x86/kernel/kvm.c|844| <<kvm_guest_init>> pv_ops.mmu.flush_tlb_multi = kvm_flush_tlb_multi;
+ */
 static void kvm_flush_tlb_multi(const struct cpumask *cpumask,
 			const struct flush_tlb_info *info)
 {
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 0e68b4c937fc..fcd75018d0a3 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -1095,6 +1095,11 @@ bool kvm_intr_is_single_vcpu_fast(struct kvm *kvm, struct kvm_lapic_irq *irq,
  * Add a pending IRQ into lapic.
  * Return 1 if successfully added and 0 if discarded.
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/lapic.c|634| <<kvm_apic_set_irq>> return __apic_accept_irq(apic, irq->delivery_mode, irq->vector, irq->level, irq->trig_mode, dest_map);
+ *   - arch/x86/kvm/lapic.c|2481| <<kvm_apic_local_deliver>> return __apic_accept_irq(apic, mode, vector, 1, trig_mode, NULL);
+ */
 static int __apic_accept_irq(struct kvm_lapic *apic, int delivery_mode,
 			     int vector, int level, int trig_mode,
 			     struct dest_map *dest_map)
diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
index 17252f39bd7c..3df1f157e9e0 100644
--- a/arch/x86/kvm/mmu/mmu.c
+++ b/arch/x86/kvm/mmu/mmu.c
@@ -4050,6 +4050,11 @@ static bool is_page_fault_stale(struct kvm_vcpu *vcpu,
 	       mmu_notifier_retry_hva(vcpu->kvm, mmu_seq, fault->hva);
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/mmu.c|4120| <<nonpaging_page_fault>> return direct_page_fault(vcpu, fault);
+ *   - arch/x86/kvm/mmu/mmu.c|4168| <<kvm_tdp_page_fault>> return direct_page_fault(vcpu, fault);
+ */
 static int direct_page_fault(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault)
 {
 	bool is_tdp_mmu_fault = is_tdp_mmu(vcpu->arch.mmu);
@@ -4153,6 +4158,29 @@ int kvm_handle_page_fault(struct kvm_vcpu *vcpu, u64 error_code,
 }
 EXPORT_SYMBOL_GPL(kvm_handle_page_fault);
 
+/*
+ * 235 struct kvm_page_fault fault = {
+ * 236                 .addr = cr2_or_gpa,
+ * 237                 .error_code = err,
+ * 238                 .exec = err & PFERR_FETCH_MASK,
+ * 239                 .write = err & PFERR_WRITE_MASK,
+ * 240                 .present = err & PFERR_PRESENT_MASK,
+ * 241                 .rsvd = err & PFERR_RSVD_MASK,
+ * 242                 .user = err & PFERR_USER_MASK,
+ * 243                 .prefetch = prefetch,
+ * 244                 .is_tdp = likely(vcpu->arch.mmu->page_fault == kvm_tdp_page_fault),
+ * 245                 .nx_huge_page_workaround_enabled = is_nx_huge_page_enabled(),
+ * 246
+ * 247                 .max_level = KVM_MAX_HUGEPAGE_LEVEL,
+ * 248                 .req_level = PG_LEVEL_4K,
+ * 249                 .goal_level = PG_LEVEL_4K,
+ * 250         };
+ *
+ * 在以下使用kvm_tdp_page_fault():
+ *   - arch/x86/kvm/mmu/mmu.c|4860| <<init_kvm_tdp_mmu>> context->page_fault = kvm_tdp_page_fault;
+ *   - arch/x86/kvm/mmu/mmu_internal.h|244| <<kvm_mmu_do_page_fault>> .is_tdp = likely(vcpu->arch.mmu->page_fault == kvm_tdp_page_fault),
+ *   - arch/x86/kvm/mmu/mmu_internal.h|262| <<kvm_mmu_do_page_fault>> r = kvm_tdp_page_fault(vcpu, &fault);
+ */
 int kvm_tdp_page_fault(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault)
 {
 	while (fault->max_level > PG_LEVEL_4K) {
diff --git a/arch/x86/kvm/mmu/spte.c b/arch/x86/kvm/mmu/spte.c
index b5960bbde7f7..578a6bb50e44 100644
--- a/arch/x86/kvm/mmu/spte.c
+++ b/arch/x86/kvm/mmu/spte.c
@@ -126,6 +126,13 @@ bool make_spte(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp,
 	       bool host_writable, u64 *new_spte)
 {
 	int level = sp->role.level;
+	/*
+	 * A MMU present SPTE is backed by actual memory and may or may not be present
+	 * in hardware.  E.g. MMIO SPTEs are not considered present.  Use bit 11, as it
+	 * is ignored by all flavors of SPTEs and checking a low bit often generates
+	 * better code than for a high bit, e.g. 56+.  MMU present checks are pervasive
+	 * enough that the improved code generation is noticeable in KVM's footprint.
+	 */
 	u64 spte = SPTE_MMU_PRESENT_MASK;
 	bool wrprot = false;
 
@@ -282,6 +289,13 @@ u64 make_huge_page_split_spte(u64 huge_spte, int huge_level, int index)
 
 u64 make_nonleaf_spte(u64 *child_pt, bool ad_disabled)
 {
+	/*
+	 * A MMU present SPTE is backed by actual memory and may or may not be present
+	 * in hardware.  E.g. MMIO SPTEs are not considered present.  Use bit 11, as it
+	 * is ignored by all flavors of SPTEs and checking a low bit often generates
+	 * better code than for a high bit, e.g. 56+.  MMU present checks are pervasive
+	 * enough that the improved code generation is noticeable in KVM's footprint.
+	 */
 	u64 spte = SPTE_MMU_PRESENT_MASK;
 
 	spte |= __pa(child_pt) | shadow_present_mask | PT_WRITABLE_MASK |
diff --git a/arch/x86/kvm/mmu/spte.h b/arch/x86/kvm/mmu/spte.h
index 0127bb6e3c7d..61fb4a004cf1 100644
--- a/arch/x86/kvm/mmu/spte.h
+++ b/arch/x86/kvm/mmu/spte.h
@@ -212,6 +212,13 @@ static inline bool is_mmio_spte(u64 spte)
 
 static inline bool is_shadow_present_pte(u64 pte)
 {
+	/*
+	 * A MMU present SPTE is backed by actual memory and may or may not be present
+	 * in hardware.  E.g. MMIO SPTEs are not considered present.  Use bit 11, as it
+	 * is ignored by all flavors of SPTEs and checking a low bit often generates
+	 * better code than for a high bit, e.g. 56+.  MMU present checks are pervasive
+	 * enough that the improved code generation is noticeable in KVM's footprint.
+	 */
 	return !!(pte & SPTE_MMU_PRESENT_MASK);
 }
 
diff --git a/arch/x86/kvm/mmu/tdp_iter.c b/arch/x86/kvm/mmu/tdp_iter.c
index ee4802d7b36c..f3fc68a75ac9 100644
--- a/arch/x86/kvm/mmu/tdp_iter.c
+++ b/arch/x86/kvm/mmu/tdp_iter.c
@@ -1,4 +1,4 @@
-// SPDX-License-Identifier: GPL-2.0
+// spdx-license-identifier: gpl-2.0
 
 #include "mmu_internal.h"
 #include "tdp_iter.h"
@@ -8,13 +8,37 @@
  * Recalculates the pointer to the SPTE for the current GFN and level and
  * reread the SPTE.
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_iter.c|34| <<tdp_iter_restart>> tdp_iter_refresh_sptep(iter);
+ *   - arch/x86/kvm/mmu/tdp_iter.c|101| <<try_step_down>> tdp_iter_refresh_sptep(iter);
+ *   - arch/x86/kvm/mmu/tdp_iter.c|143| <<try_step_up>> tdp_iter_refresh_sptep(iter);
+ *
+ * 核心思想是修改tdp_iter->sptep, 现在的pointer
+ */
 static void tdp_iter_refresh_sptep(struct tdp_iter *iter)
 {
+	/*
+	 * 在以下使用tdp_iter->pt_path[PT64_ROOT_MAX_LEVEL]:
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|19| <<tdp_iter_refresh_sptep>> iter->sptep = iter->pt_path[iter->level - 1] +
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|79| <<tdp_iter_start>> iter->pt_path[iter->root_level - 1] = (tdp_ptep_t)root->spt;
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|133| <<try_step_down>> iter->pt_path[iter->level - 1] = child_pt;
+	 *
+	 * 在以下修改tdp_iter->sptep:
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|19| <<tdp_iter_refresh_sptep>> iter->sptep = iter->pt_path[iter->level - 1] + SHADOW_PT_INDEX(iter->gfn << PAGE_SHIFT, iter->level);
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|166| <<try_step_side>> iter->sptep++;
+	 */
 	iter->sptep = iter->pt_path[iter->level - 1] +
 		SHADOW_PT_INDEX(iter->gfn << PAGE_SHIFT, iter->level);
 	iter->old_spte = kvm_tdp_mmu_read_spte(iter->sptep);
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_iter.c|33| <<tdp_iter_restart>> iter->gfn = round_gfn_for_level(iter->next_last_level_gfn, iter->level);
+ *   - arch/x86/kvm/mmu/tdp_iter.c|100| <<try_step_down>> iter->gfn = round_gfn_for_level(iter->next_last_level_gfn, iter->level);
+ *   - arch/x86/kvm/mmu/tdp_iter.c|142| <<try_step_up>> iter->gfn = round_gfn_for_level(iter->gfn, iter->level);
+ */
 static gfn_t round_gfn_for_level(gfn_t gfn, int level)
 {
 	return gfn & -KVM_PAGES_PER_HPAGE(level);
@@ -24,12 +48,51 @@ static gfn_t round_gfn_for_level(gfn_t gfn, int level)
  * Return the TDP iterator to the root PT and allow it to continue its
  * traversal over the paging structure from there.
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_iter.c|57| <<tdp_iter_start>> tdp_iter_restart(iter);
+ *   - arch/x86/kvm/mmu/tdp_iter.c|176| <<tdp_iter_next>> tdp_iter_restart(iter);
+ */
 void tdp_iter_restart(struct tdp_iter *iter)
 {
+	/*
+	 * 在以下设置tdp_iter->yielded:
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|46| <<tdp_iter_restart>> iter->yielded = false;
+	 *   - arch/x86/kvm/mmu/tdp_mmu.c|836| <<tdp_mmu_iter_cond_resched>> iter->yielded = true;
+	 *   - arch/x86/kvm/mmu/tdp_mmu.c|1464| <<tdp_mmu_alloc_sp_for_split>> iter->yielded = true;
+	 *
+	 * True if KVM dropped mmu_lock and yielded in the middle of a walk, in
+	 * which case tdp_iter_next() needs to restart the walk at the root
+	 * level instead of advancing to the next entry.
+	 */
 	iter->yielded = false;
+	/*
+	 *
+	 * 在以下使用tdp_iter->yielded_gfn:
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|47| <<tdp_iter_restart>> iter->yielded_gfn = iter->next_last_level_gfn;
+	 *   - arch/x86/kvm/mmu/tdp_mmu.c|818| <<tdp_mmu_iter_cond_resched>> if (iter->next_last_level_gfn == iter->yielded_gfn)
+	 *
+	 * The next_last_level_gfn at the time when the thread last
+	 * yielded. Only yielding when the next_last_level_gfn !=
+	 * yielded_gfn helps ensure forward progress.
+	 */
 	iter->yielded_gfn = iter->next_last_level_gfn;
 	iter->level = iter->root_level;
 
+	/*
+	 * 在以下修改tdp_iter->gfn:
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|88| <<tdp_iter_restart>> iter->gfn = round_gfn_for_level(iter->next_last_level_gfn, iter->level);
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|193| <<try_step_down>> iter->gfn = round_gfn_for_level(iter->next_last_level_gfn, iter->level);
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|220| <<try_step_side>> iter->gfn += KVM_PAGES_PER_HPAGE(iter->level);
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|249| <<try_step_up>> iter->gfn = round_gfn_for_level(iter->gfn, iter->level);
+	 *
+	 * 在以下设置tdp_iter->next_last_level_gfn:
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|76| <<tdp_iter_start>> iter->next_last_level_gfn = next_last_level_gfn;
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|162| <<try_step_side>> iter->next_last_level_gfn = iter->gfn;
+	 *
+	 * The iterator will traverse the paging structure towards the mapping
+	 * for this GFN.
+	 */
 	iter->gfn = round_gfn_for_level(iter->next_last_level_gfn, iter->level);
 	tdp_iter_refresh_sptep(iter);
 
@@ -40,6 +103,10 @@ void tdp_iter_restart(struct tdp_iter *iter)
  * Sets a TDP iterator to walk a pre-order traversal of the paging structure
  * rooted at root_pt, starting with the walk to translate next_last_level_gfn.
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_iter.h|128| <<for_each_tdp_pte_min_level>> for (tdp_iter_start(&iter, root, min_level, start); \
+ */
 void tdp_iter_start(struct tdp_iter *iter, struct kvm_mmu_page *root,
 		    int min_level, gfn_t next_last_level_gfn)
 {
@@ -48,9 +115,23 @@ void tdp_iter_start(struct tdp_iter *iter, struct kvm_mmu_page *root,
 	WARN_ON(root_level < 1);
 	WARN_ON(root_level > PT64_ROOT_MAX_LEVEL);
 
+	/*
+	 * 在以下设置tdp_iter->next_last_level_gfn:
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|76| <<tdp_iter_start>> iter->next_last_level_gfn = next_last_level_gfn;
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|162| <<try_step_side>> iter->next_last_level_gfn = iter->gfn;
+	 *
+	 * The iterator will traverse the paging structure towards the mapping
+	 * for this GFN.
+	 */
 	iter->next_last_level_gfn = next_last_level_gfn;
 	iter->root_level = root_level;
 	iter->min_level = min_level;
+	/*
+	 * 在以下使用tdp_iter->pt_path[PT64_ROOT_MAX_LEVEL]:
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|19| <<tdp_iter_refresh_sptep>> iter->sptep = iter->pt_path[iter->level - 1] +
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|79| <<tdp_iter_start>> iter->pt_path[iter->root_level - 1] = (tdp_ptep_t)root->spt;
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|133| <<try_step_down>> iter->pt_path[iter->level - 1] = child_pt;
+	 */
 	iter->pt_path[iter->root_level - 1] = (tdp_ptep_t)root->spt;
 	iter->as_id = kvm_mmu_page_as_id(root);
 
@@ -62,6 +143,11 @@ void tdp_iter_start(struct tdp_iter *iter, struct kvm_mmu_page *root,
  * address of the child page table referenced by the SPTE. Returns null if
  * there is no such entry.
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_iter.c|94| <<try_step_down>> child_pt = spte_to_child_pt(iter->old_spte, iter->level);
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|600| <<__handle_changed_spte>> handle_removed_pt(kvm, spte_to_child_pt(old_spte, level), shared);
+ */
 tdp_ptep_t spte_to_child_pt(u64 spte, int level)
 {
 	/*
@@ -78,6 +164,10 @@ tdp_ptep_t spte_to_child_pt(u64 spte, int level)
  * Steps down one level in the paging structure towards the goal GFN. Returns
  * true if the iterator was able to step down a level, false otherwise.
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_iter.c|180| <<tdp_iter_next>> if (try_step_down(iter))
+ */
 static bool try_step_down(struct tdp_iter *iter)
 {
 	tdp_ptep_t child_pt;
@@ -85,6 +175,11 @@ static bool try_step_down(struct tdp_iter *iter)
 	if (iter->level == iter->min_level)
 		return false;
 
+	/*
+	 * 在以下修改tdp_iter->sptep:
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|19| <<tdp_iter_refresh_sptep>> iter->sptep = iter->pt_path[iter->level - 1] + SHADOW_PT_INDEX(iter->gfn << PAGE_SHIFT, iter->level);
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|166| <<try_step_side>> iter->sptep++;
+	 */
 	/*
 	 * Reread the SPTE before stepping down to avoid traversing into page
 	 * tables that are no longer linked from this entry.
@@ -96,7 +191,20 @@ static bool try_step_down(struct tdp_iter *iter)
 		return false;
 
 	iter->level--;
+	/*
+	 * 在以下使用tdp_iter->pt_path[PT64_ROOT_MAX_LEVEL]:
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|19| <<tdp_iter_refresh_sptep>> iter->sptep = iter->pt_path[iter->level - 1] +
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|79| <<tdp_iter_start>> iter->pt_path[iter->root_level - 1] = (tdp_ptep_t)root->spt;
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|133| <<try_step_down>> iter->pt_path[iter->level - 1] = child_pt;
+	 */
 	iter->pt_path[iter->level - 1] = child_pt;
+	/*
+	 * 在以下修改tdp_iter->gfn:
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|88| <<tdp_iter_restart>> iter->gfn = round_gfn_for_level(iter->next_last_level_gfn, iter->level);
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|193| <<try_step_down>> iter->gfn = round_gfn_for_level(iter->next_last_level_gfn, iter->level);
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|220| <<try_step_side>> iter->gfn += KVM_PAGES_PER_HPAGE(iter->level);
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|249| <<try_step_up>> iter->gfn = round_gfn_for_level(iter->gfn, iter->level);
+	 */
 	iter->gfn = round_gfn_for_level(iter->next_last_level_gfn, iter->level);
 	tdp_iter_refresh_sptep(iter);
 
@@ -110,6 +218,10 @@ static bool try_step_down(struct tdp_iter *iter)
  * able to step to the next entry in the page table, false if the iterator was
  * already at the end of the current page table.
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_iter.c|184| <<tdp_iter_next>> if (try_step_side(iter))
+ */
 static bool try_step_side(struct tdp_iter *iter)
 {
 	/*
@@ -122,6 +234,11 @@ static bool try_step_side(struct tdp_iter *iter)
 
 	iter->gfn += KVM_PAGES_PER_HPAGE(iter->level);
 	iter->next_last_level_gfn = iter->gfn;
+	/*
+	 * 在以下修改tdp_iter->sptep:
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|19| <<tdp_iter_refresh_sptep>> iter->sptep = iter->pt_path[iter->level - 1] + SHADOW_PT_INDEX(iter->gfn << PAGE_SHIFT, iter->level);
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|166| <<try_step_side>> iter->sptep++;
+	 */
 	iter->sptep++;
 	iter->old_spte = kvm_tdp_mmu_read_spte(iter->sptep);
 
@@ -133,12 +250,24 @@ static bool try_step_side(struct tdp_iter *iter)
  * can continue from the next entry in the parent page table. Returns true on a
  * successful step up, false if already in the root page.
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_iter.c|154| <<tdp_iter_step_up>> WARN_ON(!try_step_up(iter));
+ *   - arch/x86/kvm/mmu/tdp_iter.c|186| <<tdp_iter_next>> } while (try_step_up(iter));
+ */
 static bool try_step_up(struct tdp_iter *iter)
 {
 	if (iter->level == iter->root_level)
 		return false;
 
 	iter->level++;
+	/*
+	 * 在以下修改tdp_iter->gfn:
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|88| <<tdp_iter_restart>> iter->gfn = round_gfn_for_level(iter->next_last_level_gfn, iter->level);
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|193| <<try_step_down>> iter->gfn = round_gfn_for_level(iter->next_last_level_gfn, iter->level);
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|220| <<try_step_side>> iter->gfn += KVM_PAGES_PER_HPAGE(iter->level);
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|249| <<try_step_up>> iter->gfn = round_gfn_for_level(iter->gfn, iter->level);
+	 */
 	iter->gfn = round_gfn_for_level(iter->gfn, iter->level);
 	tdp_iter_refresh_sptep(iter);
 
@@ -149,6 +278,10 @@ static bool try_step_up(struct tdp_iter *iter)
  * Step the iterator back up a level in the paging structure. Should only be
  * used when the iterator is below the root level.
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|1784| <<zap_collapsible_spte_range>> tdp_iter_step_up(&iter);
+ */
 void tdp_iter_step_up(struct tdp_iter *iter)
 {
 	WARN_ON(!try_step_up(iter));
@@ -170,8 +303,23 @@ void tdp_iter_step_up(struct tdp_iter *iter)
  *    SPTE will have already been visited, and so the iterator must also step
  *    to the side again.
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_iter.h|130| <<for_each_tdp_pte_min_level>> tdp_iter_next(&iter))
+ */
 void tdp_iter_next(struct tdp_iter *iter)
 {
+	/*
+	 * 在以下设置tdp_iter->yielded:
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|46| <<tdp_iter_restart>> iter->yielded = false;
+	 *   - arch/x86/kvm/mmu/tdp_mmu.c|836| <<tdp_mmu_iter_cond_resched>> iter->yielded = true;
+	 *   - arch/x86/kvm/mmu/tdp_mmu.c|1464| <<tdp_mmu_alloc_sp_for_split>> iter->yielded = true;
+	 *
+	 * True if KVM dropped mmu_lock and yielded in the middle of a walk, in
+	 * which case tdp_iter_next() needs to restart the walk at the root
+	 * level instead of advancing to the next entry.
+	 *
+	 */
 	if (iter->yielded) {
 		tdp_iter_restart(iter);
 		return;
diff --git a/arch/x86/kvm/mmu/tdp_iter.h b/arch/x86/kvm/mmu/tdp_iter.h
index adfca0cf94d3..5cd25a1956b7 100644
--- a/arch/x86/kvm/mmu/tdp_iter.h
+++ b/arch/x86/kvm/mmu/tdp_iter.h
@@ -14,21 +14,45 @@
  * batched without having to collect the list of zapped SPs.  Flows that can
  * remove SPs must service pending TLB flushes prior to dropping RCU protection.
  */
+/*
+ * called by:
+ *   -  arch/x86/kvm/mmu/tdp_iter.c|15| <<tdp_iter_refresh_sptep>> iter->old_spte = kvm_tdp_mmu_read_spte(iter->sptep);
+ *   - arch/x86/kvm/mmu/tdp_iter.c|92| <<try_step_down>> iter->old_spte = kvm_tdp_mmu_read_spte(iter->sptep);
+ *   - arch/x86/kvm/mmu/tdp_iter.c|126| <<try_step_side>> iter->old_spte = kvm_tdp_mmu_read_spte(iter->sptep);
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|458| <<handle_removed_pt>> old_spte = kvm_tdp_mmu_read_spte(sptep);
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|926| <<kvm_tdp_mmu_zap_sp>> old_spte = kvm_tdp_mmu_read_spte(sp->ptep);
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|1192| <<kvm_tdp_mmu_map>> iter.old_spte = kvm_tdp_mmu_read_spte(iter.sptep);
+ */
 static inline u64 kvm_tdp_mmu_read_spte(tdp_ptep_t sptep)
 {
 	return READ_ONCE(*rcu_dereference(sptep));
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_iter.h|49| <<kvm_tdp_mmu_write_spte>> return kvm_tdp_mmu_write_spte_atomic(sptep, new_spte);
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|443| <<handle_removed_pt>> old_spte = kvm_tdp_mmu_write_spte_atomic(sptep, REMOVED_SPTE);
+ */
 static inline u64 kvm_tdp_mmu_write_spte_atomic(tdp_ptep_t sptep, u64 new_spte)
 {
 	return xchg(rcu_dereference(sptep), new_spte);
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_iter.h|51| <<kvm_tdp_mmu_write_spte>> __kvm_tdp_mmu_write_spte(sptep, new_spte);
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|696| <<tdp_mmu_zap_spte_atomic>> __kvm_tdp_mmu_write_spte(iter->sptep, 0);
+ */
 static inline void __kvm_tdp_mmu_write_spte(tdp_ptep_t sptep, u64 new_spte)
 {
 	WRITE_ONCE(*rcu_dereference(sptep), new_spte);
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|490| <<handle_removed_pt>> old_spte = kvm_tdp_mmu_write_spte(sptep, old_spte,
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|740| <<__tdp_mmu_set_spte>> old_spte = kvm_tdp_mmu_write_spte(sptep, old_spte, new_spte, level);
+ */
 static inline u64 kvm_tdp_mmu_write_spte(tdp_ptep_t sptep, u64 old_spte,
 					 u64 new_spte, int level)
 {
@@ -60,18 +84,46 @@ struct tdp_iter {
 	 * The iterator will traverse the paging structure towards the mapping
 	 * for this GFN.
 	 */
+	/*
+	 * 在以下设置tdp_iter->next_last_level_gfn:
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|76| <<tdp_iter_start>> iter->next_last_level_gfn = next_last_level_gfn;
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|162| <<try_step_side>> iter->next_last_level_gfn = iter->gfn;
+	 */
 	gfn_t next_last_level_gfn;
 	/*
 	 * The next_last_level_gfn at the time when the thread last
 	 * yielded. Only yielding when the next_last_level_gfn !=
 	 * yielded_gfn helps ensure forward progress.
 	 */
+	/*
+	 * 在以下使用tdp_iter->yielded_gfn:
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|47| <<tdp_iter_restart>> iter->yielded_gfn = iter->next_last_level_gfn;
+	 *   - arch/x86/kvm/mmu/tdp_mmu.c|818| <<tdp_mmu_iter_cond_resched>> if (iter->next_last_level_gfn == iter->yielded_gfn)
+	 */
 	gfn_t yielded_gfn;
 	/* Pointers to the page tables traversed to reach the current SPTE */
+	/*
+	 * 在以下使用tdp_iter->pt_path[PT64_ROOT_MAX_LEVEL]:
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|19| <<tdp_iter_refresh_sptep>> iter->sptep = iter->pt_path[iter->level - 1] +
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|79| <<tdp_iter_start>> iter->pt_path[iter->root_level - 1] = (tdp_ptep_t)root->spt;
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|133| <<try_step_down>> iter->pt_path[iter->level - 1] = child_pt;
+	 */
 	tdp_ptep_t pt_path[PT64_ROOT_MAX_LEVEL];
 	/* A pointer to the current SPTE */
+	/*
+	 * 在以下修改tdp_iter->sptep:
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|19| <<tdp_iter_refresh_sptep>> iter->sptep = iter->pt_path[iter->level - 1] + SHADOW_PT_INDEX(iter->gfn << PAGE_SHIFT, iter->level);
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|166| <<try_step_side>> iter->sptep++;
+	 */
 	tdp_ptep_t sptep;
 	/* The lowest GFN mapped by the current SPTE */
+	/*
+	 * 在以下修改tdp_iter->gfn:
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|88| <<tdp_iter_restart>> iter->gfn = round_gfn_for_level(iter->next_last_level_gfn, iter->level);
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|193| <<try_step_down>> iter->gfn = round_gfn_for_level(iter->next_last_level_gfn, iter->level);
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|220| <<try_step_side>> iter->gfn += KVM_PAGES_PER_HPAGE(iter->level);
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|249| <<try_step_up>> iter->gfn = round_gfn_for_level(iter->gfn, iter->level);
+	 */
 	gfn_t gfn;
 	/* The level of the root page given to the iterator */
 	int root_level;
@@ -93,6 +145,19 @@ struct tdp_iter {
 	 * which case tdp_iter_next() needs to restart the walk at the root
 	 * level instead of advancing to the next entry.
 	 */
+	/*
+	 * 在以下设置tdp_iter->yielded:
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|46| <<tdp_iter_restart>> iter->yielded = false;
+	 *   - arch/x86/kvm/mmu/tdp_mmu.c|836| <<tdp_mmu_iter_cond_resched>> iter->yielded = true;
+	 *   - arch/x86/kvm/mmu/tdp_mmu.c|1464| <<tdp_mmu_alloc_sp_for_split>> iter->yielded = true;
+	 * 在以下使用tdp_iter->yielded:
+	 *   - arch/x86/kvm/mmu/tdp_iter.c|226| <<tdp_iter_next>> if (iter->yielded) {
+	 *   - arch/x86/kvm/mmu/tdp_mmu.c|644| <<tdp_mmu_set_spte_atomic>> WARN_ON_ONCE(iter->yielded || is_removed_spte(iter->old_spte));
+	 *   - arch/x86/kvm/mmu/tdp_mmu.c|756| <<_tdp_mmu_set_spte>> WARN_ON_ONCE(iter->yielded);
+	 *   - arch/x86/kvm/mmu/tdp_mmu.c|815| <<tdp_mmu_iter_cond_resched>> WARN_ON(iter->yielded);
+	 *   - arch/x86/kvm/mmu/tdp_mmu.c|839| <<tdp_mmu_iter_cond_resched>> return iter->yielded;
+	 *   - arch/x86/kvm/mmu/tdp_mmu.c|1557| <<tdp_mmu_split_huge_pages_root>> if (iter.yielded)
+	 */
 	bool yielded;
 };
 
@@ -100,11 +165,25 @@ struct tdp_iter {
  * Iterates over every SPTE mapping the GFN range [start, end) in a
  * preorder traversal.
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_iter.h|174| <<for_each_tdp_pte>> for_each_tdp_pte_min_level(iter, root, PG_LEVEL_4K, start, end)
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|861| <<__tdp_mmu_zap_root>> for_each_tdp_pte_min_level(iter, root, zap_level, start, end) {
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|957| <<tdp_mmu_zap_leafs>> for_each_tdp_pte_min_level(iter, root, PG_LEVEL_4K, start, end) {
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|1377| <<wrprot_gfn_range>> for_each_tdp_pte_min_level(iter, root, min_level, start, end) {
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|1539| <<tdp_mmu_split_huge_pages_root>> for_each_tdp_pte_min_level(iter, root, target_level + 1, start, end) {
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|1829| <<write_protect_gfn>> for_each_tdp_pte_min_level(iter, root, min_level, gfn, gfn + 1) {
+ */
 #define for_each_tdp_pte_min_level(iter, root, min_level, start, end) \
 	for (tdp_iter_start(&iter, root, min_level, start); \
 	     iter.valid && iter.gfn < end;		     \
 	     tdp_iter_next(&iter))
 
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|785| <<tdp_root_for_each_pte>> for_each_tdp_pte(_iter, _root, _start, _end)
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|795| <<tdp_mmu_for_each_pte>> for_each_tdp_pte(_iter, to_shadow_page(_mmu->root.hpa), _start, _end)
+ */
 #define for_each_tdp_pte(iter, root, start, end) \
 	for_each_tdp_pte_min_level(iter, root, PG_LEVEL_4K, start, end)
 
diff --git a/arch/x86/kvm/mmu/tdp_mmu.c b/arch/x86/kvm/mmu/tdp_mmu.c
index 7b9265d67131..f632f2c1ae3d 100644
--- a/arch/x86/kvm/mmu/tdp_mmu.c
+++ b/arch/x86/kvm/mmu/tdp_mmu.c
@@ -26,7 +26,16 @@ int kvm_mmu_init_tdp_mmu(struct kvm *kvm)
 		return -ENOMEM;
 
 	/* This should not be changed for the lifetime of the VM. */
+	/*
+	 * struct kvm *kvm:
+	 * -> struct kvm_arch arch;
+	 *    -> bool tdp_mmu_enabled;
+	 */
 	kvm->arch.tdp_mmu_enabled = true;
+	/*
+	 * 只在以下添加kvm_arch->tdp_mmu_roots:
+	 *   - arch/x86/kvm/mmu/tdp_mmu.c|335| <<kvm_tdp_mmu_get_vcpu_root_hpa>> list_add_rcu(&root->link, &kvm->arch.tdp_mmu_roots);
+	 */
 	INIT_LIST_HEAD(&kvm->arch.tdp_mmu_roots);
 	spin_lock_init(&kvm->arch.tdp_mmu_pages_lock);
 	INIT_LIST_HEAD(&kvm->arch.tdp_mmu_pages);
@@ -35,6 +44,14 @@ int kvm_mmu_init_tdp_mmu(struct kvm *kvm)
 }
 
 /* Arbitrarily returns true so that this may be used in if statements. */
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|143| <<kvm_tdp_mmu_put_root>> kvm_lockdep_assert_mmu_lock_held(kvm, shared);
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|251| <<__for_each_tdp_mmu_root_yield_safe>> if (kvm_lockdep_assert_mmu_lock_held(_kvm, _shared) && \
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|270| <<for_each_tdp_mmu_root>> if (kvm_lockdep_assert_mmu_lock_held(_kvm, false) && \
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|895| <<tdp_mmu_zap_root>> kvm_lockdep_assert_mmu_lock_held(kvm, shared);
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|1592| <<kvm_tdp_mmu_try_split_huge_pages>> kvm_lockdep_assert_mmu_lock_held(kvm, shared);
+ */
 static __always_inline bool kvm_lockdep_assert_mmu_lock_held(struct kvm *kvm,
 							     bool shared)
 {
@@ -65,6 +82,12 @@ void kvm_mmu_uninit_tdp_mmu(struct kvm *kvm)
 	rcu_barrier();
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|87| <<tdp_mmu_free_sp_rcu_callback>> tdp_mmu_free_sp(sp);
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|1211| <<kvm_tdp_mmu_map>> tdp_mmu_free_sp(sp);
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|1575| <<tdp_mmu_split_huge_pages_root>> tdp_mmu_free_sp(sp);
+ */
 static void tdp_mmu_free_sp(struct kvm_mmu_page *sp)
 {
 	free_page((unsigned long)sp->spt);
@@ -79,6 +102,11 @@ static void tdp_mmu_free_sp(struct kvm_mmu_page *sp)
  * section, and freeing it after a grace period, lockless access to that
  * memory won't use it after it is freed.
  */
+/*
+ * 在以下使用tdp_mmu_free_sp_rcu_callback():
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|191| <<kvm_tdp_mmu_put_root>> call_rcu(&root->rcu_head, tdp_mmu_free_sp_rcu_callback);
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|497| <<handle_removed_pt>> call_rcu(&sp->rcu_head, tdp_mmu_free_sp_rcu_callback);
+ */
 static void tdp_mmu_free_sp_rcu_callback(struct rcu_head *head)
 {
 	struct kvm_mmu_page *sp = container_of(head, struct kvm_mmu_page,
@@ -90,6 +118,10 @@ static void tdp_mmu_free_sp_rcu_callback(struct rcu_head *head)
 static void tdp_mmu_zap_root(struct kvm *kvm, struct kvm_mmu_page *root,
 			     bool shared);
 
+/*
+ * 在以下使用tdp_mmu_zap_root_work():
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|150| <<tdp_mmu_schedule_zap_root>> INIT_WORK(&root->tdp_mmu_async_work, tdp_mmu_zap_root_work);
+ */
 static void tdp_mmu_zap_root_work(struct work_struct *work)
 {
 	struct kvm_mmu_page *root = container_of(work, struct kvm_mmu_page,
@@ -120,6 +152,11 @@ static void tdp_mmu_zap_root_work(struct work_struct *work)
 	read_unlock(&kvm->mmu_lock);
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|208| <<kvm_tdp_mmu_put_root>> tdp_mmu_schedule_zap_root(kvm, root);
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|1080| <<kvm_tdp_mmu_invalidate_all_roots>> tdp_mmu_schedule_zap_root(kvm, root);
+ */
 static void tdp_mmu_schedule_zap_root(struct kvm *kvm, struct kvm_mmu_page *root)
 {
 	root->tdp_mmu_async_data = kvm;
@@ -127,6 +164,10 @@ static void tdp_mmu_schedule_zap_root(struct kvm *kvm, struct kvm_mmu_page *root
 	queue_work(kvm->arch.tdp_mmu_zap_wq, &root->tdp_mmu_async_work);
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|198| <<kvm_tdp_mmu_put_root>> if (!kvm_tdp_root_mark_invalid(root)) {
+ */
 static inline bool kvm_tdp_root_mark_invalid(struct kvm_mmu_page *page)
 {
 	union kvm_mmu_page_role role = page->role;
@@ -137,6 +178,13 @@ static inline bool kvm_tdp_root_mark_invalid(struct kvm_mmu_page *page)
 	return role.invalid;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/mmu.c|3273| <<mmu_free_root_page>> kvm_tdp_mmu_put_root(kvm, sp, false);
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|142| <<tdp_mmu_zap_root_work>> kvm_tdp_mmu_put_root(kvm, root, true);
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|256| <<tdp_mmu_next_root>> kvm_tdp_mmu_put_root(kvm, prev_root, shared);
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|1621| <<kvm_tdp_mmu_try_split_huge_pages>> kvm_tdp_mmu_put_root(kvm, root, shared);
+ */
 void kvm_tdp_mmu_put_root(struct kvm *kvm, struct kvm_mmu_page *root,
 			  bool shared)
 {
@@ -201,6 +249,11 @@ void kvm_tdp_mmu_put_root(struct kvm *kvm, struct kvm_mmu_page *root,
  *
  * Returns NULL if the end of tdp_mmu_roots was reached.
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|272| <<__for_each_tdp_mmu_root_yield_safe>> for (_root = tdp_mmu_next_root(_kvm, NULL, _shared, _only_valid); \
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|274| <<__for_each_tdp_mmu_root_yield_safe>> _root = tdp_mmu_next_root(_kvm, _root, _shared, _only_valid)) \
+ */
 static struct kvm_mmu_page *tdp_mmu_next_root(struct kvm *kvm,
 					      struct kvm_mmu_page *prev_root,
 					      bool shared, bool only_valid)
@@ -308,6 +361,10 @@ static void tdp_mmu_init_child_sp(struct kvm_mmu_page *child_sp,
 	tdp_mmu_init_sp(child_sp, iter->sptep, iter->gfn, role);
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/mmu.c|3397| <<mmu_alloc_direct_roots>> root = kvm_tdp_mmu_get_vcpu_root_hpa(vcpu);
+ */
 hpa_t kvm_tdp_mmu_get_vcpu_root_hpa(struct kvm_vcpu *vcpu)
 {
 	union kvm_mmu_page_role role = vcpu->arch.mmu->root_role;
@@ -600,6 +657,10 @@ static void __handle_changed_spte(struct kvm *kvm, int as_id, gfn_t gfn,
 		handle_removed_pt(kvm, spte_to_child_pt(old_spte, level), shared);
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|517| <<handle_removed_pt>> handle_changed_spte(kvm, kvm_mmu_page_as_id(sp), gfn, old_spte, REMOVED_SPTE, level, shared);
+ */
 static void handle_changed_spte(struct kvm *kvm, int as_id, gfn_t gfn,
 				u64 old_spte, u64 new_spte, int level,
 				bool shared)
@@ -722,6 +783,11 @@ static inline int tdp_mmu_zap_spte_atomic(struct kvm *kvm,
  * Returns the old SPTE value, which _may_ be different than @old_spte if the
  * SPTE had voldatile bits.
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|782| <<_tdp_mmu_set_spte>> iter->old_spte = __tdp_mmu_set_spte(kvm, iter->as_id, iter->sptep,
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|954| <<kvm_tdp_mmu_zap_sp>> __tdp_mmu_set_spte(kvm, kvm_mmu_page_as_id(sp), sp->ptep, old_spte, 0,
+ */
 static u64 __tdp_mmu_set_spte(struct kvm *kvm, int as_id, tdp_ptep_t sptep,
 			      u64 old_spte, u64 new_spte, gfn_t gfn, int level,
 			      bool record_acc_track, bool record_dirty_log)
@@ -808,6 +874,15 @@ static inline void tdp_mmu_set_spte_no_dirty_log(struct kvm *kvm,
  *
  * Returns true if this function yielded.
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|887| <<__tdp_mmu_zap_root>> if (tdp_mmu_iter_cond_resched(kvm, &iter, false, shared))
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|983| <<tdp_mmu_zap_leafs>> tdp_mmu_iter_cond_resched(kvm, &iter, flush, false)) {
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|1403| <<wrprot_gfn_range>> if (tdp_mmu_iter_cond_resched(kvm, &iter, false, true))
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|1565| <<tdp_mmu_split_huge_pages_root>> if (tdp_mmu_iter_cond_resched(kvm, &iter, false, shared))
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|1645| <<clear_dirty_gfn_range>> if (tdp_mmu_iter_cond_resched(kvm, &iter, false, true))
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|1775| <<zap_collapsible_spte_range>> if (tdp_mmu_iter_cond_resched(kvm, &iter, false, true))
+ */
 static inline bool __must_check tdp_mmu_iter_cond_resched(struct kvm *kvm,
 							  struct tdp_iter *iter,
 							  bool flush, bool shared)
@@ -850,6 +925,11 @@ static inline gfn_t tdp_mmu_max_gfn_exclusive(void)
 	return kvm_mmu_max_gfn() + 1;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|933| <<tdp_mmu_zap_root>> __tdp_mmu_zap_root(kvm, root, shared, PG_LEVEL_1G);
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|934| <<tdp_mmu_zap_root>> __tdp_mmu_zap_root(kvm, root, shared, root->role.level);
+ */
 static void __tdp_mmu_zap_root(struct kvm *kvm, struct kvm_mmu_page *root,
 			       bool shared, int zap_level)
 {
@@ -858,6 +938,9 @@ static void __tdp_mmu_zap_root(struct kvm *kvm, struct kvm_mmu_page *root,
 	gfn_t end = tdp_mmu_max_gfn_exclusive();
 	gfn_t start = 0;
 
+	/*
+	 * 对于从start到end的gfn的, 在root下面的没一个spte
+	 */
 	for_each_tdp_pte_min_level(iter, root, zap_level, start, end) {
 retry:
 		if (tdp_mmu_iter_cond_resched(kvm, &iter, false, shared))
@@ -876,6 +959,11 @@ static void __tdp_mmu_zap_root(struct kvm *kvm, struct kvm_mmu_page *root,
 	}
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|133| <<tdp_mmu_zap_root_work>> tdp_mmu_zap_root(kvm, root, true);
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|1041| <<kvm_tdp_mmu_zap_all>> tdp_mmu_zap_root(kvm, root, false);
+ */
 static void tdp_mmu_zap_root(struct kvm *kvm, struct kvm_mmu_page *root,
 			     bool shared)
 {
@@ -912,6 +1000,10 @@ static void tdp_mmu_zap_root(struct kvm *kvm, struct kvm_mmu_page *root,
 	rcu_read_unlock();
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/mmu.c|6436| <<kvm_recover_nx_lpages>> flush |= kvm_tdp_mmu_zap_sp(kvm, sp);
+ */
 bool kvm_tdp_mmu_zap_sp(struct kvm *kvm, struct kvm_mmu_page *sp)
 {
 	u64 old_spte;
@@ -1126,6 +1218,11 @@ static int tdp_mmu_map_handle_target_level(struct kvm_vcpu *vcpu,
  * Returns: 0 if the new page table was installed. Non-0 if the page table
  *          could not be installed (e.g. the atomic compare-exchange failed).
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|1298| <<kvm_tdp_mmu_map>> if (tdp_mmu_link_sp(vcpu->kvm, &iter, sp, account_nx, true)) {
+ *   - arch/x86/kvm/mmu/tdp_mmu.c|1589| <<tdp_mmu_split_huge_page>> ret = tdp_mmu_link_sp(kvm, iter, sp, false, shared);
+ */
 static int tdp_mmu_link_sp(struct kvm *kvm, struct tdp_iter *iter,
 			   struct kvm_mmu_page *sp, bool account_nx,
 			   bool shared)
@@ -1154,6 +1251,10 @@ static int tdp_mmu_link_sp(struct kvm *kvm, struct tdp_iter *iter,
  * Handle a TDP page fault (NPT/EPT violation/misconfiguration) by installing
  * page tables and SPTEs to translate the faulting guest physical address.
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/mmu.c|4100| <<direct_page_fault>> r = kvm_tdp_mmu_map(vcpu, fault);
+ */
 int kvm_tdp_mmu_map(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault)
 {
 	struct kvm_mmu *mmu = vcpu->arch.mmu;
@@ -1871,6 +1972,10 @@ bool kvm_tdp_mmu_write_protect_gfn(struct kvm *kvm,
  *
  * Must be called between kvm_tdp_mmu_walk_lockless_{begin,end}.
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/mmu.c|3822| <<get_mmio_spte>> leaf = kvm_tdp_mmu_get_walk(vcpu, addr, sptes, &root);
+ */
 int kvm_tdp_mmu_get_walk(struct kvm_vcpu *vcpu, u64 addr, u64 *sptes,
 			 int *root_level)
 {
@@ -1900,6 +2005,10 @@ int kvm_tdp_mmu_get_walk(struct kvm_vcpu *vcpu, u64 addr, u64 *sptes,
  *
  * WARNING: This function is only intended to be called during fast_page_fault.
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/mmu/mmu.c|3162| <<fast_page_fault>> sptep = kvm_tdp_mmu_fast_pf_get_last_sptep(vcpu, fault->addr, &spte);
+ */
 u64 *kvm_tdp_mmu_fast_pf_get_last_sptep(struct kvm_vcpu *vcpu, u64 addr,
 					u64 *spte)
 {
diff --git a/arch/x86/kvm/pmu.c b/arch/x86/kvm/pmu.c
index 3f868fed9114..522d2e57f10e 100644
--- a/arch/x86/kvm/pmu.c
+++ b/arch/x86/kvm/pmu.c
@@ -57,6 +57,10 @@ static struct kvm_pmu_ops kvm_pmu_ops __read_mostly;
 #define KVM_X86_PMU_OP_OPTIONAL KVM_X86_PMU_OP
 #include <asm/kvm-x86-pmu-ops.h>
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|11712| <<kvm_ops_update>> kvm_pmu_ops_update(ops->pmu_ops);
+ */
 void kvm_pmu_ops_update(const struct kvm_pmu_ops *pmu_ops)
 {
 	memcpy(&kvm_pmu_ops, pmu_ops, sizeof(kvm_pmu_ops));
@@ -120,6 +124,11 @@ static void kvm_perf_overflow(struct perf_event *perf_event,
 	__kvm_perf_overflow(pmc, true);
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/pmu.c|269| <<reprogram_gp_counter>> pmc_reprogram_counter(pmc, type, config,
+ *   - arch/x86/kvm/pmu.c|309| <<reprogram_fixed_counter>> pmc_reprogram_counter(pmc, PERF_TYPE_HARDWARE,
+ */
 static void pmc_reprogram_counter(struct kvm_pmc *pmc, u32 type,
 				  u64 config, bool exclude_user,
 				  bool exclude_kernel, bool intr)
@@ -166,6 +175,11 @@ static void pmc_reprogram_counter(struct kvm_pmc *pmc, u32 type,
 	pmc->intr = intr;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/pmu.c|237| <<reprogram_gp_counter>> pmc_pause_counter(pmc);
+ *   - arch/x86/kvm/pmu.c|293| <<reprogram_fixed_counter>> pmc_pause_counter(pmc);
+ */
 static void pmc_pause_counter(struct kvm_pmc *pmc)
 {
 	u64 counter = pmc->counter;
@@ -179,6 +193,11 @@ static void pmc_pause_counter(struct kvm_pmc *pmc)
 	pmc->is_paused = true;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/pmu.c|268| <<reprogram_gp_counter>> if (pmc->current_config == eventsel && pmc_resume_counter(pmc))
+ *   - arch/x86/kvm/pmu.c|308| <<reprogram_fixed_counter>> if (pmc->current_config == (u64)ctrl && pmc_resume_counter(pmc))
+ */
 static bool pmc_resume_counter(struct kvm_pmc *pmc)
 {
 	if (!pmc->perf_event)
@@ -205,6 +224,12 @@ static int cmp_u64(const void *pa, const void *pb)
 	return (a > b) - (a < b);
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/pmu.c|319| <<reprogram_counter>> reprogram_gp_counter(pmc, pmc->eventsel);
+ *   - arch/x86/kvm/svm/pmu.c|290| <<amd_pmu_set_msr>> reprogram_gp_counter(pmc, data);
+ *   - arch/x86/kvm/vmx/pmu_intel.c|448| <<intel_pmu_set_msr>> reprogram_gp_counter(pmc, data);
+ */
 void reprogram_gp_counter(struct kvm_pmc *pmc, u64 eventsel)
 {
 	u64 config;
@@ -263,6 +288,11 @@ void reprogram_gp_counter(struct kvm_pmc *pmc, u64 eventsel)
 }
 EXPORT_SYMBOL_GPL(reprogram_gp_counter);
 
+/*
+ * called by:
+ *   - arch/x86/kvm/pmu.c|315| <<reprogram_counter>> reprogram_fixed_counter(pmc, ctrl, idx);
+ *   - arch/x86/kvm/vmx/pmu_intel.c|53| <<reprogram_fixed_counters>> reprogram_fixed_counter(pmc, new_ctrl, i);
+ */
 void reprogram_fixed_counter(struct kvm_pmc *pmc, u8 ctrl, int idx)
 {
 	unsigned en_field = ctrl & 0x3;
@@ -288,9 +318,32 @@ void reprogram_fixed_counter(struct kvm_pmc *pmc, u8 ctrl, int idx)
 	if (pmc->current_config == (u64)ctrl && pmc_resume_counter(pmc))
 		return;
 
+	/*
+	 * called by:
+	 *   - arch/x86/kvm/pmu.c|256| <<reprogram_gp_counter>> pmc_release_perf_event(pmc);
+	 *   - arch/x86/kvm/pmu.c|291| <<reprogram_fixed_counter>> pmc_release_perf_event(pmc);
+	 *   - arch/x86/kvm/pmu.h|77| <<pmc_stop_counter>> pmc_release_perf_event(pmc);
+	 */
 	pmc_release_perf_event(pmc);
 
+	/*
+	 * 在以下使用kvm_pmc->current_config:
+	 *   - arch/x86/kvm/pmu.c|268| <<reprogram_gp_counter>> if (pmc->current_config == eventsel && pmc_resume_counter(pmc))
+	 *   - arch/x86/kvm/pmu.c|273| <<reprogram_gp_counter>> pmc->current_config = eventsel;
+	 *   - arch/x86/kvm/pmu.c|308| <<reprogram_fixed_counter>> if (pmc->current_config == (u64)ctrl && pmc_resume_counter(pmc))
+	 *   - arch/x86/kvm/pmu.c|313| <<reprogram_fixed_counter>> pmc->current_config = (u64)ctrl;
+	 *   - arch/x86/kvm/pmu.c|568| <<cpl_is_matched>> u64 config = pmc->current_config;
+	 *   - arch/x86/kvm/pmu.h|74| <<pmc_release_perf_event>> pmc->current_config = 0;
+	 *   - arch/x86/kvm/svm/pmu.c|328| <<amd_pmu_init>> pmu->gp_counters[i].current_config = 0;
+	 *   - arch/x86/kvm/vmx/pmu_intel.c|570| <<intel_pmu_init>> pmu->gp_counters[i].current_config = 0;
+	 *   - arch/x86/kvm/vmx/pmu_intel.c|577| <<intel_pmu_init>> pmu->fixed_counters[i].current_config = 0;
+	 */
 	pmc->current_config = (u64)ctrl;
+	/*
+	 * called by:
+	 *   - arch/x86/kvm/pmu.c|269| <<reprogram_gp_counter>> pmc_reprogram_counter(pmc, type, config,
+	 *   - arch/x86/kvm/pmu.c|309| <<reprogram_fixed_counter>> pmc_reprogram_counter(pmc, PERF_TYPE_HARDWARE,
+	 */
 	pmc_reprogram_counter(pmc, PERF_TYPE_HARDWARE,
 			      static_call(kvm_x86_pmu_pmc_perf_hw_id)(pmc),
 			      !(en_field & 0x2), /* exclude user */
@@ -299,6 +352,12 @@ void reprogram_fixed_counter(struct kvm_pmc *pmc, u8 ctrl, int idx)
 }
 EXPORT_SYMBOL_GPL(reprogram_fixed_counter);
 
+/*
+ * called by:
+ *   - arch/x86/kvm/pmu.c|353| <<kvm_pmu_handle_event>> reprogram_counter(pmu, bit);
+ *   - arch/x86/kvm/pmu.c|548| <<kvm_pmu_incr_counter>> reprogram_counter(pmu, pmc->idx);
+ *   - arch/x86/kvm/vmx/pmu_intel.c|68| <<global_ctrl_changed>> reprogram_counter(pmu, bit);
+ */
 void reprogram_counter(struct kvm_pmu *pmu, int pmc_idx)
 {
 	struct kvm_pmc *pmc = static_call(kvm_x86_pmu_pmc_idx_to_pmc)(pmu, pmc_idx);
@@ -317,6 +376,10 @@ void reprogram_counter(struct kvm_pmu *pmu, int pmc_idx)
 }
 EXPORT_SYMBOL_GPL(reprogram_counter);
 
+/*
+ * 处理KVM_REQ_PMU:
+ *   - arch/x86/kvm/x86.c|10109| <<vcpu_enter_guest>> kvm_pmu_handle_event(vcpu);
+ */
 void kvm_pmu_handle_event(struct kvm_vcpu *vcpu)
 {
 	struct kvm_pmu *pmu = vcpu_to_pmu(vcpu);
@@ -382,6 +445,11 @@ static int kvm_pmu_rdpmc_vmware(struct kvm_vcpu *vcpu, unsigned idx, u64 *data)
 	return 0;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|1391| <<kvm_emulate_rdpmc>> if (kvm_pmu_rdpmc(vcpu, ecx, &data)) {
+ *   - arch/x86/kvm/x86.c|7790| <<emulator_read_pmc>> return kvm_pmu_rdpmc(emul_to_vcpu(ctxt), pmc, pdata);
+ */
 int kvm_pmu_rdpmc(struct kvm_vcpu *vcpu, unsigned idx, u64 *data)
 {
 	bool fast_mode = idx & (1u << 31);
@@ -408,6 +476,11 @@ int kvm_pmu_rdpmc(struct kvm_vcpu *vcpu, unsigned idx, u64 *data)
 	return 0;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/pmu.c|83| <<kvm_pmi_trigger_fn>> kvm_pmu_deliver_pmi(vcpu);
+ *   - arch/x86/kvm/x86.c|10111| <<vcpu_enter_guest>> kvm_pmu_deliver_pmi(vcpu);
+ */
 void kvm_pmu_deliver_pmi(struct kvm_vcpu *vcpu)
 {
 	if (lapic_in_kernel(vcpu)) {
@@ -459,6 +532,10 @@ void kvm_pmu_reset(struct kvm_vcpu *vcpu)
 	static_call(kvm_x86_pmu_reset)(vcpu);
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|11362| <<kvm_arch_vcpu_create>> kvm_pmu_init(vcpu);
+ */
 void kvm_pmu_init(struct kvm_vcpu *vcpu)
 {
 	struct kvm_pmu *pmu = vcpu_to_pmu(vcpu);
diff --git a/arch/x86/kvm/pmu.h b/arch/x86/kvm/pmu.h
index e745f443b6a8..4178aa1abb75 100644
--- a/arch/x86/kvm/pmu.h
+++ b/arch/x86/kvm/pmu.h
@@ -60,6 +60,12 @@ static inline u64 pmc_read_counter(struct kvm_pmc *pmc)
 	return counter & pmc_bitmask(pmc);
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/pmu.c|256| <<reprogram_gp_counter>> pmc_release_perf_event(pmc);
+ *   - arch/x86/kvm/pmu.c|291| <<reprogram_fixed_counter>> pmc_release_perf_event(pmc);
+ *   - arch/x86/kvm/pmu.h|77| <<pmc_stop_counter>> pmc_release_perf_event(pmc);
+ */
 static inline void pmc_release_perf_event(struct kvm_pmc *pmc)
 {
 	if (pmc->perf_event) {
@@ -135,6 +141,12 @@ static inline u64 get_sample_period(struct kvm_pmc *pmc, u64 counter_value)
 	return sample_period;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/svm/pmu.c|282| <<amd_pmu_set_msr>> pmc_update_sample_period(pmc);
+ *   - arch/x86/kvm/vmx/pmu_intel.c|434| <<intel_pmu_set_msr>> pmc_update_sample_period(pmc);
+ *   - arch/x86/kvm/vmx/pmu_intel.c|438| <<intel_pmu_set_msr>> pmc_update_sample_period(pmc);
+ */
 static inline void pmc_update_sample_period(struct kvm_pmc *pmc)
 {
 	if (!pmc->perf_event || pmc->is_paused)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 44bbf25dfeb9..3165fb64462c 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -1736,6 +1736,11 @@ void svm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
 	if (npt_enabled && ((old_cr4 ^ cr4) & X86_CR4_PGE))
 		svm_flush_tlb_current(vcpu);
 
+	/*
+	 * struct kvm_vcpu *vcpu:
+	 * -> struct kvm_vcpu_arch arch;
+	 *    -> unsigned long cr4;
+	 */
 	vcpu->arch.cr4 = cr4;
 	if (!npt_enabled) {
 		cr4 |= X86_CR4_PAE;
@@ -1744,6 +1749,14 @@ void svm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
 			cr4 &= ~(X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_PKE);
 	}
 	cr4 |= host_cr4_mce;
+	/*
+	 * struct vcpu_svm:
+	 * -> struct kvm_vcpu vcpu;
+	 * -> struct vmcb *vmcb;
+	 *    -> struct vmcb_control_area control;
+	 *    -> struct vmcb_save_area save;
+	 *       -> u64 cr4;
+	 */
 	to_svm(vcpu)->vmcb->save.cr4 = cr4;
 	vmcb_mark_dirty(to_svm(vcpu)->vmcb, VMCB_CR);
 
@@ -3106,6 +3119,11 @@ static int (*const svm_exit_handlers[])(struct kvm_vcpu *vcpu) = {
 	[SVM_EXIT_VMGEXIT]			= sev_handle_vmgexit,
 };
 
+/*
+ * called by:
+ *   - arch/x86/kvm/svm/svm.c|3241| <<svm_handle_invalid_exit>> dump_vmcb(vcpu);
+ *   - arch/x86/kvm/svm/svm.c|3322| <<svm_handle_exit>> dump_vmcb(vcpu);
+ */
 static void dump_vmcb(struct kvm_vcpu *vcpu)
 {
 	struct vcpu_svm *svm = to_svm(vcpu);
@@ -3767,6 +3785,11 @@ static fastpath_t svm_exit_handlers_fastpath(struct kvm_vcpu *vcpu)
 static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu)
 {
 	struct vcpu_svm *svm = to_svm(vcpu);
+	/*
+	 * struct vcpu_svm *svm:
+	 * -> struct vmcb *vmcb;
+	 * -> struct kvm_vmcb_info *current_vmcb;
+	 */
 	unsigned long vmcb_pa = svm->current_vmcb->pa;
 
 	guest_state_enter_irqoff();
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index ab135f9ef52f..eff5cb076a1c 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -4533,6 +4533,25 @@ static void nested_vmx_restore_host_state(struct kvm_vcpu *vcpu)
  * and modify vmcs12 to make it see what it would expect to see there if
  * L2 was its real guest. Must only be called when in L2 (is_guest_mode())
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/vmx/nested.c|395| <<nested_ept_inject_page_fault>> nested_vmx_vmexit(vcpu, vm_exit_reason, 0, exit_qualification);
+ *   - arch/x86/kvm/vmx/nested.c|489| <<nested_vmx_handle_page_fault_workaround>> nested_vmx_vmexit(vcpu, EXIT_REASON_EXCEPTION_NMI,
+ *   - arch/x86/kvm/vmx/nested.c|3843| <<nested_vmx_inject_exception_vmexit>> nested_vmx_vmexit(vcpu, EXIT_REASON_EXCEPTION_NMI, intr_info, exit_qual);
+ *   - arch/x86/kvm/vmx/nested.c|3902| <<vmx_check_nested_events>> nested_vmx_vmexit(vcpu, EXIT_REASON_INIT_SIGNAL, 0, 0);
+ *   - arch/x86/kvm/vmx/nested.c|3913| <<vmx_check_nested_events>> nested_vmx_vmexit(vcpu, EXIT_REASON_SIPI_SIGNAL, 0,
+ *   - arch/x86/kvm/vmx/nested.c|3940| <<vmx_check_nested_events>> nested_vmx_vmexit(vcpu, EXIT_REASON_MONITOR_TRAP_FLAG, 0, 0);
+ *   - arch/x86/kvm/vmx/nested.c|3956| <<vmx_check_nested_events>> nested_vmx_vmexit(vcpu, EXIT_REASON_PREEMPTION_TIMER, 0, 0);
+ *   - arch/x86/kvm/vmx/nested.c|3972| <<vmx_check_nested_events>> nested_vmx_vmexit(vcpu, EXIT_REASON_EXCEPTION_NMI,
+ *   - arch/x86/kvm/vmx/nested.c|3989| <<vmx_check_nested_events>> nested_vmx_vmexit(vcpu, EXIT_REASON_EXTERNAL_INTERRUPT, 0, 0);
+ *   - arch/x86/kvm/vmx/nested.c|4698| <<nested_vmx_triple_fault>> nested_vmx_vmexit(vcpu, EXIT_REASON_TRIPLE_FAULT, 0, 0);
+ *   - arch/x86/kvm/vmx/nested.c|5693| <<handle_vmfunc>> nested_vmx_vmexit(vcpu, vmx->exit_reason.full,
+ *   - arch/x86/kvm/vmx/nested.c|6171| <<nested_vmx_reflect_vmexit>> nested_vmx_vmexit(vcpu, exit_reason.full, exit_intr_info, exit_qual);
+ *   - arch/x86/kvm/vmx/nested.c|6305| <<vmx_leave_nested>> nested_vmx_vmexit(vcpu, -1, 0, 0);
+ *   - arch/x86/kvm/vmx/nested.h|28| <<vmx_leave_nested>> void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason,
+ *   - arch/x86/kvm/vmx/vmx.c|6152| <<__vmx_handle_exit>> nested_vmx_vmexit(vcpu, EXIT_REASON_TRIPLE_FAULT, 0, 0);
+ *   - arch/x86/kvm/vmx/vmx.c|7734| <<vmx_enter_smm>> nested_vmx_vmexit(vcpu, -1, 0, 0);
+ */
 void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason,
 		       u32 exit_intr_info, unsigned long exit_qualification)
 {
diff --git a/arch/x86/kvm/vmx/pmu_intel.c b/arch/x86/kvm/vmx/pmu_intel.c
index 37e9eb32e3d9..b80059f18399 100644
--- a/arch/x86/kvm/vmx/pmu_intel.c
+++ b/arch/x86/kvm/vmx/pmu_intel.c
@@ -35,6 +35,10 @@ static struct kvm_event_hw_type_mapping intel_arch_events[] = {
 /* mapping between fixed pmc index and intel_arch_events array */
 static int fixed_pmc_events[] = {1, 0, 7};
 
+/*
+ * called by (MSR_CORE_PERF_FIXED_CTR_CTRL):
+ *   - arch/x86/kvm/vmx/pmu_intel.c|399| <<intel_pmu_set_msr(MSR_CORE_PERF_FIXED_CTR_CTRL)>> reprogram_fixed_counters(pmu, data);
+ */
 static void reprogram_fixed_counters(struct kvm_pmu *pmu, u64 data)
 {
 	int i;
diff --git a/arch/x86/kvm/vmx/vmcs12.h b/arch/x86/kvm/vmx/vmcs12.h
index 746129ddd5ae..e8dd3f54def5 100644
--- a/arch/x86/kvm/vmx/vmcs12.h
+++ b/arch/x86/kvm/vmx/vmcs12.h
@@ -43,6 +43,15 @@ struct __packed vmcs12 {
 	u64 tsc_offset;
 	u64 virtual_apic_page_addr;
 	u64 apic_access_addr;
+	/*
+	 * 在以下使用vmcs12->posted_intr_desc_addr:
+	 *   - arch/x86/kvm/vmx/nested.c|787| <<nested_vmx_check_apicv_controls>> CC(!kvm_vcpu_is_legal_aligned_gpa(vcpu, vmcs12->posted_intr_desc_addr, 64))))
+	 *   - arch/x86/kvm/vmx/nested.c|3232| <<nested_get_vmcs12_pages>> if (!kvm_vcpu_map(vcpu, gpa_to_gfn(vmcs12->posted_intr_desc_addr), map)) {
+	 *   - arch/x86/kvm/vmx/nested.c|3235| <<nested_get_vmcs12_pages>> offset_in_page(vmcs12->posted_intr_desc_addr));
+	 *   - arch/x86/kvm/vmx/nested.c|3237| <<nested_get_vmcs12_pages>> pfn_to_hpa(map->pfn) + offset_in_page(vmcs12->posted_intr_desc_addr));
+	 *   - arch/x86/kvm/vmx/nested.c|3775| <<nested_mark_vmcs12_pages_dirty>> gfn = vmcs12->posted_intr_desc_addr >> PAGE_SHIFT;
+	 *   - arch/x86/kvm/vmx/vmcs12.h|229| <<vmx_check_vmcs12_offsets>> CHECK_OFFSET(posted_intr_desc_addr, 112);
+	 */
 	u64 posted_intr_desc_addr;
 	u64 ept_pointer;
 	u64 eoi_exit_bitmap0;
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index be7c19374fdd..4f4a91c650ab 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -399,6 +399,11 @@ static __always_inline void vmx_enable_fb_clear(struct vcpu_vmx *vmx)
 	native_wrmsrl(MSR_IA32_MCU_OPT_CTRL, vmx->msr_ia32_mcu_opt_ctrl);
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/vmx/vmx.c|2332| <<vmx_set_msr>> vmx_update_fb_clear_dis(vcpu, vmx);
+ *   - arch/x86/kvm/vmx/vmx.c|4636| <<vmx_vcpu_reset>> vmx_update_fb_clear_dis(vcpu, vmx);
+ */
 static void vmx_update_fb_clear_dis(struct kvm_vcpu *vcpu, struct vcpu_vmx *vmx)
 {
 	vmx->disable_fb_clear = vmx_fb_clear_ctrl_available;
@@ -4680,6 +4685,14 @@ static void vmx_inject_irq(struct kvm_vcpu *vcpu)
 	vmx_clear_hlt(vcpu);
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|9475| <<inject_pending_event>> static_call(kvm_x86_inject_nmi)(vcpu);
+ *   - arch/x86/kvm/x86.c|9558| <<inject_pending_event>> static_call(kvm_x86_inject_nmi)(vcpu);
+ *
+ * 在以下使用vmx_inject_nmi:
+ *   - struct kvm_x86_ops vmx_x86_ops.inject_nmi = vmx_inject_nmi()
+ */
 static void vmx_inject_nmi(struct kvm_vcpu *vcpu)
 {
 	struct vcpu_vmx *vmx = to_vmx(vcpu);
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index e5fa335a4ea7..21f10f37f480 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -797,6 +797,11 @@ bool kvm_inject_emulated_page_fault(struct kvm_vcpu *vcpu,
 }
 EXPORT_SYMBOL_GPL(kvm_inject_emulated_page_fault);
 
+/*
+ * called by:
+ *   - arch/x86/kvm/lapic.c|1159| <<__apic_accept_irq>> kvm_inject_nmi(vcpu);
+ *   - arch/x86/kvm/x86.c|4795| <<kvm_vcpu_ioctl_nmi>> kvm_inject_nmi(vcpu);
+ */
 void kvm_inject_nmi(struct kvm_vcpu *vcpu)
 {
 	atomic_inc(&vcpu->arch.nmi_queued);
@@ -1564,6 +1569,11 @@ static const u32 msr_based_features_all[] = {
 static u32 msr_based_features[ARRAY_SIZE(msr_based_features_all)];
 static unsigned int num_msr_based_features;
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|1630| <<kvm_get_msr_feature>> msr->data = kvm_get_arch_capabilities();
+ *   - arch/x86/kvm/x86.c|11370| <<kvm_arch_vcpu_create>> vcpu->arch.arch_capabilities = kvm_get_arch_capabilities();
+ */
 static u64 kvm_get_arch_capabilities(void)
 {
 	u64 data = 0;
@@ -3349,6 +3359,9 @@ static void kvm_vcpu_flush_tlb_guest(struct kvm_vcpu *vcpu)
 		kvm_mmu_sync_prev_roots(vcpu);
 	}
 
+	/*
+	 * vmx_flush_tlb_guest()
+	 */
 	static_call(kvm_x86_flush_tlb_guest)(vcpu);
 }
 
@@ -3365,6 +3378,13 @@ static inline void kvm_vcpu_flush_tlb_current(struct kvm_vcpu *vcpu)
  * TLB flushes that are targeted at an MMU context also need to be serviced
  * prior before nested VM-Enter/VM-Exit.
  */
+/*
+ * called by:
+ *   - arch/x86/kvm/vmx/nested.c|3369| <<nested_vmx_enter_non_root_mode>> kvm_service_local_tlb_flush_requests(vcpu);
+ *   - arch/x86/kvm/vmx/nested.c|4575| <<nested_vmx_vmexit>> kvm_service_local_tlb_flush_requests(vcpu);
+ *   - 处理if (kvm_request_pending(vcpu))
+ *     arch/x86/kvm/x86.c|10086| <<vcpu_enter_guest>> kvm_service_local_tlb_flush_requests(vcpu);
+ */
 void kvm_service_local_tlb_flush_requests(struct kvm_vcpu *vcpu)
 {
 	if (kvm_check_request(KVM_REQ_TLB_FLUSH_CURRENT, vcpu))
@@ -4623,6 +4643,10 @@ void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
 	kvm_make_request(KVM_REQ_STEAL_UPDATE, vcpu);
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|4692| <<kvm_arch_vcpu_put>> kvm_steal_time_set_preempted(vcpu);
+ */
 static void kvm_steal_time_set_preempted(struct kvm_vcpu *vcpu)
 {
 	struct gfn_to_hva_cache *ghc = &vcpu->arch.st.cache;
@@ -7184,6 +7208,11 @@ static const struct read_write_emulator_ops write_emultor = {
 	.write = true,
 };
 
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|7278| <<emulator_read_write>> rc = emulator_read_write_onepage(addr, val, now, exception,
+ *   - arch/x86/kvm/x86.c|7290| <<emulator_read_write>> rc = emulator_read_write_onepage(addr, val, bytes, exception,
+ */
 static int emulator_read_write_onepage(unsigned long addr, void *val,
 				       unsigned int bytes,
 				       struct x86_exception *exception,
@@ -10387,6 +10416,10 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
 }
 
 /* Called within kvm->srcu read side.  */
+/*
+ * called by:
+ *   - arch/x86/kvm/x86.c|10496| <<vcpu_run>> r = vcpu_block(vcpu);
+ */
 static inline int vcpu_block(struct kvm_vcpu *vcpu)
 {
 	bool hv_timer;
@@ -11783,6 +11816,10 @@ bool kvm_vcpu_is_bsp(struct kvm_vcpu *vcpu)
 __read_mostly DEFINE_STATIC_KEY_FALSE(kvm_has_noapic_vcpu);
 EXPORT_SYMBOL_GPL(kvm_has_noapic_vcpu);
 
+/*
+ * called by:
+ *   - virt/kvm/kvm_main.c|5613| <<kvm_sched_in>> kvm_arch_sched_in(vcpu, cpu);
+ */
 void kvm_arch_sched_in(struct kvm_vcpu *vcpu, int cpu)
 {
 	struct kvm_pmu *pmu = vcpu_to_pmu(vcpu);
diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c
index 3c6d4ef87be0..caac8a3eb543 100644
--- a/drivers/acpi/cppc_acpi.c
+++ b/drivers/acpi/cppc_acpi.c
@@ -198,6 +198,12 @@ static struct kobj_type cppc_ktype = {
 	.default_groups = cppc_groups,
 };
 
+/*
+ * called by:
+ *   - drivers/acpi/cppc_acpi.c|257| <<send_pcc_cmd>> ret = check_pcc_chan(pcc_ss_id, false);
+ *   - drivers/acpi/cppc_acpi.c|319| <<send_pcc_cmd>> ret = check_pcc_chan(pcc_ss_id, true);
+ *   - drivers/acpi/cppc_acpi.c|1411| <<cppc_set_perf>> ret = check_pcc_chan(pcc_ss_id, false);
+ */
 static int check_pcc_chan(int pcc_ss_id, bool chk_err_bit)
 {
 	int ret, status;
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index ec8e1b3108c3..1c3a6ee39aa8 100644
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -1309,6 +1309,10 @@ static int add_recvbuf_small(struct virtnet_info *vi, struct receive_queue *rq,
 	return err;
 }
 
+/*
+ * called by:
+ *   - drivers/net/virtio_net.c|1438| <<try_fill_recv>> err = add_recvbuf_big(vi, rq, gfp);
+ */
 static int add_recvbuf_big(struct virtnet_info *vi, struct receive_queue *rq,
 			   gfp_t gfp)
 {
diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
index 643ca779fcc6..4b9b839101cd 100644
--- a/drivers/virtio/virtio_ring.c
+++ b/drivers/virtio/virtio_ring.c
@@ -16,6 +16,13 @@
 
 #ifdef DEBUG
 /* For development, we want to crash whenever the ring is screwed. */
+/*
+ * called by:
+ *   - drivers/virtio/virtio_ring.c|772| <<virtqueue_get_buf_ctx_split>> BAD_RING(vq, "id %u out of range\n", i);
+ *   - drivers/virtio/virtio_ring.c|776| <<virtqueue_get_buf_ctx_split>> BAD_RING(vq, "id %u is not a head!\n", i);
+ *   - drivers/virtio/virtio_ring.c|1462| <<virtqueue_get_buf_ctx_packed>> BAD_RING(vq, "id %u out of range\n", id);
+ *   - drivers/virtio/virtio_ring.c|1466| <<virtqueue_get_buf_ctx_packed>> BAD_RING(vq, "id %u is not a head!\n", id);
+ */
 #define BAD_RING(_vq, fmt, args...)				\
 	do {							\
 		dev_err(&(_vq)->vq.vdev->dev,			\
@@ -32,6 +39,11 @@
 	} while (0)
 #define END_USE(_vq) \
 	do { BUG_ON(!(_vq)->in_use); (_vq)->in_use = 0; } while(0)
+/*
+ * called by:
+ *   - drivers/virtio/virtio_ring.c|496| <<virtqueue_add_split>> LAST_ADD_TIME_UPDATE(vq);
+ *   - drivers/virtio/virtio_ring.c|1186| <<virtqueue_add_packed>> LAST_ADD_TIME_UPDATE(vq);
+ */
 #define LAST_ADD_TIME_UPDATE(_vq)				\
 	do {							\
 		ktime_t now = ktime_get();			\
@@ -43,6 +55,11 @@
 		(_vq)->last_add_time = now;			\
 		(_vq)->last_add_time_valid = true;		\
 	} while (0)
+/*
+ * called by:
+ *   - drivers/virtio/virtio_ring.c|668| <<virtqueue_kick_prepare_split>> LAST_ADD_TIME_CHECK(vq);
+ *   - drivers/virtio/virtio_ring.c|1338| <<virtqueue_kick_prepare_packed>> LAST_ADD_TIME_CHECK(vq);
+ */
 #define LAST_ADD_TIME_CHECK(_vq)				\
 	do {							\
 		if ((_vq)->last_add_time_valid) {		\
@@ -50,6 +67,15 @@
 				      (_vq)->last_add_time)) > 100); \
 		}						\
 	} while (0)
+/*
+ * called by:
+ *   - drivers/virtio/virtio_ring.c|669| <<virtqueue_kick_prepare_split>> LAST_ADD_TIME_INVALID(vq);
+ *   - drivers/virtio/virtio_ring.c|792| <<virtqueue_get_buf_ctx_split>> LAST_ADD_TIME_INVALID(vq);
+ *   - drivers/virtio/virtio_ring.c|1339| <<virtqueue_kick_prepare_packed>> LAST_ADD_TIME_INVALID(vq);
+ *   - drivers/virtio/virtio_ring.c|1493| <<virtqueue_get_buf_ctx_packed>> LAST_ADD_TIME_INVALID(vq);
+ *
+ * 把(_vq)->last_add_time_valid设置为false
+ */
 #define LAST_ADD_TIME_INVALID(_vq)				\
 	((_vq)->last_add_time_valid = false)
 #else
@@ -126,6 +152,14 @@ struct vring_virtqueue {
 		/* Available for split ring */
 		struct {
 			/* Actual memory layout for this queue. */
+			/*
+			 * struct vring {
+			 *     unsigned int num;
+			 *     vring_desc_t *desc;
+			 *     vring_avail_t *avail;
+			 *     vring_used_t *used;
+			 * };
+			 */
 			struct vring vring;
 
 			/* Last written value to avail->flags */
@@ -188,6 +222,16 @@ struct vring_virtqueue {
 	bool (*notify)(struct virtqueue *vq);
 
 	/* DMA, allocation, and size information */
+	/*
+	 * 在以下使用vring_virtqueue->we_own_ring:
+	 *   - drivers/virtio/virtio_ring.c|1012| <<vring_create_virtqueue_split>> to_vvq(vq)->we_own_ring = true;
+	 *   - drivers/virtio/virtio_ring.c|1751| <<vring_create_virtqueue_packed>> vq->we_own_ring = true;
+	 *   - drivers/virtio/virtio_ring.c|2250| <<__vring_new_virtqueue>> vq->we_own_ring = false;
+	 *   - drivers/virtio/virtio_ring.c|2371| <<vring_del_virtqueue>> if (vq->we_own_ring) {
+	 *   - drivers/virtio/virtio_ring.c|2501| <<virtqueue_get_desc_addr>> BUG_ON(!vq->we_own_ring);
+	 *   - drivers/virtio/virtio_ring.c|2514| <<virtqueue_get_avail_addr>> BUG_ON(!vq->we_own_ring);
+	 *   - drivers/virtio/virtio_ring.c|2528| <<virtqueue_get_used_addr>> BUG_ON(!vq->we_own_ring);
+	 */
 	bool we_own_ring;
 
 #ifdef DEBUG
@@ -195,6 +239,15 @@ struct vring_virtqueue {
 	unsigned int in_use;
 
 	/* Figure out if their kicks are too delayed. */
+	/*
+	 * 在以下使用vring_virtqueue->last_add_time_valid:
+	 *   - drivers/virtio/virtio_ring.c|40| <<LAST_ADD_TIME_UPDATE>> if ((_vq)->last_add_time_valid) \
+	 *   - drivers/virtio/virtio_ring.c|44| <<LAST_ADD_TIME_UPDATE>> (_vq)->last_add_time_valid = true; \
+	 *   - drivers/virtio/virtio_ring.c|48| <<LAST_ADD_TIME_CHECK>> if ((_vq)->last_add_time_valid) { \
+	 *   - drivers/virtio/virtio_ring.c|54| <<LAST_ADD_TIME_INVALID>> ((_vq)->last_add_time_valid = false)
+	 *   - drivers/virtio/virtio_ring.c|1723| <<bool>> vq->last_add_time_valid = false;
+	 *   - drivers/virtio/virtio_ring.c|2221| <<bool>> vq->last_add_time_valid = false;
+	 */
 	bool last_add_time_valid;
 	ktime_t last_add_time;
 #endif
@@ -263,6 +316,10 @@ static bool vring_use_dma_api(struct virtio_device *vdev)
 	return false;
 }
 
+/*
+ * called by:
+ *   - drivers/block/virtio_blk.c|997| <<virtblk_probe>> max_size = virtio_max_dma_size(vdev);
+ */
 size_t virtio_max_dma_size(struct virtio_device *vdev)
 {
 	size_t max_segment_size = SIZE_MAX;
@@ -274,6 +331,14 @@ size_t virtio_max_dma_size(struct virtio_device *vdev)
 }
 EXPORT_SYMBOL_GPL(virtio_max_dma_size);
 
+/*
+ * called by:
+ *   - drivers/virtio/virtio_ring.c|993| <<vring_create_virtqueue_split>> queue = vring_alloc_queue(vdev, vring_size(num, vring_align),
+ *   - drivers/virtio/virtio_ring.c|1007| <<vring_create_virtqueue_split>> queue = vring_alloc_queue(vdev, vring_size(num, vring_align),
+ *   - drivers/virtio/virtio_ring.c|1736| <<vring_create_virtqueue_packed>> ring = vring_alloc_queue(vdev, ring_size_in_bytes,
+ *   - drivers/virtio/virtio_ring.c|1744| <<vring_create_virtqueue_packed>> driver = vring_alloc_queue(vdev, event_size_in_bytes,
+ *   - drivers/virtio/virtio_ring.c|1750| <<vring_create_virtqueue_packed>> device = vring_alloc_queue(vdev, event_size_in_bytes,
+ */
 static void *vring_alloc_queue(struct virtio_device *vdev, size_t size,
 			      dma_addr_t *dma_handle, gfp_t flag)
 {
@@ -321,6 +386,18 @@ static void vring_free_queue(struct virtio_device *vdev, size_t size,
  * making all of the arch DMA ops work on the vring device itself
  * is a mess.  For now, we use the parent device for DMA ops.
  */
+/*
+ * called by:
+ *   - drivers/virtio/virtio_ring.c|399| <<vring_map_one_sg>> return dma_map_page(vring_dma_dev(vq),
+ *   - drivers/virtio/virtio_ring.c|411| <<vring_map_single>> return dma_map_single(vring_dma_dev(vq),
+ *   - drivers/virtio/virtio_ring.c|421| <<vring_mapping_error>> return dma_mapping_error(vring_dma_dev(vq), addr);
+ *   - drivers/virtio/virtio_ring.c|439| <<vring_unmap_one_split_indirect>> dma_unmap_page(vring_dma_dev(vq),
+ *   - drivers/virtio/virtio_ring.c|458| <<vring_unmap_one_split>> dma_unmap_single(vring_dma_dev(vq),
+ *   - drivers/virtio/virtio_ring.c|464| <<vring_unmap_one_split>> dma_unmap_page(vring_dma_dev(vq),
+ *   - drivers/virtio/virtio_ring.c|1056| <<vring_unmap_extra_packed>> dma_unmap_single(vring_dma_dev(vq),
+ *   - drivers/virtio/virtio_ring.c|1061| <<vring_unmap_extra_packed>> dma_unmap_page(vring_dma_dev(vq),
+ *   - drivers/virtio/virtio_ring.c|1078| <<vring_unmap_desc_packed>> dma_unmap_page(vring_dma_dev(vq),
+ */
 static inline struct device *vring_dma_dev(const struct vring_virtqueue *vq)
 {
 	return vq->vq.vdev->dev.parent;
@@ -467,6 +544,10 @@ static inline unsigned int virtqueue_add_desc_split(struct virtqueue *vq,
 	return next;
 }
 
+/*
+ * called by:
+ *   - drivers/virtio/virtio_ring.c|1867| <<virtqueue_add>> virtqueue_add_split(_vq, sgs, total_sg, out_sgs, in_sgs, data, ctx, gfp);
+ */
 static inline int virtqueue_add_split(struct virtqueue *_vq,
 				      struct scatterlist *sgs[],
 				      unsigned int total_sg,
@@ -650,6 +731,10 @@ static inline int virtqueue_add_split(struct virtqueue *_vq,
 	return -ENOMEM;
 }
 
+/*
+ * called by:
+ *   - drivers/virtio/virtio_ring.c|1990| <<virtqueue_kick_prepare>> virtqueue_kick_prepare_split(_vq);
+ */
 static bool virtqueue_kick_prepare_split(struct virtqueue *_vq)
 {
 	struct vring_virtqueue *vq = to_vvq(_vq);
@@ -907,6 +992,10 @@ static void *virtqueue_detach_unused_buf_split(struct virtqueue *_vq)
 	return NULL;
 }
 
+/*
+ * called by:
+ *   - drivers/virtio/virtio_ring.c|2348| <<vring_create_virtqueue>> return vring_create_virtqueue_split(index, num, vring_align,
+ */
 static struct virtqueue *vring_create_virtqueue_split(
 	unsigned int index,
 	unsigned int num,
@@ -1156,6 +1245,10 @@ static int virtqueue_add_indirect_packed(struct vring_virtqueue *vq,
 	return -ENOMEM;
 }
 
+/*
+ * called by:
+ *   - drivers/virtio/virtio_ring.c|1906| <<virtqueue_add>> return vq->packed_ring ? virtqueue_add_packed(_vq, sgs, total_sg,
+ */
 static inline int virtqueue_add_packed(struct virtqueue *_vq,
 				       struct scatterlist *sgs[],
 				       unsigned int total_sg,
@@ -1203,6 +1296,9 @@ static inline int virtqueue_add_packed(struct virtqueue *_vq,
 
 	WARN_ON_ONCE(total_sg > vq->packed.vring.num && !vq->indirect);
 
+	/*
+	 * struct vring_packed_desc *desc;
+	 */
 	desc = vq->packed.vring.desc;
 	i = head;
 	descs_used = total_sg;
@@ -1402,6 +1498,12 @@ static void detach_buf_packed(struct vring_virtqueue *vq,
 	}
 }
 
+/*
+ * called by:
+ *   - drivers/virtio/virtio_ring.c|1516| <<more_used_packed>> return is_used_desc_packed(vq, last_used, used_wrap_counter);
+ *   - drivers/virtio/virtio_ring.c|1641| <<virtqueue_poll_packed>> return is_used_desc_packed(vq, used_idx, wrap_counter);
+ *   - drivers/virtio/virtio_ring.c|1696| <<virtqueue_enable_cb_delayed_packed>> if (is_used_desc_packed(vq, used_idx, wrap_counter)) {
+ */
 static inline bool is_used_desc_packed(const struct vring_virtqueue *vq,
 				       u16 idx, bool used_wrap_counter)
 {
@@ -1540,6 +1642,9 @@ static unsigned int virtqueue_enable_cb_prepare_packed(struct virtqueue *_vq)
 	return vq->last_used_idx;
 }
 
+/*
+ * Returns "true" if there are pending used buffers in the queue.
+ */
 static bool virtqueue_poll_packed(struct virtqueue *_vq, u16 off_wrap)
 {
 	struct vring_virtqueue *vq = to_vvq(_vq);
@@ -1676,6 +1781,9 @@ static struct virtqueue *vring_create_virtqueue_packed(
 
 	ring_size_in_bytes = num * sizeof(struct vring_packed_desc);
 
+	/*
+	 * 分配的是&ring_dma_addr
+	 */
 	ring = vring_alloc_queue(vdev, ring_size_in_bytes,
 				 &ring_dma_addr,
 				 GFP_KERNEL|__GFP_NOWARN|__GFP_ZERO);
@@ -1684,12 +1792,18 @@ static struct virtqueue *vring_create_virtqueue_packed(
 
 	event_size_in_bytes = sizeof(struct vring_packed_desc_event);
 
+	/*
+	 * 分配的是&driver_event_dma_addr
+	 */
 	driver = vring_alloc_queue(vdev, event_size_in_bytes,
 				   &driver_event_dma_addr,
 				   GFP_KERNEL|__GFP_NOWARN|__GFP_ZERO);
 	if (!driver)
 		goto err_driver;
 
+	/*
+	 * 分配的是&device_event_dma_addr
+	 */
 	device = vring_alloc_queue(vdev, event_size_in_bytes,
 				   &device_event_dma_addr,
 				   GFP_KERNEL|__GFP_NOWARN|__GFP_ZERO);
diff --git a/include/linux/kvm_para.h b/include/linux/kvm_para.h
index f23b90b02898..896e287671b4 100644
--- a/include/linux/kvm_para.h
+++ b/include/linux/kvm_para.h
@@ -4,12 +4,60 @@
 
 #include <uapi/linux/kvm_para.h>
 
+/*
+ * 907 unsigned int kvm_arch_para_features(void)
+ * 908 {
+ * 909         return cpuid_eax(kvm_cpuid_base() | KVM_CPUID_FEATURES);
+ * 910 }
+ * 911
+ * 912 unsigned int kvm_arch_para_hints(void)
+ * 913 {
+ * 914         return cpuid_edx(kvm_cpuid_base() | KVM_CPUID_FEATURES);
+ * 915 }
+ * 916 EXPORT_SYMBOL_GPL(kvm_arch_para_hints);
+ */
 
+/*
+ * called by:
+ *   - arch/powerpc/kernel/kvm.c|712| <<kvm_guest_init>> if (kvm_para_has_feature(KVM_FEATURE_MAGIC_PAGE))
+ *   - arch/x86/kernel/kvm.c|313| <<paravirt_ops_setup>> if (kvm_para_has_feature(KVM_FEATURE_NOP_IO_DELAY))
+ *   - arch/x86/kernel/kvm.c|352| <<kvm_guest_cpu_init>> if (kvm_para_has_feature(KVM_FEATURE_ASYNC_PF_INT) && kvmapf) {
+ *   - arch/x86/kernel/kvm.c|360| <<kvm_guest_cpu_init>> if (kvm_para_has_feature(KVM_FEATURE_ASYNC_PF_VMEXIT))
+ *   - arch/x86/kernel/kvm.c|370| <<kvm_guest_cpu_init>> if (kvm_para_has_feature(KVM_FEATURE_PV_EOI)) {
+ *   - arch/x86/kernel/kvm.c|451| <<kvm_guest_cpu_offline>> if (kvm_para_has_feature(KVM_FEATURE_PV_EOI))
+ *   - arch/x86/kernel/kvm.c|453| <<kvm_guest_cpu_offline>> if (kvm_para_has_feature(KVM_FEATURE_MIGRATION_CONTROL))
+ *   - arch/x86/kernel/kvm.c|477| <<pv_tlb_flush_supported>> return (kvm_para_has_feature(KVM_FEATURE_PV_TLB_FLUSH) &&
+ *   - arch/x86/kernel/kvm.c|479| <<pv_tlb_flush_supported>> kvm_para_has_feature(KVM_FEATURE_STEAL_TIME) &&
+ *   - arch/x86/kernel/kvm.c|486| <<pv_ipi_supported>> return (kvm_para_has_feature(KVM_FEATURE_PV_SEND_IPI) &&
+ *   - arch/x86/kernel/kvm.c|492| <<pv_sched_yield_supported>> return (kvm_para_has_feature(KVM_FEATURE_PV_SCHED_YIELD) &&
+ *   - arch/x86/kernel/kvm.c|494| <<pv_sched_yield_supported>> kvm_para_has_feature(KVM_FEATURE_STEAL_TIME) &&
+ *   - arch/x86/kernel/kvm.c|583| <<setup_efi_kvm_sev_migration>> !kvm_para_has_feature(KVM_FEATURE_MIGRATION_CONTROL))
+ *   - arch/x86/kernel/kvm.c|732| <<kvm_suspend>> if (kvm_para_has_feature(KVM_FEATURE_POLL_CONTROL))
+ *   - arch/x86/kernel/kvm.c|744| <<kvm_resume>> if (kvm_para_has_feature(KVM_FEATURE_POLL_CONTROL) && has_guest_poll)
+ *   - arch/x86/kernel/kvm.c|830| <<kvm_guest_init>> if (kvm_para_has_feature(KVM_FEATURE_STEAL_TIME)) {
+ *   - arch/x86/kernel/kvm.c|838| <<kvm_guest_init>> if (kvm_para_has_feature(KVM_FEATURE_PV_EOI))
+ *   - arch/x86/kernel/kvm.c|841| <<kvm_guest_init>> if (kvm_para_has_feature(KVM_FEATURE_ASYNC_PF_INT) && kvmapf) {
+ *   - arch/x86/kernel/kvm.c|933| <<kvm_msi_ext_dest_id>> return kvm_para_has_feature(KVM_FEATURE_MSI_EXT_DEST_ID);
+ *   - arch/x86/kernel/kvm.c|945| <<kvm_init_platform>> kvm_para_has_feature(KVM_FEATURE_MIGRATION_CONTROL)) {
+ *   - arch/x86/kernel/kvm.c|1087| <<kvm_spinlock_init>> if (!kvm_para_has_feature(KVM_FEATURE_PV_UNHALT)) {
+ *   - arch/x86/kernel/kvm.c|1145| <<arch_haltpoll_enable>> if (!kvm_para_has_feature(KVM_FEATURE_POLL_CONTROL)) {
+ *   - arch/x86/kernel/kvm.c|1158| <<arch_haltpoll_disable>> if (!kvm_para_has_feature(KVM_FEATURE_POLL_CONTROL))
+ *   - arch/x86/kernel/kvmclock.c|294| <<kvmclock_init>> if (kvm_para_has_feature(KVM_FEATURE_CLOCKSOURCE2)) {
+ *   - arch/x86/kernel/kvmclock.c|297| <<kvmclock_init>> } else if (!kvm_para_has_feature(KVM_FEATURE_CLOCKSOURCE)) {
+ *   - arch/x86/kernel/kvmclock.c|313| <<kvmclock_init>> if (kvm_para_has_feature(KVM_FEATURE_CLOCKSOURCE_STABLE_BIT))
+ */
 static inline bool kvm_para_has_feature(unsigned int feature)
 {
 	return !!(kvm_arch_para_features() & (1UL << feature));
 }
 
+/*
+ * called by:
+ *   - arch/x86/kernel/kvm.c|478| <<pv_tlb_flush_supported>> !kvm_para_has_hint(KVM_HINTS_REALTIME) &&
+ *   - arch/x86/kernel/kvm.c|493| <<pv_sched_yield_supported>> !kvm_para_has_hint(KVM_HINTS_REALTIME) &&
+ *   - arch/x86/kernel/kvm.c|1096| <<kvm_spinlock_init>> if (kvm_para_has_hint(KVM_HINTS_REALTIME)) {
+ *   - drivers/cpuidle/cpuidle-haltpoll.c|99| <<haltpoll_want>> return kvm_para_has_hint(KVM_HINTS_REALTIME) || force;
+ */
 static inline bool kvm_para_has_hint(unsigned int feature)
 {
 	return !!(kvm_arch_para_hints() & (1UL << feature));
diff --git a/kernel/events/core.c b/kernel/events/core.c
index d2b354991bf5..38c2b1b902ae 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -402,6 +402,17 @@ static atomic_t nr_cgroup_events __read_mostly;
 static atomic_t nr_text_poke_events __read_mostly;
 static atomic_t nr_build_id_events __read_mostly;
 
+/*
+ * 在以下使用LIST_HEAD(pmus):
+ *   - drivers/perf/xgene_pmu.c|1948| <<xgene_pmu_dev_cleanup>> list_for_each_entry(ctx, pmus, next) {
+ *   - kernel/events/core.c|10912| <<find_pmu_context>> list_for_each_entry(pmu, &pmus, entry) {
+ *   - kernel/events/core.c|11185| <<perf_pmu_register>> list_add_rcu(&pmu->entry, &pmus);
+ *   - kernel/events/core.c|11187| <<perf_pmu_register>> list_add_tail_rcu(&pmu->entry, &pmus);
+ *   - kernel/events/core.c|11353| <<perf_init_event>> list_for_each_entry_rcu(pmu, &pmus, entry, lockdep_is_held(&pmus_srcu)) {
+ *   - kernel/events/core.c|13368| <<perf_event_exit_cpu_context>> list_for_each_entry(pmu, &pmus, entry) {
+ *   - kernel/events/core.c|13396| <<perf_event_init_cpu>> list_for_each_entry(pmu, &pmus, entry) {
+ *   - kernel/events/core.c|13487| <<perf_event_sysfs_init>> list_for_each_entry(pmu, &pmus, entry) {
+ */
 static LIST_HEAD(pmus);
 static DEFINE_MUTEX(pmus_lock);
 static struct srcu_struct pmus_srcu;
@@ -2425,6 +2436,14 @@ static void __perf_event_disable(struct perf_event *event,
  * is the current context on this CPU and preemption is disabled,
  * hence we can't get into perf_event_task_sched_out for this context.
  */
+/*
+ * called by:
+ *   - kernel/events/core.c|2456| <<perf_event_disable>> _perf_event_disable(event);
+ *   - kernel/events/core.c|3138| <<perf_event_modify_breakpoint>> _perf_event_disable(bp);
+ *   - kernel/events/core.c|5439| <<perf_event_pause>> _perf_event_disable(event);
+ *   - kernel/events/core.c|5598| <<_perf_ioctl>> func = _perf_event_disable;
+ *   - kernel/events/core.c|5767| <<perf_event_task_disable>> perf_event_for_each_child(event, _perf_event_disable);
+ */
 static void _perf_event_disable(struct perf_event *event)
 {
 	struct perf_event_context *ctx = event->ctx;
@@ -2984,6 +3003,14 @@ static void _perf_event_enable(struct perf_event *event)
 /*
  * See perf_event_disable();
  */
+/*
+ * called by:
+ *   - arch/arm64/kvm/pmu-emul.c|349| <<kvm_pmu_enable_counter_mask>> perf_event_enable(pmc->perf_event);
+ *   - arch/x86/kvm/pmu.c|202| <<pmc_resume_counter>> perf_event_enable(pmc->perf_event);
+ *   - kernel/events/hw_breakpoint.c|532| <<modify_user_hw_breakpoint>> perf_event_enable(bp);
+ *   - kernel/watchdog_hld.c|199| <<hardlockup_detector_perf_enable>> perf_event_enable(this_cpu_read(watchdog_ev));
+ *   - kernel/watchdog_hld.c|278| <<hardlockup_detector_perf_restart>> perf_event_enable(event);
+ */
 void perf_event_enable(struct perf_event *event)
 {
 	struct perf_event_context *ctx;
@@ -5429,6 +5456,10 @@ static void _perf_event_reset(struct perf_event *event)
 }
 
 /* Assume it's not an event with inherit set. */
+/*
+ * called by:
+ *   - arch/x86/kvm/pmu.c|181| <<pmc_pause_counter>> counter += perf_event_pause(pmc->perf_event, true);
+ */
 u64 perf_event_pause(struct perf_event *event, bool reset)
 {
 	struct perf_event_context *ctx;
@@ -5545,6 +5576,11 @@ static int _perf_event_period(struct perf_event *event, u64 value)
 	return 0;
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/pmu.c|188| <<pmc_resume_counter>> if (perf_event_period(pmc->perf_event,
+ *   - arch/x86/kvm/pmu.h|143| <<pmc_update_sample_period>> perf_event_period(pmc->perf_event,
+ */
 int perf_event_period(struct perf_event *event, u64 value)
 {
 	struct perf_event_context *ctx;
@@ -11156,6 +11192,17 @@ int perf_pmu_register(struct pmu *pmu, const char *name, int type)
 	 * since these cannot be in the IDR. This way the linear search
 	 * is fast, provided a valid software event is provided.
 	 */
+	/*
+	 * 在以下使用LIST_HEAD(pmus):
+	 *   - drivers/perf/xgene_pmu.c|1948| <<xgene_pmu_dev_cleanup>> list_for_each_entry(ctx, pmus, next) {
+	 *   - kernel/events/core.c|10912| <<find_pmu_context>> list_for_each_entry(pmu, &pmus, entry) {
+	 *   - kernel/events/core.c|11185| <<perf_pmu_register>> list_add_rcu(&pmu->entry, &pmus);
+	 *   - kernel/events/core.c|11187| <<perf_pmu_register>> list_add_tail_rcu(&pmu->entry, &pmus);
+	 *   - kernel/events/core.c|11353| <<perf_init_event>> list_for_each_entry_rcu(pmu, &pmus, entry, lockdep_is_held(&pmus_srcu)) {
+	 *   - kernel/events/core.c|13368| <<perf_event_exit_cpu_context>> list_for_each_entry(pmu, &pmus, entry) {
+	 *   - kernel/events/core.c|13396| <<perf_event_init_cpu>> list_for_each_entry(pmu, &pmus, entry) {
+	 *   - kernel/events/core.c|13487| <<perf_event_sysfs_init>> list_for_each_entry(pmu, &pmus, entry) {
+	 */
 	if (type == PERF_TYPE_SOFTWARE || !name)
 		list_add_rcu(&pmu->entry, &pmus);
 	else
@@ -11214,6 +11261,12 @@ static inline bool has_extended_regs(struct perf_event *event)
 	       (event->attr.sample_regs_intr & PERF_REG_EXTENDED_MASK);
 }
 
+/*
+ * called by:
+ *   - kernel/events/core.c|11294| <<perf_init_event>> ret = perf_try_init_event(pmu, event);
+ *   - kernel/events/core.c|11323| <<perf_init_event>> ret = perf_try_init_event(pmu, event);
+ *   - kernel/events/core.c|11336| <<perf_init_event>> ret = perf_try_init_event(pmu, event);
+ */
 static int perf_try_init_event(struct pmu *pmu, struct perf_event *event)
 {
 	struct perf_event_context *ctx = NULL;
@@ -11239,6 +11292,9 @@ static int perf_try_init_event(struct pmu *pmu, struct perf_event *event)
 	}
 
 	event->pmu = pmu;
+	/*
+	 * x86_pmu_event_init()
+	 */
 	ret = pmu->event_init(event);
 
 	if (ctx)
@@ -11263,6 +11319,10 @@ static int perf_try_init_event(struct pmu *pmu, struct perf_event *event)
 	return ret;
 }
 
+/*
+ * called by:
+ *   - kernel/events/core.c|11617| <<perf_event_alloc>> pmu = perf_init_event(event);
+ */
 static struct pmu *perf_init_event(struct perf_event *event)
 {
 	bool extended_type = false;
@@ -11315,6 +11375,17 @@ static struct pmu *perf_init_event(struct perf_event *event)
 		goto unlock;
 	}
 
+	/*
+	 * 在以下使用LIST_HEAD(pmus):
+	 *   - drivers/perf/xgene_pmu.c|1948| <<xgene_pmu_dev_cleanup>> list_for_each_entry(ctx, pmus, next) {
+	 *   - kernel/events/core.c|10912| <<find_pmu_context>> list_for_each_entry(pmu, &pmus, entry) {
+	 *   - kernel/events/core.c|11185| <<perf_pmu_register>> list_add_rcu(&pmu->entry, &pmus);
+	 *   - kernel/events/core.c|11187| <<perf_pmu_register>> list_add_tail_rcu(&pmu->entry, &pmus);
+	 *   - kernel/events/core.c|11353| <<perf_init_event>> list_for_each_entry_rcu(pmu, &pmus, entry, lockdep_is_held(&pmus_srcu)) {
+	 *   - kernel/events/core.c|13368| <<perf_event_exit_cpu_context>> list_for_each_entry(pmu, &pmus, entry) {
+	 *   - kernel/events/core.c|13396| <<perf_event_init_cpu>> list_for_each_entry(pmu, &pmus, entry) {
+	 *   - kernel/events/core.c|13487| <<perf_event_sysfs_init>> list_for_each_entry(pmu, &pmus, entry) {
+	 */
 	list_for_each_entry_rcu(pmu, &pmus, entry, lockdep_is_held(&pmus_srcu)) {
 		ret = perf_try_init_event(pmu, event);
 		if (!ret)
@@ -12497,6 +12568,19 @@ SYSCALL_DEFINE5(perf_event_open,
  * @overflow_handler: callback to trigger when we hit the event
  * @context: context data could be used in overflow_handler callback
  */
+/*
+ * called by:
+ *   - arch/arm64/kvm/pmu-emul.c|684| <<kvm_pmu_create_perf_event>> event = perf_event_create_kernel_counter(&attr, -1, current,
+ *   - arch/arm64/kvm/pmu-emul.c|694| <<kvm_pmu_create_perf_event>> event = perf_event_create_kernel_counter(&attr, -1, current,
+ *   - arch/arm64/kvm/pmu-emul.c|819| <<kvm_pmu_probe_armpmu>> event = perf_event_create_kernel_counter(&attr, -1, current,
+ *   - arch/x86/kernel/cpu/resctrl/pseudo_lock.c|949| <<measure_residency_fn>> miss_event = perf_event_create_kernel_counter(miss_attr, plr->cpu,
+ *   - arch/x86/kernel/cpu/resctrl/pseudo_lock.c|954| <<measure_residency_fn>> hit_event = perf_event_create_kernel_counter(hit_attr, plr->cpu,
+ *   - arch/x86/kvm/pmu.c|158| <<pmc_reprogram_counter>> event = perf_event_create_kernel_counter(&attr, -1, current,
+ *   - arch/x86/kvm/vmx/pmu_intel.c|290| <<intel_pmu_create_guest_lbr_event>> event = perf_event_create_kernel_counter(&attr, -1,
+ *   - kernel/events/hw_breakpoint.c|463| <<register_user_hw_breakpoint>> return perf_event_create_kernel_counter(attr, -1, tsk, triggered,
+ *   - kernel/events/hw_breakpoint.c|573| <<register_wide_hw_breakpoint>> bp = perf_event_create_kernel_counter(attr, cpu, NULL,
+ *   - kernel/watchdog_hld.c|176| <<hardlockup_detector_event_create>> evt = perf_event_create_kernel_counter(wd_attr, cpu, NULL,
+ */
 struct perf_event *
 perf_event_create_kernel_counter(struct perf_event_attr *attr, int cpu,
 				 struct task_struct *task,
@@ -13425,6 +13509,9 @@ ssize_t perf_event_sysfs_show(struct device *dev, struct device_attribute *attr,
 }
 EXPORT_SYMBOL_GPL(perf_event_sysfs_show);
 
+/*
+ * /sys/bus/event_source/devices
+ */
 static int __init perf_event_sysfs_init(void)
 {
 	struct pmu *pmu;
@@ -13436,6 +13523,17 @@ static int __init perf_event_sysfs_init(void)
 	if (ret)
 		goto unlock;
 
+	/*
+	 * 在以下使用LIST_HEAD(pmus):
+	 *   - drivers/perf/xgene_pmu.c|1948| <<xgene_pmu_dev_cleanup>> list_for_each_entry(ctx, pmus, next) {
+	 *   - kernel/events/core.c|10912| <<find_pmu_context>> list_for_each_entry(pmu, &pmus, entry) {
+	 *   - kernel/events/core.c|11185| <<perf_pmu_register>> list_add_rcu(&pmu->entry, &pmus);
+	 *   - kernel/events/core.c|11187| <<perf_pmu_register>> list_add_tail_rcu(&pmu->entry, &pmus);
+	 *   - kernel/events/core.c|11353| <<perf_init_event>> list_for_each_entry_rcu(pmu, &pmus, entry, lockdep_is_held(&pmus_srcu)) {
+	 *   - kernel/events/core.c|13368| <<perf_event_exit_cpu_context>> list_for_each_entry(pmu, &pmus, entry) {
+	 *   - kernel/events/core.c|13396| <<perf_event_init_cpu>> list_for_each_entry(pmu, &pmus, entry) {
+	 *   - kernel/events/core.c|13487| <<perf_event_sysfs_init>> list_for_each_entry(pmu, &pmus, entry) {
+	 */
 	list_for_each_entry(pmu, &pmus, entry) {
 		if (!pmu->name || pmu->type < 0)
 			continue;
diff --git a/tools/perf/arch/x86/util/evlist.c b/tools/perf/arch/x86/util/evlist.c
index 68f681ad54c1..629b7eb9720d 100644
--- a/tools/perf/arch/x86/util/evlist.c
+++ b/tools/perf/arch/x86/util/evlist.c
@@ -8,6 +8,10 @@
 #define TOPDOWN_L1_EVENTS	"{slots,topdown-retiring,topdown-bad-spec,topdown-fe-bound,topdown-be-bound}"
 #define TOPDOWN_L2_EVENTS	"{slots,topdown-retiring,topdown-bad-spec,topdown-fe-bound,topdown-be-bound,topdown-heavy-ops,topdown-br-mispredict,topdown-fetch-lat,topdown-mem-bound}"
 
+/*
+ * called by:
+ *   - tools/perf/builtin-stat.c|1991| <<add_default_attributes>> if (arch_evlist__add_default_attrs(evsel_list) < 0)
+ */
 int arch_evlist__add_default_attrs(struct evlist *evlist)
 {
 	if (!pmu_have_event("cpu", "slots"))
@@ -19,6 +23,10 @@ int arch_evlist__add_default_attrs(struct evlist *evlist)
 		return parse_events(evlist, TOPDOWN_L1_EVENTS, NULL);
 }
 
+/*
+ * called by:
+ *   - tools/perf/util/parse-events.c|1874| <<parse_events__set_leader>> leader = arch_evlist__leader(list);
+ */
 struct evsel *arch_evlist__leader(struct list_head *list)
 {
 	struct evsel *evsel, *first, *slots = NULL;
diff --git a/tools/perf/arch/x86/util/topdown.c b/tools/perf/arch/x86/util/topdown.c
index f81a7cfe4d63..97be018ad133 100644
--- a/tools/perf/arch/x86/util/topdown.c
+++ b/tools/perf/arch/x86/util/topdown.c
@@ -7,6 +7,10 @@
 #include "evsel.h"
 
 /* Check whether there is a PMU which supports the perf metrics. */
+/*
+ * called by:
+ *   - tools/perf/arch/x86/util/evlist.c|33| <<arch_evlist__leader>> if (!topdown_sys_has_perf_metrics())
+ */
 bool topdown_sys_has_perf_metrics(void)
 {
 	static bool has_perf_metrics;
@@ -63,6 +67,10 @@ void arch_topdown_group_warn(void)
  * event must be the leader of the topdown group.
  */
 
+/*
+ * called by:
+ *   - tools/perf/util/record.c|30| <<evsel__read_sampler>> if (evsel__is_aux_event(leader) || arch_topdown_sample_read(leader) ||
+ */
 bool arch_topdown_sample_read(struct evsel *leader)
 {
 	if (!evsel__sys_has_perf_metrics(leader))
diff --git a/tools/perf/builtin-stat.c b/tools/perf/builtin-stat.c
index d2ecd4d29624..11ba15600ec8 100644
--- a/tools/perf/builtin-stat.c
+++ b/tools/perf/builtin-stat.c
@@ -697,6 +697,11 @@ static void compute_tts(struct timespec *time_start, struct timespec *time_stop,
 	*time_to_sleep = tts;
 }
 
+/*
+ * called by:
+ *   - tools/perf/builtin-stat.c|982| <<__run_perf_stat>> status = dispatch_events(forks, timeout, interval, &times);
+ *   - tools/perf/builtin-stat.c|1005| <<__run_perf_stat>> status = dispatch_events(forks, timeout, interval, &times);
+ */
 static int dispatch_events(bool forks, int timeout, int interval, int *times)
 {
 	int child_exited = 0, status = 0;
@@ -742,6 +747,11 @@ enum counter_recovery {
 	COUNTER_FATAL,
 };
 
+/*
+ * called by:
+ *   - tools/perf/builtin-stat.c|895| <<__run_perf_stat>> switch (stat_handle_error(counter)) {
+ *   - tools/perf/builtin-stat.c|938| <<__run_perf_stat>> switch (stat_handle_error(counter)) {
+ */
 static enum counter_recovery stat_handle_error(struct evsel *counter)
 {
 	char msg[BUFSIZ];
@@ -762,6 +772,10 @@ static enum counter_recovery stat_handle_error(struct evsel *counter)
 		 */
 		counter->errored = true;
 
+		/*
+		 * struct evsel *counter:
+		 * -> struct perf_evsel core;
+		 */
 		if ((evsel__leader(counter) != counter) ||
 		    !(counter->core.leader->nr_members > 1))
 			return COUNTER_SKIP;
@@ -791,6 +805,10 @@ static enum counter_recovery stat_handle_error(struct evsel *counter)
 	return COUNTER_FATAL;
 }
 
+/*
+ * called by:
+ *   - tools/perf/builtin-stat.c|1069| <<run_perf_stat>> ret = __run_perf_stat(argc, argv, run_idx);
+ */
 static int __run_perf_stat(int argc, const char **argv, int run_idx)
 {
 	int interval = stat_config.interval;
@@ -825,6 +843,12 @@ static int __run_perf_stat(int argc, const char **argv, int run_idx)
 		affinity = &saved_affinity;
 	}
 
+	/*
+	 * static struct evlist *evsel_list;
+	 * -> struct perf_evlist core;
+	 *    -> struct list_head         entries;
+	 *    -> int                      nr_entries;
+	 */
 	evlist__for_each_entry(evsel_list, counter) {
 		if (bpf_counter__load(counter, &target))
 			return -1;
@@ -832,6 +856,13 @@ static int __run_perf_stat(int argc, const char **argv, int run_idx)
 			all_counters_use_bpf = false;
 	}
 
+	/*
+	 * struct evlist_cpu_iterator evlist_cpu_itr;
+	 * -> // The list being iterated through.
+	 * -> struct evlist *container;
+	 * -> // The current evsel of the iterator.
+	 * -> struct evsel *evsel;
+	 */
 	evlist__for_each_cpu(evlist_cpu_itr, evsel_list, affinity) {
 		counter = evlist_cpu_itr.evsel;
 
@@ -1048,6 +1079,10 @@ static int __run_perf_stat(int argc, const char **argv, int run_idx)
 	return WEXITSTATUS(status);
 }
 
+/*
+ * called by:
+ *   - tools/perf/builtin-stat.c|2609| <<cmd_stat>> status = run_perf_stat(argc, argv, run_idx);
+ */
 static int run_perf_stat(int argc, const char **argv, int run_idx)
 {
 	int ret;
@@ -1662,6 +1697,10 @@ static int perf_stat_init_aggr_mode_file(struct perf_stat *st)
  * Add default attributes, if there were no attributes specified or
  * if -d/--detailed, -d -d or -d -d -d is used:
  */
+/*
+ * called by:
+ *   - tools/perf/builtin-stat.c|2469| <<cmd_stat>> if (add_default_attributes())
+ */
 static int add_default_attributes(void)
 {
 	int err;
diff --git a/tools/perf/util/evlist.c b/tools/perf/util/evlist.c
index 48af7d379d82..1c7b7ca21fd1 100644
--- a/tools/perf/util/evlist.c
+++ b/tools/perf/util/evlist.c
@@ -319,6 +319,11 @@ static int evlist__add_attrs(struct evlist *evlist, struct perf_event_attr *attr
 		evsel = evsel__new_idx(attrs + i, evlist->core.nr_entries + i);
 		if (evsel == NULL)
 			goto out_delete_partial_list;
+		/*
+		 * struct evsel *evsel:
+		 * -> struct perf_evsel       core;
+		 * -> struct evlist           *evlist;
+		 */
 		list_add_tail(&evsel->core.node, &head);
 	}
 
diff --git a/tools/perf/util/evsel.c b/tools/perf/util/evsel.c
index 094b0a9c0bc0..ca825a857db8 100644
--- a/tools/perf/util/evsel.c
+++ b/tools/perf/util/evsel.c
@@ -3084,6 +3084,13 @@ bool evsel__is_hybrid(struct evsel *evsel)
 
 struct evsel *evsel__leader(struct evsel *evsel)
 {
+	/*
+	 * struct evsel *evsel:
+	 * -> struct perf_evsel       core;
+	 *    -> struct perf_evsel       *leader;
+	 *    -> int                      nr_members;
+	 * -> struct evlist           *evlist;
+	 */
 	return container_of(evsel->core.leader, struct evsel, core);
 }
 
diff --git a/tools/perf/util/parse-events.c b/tools/perf/util/parse-events.c
index 7ed235740431..57c84e9b8dcd 100644
--- a/tools/perf/util/parse-events.c
+++ b/tools/perf/util/parse-events.c
@@ -1736,6 +1736,10 @@ int parse_events_multi_pmu_add(struct parse_events_state *parse_state,
 	return ok ? 0 : -1;
 }
 
+/*
+ * called by (是y的file):
+ *   - tools/perf/util/parse-events.y|183| <<yyparse>> err = parse_events__modifier_group(list, $3);
+ */
 int parse_events__modifier_group(struct list_head *list,
 				 char *event_mod)
 {
@@ -2029,6 +2033,11 @@ static int check_modifier(char *str)
 	return 0;
 }
 
+/*
+ * called by:
+ *   - tools/perf/util/parse-events.c|1742| <<parse_events__modifier_group>> return parse_events__modifier_event(list, event_mod, true);
+ *   - tools/perf/util/parse-events.y|245| <<yyparse>> err = parse_events__modifier_event(list, $2, false);
+ */
 int parse_events__modifier_event(struct list_head *list, char *str, bool add)
 {
 	struct evsel *evsel;
diff --git a/tools/perf/util/pmu.c b/tools/perf/util/pmu.c
index 9a1c7e63e663..9a88437bf3de 100644
--- a/tools/perf/util/pmu.c
+++ b/tools/perf/util/pmu.c
@@ -449,6 +449,10 @@ static inline bool pmu_alias_info_file(char *name)
  * Process all the sysfs attributes located under the directory
  * specified in 'dir' parameter.
  */
+/*
+ * called by:
+ *   - tools/perf/util/pmu.c|510| <<pmu_aliases>> if (pmu_aliases_parse(path, head))
+ */
 static int pmu_aliases_parse(char *dir, struct list_head *head)
 {
 	struct dirent *evt_ent;
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index a49df8988cd6..e9349cde5749 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -527,6 +527,13 @@ static void kvm_null_fn(void)
 	     node;							     \
 	     node = interval_tree_iter_next(node, start, last))	     \
 
+/*
+ * called by:
+ *   - virt/kvm/kvm_main.c|624| <<kvm_handle_hva_range>> return __kvm_handle_hva_range(kvm, &range);
+ *   - virt/kvm/kvm_main.c|644| <<kvm_handle_hva_range_no_flush>> return __kvm_handle_hva_range(kvm, &range);
+ *   - virt/kvm/kvm_main.c|730| <<kvm_mmu_notifier_invalidate_range_start>> __kvm_handle_hva_range(kvm, &hva_range);
+ *   - virt/kvm/kvm_main.c|769| <<kvm_mmu_notifier_invalidate_range_end>> __kvm_handle_hva_range(kvm, &hva_range);
+ */
 static __always_inline int __kvm_handle_hva_range(struct kvm *kvm,
 						  const struct kvm_hva_range *range)
 {
@@ -2745,6 +2752,20 @@ void kvm_release_pfn(kvm_pfn_t pfn, bool dirty)
 		kvm_release_pfn_clean(pfn);
 }
 
+/*
+ * called by:
+ *   - arch/x86/kvm/svm/nested.c|787| <<nested_svm_vmrun>> ret = kvm_vcpu_map(vcpu, gpa_to_gfn(vmcb12_gpa), &map);
+ *   - arch/x86/kvm/svm/nested.c|897| <<nested_svm_vmexit>> rc = kvm_vcpu_map(vcpu, gpa_to_gfn(svm->nested.vmcb12_gpa), &map);
+ *   - arch/x86/kvm/svm/sev.c|2823| <<sev_handle_vmgexit>> if (kvm_vcpu_map(vcpu, ghcb_gpa >> PAGE_SHIFT, &svm->sev_es.ghcb_map)) {
+ *   - arch/x86/kvm/svm/svm.c|2080| <<vmload_vmsave_interception>> ret = kvm_vcpu_map(vcpu, gpa_to_gfn(svm->vmcb->save.rax), &map);
+ *   - arch/x86/kvm/svm/svm.c|4336| <<svm_enter_smm>> if (kvm_vcpu_map(vcpu, gpa_to_gfn(svm->nested.hsave_msr),
+ *   - arch/x86/kvm/svm/svm.c|4372| <<svm_leave_smm>> if (kvm_vcpu_map(vcpu, gpa_to_gfn(vmcb12_gpa), &map) == -EINVAL)
+ *   - arch/x86/kvm/svm/svm.c|4376| <<svm_leave_smm>> if (kvm_vcpu_map(vcpu, gpa_to_gfn(svm->nested.hsave_msr), &map_save) == -EINVAL)
+ *   - arch/x86/kvm/vmx/nested.c|623| <<nested_vmx_prepare_msr_bitmap>> if (kvm_vcpu_map(vcpu, gpa_to_gfn(vmcs12->msr_bitmap), map))
+ *   - arch/x86/kvm/vmx/nested.c|1993| <<nested_vmx_handle_enlightened_vmptrld>> if (kvm_vcpu_map(vcpu, gpa_to_gfn(evmcs_gpa),
+ *   - arch/x86/kvm/vmx/nested.c|3206| <<nested_get_vmcs12_pages>> if (!kvm_vcpu_map(vcpu, gpa_to_gfn(vmcs12->virtual_apic_page_addr), map)) {
+ *   - arch/x86/kvm/vmx/nested.c|3232| <<nested_get_vmcs12_pages>> if (!kvm_vcpu_map(vcpu, gpa_to_gfn(vmcs12->posted_intr_desc_addr), map)) {
+ */
 int kvm_vcpu_map(struct kvm_vcpu *vcpu, gfn_t gfn, struct kvm_host_map *map)
 {
 	kvm_pfn_t pfn;
-- 
2.17.1