Re: tlb flush after each vm_exit, also virtual interrupts injection

[Paolo Bonzini <pbonzini@redhat.com>]

> 1) I've seen some slides, back in 08, in which it is described
> that the use of VPID, will solve the problem of TLB flush after each VM_EXIT.
> But, i see from the code that it actually does a flush after a VM_EXIT.
> 
> Obviously, i am wrong. So I need some help,
> Where to look, i mean which lines of code, in order to figure out, what is
> happening with TLB flush and VM_EXITS

You are saying that you "see from the code that it actually does a flush
after a VM_EXIT".  Where is this?

> 2) system call from ing 0 (non-root), to ring 0(root)
> Could guest os, do a system call to host os?

No.  You'd need a program running on the host, and a channel between
this program and a guest (such as a socket or a serial port).

> 3) what is the mechanism of virtual interrupt injection
> What is the mechanism that is used for a virtual interrupt injection,
> in full virtualization?
> 
> Host injects an interrupt to guest, HOW?  eg. hardware interrupt?
> to which point of guest? guest complete_bh?

Interrupt injections happens through ioctls on the KVM file descriptors
(the CPU file descriptor for KVM_INTERRUPT, the VM file descriptors for others).

When the LAPIC is emulated by userspace (not the common case) this is
done with the KVM_INTERRUPT ioctl.  When the LAPIC is emulated in kernel,
there are various mechanisms.

ioctl                   when?                interrupt kind
------------------------------------------------------------------------
KVM_INTERRUPT           i8259 in userspace   EXTINT
KVM_SET_GSI_ROUTING     (always)             IOAPIC
KVM_SIGNAL_MSI          (always)             MSI
KVM_SET_GSI_ROUTING     (always)             MSI
KVM_IRQFD                                    any that can use KVM_SET_GSI_ROUTING

After KVM_SET_GSI_ROUTING, the host invokes another ioctl on the VM
file descriptor (either KVM_IRQ_LINE or KVM_IRQ_LINE_STATUS) in order
to trigger the interrupt.  In QEMU this corresponds to qemu_irq_raise,
pci_set_irq or msi_notify.

After KVM_IRQFD, the host writes to an eventfd in order to trigger the
interrupt.  In QEMU this corresponds to event_notifier_set.

(For MSI, KVM_SIGNAL_MSI is preferred to KVM_IRQ_LINE/KVM_IRQ_LINE_STATUS
because it's faster, but they provide the same functionality).

> 4)
> I've seen from bibliography, that KVM operates in protection ring -1.
> What doe it mean? Is there HW implementation for that ring?
> 
> Why not in ring 0?

Ring -1 is not a particularly good name.  The right name is that KVM
operates in VMX ring 0 root mode, while the guest operates in VMX
non-root mode (which can be any of ring 0-1-2-3 depending on the
current privilege level of the guest).

Paolo