Re: Two shadow page tables for HVM

[Emre Can Sezer <ecsezer@ncsu.edu>]

Tim Deegan wrote:
> At 17:08 -0500 on 09 Jan (1231520939), Emre Can Sezer wrote:
>   
>> I finally got around to implementing two paging modes.  Everything works 
>> fine until I swap modes :)
>>
>> I get a shadow page fault with error_code 0.  This happens right after I 
>> swap the paging mode.  Any clues as to what might be the cause?
>>
>> I walked through the code that updates paging modes.  It appears that we 
>> simply make an *empty* top level shadow and install it as top level shadow 
>> page table.  If this is the case, shouldn't the first fault have a non-zero 
>> error code?
>>     
>
> The TLB will be empty when you return so the first fault will be an
> instruction fetch, presumably from kernel space (since that's when you
> want to switch modes).  If the guest has PAE or 64-bit pagetabels and
> EFER.NXE turned on, it should have error code 0x10; otherwise 0 is correct.
>   


Unfortunately I'm still stuck with the same problem.  When in normal
mode, I observe the instruction fetch error when execution is jumping to
a module.  The va and rip are the same.  I switch to "alternate" paging
mode.  Since the TLB is empty, I expect the guest to try to fetch the
instruction again.  At this point the root shadow page table is empty
(first time we ever switched to this mode), so I only expect to get a
page not present error, since the NX bit is not set.  Well, I don't see
either.  It faults with error code 0 and a va that is different from the
rip (rip is the same as before).  I'm using 64-bit PT's and as far as I
can tell EFER.NXE is turned on.  At least cpu_has_nx returns true and
that I get page faults with PFEC_instr_fetch error with both paging modes.

Here is the summary of page fault errors:
...
(XEN) sh_page_fault: d:v=1:0 va=0xffffffffa000f050 err=17,
rip=ffffffffa000f050
(XEN) <ECS> Switching to ALTERNATE paging mode
(XEN) <ECS-alt> sh_page_fault: d:v=1:0 va=0xffffffff8062cef0 err=0,
rip=ffffffffa000f050
(XEN) <ECS-alt> sh_page_fault: d:v=1:0 va=0xffffffff805d8010 err=0,
rip=ffffffffa000f050
(XEN) <ECS-alt> sh_page_fault: d:v=1:0 va=0xffffffff8020cea0 err=10,
rip=ffffffff8020cea0
(XEN) <ECS> Switching to NORMAL paging mode
(XEN) <ECS> Done
...

I'm also confused about the last page fault.  No page fault occurred
that propagated this page's pte from the guest (I turned off
prefetching). I'm inclined to think that I have some artifacts from the
initial paging mode.

The only thing I haven't fully ported to the alternate paging mode is
the super page handling.  But I'm not sure if that has anything to do
with the error code.

Any thoughts? Am I correct in thinking that when I first switch the
paging mode, the top level page table is empty and that we should at
least get a page not present error for ANY instruction?

Thanks,

John

>