On 8/8/2013 4:38 AM, Tim Deegan wrote:
> At 14:17 +0100 on 07 Aug (1375885025), Jan Beulich wrote:
>>>>> On 05.08.13 at 10:31, <suravee.suthikulpanit@amd.com> wrote:
>>> From: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
>>>
>>> Fix assertion in __virt_to_maddr when starting nested SVM guest
>>> in debug mode. Investigation has shown that svm_vmsave/svm_vmload
>>> make use of __pa() with invalid address.
>>>
>>> Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
>> Tim - have all your earlier comments been addressed in this version?
> Yes, I'm happy with this one.
>
> Reviewed-by: Tim Deegan <tim@xen.org>
>
>>> -    if (!nestedhvm_enabled(v->domain)) {
>>> +    if ( !nestedhvm_enabled(v->domain) || !hvm_svm_enabled(v) ) {
>> Suravee, why is this change needed (here and further down)?
>> Can we really get here when hvm_svm_enabled(v) returns false?
>> I don't recall this having been there in earlier versions.
> This came from discussion of what fault to inject -- we always intercept
> VM{RUN,LOAD,SAVE} so I think we can get here.  The AMD docs for those say:
>   "Checks exceptions (#GP) before the intercept."
> but nothing about checking guest_efer.SVME so AFAICT we have to do that
> in Xen.
>
> Arguably this fix could could be a separate patch.  Certainly the same
> check ought to go into svm_exit_do_vmrun().
>
> Tim.
>
Here, the "nestedhvm_enabled(v->domain)" is implemented as

/* Nested HVM on/off per domain */
bool_t
nestedhvm_enabled(struct domain *d)
{
     return is_hvm_domain(d) &&
d->arch.hvm_domain.params[HVM_PARAM_NESTEDHVM];
}

I'm not familiar with this, but I believe this is the option in the HVM 
config file"nestedhvm=1".

Suravee