From mboxrd@z Thu Jan  1 00:00:00 1970
From: Joerg Roedel <joerg.roedel@amd.com>
Subject: Re: Nested SVM and migration
Date: Mon, 22 Feb 2010 18:07:37 +0100
Message-ID: <20100222170737.GD4210@amd.com>
References: <4B80347E.7000003@redhat.com>
 <20100220201822.GG20833@8bytes.org>
 <4B806FB9.20009@redhat.com>
 <20100221121008.GI20833@8bytes.org>
 <4B8125E2.8050309@redhat.com>
 <20100221124141.GA26465@8bytes.org>
 <4B812CE9.2070107@redhat.com>
 <20100221130915.GB26465@8bytes.org>
 <4B82B4DB.1090703@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: Joerg Roedel <joro@8bytes.org>, Avi Kivity <avi@redhat.com>,
	kvm <kvm@vger.kernel.org>
To: Zachary Amsden <zamsden@redhat.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from tx2ehsobe004.messaging.microsoft.com ([65.55.88.14]:12948 "EHLO
	TX2EHSOBE007.bigfish.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752152Ab0BVRIU (ORCPT <rfc822;kvm@vger.kernel.org>);
	Mon, 22 Feb 2010 12:08:20 -0500
Content-Disposition: inline
In-Reply-To: <4B82B4DB.1090703@redhat.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On Mon, Feb 22, 2010 at 06:46:19AM -1000, Zachary Amsden wrote:
> On 02/21/2010 03:09 AM, Joerg Roedel wrote:
> >On Sun, Feb 21, 2010 at 02:54:01PM +0200, Avi Kivity wrote:
> >>So, if some other cpu (or the guest itself, with appropriate
> >>permissions) modifies the msr permission bitmap, svm will not notice
> >>this?  svm loads the bitmap during entry?
> >Yes.
> 
> Ugh.  So we have non-reversible architectural state all over again.
> There are ways around this problem, all ugly, but the easiest is
> shadowing the MSR permission bitmap.
> 
> >>I don't think you can tell, unless the host cpu modifying the vmcb is
> >>synchronized with the guest (or the guest modifies its own vmcb).  But
> >>this is all academic.
> >Hmm, another thing comes to mind. We would need some redesign of the
> >nested_svm code to allow userspace to put a vcpu directly into nested
> >state. With the MSR approach, all userspace does is to write MSRs into
> >the vcpu before the first run?
> 
> How does MSR_KVM_NESTED_SVM_ACTIVE not solve this problem?

Image migration from host1 -> host2

When you want to put a vcpu directly into nested state you need to
recalculate certain stuff like the intercept bitmaps (intercept bitmaps
from host1 and host2 might be different) or the tsc_offset. But this can all
be done in the vcpu_unfreeze ioctl.

	Joerg