From mboxrd@z Thu Jan  1 00:00:00 1970
From: Radim =?utf-8?B?S3LEjW3DocWZ?= <rkrcmar@redhat.com>
Subject: Re: [PATCH v1 1/2] KVM: nVMX: get rid of nested_get_page()
Date: Thu, 3 Aug 2017 19:41:00 +0200
Message-ID: <20170803174100.GC1015@flask>
References: <20170803140907.23681-1-david@redhat.com>
 <20170803140907.23681-2-david@redhat.com>
 <20170803153601.GH32403@flask>
 <CALMp9eR+u1GP=0oKCm1a69Phw4WkKJwYSx1q2XiNy-80BfQrbw@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Cc: David Hildenbrand <david@redhat.com>,
        kvm list <kvm@vger.kernel.org>,
        Paolo Bonzini <pbonzini@redhat.com>
To: Jim Mattson <jmattson@google.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:57244 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751870AbdHCRlK (ORCPT <rfc822;kvm@vger.kernel.org>);
        Thu, 3 Aug 2017 13:41:10 -0400
Content-Disposition: inline
In-Reply-To: <CALMp9eR+u1GP=0oKCm1a69Phw4WkKJwYSx1q2XiNy-80BfQrbw@mail.gmail.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

2017-08-03 09:05-0700, Jim Mattson:
> On Thu, Aug 3, 2017 at 8:36 AM, Radim Krčmář <rkrcmar@redhat.com> wrote:
> > 2017-08-03 16:09+0200, David Hildenbrand:
> >>               /*
> >>                * If translation failed, no matter: This feature asks
> >>                * to exit when accessing the given address, and if it
> >>                * can never be accessed, this feature won't do
> >>                * anything anyway.
> >>                */
> 
> This comment is incorrect. On real hardware, the APIC access page
> doesn't have to exist (i.e. be backed by actual memory), because the
> APIC access page is never accessed. Think of the APIC access page as a
> sentinel value that the hypervisor can put in the page tables (EPT
> page tables if they are in use, x86 page tables otherwise) to trigger
> APIC virtualization. If there is an access, it is to the page at the
> virtual APIC address, not the APIC access page.

Right,

> Similarly, in a VM, there need not be a mapping for the APIC access
> page for the feature to work as architected. (Or, at least, that's the
> way it should work. :-)

the APIC_ACCESS_ADDR is always L0 physical address, so we somehow need
to map the L1 physical address somewhere in order to recognize accesses
from L2.

I think the correct way would be to should create a new mapping if the
chosen L1 physical address has no L0 physical address yet.
The code was made for the common case where hypervisors select a page
that is mapped by KVM ...

Do you wish to send patches? :)

Thanks.