From mboxrd@z Thu Jan  1 00:00:00 1970
From: Avi Kivity <avi@qumranet.com>
Subject: Re: large page support for kvm
Date: Wed, 20 Feb 2008 16:25:42 +0200
Message-ID: <47BC3866.7050502@qumranet.com>
References: <479F604C.20107@qumranet.com> <20080130184035.GS6960@amd.com>
	<47A16054.6080201@qumranet.com> <20080211154901.GA11936@dmt>
	<47B1894A.1030208@qumranet.com> <20080213001519.GA32134@dmt>
	<47B2921F.1040905@qumranet.com> <20080214231739.GA7787@dmt>
	<47B800AB.20905@qumranet.com> <20080219203733.GA7558@dmt>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Cc: kvm-devel <kvm-devel@lists.sourceforge.net>
To: Marcelo Tosatti <marcelo@kvack.org>
Return-path: <kvm-devel-bounces@lists.sourceforge.net>
In-Reply-To: <20080219203733.GA7558@dmt>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/kvm-devel>,
	<mailto:kvm-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=kvm-devel>
List-Post: <mailto:kvm-devel@lists.sourceforge.net>
List-Help: <mailto:kvm-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/kvm-devel>,
	<mailto:kvm-devel-request@lists.sourceforge.net?subject=subscribe>
Sender: kvm-devel-bounces@lists.sourceforge.net
Errors-To: kvm-devel-bounces@lists.sourceforge.net
List-Id: kvm.vger.kernel.org

Marcelo Tosatti wrote:
>   
>>> +			/*
>>> + 			 * Largepage creation is susceptible to a upper-level
>>> + 			 * table to be shadowed and write-protected in the
>>> + 			 * area being mapped. If that is the case, invalidate
>>> + 			 * the entry and let the instruction fault again
>>> + 			 * and use 4K mappings.
>>> + 			 */
>>> +			if (largepage) {
>>> +				spte = shadow_trap_nonpresent_pte;
>>> +				kvm_x86_ops->tlb_flush(vcpu);
>>> +				goto unshadowed;
>>> +			}
>>>  
>>>       
>> Would it not repeat exactly the same code path?  Or is this just for the 
>> case of the pte_update path?
>>     
>
> The problem is if the instruction writing to one of the roots can't be
> emulated.
>
> kvm_mmu_unprotect_page() does not know about largepages, so it will zap
> a gfn inside the large page frame, but not the large translation itself.
>
> And zapping the gfn brings the shadowed page count in large area to
> zero, allowing has_wrprotected_page() to succeed. Endless unfixable
> write faults.
>
>   

I don't follow. Can you describe the scenario in more detail? The state 
of the guest and shadow page tables, and what actually happens?

Setting spte to a nonpresent pte seems to violate the rmap btw; rmap 
always expects a valid pte pointing at the page.

-- 
Any sufficiently difficult bug is indistinguishable from a feature.


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/