From mboxrd@z Thu Jan  1 00:00:00 1970
From: Avi Kivity <avi@redhat.com>
Subject: Re: [PATCH 3/6] Nested VMX patch 3 implements vmptrld and vmptrst
Date: Sun, 06 Sep 2009 22:10:53 +0300
Message-ID: <4AA4093D.8030605@redhat.com>
References: <1251905916-2834-1-git-send-email-oritw@il.ibm.com> <1251905916-2834-2-git-send-email-oritw@il.ibm.com> <1251905916-2834-3-git-send-email-oritw@il.ibm.com> <1251905916-2834-4-git-send-email-oritw@il.ibm.com> <4A9ECFF5.60701@redhat.com> <OFBF1E7FB0.A2CB2AF0-ONC2257626.004C74E2-C2257626.004F3A44@il.ibm.com> <4AA37FFD.3090400@redhat.com> <OF9B2496FA.9F0B367D-ONC2257629.003AB106-C2257629.004ABF4A@il.ibm.com> <4AA3BEB8.3030009@redhat.com> <OF3484881F.6E189D92-ONC2257629.005C2ACB-C2257629.005CF238@il.ibm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Abel Gordon <ABELG@il.ibm.com>, aliguori@us.ibm.com,
	Ben-Ami Yassour1 <BENAMI@il.ibm.com>, kvm@vger.kernel.org,
	mday@us.ibm.com, Muli Ben-Yehuda <MULI@il.ibm.com>
To: Orit Wasserman <oritw@il.ibm.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:6257 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751781AbZIFTKe (ORCPT <rfc822;kvm@vger.kernel.org>);
	Sun, 6 Sep 2009 15:10:34 -0400
In-Reply-To: <OF3484881F.6E189D92-ONC2257629.005C2ACB-C2257629.005CF238@il.ibm.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 09/06/2009 07:55 PM, Orit Wasserman wrote:
>> Note other things like the msr bitmaps may need write protection,
>> otherwise you have to re-merge the bitmap on every guest entry, which
>> can be very slow.  So we may be forced to add write protection anyway.
>>      
> We will also need to write protected L1's EPT tables , to allow L1 to swap
> out his guests.
>    

That comes naturally with the shadow mmu.  In the same way normal shadow 
mmu protects guest page tables, nested EPT shadow should protect the 
guest's EPT pages.

(unfortunately there is no INVEPT instruction that accepts a gpa 
operand; this would make write protection unnecessary).

>> I meant, the guest can force the host to allocate vpids if we don't
>> protect against it.
>>      
> You meant by launching a lot of guests ?
>    

Yes.

> We can limit the number of guests as a very quick solution.
>    

How?  There is no way to tell the guest not to launch more guests.

> More complicated is limiting the number of vpids per L1 hypervisor and
> reusing them.
>    

When the bitmap is full, clear it.  Use a generation count to tell vcpus 
to reload.  svm does that (svm only has 63 asids).

> This means we will sometime need to invalidate the vpid when switching
> between L2 guests.
>    

Yes.

>> I don't understand why you need it.  Host state shouldn't change.  Only
>> the control fields are interesting, and things like exception_bitmap.
>>      
> I think that when KVM switches to Qemu the host state can change (L0 host
> state). If this happens between different runs of L2
> we will need to update VMCS02 host state. Of course we can optimize and
> update it only than.
>    

No, I don't think any host state changes, except for cr0.ts.

-- 
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.