From: Avi Kivity <avi@redhat.com>
To: "Nadav Har'El" <nyh@math.technion.ac.il>
Cc: Chris Wright <chrisw@redhat.com>, kvm@vger.kernel.org
Subject: Re: KVM call minutes for Nov 30
Date: Tue, 07 Dec 2010 10:34:37 +0200 [thread overview]
Message-ID: <4CFDF19D.70505@redhat.com> (raw)
In-Reply-To: <20101206193919.GA1999@fermat.math.technion.ac.il>
On 12/06/2010 09:39 PM, Nadav Har'El wrote:
> On Wed, Dec 01, 2010, Nadav Har'El wrote about "Re: KVM call minutes for Nov 30":
> > Specifically, in the last review I was asked to make sure that shadow-on-EPT
> > works so that users do not need to remember to add the "ept=0" module option
> > on L0. Unfortunately, while this should have been relatively simple (and it
> > DID work in some time in the distant past), there appears to be a bug that I
> > have spent the last couple of weeks chasing - so far unsucessfully.
>
> I was finally able to track this bug down. The issue was incorrect setup of
> the four PDPTE (which are called PDPTR in KVM) fields in vmcs02.
> These fields are important to set up correctly when using EPT and PAE.
> For some reason I have yet to understand, KVM (as an L1) appears to be
> setting the PAE bit in its guest. The previous code copied these fields from
> vmcs01 to vmcs02, but this is incorrect because these fields need to be
> recalculated for each cr3, and the GUEST_CR3 used for running L2 (the shadow
> page table set up by L1) is different from the GUEST_CR3 used to run L1
> (this one is defined by L1, and untouched by L0 because L0 uses EPT).
> We need to emulate what the processor does on a cr3 change when EPT and
> PAE are both enabled - i.e., dereference the cr3 value (this requires an EPT
> translation) and find the four pointers to be saved in the PDPTR fields.
> I have done this, and the shadow-on-ept case finally works, and there is
> no nead to use ept=0 on L0 any more :-)
Great. I imagine the fixed code is also simpler. I don't follow what
you mean by "this requires an EPT translation". All it requires is a
kvm_set_cr3() which will load the PDPTEs into the PDPTRs if PAE is
enabled. You may need to order the loading of CR0, CR3, CR4, and EFER
to achieve the desired effect.
> I'm curious, though, why does KVM set PAE for its guest? What does setting
> PAE supposed to do while the guest is booting (and thinks it is running in
> real mode)?
PAE is needed to access >4G of memory. Otherwise the PTEs are 32 bits
long and cannot reference all of host memory.
> What does setting PAE supposed to do while the guest is running
> in long mode?
PAE is a required by the processor for long mode (independently of
virtualization).
--
error compiling committee.c: too many arguments to function
next prev parent reply other threads:[~2010-12-07 8:34 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-30 15:53 KVM call minutes for Nov 30 Chris Wright
2010-11-30 15:59 ` Anthony Liguori
2010-12-01 9:27 ` Nadav Har'El
2010-12-01 10:28 ` Avi Kivity
2010-12-06 19:39 ` Nadav Har'El
2010-12-07 8:34 ` Avi Kivity [this message]
2010-12-07 12:49 ` Nadav Har'El
2010-12-07 13:10 ` Avi Kivity
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CFDF19D.70505@redhat.com \
--to=avi@redhat.com \
--cc=chrisw@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=nyh@math.technion.ac.il \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox