From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jan Kiszka Subject: Re: [PATCH v7 01/15] nEPT: Support LOAD_IA32_EFER entry/exit controls for L1 Date: Tue, 06 Aug 2013 09:55:09 +0200 Message-ID: <5200ABDD.5050307@web.de> References: <1375690040-5764-1-git-send-email-gleb@redhat.com> <1375690040-5764-2-git-send-email-gleb@redhat.com> <20130805114032.GE10891@redhat.com> <5200AA0B.5080409@web.de> <20130806075109.GA8218@redhat.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="x73hdJCpxeW4IDDHXqgjq5M82x3QjlDst" Cc: Arthur Chunqi Li , kvm , Xiao Guangrong , Jun Nakajima , Yang Zhang , Paolo Bonzini To: Gleb Natapov Return-path: Received: from mout.web.de ([212.227.17.11]:59326 "EHLO mout.web.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751284Ab3HFHzN (ORCPT ); Tue, 6 Aug 2013 03:55:13 -0400 Received: from mchn199C.mchp.siemens.de ([95.157.58.223]) by smtp.web.de (mrweb002) with ESMTPSA (Nemesis) id 0M0Qxx-1W0uUF0nKn-00udpz for ; Tue, 06 Aug 2013 09:55:11 +0200 In-Reply-To: <20130806075109.GA8218@redhat.com> Sender: kvm-owner@vger.kernel.org List-ID: This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --x73hdJCpxeW4IDDHXqgjq5M82x3QjlDst Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 2013-08-06 09:51, Gleb Natapov wrote: > On Tue, Aug 06, 2013 at 09:47:23AM +0200, Jan Kiszka wrote: >> On 2013-08-05 13:40, Gleb Natapov wrote: >>> On Mon, Aug 05, 2013 at 07:27:33PM +0800, Arthur Chunqi Li wrote: >>>> On Mon, Aug 5, 2013 at 4:07 PM, Gleb Natapov wrote= : >>>>> From: Nadav Har'El >>>>> >>>>> Recent KVM, since http://kerneltrap.org/mailarchive/linux-kvm/2010/= 5/2/6261577 >>>>> switch the EFER MSR when EPT is used and the host and guest have di= fferent >>>>> NX bits. So if we add support for nested EPT (L1 guest using EPT to= run L2) >>>>> and want to be able to run recent KVM as L1, we need to allow L1 to= use this >>>>> EFER switching feature. >>>>> >>>>> To do this EFER switching, KVM uses VM_ENTRY/EXIT_LOAD_IA32_EFER if= available, >>>>> and if it isn't, it uses the generic VM_ENTRY/EXIT_MSR_LOAD. This p= atch adds >>>>> support for the former (the latter is still unsupported). >>>>> >>>>> Nested entry and exit emulation (prepare_vmcs_02 and load_vmcs12_ho= st_state, >>>>> respectively) already handled VM_ENTRY/EXIT_LOAD_IA32_EFER correctl= y. So all >>>>> that's left to do in this patch is to properly advertise this featu= re to L1. >>>>> >>>>> Note that vmcs12's VM_ENTRY/EXIT_LOAD_IA32_EFER are emulated by L0,= by using >>>>> vmx_set_efer (which itself sets one of several vmcs02 fields), so w= e always >>>>> support this feature, regardless of whether the host supports it. >>>>> >>>>> Reviewed-by: Orit Wasserman >>>>> Signed-off-by: Nadav Har'El >>>>> Signed-off-by: Jun Nakajima >>>>> Signed-off-by: Xinhao Xu >>>>> Signed-off-by: Yang Zhang >>>>> Signed-off-by: Gleb Natapov >>>>> --- >>>>> arch/x86/kvm/vmx.c | 23 ++++++++++++++++------- >>>>> 1 file changed, 16 insertions(+), 7 deletions(-) >>>>> >>>>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c >>>>> index e999dc7..27efa6a 100644 >>>>> --- a/arch/x86/kvm/vmx.c >>>>> +++ b/arch/x86/kvm/vmx.c >>>>> @@ -2198,7 +2198,8 @@ static __init void nested_vmx_setup_ctls_msrs= (void) >>>>> #else >>>>> nested_vmx_exit_ctls_high =3D 0; >>>>> #endif >>>>> - nested_vmx_exit_ctls_high |=3D VM_EXIT_ALWAYSON_WITHOUT_TRU= E_MSR; >>>>> + nested_vmx_exit_ctls_high |=3D (VM_EXIT_ALWAYSON_WITHOUT_TR= UE_MSR | >>>>> + VM_EXIT_LOAD_IA32_EFER); >>>> Gleb, why we don't need to check whether host supports >>>> VM_EXIT_LOAD_IA32_EFER here, as what you noted in my >>>> VM_EXIT_LOAD_IA32_PAT patch? >>> Nested VMX completely emulates the capability. >> >> No, it doesn't. The values for host/guest are handled over via the >> corresponding VMCS fields, physically, even though the actual loading = is >> emulated then. So we must not expose this feature unconditionally. > Can you show me the code where it happens? When the guest writes to HOST/GUEST_IA32_EFER, we will store this in the vmcs that will then become the active one on next L1/L2 entry, no? Jan >=20 >> That's the same pattern as with PAT, Arthur is right. >> >> I've a patch on top of v7 to fix this (and also the incorrect >> VM_ENTRY_IA32E_MODE reporting on 32-bit). Will post it soon as part of= >> an updated version of my unrestricted guest mode series. >> >> Jan >> >> >=20 >=20 >=20 > -- > Gleb. >=20 --x73hdJCpxeW4IDDHXqgjq5M82x3QjlDst Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlIAq90ACgkQitSsb3rl5xSF2gCfTfYciuz7PQO9wQMzzzTiRxp4 om8AoM7K+vhQELkyg/7DQXVc8peYaT0J =IyRk -----END PGP SIGNATURE----- --x73hdJCpxeW4IDDHXqgjq5M82x3QjlDst--