QUESTION: mmu.gva_to_gpa versus nested_mmu.gva_to_gpa

QUESTION: mmu.gva_to_gpa versus nested_mmu.gva_to_gpa

[David Matlack]

I'm wondering if this comment in mmu.c:init_kvm_nested_mmu is correct (at
least in the context of Nested EPT):

4055         /*
4056          * Note that arch.mmu.gva_to_gpa translates l2_gva to l1_gpa. The
4057          * translation of l2_gpa to l1_gpa addresses is done using the
4058          * arch.nested_mmu.gva_to_gpa function. Basically the gva_to_gpa
4059          * functions between mmu and nested_mmu are swapped.
4060          */

nested_mmu.get_cr3 gets set to get_cr3, which I believe will return L2's cr3.
In vmx.c:nested_ept_init_mmu_context, mmu.get_cr3 is set to
nested_ept_get_cr3, which should be the root of EPT12. Given these get_cr3
functions, shouldn't nested_mmu.gva_to_gpa translate l2_gva->l2_gpa and
mmu.gva_to_gpa translate l2_gpa->l1_gpa?

Re: QUESTION: mmu.gva_to_gpa versus nested_mmu.gva_to_gpa

[Paolo Bonzini]

On 28/12/2015 23:23, David Matlack wrote:
> I'm wondering if this comment in mmu.c:init_kvm_nested_mmu is correct (at
> least in the context of Nested EPT):
> 
> 4055         /*
> 4056          * Note that arch.mmu.gva_to_gpa translates l2_gva to l1_gpa. The
> 4057          * translation of l2_gpa to l1_gpa addresses is done using the
> 4058          * arch.nested_mmu.gva_to_gpa function. Basically the gva_to_gpa
> 4059          * functions between mmu and nested_mmu are swapped.
> 4060          */
> 
> nested_mmu.get_cr3 gets set to get_cr3, which I believe will return L2's cr3.
> In vmx.c:nested_ept_init_mmu_context, mmu.get_cr3 is set to
> nested_ept_get_cr3, which should be the root of EPT12. Given these get_cr3
> functions, shouldn't nested_mmu.gva_to_gpa translate l2_gva->l2_gpa and
> mmu.gva_to_gpa translate l2_gpa->l1_gpa?

Yes, it's correct.  It can be trivially seen by looking at
kvm_init_shadow_ept_mmu's usage of &vcpu->arch.mmu.  This is obviously a
l2_gpa to l1_gpa translation.

Whether the roles are swapped, depends on whether you think of
"nested_mmu" as "nested guest" or "nested virtualization"  nested_mmu is
the MMU for the nested guest, mmu is the MMU for the L1 guest and it's
the one that takes care of nested virtualization.

Paolo

Re: QUESTION: mmu.gva_to_gpa versus nested_mmu.gva_to_gpa

[David Matlack]

On Mon, Dec 28, 2015 at 6:25 PM, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
>
> On 28/12/2015 23:23, David Matlack wrote:
>> I'm wondering if this comment in mmu.c:init_kvm_nested_mmu is correct (at
>> least in the context of Nested EPT):
>>
>> 4055         /*
>> 4056          * Note that arch.mmu.gva_to_gpa translates l2_gva to l1_gpa. The
>> 4057          * translation of l2_gpa to l1_gpa addresses is done using the
>> 4058          * arch.nested_mmu.gva_to_gpa function. Basically the gva_to_gpa
>> 4059          * functions between mmu and nested_mmu are swapped.
>> 4060          */
>>
>> nested_mmu.get_cr3 gets set to get_cr3, which I believe will return L2's cr3.
>> In vmx.c:nested_ept_init_mmu_context, mmu.get_cr3 is set to
>> nested_ept_get_cr3, which should be the root of EPT12. Given these get_cr3
>> functions, shouldn't nested_mmu.gva_to_gpa translate l2_gva->l2_gpa and

I think I got this wrong. walk_addr_generic uses translate_gpa to convert
the l2_gpa into its l1_gpa address at the end of the translation. So
nested_mmu.gva_to_gpa should translate l2_gva to l1_gpa?

>> mmu.gva_to_gpa translate l2_gpa->l1_gpa?
>
> Yes, it's correct.  It can be trivially seen by looking at
> kvm_init_shadow_ept_mmu's usage of &vcpu->arch.mmu.  This is obviously a
> l2_gpa to l1_gpa translation.

If vcpu->arch.mmu.gva_to_gpa is a l2_gpa to l1_gpa translation, then the
comment is incorrect... right? The comment says "arch.mmu.gva_to_gpa
translates l2_gva to l1_gpa" and "l2_gpa to l1_gpa addresses is done
using the arch.nested_mmu.gva_to_gpa".

>
> Whether the roles are swapped, depends on whether you think of
> "nested_mmu" as "nested guest" or "nested virtualization"  nested_mmu is
> the MMU for the nested guest, mmu is the MMU for the L1 guest and it's
> the one that takes care of nested virtualization.
>
> Paolo

Re: QUESTION: mmu.gva_to_gpa versus nested_mmu.gva_to_gpa

[Paolo Bonzini]

On 29/12/2015 17:37, David Matlack wrote:
>> > Yes, it's correct.

s/it's/you're/ :)

Paolo

Re: QUESTION: mmu.gva_to_gpa versus nested_mmu.gva_to_gpa

[David Matlack]

On Wed, Dec 30, 2015 at 3:36 AM, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
>
> On 29/12/2015 17:37, David Matlack wrote:
>>> > Yes, it's correct.
>
> s/it's/you're/ :)

Ah ok. Thanks for your help!

I will send a patch to fix the comment then.

>
> Paolo