[PATCH 1/2] Nested VMX: update nested paging mode on vmexit

[PATCH 1/2] Nested VMX: update nested paging mode on vmexit

[Yang Zhang]

From: Yang Zhang <yang.z.zhang@Intel.com>

Since SVM and VMX use different mechanism to emulate the virtual-vmentry
and virtual-vmexit, it's hard to update the nested paging mode correctly in
common code. So we need to update the nested paging mode in their respective
code path.
SVM already updates the nested paging mode on vmexit. This patch adds the same
logic in VMX side.

Previous discussion is here:
http://lists.xen.org/archives/html/xen-devel/2013-12/msg01759.html

Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com>
---
 xen/arch/x86/hvm/vmx/vmx.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index f6409d6..baf3040 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -2541,6 +2541,7 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs)
     vcpu_nestedhvm(v).nv_vmswitch_in_progress = 0;
     if ( nestedhvm_vcpu_in_guestmode(v) )
     {
+        paging_update_nestedmode(v);
         if ( nvmx_n2_vmexit_handler(regs, exit_reason) )
             goto out;
     }
-- 
1.7.1

[PATCH 2/2] Nested EPT: fixing issue of translate L2 gva to L1 gfn

[Yang Zhang]

From: Yang Zhang <yang.z.zhang@Intel.com>

There is no way to translate L2 gva to L1 gfn directly. To do it,
we need to get L2's gfn first. Then look up the virtual EPT to get L1's gfn.

Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com>
---
 xen/arch/x86/mm/p2m.c |   25 ++++++++++++++++++++-----
 1 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index 8f380ed..e92cfbe 100644
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -1605,22 +1605,37 @@ unsigned long paging_gva_to_gfn(struct vcpu *v,
         && paging_mode_hap(v->domain) 
         && nestedhvm_is_n2(v) )
     {
-        unsigned long gfn;
+        unsigned long gfn, l1gfn, exit_qual;
         struct p2m_domain *p2m;
         const struct paging_mode *mode;
-        uint32_t pfec_21 = *pfec;
         uint64_t np2m_base = nhvm_vcpu_p2m_base(v);
+        unsigned int page_order, exit_reason;
+        int rc;
+        uint8_t p2m_acc;
+        struct nestedvmx *nvmx = &vcpu_2_nvmx(v);
 
         /* translate l2 guest va into l2 guest gfn */
         p2m = p2m_get_nestedp2m(v, np2m_base);
         mode = paging_get_nestedmode(v);
         gfn = mode->gva_to_gfn(v, p2m, va, pfec);
 
+        if ( gfn == INVALID_GFN )
+            return gfn;
+
         /* translate l2 guest gfn into l1 guest gfn */
-        return hostmode->p2m_ga_to_gfn(v, hostp2m, np2m_base,
-                                       gfn << PAGE_SHIFT, &pfec_21, NULL);
-    }
+        rc = nept_translate_l2ga(v, gfn << 12 , &page_order, 4, &l1gfn, &p2m_acc,
+                                &exit_qual, &exit_reason);
+        if ( rc == EPT_TRANSLATE_VIOLATION || rc == EPT_TRANSLATE_MISCONFIG )
+        {
+            nvmx->ept.exit_reason = exit_reason;
+            nvmx->ept.exit_qual = exit_qual;
+            vcpu_nestedhvm(current).nv_vmexit_pending = 1;
+        }
+        if ( rc == EPT_TRANSLATE_RETRY )
+            *pfec = PFEC_page_paged;
 
+        return l1gfn;
+    }
     return hostmode->gva_to_gfn(v, hostp2m, va, pfec);
 }
 
-- 
1.7.1

Re: [PATCH 1/2] Nested VMX: update nested paging mode on vmexit

[Egger, Christoph]

On 12.02.14 03:08, Yang Zhang wrote:
> From: Yang Zhang <yang.z.zhang@Intel.com>
> 
> Since SVM and VMX use different mechanism to emulate the virtual-vmentry
> and virtual-vmexit, it's hard to update the nested paging mode correctly in
> common code. So we need to update the nested paging mode in their respective
> code path.
> SVM already updates the nested paging mode on vmexit. This patch adds the same
> logic in VMX side.
> 
> Previous discussion is here:
> http://lists.xen.org/archives/html/xen-devel/2013-12/msg01759.html
> 
> Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com>
Reviewed-by: Christoph Egger <chegger@amazon.de>

> ---
>  xen/arch/x86/hvm/vmx/vmx.c |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
> index f6409d6..baf3040 100644
> --- a/xen/arch/x86/hvm/vmx/vmx.c
> +++ b/xen/arch/x86/hvm/vmx/vmx.c
> @@ -2541,6 +2541,7 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs)
>      vcpu_nestedhvm(v).nv_vmswitch_in_progress = 0;
>      if ( nestedhvm_vcpu_in_guestmode(v) )
>      {
> +        paging_update_nestedmode(v);
>          if ( nvmx_n2_vmexit_handler(regs, exit_reason) )
>              goto out;
>      }
> 

Re: [PATCH 2/2] Nested EPT: fixing issue of translate L2 gva to L1 gfn

[Egger, Christoph]

On 12.02.14 03:08, Yang Zhang wrote:
> From: Yang Zhang <yang.z.zhang@Intel.com>
> 
> There is no way to translate L2 gva to L1 gfn directly.

Why?

> To do it, we need to get L2's gfn first. Then look up the virtual EPT to get L1's gfn.
> 
> Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com>
> ---
>  xen/arch/x86/mm/p2m.c |   25 ++++++++++++++++++++-----
>  1 files changed, 20 insertions(+), 5 deletions(-)
> 
> diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
> index 8f380ed..e92cfbe 100644
> --- a/xen/arch/x86/mm/p2m.c
> +++ b/xen/arch/x86/mm/p2m.c
> @@ -1605,22 +1605,37 @@ unsigned long paging_gva_to_gfn(struct vcpu *v,
>          && paging_mode_hap(v->domain) 
>          && nestedhvm_is_n2(v) )
>      {
> -        unsigned long gfn;
> +        unsigned long gfn, l1gfn, exit_qual;
>          struct p2m_domain *p2m;
>          const struct paging_mode *mode;
> -        uint32_t pfec_21 = *pfec;
>          uint64_t np2m_base = nhvm_vcpu_p2m_base(v);
> +        unsigned int page_order, exit_reason;
> +        int rc;
> +        uint8_t p2m_acc;
> +        struct nestedvmx *nvmx = &vcpu_2_nvmx(v);
>  
>          /* translate l2 guest va into l2 guest gfn */
>          p2m = p2m_get_nestedp2m(v, np2m_base);
>          mode = paging_get_nestedmode(v);
>          gfn = mode->gva_to_gfn(v, p2m, va, pfec);
>  
> +        if ( gfn == INVALID_GFN )
> +            return gfn;
> +
>          /* translate l2 guest gfn into l1 guest gfn */
> -        return hostmode->p2m_ga_to_gfn(v, hostp2m, np2m_base,
> -                                       gfn << PAGE_SHIFT, &pfec_21, NULL);
> -    }

I think in p2m-ept.c you should override that function pointer to a EPT
specific implementation.

Christoph

> +        rc = nept_translate_l2ga(v, gfn << 12 , &page_order, 4, &l1gfn, &p2m_acc,
> +                                &exit_qual, &exit_reason);
> +        if ( rc == EPT_TRANSLATE_VIOLATION || rc == EPT_TRANSLATE_MISCONFIG )
> +        {
> +            nvmx->ept.exit_reason = exit_reason;
> +            nvmx->ept.exit_qual = exit_qual;
> +            vcpu_nestedhvm(current).nv_vmexit_pending = 1;
> +        }
> +        if ( rc == EPT_TRANSLATE_RETRY )
> +            *pfec = PFEC_page_paged;
>  
> +        return l1gfn;
> +    }
>      return hostmode->gva_to_gfn(v, hostp2m, va, pfec);
>  }
>  
> 

Re: [PATCH 2/2] Nested EPT: fixing issue of translate L2 gva to L1 gfn

[Zhang, Yang Z]

Egger, Christoph wrote on 2014-02-12:
> On 12.02.14 03:08, Yang Zhang wrote:
>> From: Yang Zhang <yang.z.zhang@Intel.com>
>> 
>> There is no way to translate L2 gva to L1 gfn directly.
> 
> Why?

I guess you mean p2m_ga_to_gfn() is able to do it. 

> 
>> To do it, we need to get L2's gfn first. Then look up the virtual EPT
>> to get L1's gfn.
>> 
>> Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com>
>> ---
>>  xen/arch/x86/mm/p2m.c |   25 ++++++++++++++++++++-----
>>  1 files changed, 20 insertions(+), 5 deletions(-)
>> diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index
>> 8f380ed..e92cfbe 100644
>> --- a/xen/arch/x86/mm/p2m.c
>> +++ b/xen/arch/x86/mm/p2m.c
>> @@ -1605,22 +1605,37 @@ unsigned long paging_gva_to_gfn(struct vcpu
> *v,
>>          && paging_mode_hap(v->domain)
>>          && nestedhvm_is_n2(v) )
>>      {
>> -        unsigned long gfn;
>> +        unsigned long gfn, l1gfn, exit_qual;
>>          struct p2m_domain *p2m; const struct paging_mode *mode; -     
>>            uint32_t pfec_21 = *pfec; uint64_t np2m_base =
>>          nhvm_vcpu_p2m_base(v);
>> +        unsigned int page_order, exit_reason;
>> +        int rc;
>> +        uint8_t p2m_acc;
>> +        struct nestedvmx *nvmx = &vcpu_2_nvmx(v);
>> 
>>          /* translate l2 guest va into l2 guest gfn */
>>          p2m = p2m_get_nestedp2m(v, np2m_base);
>>          mode = paging_get_nestedmode(v);
>>          gfn = mode->gva_to_gfn(v, p2m, va, pfec);
>> +        if ( gfn == INVALID_GFN )
>> +            return gfn;
>> +
>>          /* translate l2 guest gfn into l1 guest gfn */
>> -        return hostmode->p2m_ga_to_gfn(v, hostp2m, np2m_base, -       
>>                                gfn << PAGE_SHIFT, &pfec_21, NULL); -   
>> }
> 
> I think in p2m-ept.c you should override that function pointer to a
> EPT specific implementation.
> 

Right. I just noticed that p2m_ga_to_gfn() is designed to do this. 

> Christoph
> 
>> +        rc = nept_translate_l2ga(v, gfn << 12 , &page_order, 4, +
>> &l1gfn, &p2m_acc, +                                &exit_qual,
>> &exit_reason); +        if ( rc == EPT_TRANSLATE_VIOLATION || rc ==
>> EPT_TRANSLATE_MISCONFIG ) +        { +            nvmx->ept.exit_reason
>> = exit_reason; +            nvmx->ept.exit_qual = exit_qual; +         
>>   vcpu_nestedhvm(current).nv_vmexit_pending = 1; +        } +        if
>> ( rc == EPT_TRANSLATE_RETRY ) +            *pfec = PFEC_page_paged;
>> 
>> +        return l1gfn;
>> +    }
>>      return hostmode->gva_to_gfn(v, hostp2m, va, pfec);  }
>>


Best regards,
Yang