From: Christoph Egger <Christoph.Egger@amd.com>
To: Tim Deegan <Tim.Deegan@citrix.com>
Cc: "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>
Subject: Re: [PATCH 10/14] Nested Virtualization: svm specific implementation
Date: Tue, 17 Aug 2010 17:49:55 +0200 [thread overview]
Message-ID: <201008171749.55377.Christoph.Egger@amd.com> (raw)
In-Reply-To: <20100809125731.GB13291@whitby.uk.xensource.com>
On Monday 09 August 2010 14:57:31 Tim Deegan wrote:
> > @@ -692,8 +732,10 @@ static void svm_ctxt_switch_to(struct vc
> > static void svm_do_resume(struct vcpu *v)
> > {
> > bool_t debug_state = v->domain->debugger_attached;
> > -
> > - if ( unlikely(v->arch.hvm_vcpu.debug_state_latch != debug_state) )
> > + bool_t guestmode = nestedhvm_vcpu_in_guestmode(v);
> > +
> > + if ( !guestmode &&
> > + unlikely(v->arch.hvm_vcpu.debug_state_latch != debug_state) )
> > {
> > uint32_t mask = (1U << TRAP_debug) | (1U << TRAP_int3);
> > v->arch.hvm_vcpu.debug_state_latch = debug_state;
> > @@ -712,11 +754,14 @@ static void svm_do_resume(struct vcpu *v
> > hvm_asid_flush_vcpu(v);
> > }
> >
> > - /* Reflect the vlapic's TPR in the hardware vtpr */
> > - v->arch.hvm_svm.vmcb->vintr.fields.tpr =
> > - (vlapic_get_reg(vcpu_vlapic(v), APIC_TASKPRI) & 0xFF) >> 4;
> > -
> > - hvm_do_resume(v);
> > + if ( !guestmode )
> > + {
> > + /* Reflect the vlapic's TPR in the hardware vtpr */
> > + v->arch.hvm_svm.vmcb->vintr.fields.tpr =
> > + (vlapic_get_reg(vcpu_vlapic(v), APIC_TASKPRI) & 0xFF) >> 4;
> > +
> > + hvm_do_resume(v);
> > + }
>
> Can you explain why we shouldn't sync the vTPR and the vlapic state when
> the guest is in nested mode?
When the vcpu is in guest mode then v->arch.hvm_svm.vmcb->vintr.fields.tpr
represents the tpr of the l2 guest. The l2 guest is not allowed to touch the
l1 guest's vTPR.
> [...]
>
> > + } else {
> > + /* host shadow paging + guest shadow paging. */
> > + host_vmcb->np_enable = 0;
> > + host_vmcb->h_cr3 = 0x0;
> > +
> > +#if 0
> > + host_vmcb->cr3 = v->shadow_shadow_table;
> > +
> > + /* hvm_set_cr3() below sets v->arch.hvm_vcpu.guest_cr[3] for us.
> > */ + rc = hvm_set_cr3(ns_vmcb->cr3);
> > + if (rc != X86EMUL_OKAY)
> > + gdprintk(XENLOG_ERR, "hvm_set_cr3 failed, rc: %u\n", rc);
> > +#endif
> > + }
> > +
>
> Please remove this.
Done in local tree. We need to revisit this when Intel comes with their
shadow-on-shadow implementation.
> [...]
>
> > +static void
> > +svm_vmexit_do_vmload(struct vmcb_struct *vmcb,
> > + struct cpu_user_regs *regs,
> > + struct vcpu *v, uint64_t vmcbaddr)
> > +{
> > + int ret;
> > + unsigned int inst_len;
> > + struct vmcb_struct *tmp_vmcb;
> > +
> > + if ( (inst_len = __get_instruction_length(v, INSTR_VMLOAD)) == 0 )
> > + return;
> > +
> > + /* tmp_vmcb can't be a local variable on the stack because
> > + * the machine stops with a sudden freeze.
> > + */
>
> A VMCB structure is large, and Xen stacks are small. :) xmalloc()ing it
> on every call seems a bit fragile though - and silently returning if the
> xmalloc() fails is wrong. Is this something that could be allocated
> once at VCPU creation time?
Yes. Done in local tree.
> > + tmp_vmcb = xmalloc(struct vmcb_struct);
> > + if (tmp_vmcb == NULL)
> > + return;
> > +
>
> [...]
>
> > @@ -1623,11 +2895,25 @@ asmlinkage void svm_vmexit_handler(struc
> >
> > case VMEXIT_MONITOR:
> > case VMEXIT_MWAIT:
> > + hvm_inject_exception(TRAP_invalid_op, HVM_DELIVER_NO_ERROR_CODE,
> > 0); + break;
> > +
> > case VMEXIT_VMRUN:
> > + svm_vmexit_do_vmrun(regs, v,
> > + regs->eax);
> > + break;
>
> svm_vmexit_do_vmrun() and the other routines called below don't seem to
> check that nested HVM is enabled; that seems like it would be bad if a
> non-nesting guest tries to execute VMRUN &c. Or have you changed the
> intercept bits somehow so that never happens?
No, you're right. When nestedhvm is disabled then the instructions should
result in a #UD. Fixed in local tree.
Christoph
> Cheers,
>
> Tim.
>
> > case VMEXIT_VMLOAD:
> > + svm_vmexit_do_vmload(vmcb, regs, v, regs->eax);
> > + break;
> > case VMEXIT_VMSAVE:
> > + svm_vmexit_do_vmsave(vmcb, regs, v, regs->eax);
> > + break;
> > case VMEXIT_STGI:
> > + svm_vmexit_do_stgi(regs, v);
> > + break;
> > case VMEXIT_CLGI:
> > + svm_vmexit_do_clgi(regs, v);
> > + break;
> > case VMEXIT_SKINIT:
> > hvm_inject_exception(TRAP_invalid_op, HVM_DELIVER_NO_ERROR_CODE,
> > 0); break;
--
---to satisfy European Law for business letters:
Advanced Micro Devices GmbH
Einsteinring 24, 85609 Dornach b. Muenchen
Geschaeftsfuehrer: Alberto Bozzo, Andrew Bowd
Sitz: Dornach, Gemeinde Aschheim, Landkreis Muenchen
Registergericht Muenchen, HRB Nr. 43632
next prev parent reply other threads:[~2010-08-17 15:49 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-05 15:04 [PATCH 10/14] Nested Virtualization: svm specific implementation Christoph Egger
2010-08-09 12:57 ` Tim Deegan
2010-08-17 15:49 ` Christoph Egger [this message]
2010-08-17 16:57 ` Tim Deegan
2010-08-18 7:48 ` Christoph Egger
2010-08-18 10:45 ` Tim Deegan
2010-08-18 10:54 ` Christoph Egger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201008171749.55377.Christoph.Egger@amd.com \
--to=christoph.egger@amd.com \
--cc=Tim.Deegan@citrix.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).