[PATCH] nestedsvm: fix paging mode

[PATCH] nestedsvm: fix paging mode

[Christoph Egger]

[-- Attachment #1: Type: text/plain, Size: 644 bytes --]


On VMRUN and VMEXIT emulation update the paging mode
for Shadow-on-Nested. This allows Xen to walk the
l1 hypervisors shadow page table correctly.
Problem found with 64bit Win7 and 32bit XPMode where
Win7 switches forth and back between long mode and
PAE legacy pagetables.

Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>

P.S.: Please apply this patch to xen-4.2-testing as well.


-- 
---to satisfy European Law for business letters:
Advanced Micro Devices GmbH
Einsteinring 24, 85689 Dornach b. Muenchen
Geschaeftsfuehrer: Alberto Bozzo
Sitz: Dornach, Gemeinde Aschheim, Landkreis Muenchen
Registergericht Muenchen, HRB Nr. 43632

[-- Attachment #2: xen_nh_paging.diff --]
[-- Type: text/plain, Size: 969 bytes --]

diff -r ef514a30fd70 xen/arch/x86/hvm/svm/nestedsvm.c
--- a/xen/arch/x86/hvm/svm/nestedsvm.c	Fri Sep 21 13:25:22 2012 +0200
+++ b/xen/arch/x86/hvm/svm/nestedsvm.c	Fri Sep 21 14:44:13 2012 +0200
@@ -745,6 +745,11 @@ nsvm_vcpu_vmrun(struct vcpu *v, struct c
         return 1;
     }
 
+    /* If we use nested paging and l1 guest uses shadow paging ... */
+    if (paging_mode_hap(v->domain) && !nestedhvm_paging_mode_hap(v))
+        /* ... update the paging modes. */
+        paging_update_paging_modes(v);
+
     nv->nv_vmswitch_in_progress = 0;
     return 0;
 }
@@ -1412,6 +1417,11 @@ nestedsvm_vcpu_vmexit(struct vcpu *v, st
      */
     rc = nhvm_vcpu_vmexit(v, regs, exitcode);
 
+    /* If we use nested paging and l1 guest uses shadow paging ... */
+    if (paging_mode_hap(v->domain) && !nestedhvm_paging_mode_hap(v))
+        /* ... update the paging modes. */
+        paging_update_paging_modes(v);
+
     nv->nv_vmswitch_in_progress = 0;
 
     if (rc)

[-- Attachment #3: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [PATCH] nestedsvm: fix paging mode

[Tim Deegan]

At 16:01 +0200 on 21 Sep (1348243291), Christoph Egger wrote:
> 
> On VMRUN and VMEXIT emulation update the paging mode
> for Shadow-on-Nested. This allows Xen to walk the
> l1 hypervisors shadow page table correctly.
> Problem found with 64bit Win7 and 32bit XPMode where
> Win7 switches forth and back between long mode and
> PAE legacy pagetables.
> 
> Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>

Don't you have to do this in other cases as well?  I think that
shadow-on-shadow might need it, at least.

Tim.

Re: [PATCH] nestedsvm: fix paging mode

[Christoph Egger]

On 09/27/12 16:53, Tim Deegan wrote:

> At 16:01 +0200 on 21 Sep (1348243291), Christoph Egger wrote:
>>
>> On VMRUN and VMEXIT emulation update the paging mode
>> for Shadow-on-Nested. This allows Xen to walk the
>> l1 hypervisors shadow page table correctly.
>> Problem found with 64bit Win7 and 32bit XPMode where
>> Win7 switches forth and back between long mode and
>> PAE legacy pagetables.
>>
>> Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
> 
> Don't you have to do this in other cases as well?  I think that
> shadow-on-shadow might need it, at least.


It is needed for all cases where the l1 guest does shadow paging.
This includes: Shadow-on-Nested and Shadow-on-Shadow.

Christoph


-- 
---to satisfy European Law for business letters:
Advanced Micro Devices GmbH
Einsteinring 24, 85689 Dornach b. Muenchen
Geschaeftsfuehrer: Alberto Bozzo
Sitz: Dornach, Gemeinde Aschheim, Landkreis Muenchen
Registergericht Muenchen, HRB Nr. 43632

Re: [PATCH] nestedsvm: fix paging mode

[Tim Deegan]

At 15:50 +0200 on 01 Oct (1349106630), Christoph Egger wrote:
> On 09/27/12 16:53, Tim Deegan wrote:
> 
> > At 16:01 +0200 on 21 Sep (1348243291), Christoph Egger wrote:
> >>
> >> On VMRUN and VMEXIT emulation update the paging mode
> >> for Shadow-on-Nested. This allows Xen to walk the
> >> l1 hypervisors shadow page table correctly.
> >> Problem found with 64bit Win7 and 32bit XPMode where
> >> Win7 switches forth and back between long mode and
> >> PAE legacy pagetables.
> >>
> >> Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
> > 
> > Don't you have to do this in other cases as well?  I think that
> > shadow-on-shadow might need it, at least.
> 
> It is needed for all cases where the l1 guest does shadow paging.
> This includes: Shadow-on-Nested and Shadow-on-Shadow.

I've looked more closely at this and now I'm more confused. :)

Hap-on-hap seems to be OK without it because the special case in
paging_gva_to_gfn() does the right thing, using the nestedmode's pt
walker.

Why is that not good enough for shadow-on-hap?  Is there another path
that does unguarded pt walks?  If so:
 - why is that path not a problem for hap-on-hap; and
 - shouldn't that be handled the same way, i.e. either handle everything
   at lookup time, like paging_gva_to_gfn() does, or handle everything
   by switching modes at VMRUN/EXIT?

Shadow-on-shadow could potentially be handled the same way as the other
configurations, by extending the special case in paging_gva_to_gfn(),
but I suspect that a mode switch on VMRUN/EXIT is more likely to Just
Work there.

Tim.

Re: [PATCH] nestedsvm: fix paging mode

[Christoph Egger]

On 10/04/12 12:37, Tim Deegan wrote:

> At 15:50 +0200 on 01 Oct (1349106630), Christoph Egger wrote:
>> On 09/27/12 16:53, Tim Deegan wrote:
>>
>>> At 16:01 +0200 on 21 Sep (1348243291), Christoph Egger wrote:
>>>>
>>>> On VMRUN and VMEXIT emulation update the paging mode
>>>> for Shadow-on-Nested. This allows Xen to walk the
>>>> l1 hypervisors shadow page table correctly.
>>>> Problem found with 64bit Win7 and 32bit XPMode where
>>>> Win7 switches forth and back between long mode and
>>>> PAE legacy pagetables.
>>>>
>>>> Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
>>>
>>> Don't you have to do this in other cases as well?  I think that
>>> shadow-on-shadow might need it, at least.
>>
>> It is needed for all cases where the l1 guest does shadow paging.
>> This includes: Shadow-on-Nested and Shadow-on-Shadow.
> 
> I've looked more closely at this and now I'm more confused. :)
> 
> Hap-on-hap seems to be OK without it because the special case in
> paging_gva_to_gfn() does the right thing, using the nestedmode's pt
> walker.
> 
> Why is that not good enough for shadow-on-hap?  Is there another path
> that does unguarded pt walks?  If so:
>  - why is that path not a problem for hap-on-hap; and
>  - shouldn't that be handled the same way, i.e. either handle everything
>    at lookup time, like paging_gva_to_gfn() does, or handle everything
>    by switching modes at VMRUN/EXIT?


If the l1 guest does not do nested paging then Xen doesn't use the
nestedmode's pt walker.

Christoph

> Shadow-on-shadow could potentially be handled the same way as the other
> configurations, by extending the special case in paging_gva_to_gfn(),
> but I suspect that a mode switch on VMRUN/EXIT is more likely to Just
> Work there.
> 
> Tim.
> 



-- 
---to satisfy European Law for business letters:
Advanced Micro Devices GmbH
Einsteinring 24, 85689 Dornach b. Muenchen
Geschaeftsfuehrer: Alberto Bozzo
Sitz: Dornach, Gemeinde Aschheim, Landkreis Muenchen
Registergericht Muenchen, HRB Nr. 43632

Re: [PATCH] nestedsvm: fix paging mode

[Tim Deegan]

At 14:14 +0200 on 04 Oct (1349360091), Christoph Egger wrote:
> On 10/04/12 12:37, Tim Deegan wrote:
> 
> > At 15:50 +0200 on 01 Oct (1349106630), Christoph Egger wrote:
> >> On 09/27/12 16:53, Tim Deegan wrote:
> >>
> >>> At 16:01 +0200 on 21 Sep (1348243291), Christoph Egger wrote:
> >>>>
> >>>> On VMRUN and VMEXIT emulation update the paging mode
> >>>> for Shadow-on-Nested. This allows Xen to walk the
> >>>> l1 hypervisors shadow page table correctly.
> >>>> Problem found with 64bit Win7 and 32bit XPMode where
> >>>> Win7 switches forth and back between long mode and
> >>>> PAE legacy pagetables.
> >>>>
> >>>> Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
> >>>
> >>> Don't you have to do this in other cases as well?  I think that
> >>> shadow-on-shadow might need it, at least.
> >>
> >> It is needed for all cases where the l1 guest does shadow paging.
> >> This includes: Shadow-on-Nested and Shadow-on-Shadow.
> > 
> > I've looked more closely at this and now I'm more confused. :)
> > 
> > Hap-on-hap seems to be OK without it because the special case in
> > paging_gva_to_gfn() does the right thing, using the nestedmode's pt
> > walker.
> > 
> > Why is that not good enough for shadow-on-hap?  Is there another path
> > that does unguarded pt walks?  If so:
> >  - why is that path not a problem for hap-on-hap; and
> >  - shouldn't that be handled the same way, i.e. either handle everything
> >    at lookup time, like paging_gva_to_gfn() does, or handle everything
> >    by switching modes at VMRUN/EXIT?
> 
> 
> If the l1 guest does not do nested paging then Xen doesn't use the
> nestedmode's pt walker.

Ah, I was led astray by the nestedhvm_is_n2() check.  It turns out that:
nestedhvm_is_n2() returns 0 for guests that are in n2 but aren't
hap-on-hap.  That's pretty confusing, and I encourage you to change it.

Anyway, I've checked in a modified version of your patch, as 
http://xenbits.xen.org/hg/staging/xen-unstable.hg/rev/a9c84069c248
Please check that it still does what you wanted. :)

Cheers,

Tim.

Re: [PATCH] nestedsvm: fix paging mode

[Christoph Egger]

On 10/04/12 15:23, Tim Deegan wrote:

> At 14:14 +0200 on 04 Oct (1349360091), Christoph Egger wrote:
>> On 10/04/12 12:37, Tim Deegan wrote:
>>
>>> At 15:50 +0200 on 01 Oct (1349106630), Christoph Egger wrote:
>>>> On 09/27/12 16:53, Tim Deegan wrote:
>>>>
>>>>> At 16:01 +0200 on 21 Sep (1348243291), Christoph Egger wrote:
>>>>>>
>>>>>> On VMRUN and VMEXIT emulation update the paging mode
>>>>>> for Shadow-on-Nested. This allows Xen to walk the
>>>>>> l1 hypervisors shadow page table correctly.
>>>>>> Problem found with 64bit Win7 and 32bit XPMode where
>>>>>> Win7 switches forth and back between long mode and
>>>>>> PAE legacy pagetables.
>>>>>>
>>>>>> Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
>>>>>
>>>>> Don't you have to do this in other cases as well?  I think that
>>>>> shadow-on-shadow might need it, at least.
>>>>
>>>> It is needed for all cases where the l1 guest does shadow paging.
>>>> This includes: Shadow-on-Nested and Shadow-on-Shadow.
>>>
>>> I've looked more closely at this and now I'm more confused. :)
>>>
>>> Hap-on-hap seems to be OK without it because the special case in
>>> paging_gva_to_gfn() does the right thing, using the nestedmode's pt
>>> walker.
>>>
>>> Why is that not good enough for shadow-on-hap?  Is there another path
>>> that does unguarded pt walks?  If so:
>>>  - why is that path not a problem for hap-on-hap; and
>>>  - shouldn't that be handled the same way, i.e. either handle everything
>>>    at lookup time, like paging_gva_to_gfn() does, or handle everything
>>>    by switching modes at VMRUN/EXIT?
>>
>>
>> If the l1 guest does not do nested paging then Xen doesn't use the
>> nestedmode's pt walker.
> 
> Ah, I was led astray by the nestedhvm_is_n2() check.  It turns out that:
> nestedhvm_is_n2() returns 0 for guests that are in n2 but aren't
> hap-on-hap.  That's pretty confusing, and I encourage you to change it.
> 
> Anyway, I've checked in a modified version of your patch, as 
> http://xenbits.xen.org/hg/staging/xen-unstable.hg/rev/a9c84069c248
> Please check that it still does what you wanted. :)

Yes, it does. Thanks.
Please apply it to xen-4.2-testing as well.

Christoph


-- 
---to satisfy European Law for business letters:
Advanced Micro Devices GmbH
Einsteinring 24, 85689 Dornach b. Muenchen
Geschaeftsfuehrer: Alberto Bozzo
Sitz: Dornach, Gemeinde Aschheim, Landkreis Muenchen
Registergericht Muenchen, HRB Nr. 43632