All of lore.kernel.org
 help / color / mirror / Atom feed
From: David Hildenbrand <david@redhat.com>
To: Jim Mattson <jmattson@google.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
	kvm list <kvm@vger.kernel.org>,
	David Hildenbrand <dahi@linux.vnet.ibm.com>
Subject: Re: [PATCH 7/8] kvm: nVMX: Introduce KVM_CAP_VMX_STATE
Date: Mon, 8 Jan 2018 22:19:37 +0100	[thread overview]
Message-ID: <113868cd-5a82-495b-8a0b-d17217c76fd5@redhat.com> (raw)
In-Reply-To: <CALMp9eS5m-bhshOg7_BDQ610VbnEieowXWCT01tNy9OifUeN4g@mail.gmail.com>

On 08.01.2018 21:59, Jim Mattson wrote:
> On Mon, Jan 8, 2018 at 12:27 PM, David Hildenbrand <david@redhat.com> wrote:
>> On 08.01.2018 21:19, Jim Mattson wrote:
>>> Even more trivially, what if the L2 VM is configured never to leave
>>> VMX non-root operation? Then we never exit to userspace?
>>
>> Well we would make the PC point at the VMLAUNCH. Then exit to userspace.
> 
> That doesn't work, for so many reasons.
> 
> 1. It's not sufficient to just rollback the instruction pointer. You
> also need to rollback CS, CR0, CR3 (and possibly the PDPTEs), and CR4,
> so that the virtual address of the instruction pointer will actually
> map to the same physical address as it did the first time.

I expect these values to be the same once leaving non-root mode (as the
CPU itself hasn't executed anything except the nested guest) But yes, it
could be tricky.

If the page
> tables have changed, or the L1 guest has overwritten the
> VMLAUNCH/VMRESUME instruction, then you're out of luck.

Page tables getting changed by other CPUs is actually a good point. But
I would consider both as "theoretical" problems. At least compared to
the interrupt stuff, which could also happen on guests behaving in a
more sane way.

> 2. As you point out, interrupts are a problem. Interrupts can't be
> delivered in this context, because the vCPU shouldn't be in this
> context (and the guest may have already observed the transition to
> L2).

Yes, I also see this as the major problem.

> 3. I'm assuming that you're planning to store most of the current L2
> state in the cached VMCS12, at least where you can. Even so, the next
> "VM-entry" can't perform any of the normal VM-entry actions that would
> clobber the current L2 state that isn't in the cached VMCS12 (e.g.
> processing the VM-entry MSR load list). So, you need to have a flag
> indicating that this isn't a real VM-entry. That's no better than
> carrying the nested_run_pending flag.

Not sure if that would really be necessary (would have to look into the
details first). But sounds like nested_run_pending seems unavoidable on
x86. So I'd better get used to QEMU dealing with nested CPU state (which
is somehow scary to me - an emulator getting involved in nested
execution - what could go wrong :) )

Good we talked about it (and thanks for your time). I learned a lot today!

>>
>> --
>>
>> Thanks,
>>
>> David / dhildenb


-- 

Thanks,

David / dhildenb

  reply	other threads:[~2018-01-08 21:19 UTC|newest]

Thread overview: 63+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-11-30 20:03 [PATCH 0/8] kvm: nVMX: Checkpoint/restore support for VMX state Jim Mattson
2016-11-30 20:03 ` [PATCH 1/8] kvm: nVMX: Prepare for checkpointing L2 state Jim Mattson
2016-11-30 20:03 ` [PATCH 2/8] kvm: nVMX: Refactor handle_vmon() Jim Mattson
2016-11-30 20:03 ` [PATCH 3/8] kvm: nVMX: Refactor handle_vmptrld() Jim Mattson
2016-11-30 20:03 ` [PATCH 4/8] kvm: nVMX: Refactor nested_get_vmcs12_pages() Jim Mattson
2016-11-30 20:03 ` [PATCH 5/8] kvm: nVMX: Split VMCS checks from nested_vmx_run() Jim Mattson
2016-11-30 20:03 ` [PATCH 6/8] kvm: nVMX: Refactor nested_vmx_run() Jim Mattson
2016-11-30 20:03 ` [PATCH 7/8] kvm: nVMX: Introduce KVM_CAP_VMX_STATE Jim Mattson
2016-12-09 15:26   ` Paolo Bonzini
2016-12-09 15:55     ` David Hildenbrand
2016-12-09 19:26       ` Paolo Bonzini
2016-12-12 14:14         ` David Hildenbrand
2017-02-15 11:56     ` Paolo Bonzini
2017-02-15 16:06       ` Jim Mattson
2017-02-15 16:14         ` Paolo Bonzini
2017-02-15 16:58           ` Jim Mattson
2017-02-15 17:37             ` Paolo Bonzini
2017-02-15 18:19               ` Jim Mattson
2017-02-15 21:28                 ` Paolo Bonzini
2017-12-19  3:07                   ` Jim Mattson
2017-12-19 10:35                     ` David Hildenbrand
2017-12-19 17:26                       ` Jim Mattson
2017-12-19 17:33                         ` David Hildenbrand
2017-12-19 17:40                           ` David Hildenbrand
2017-12-19 19:21                             ` Jim Mattson
2017-12-19 19:52                               ` David Hildenbrand
2017-12-19 21:29                               ` Paolo Bonzini
2018-01-08 10:35                                 ` David Hildenbrand
2018-01-08 17:25                                   ` Jim Mattson
2018-01-08 17:36                                     ` Paolo Bonzini
2018-01-08 17:59                                       ` David Hildenbrand
2018-01-08 18:11                                         ` Paolo Bonzini
2018-01-08 18:23                                           ` David Hildenbrand
2018-01-08 20:19                                             ` Jim Mattson
2018-01-08 20:27                                               ` David Hildenbrand
2018-01-08 20:59                                                 ` Jim Mattson
2018-01-08 21:19                                                   ` David Hildenbrand [this message]
2018-01-08 21:40                                                     ` Jim Mattson
2018-01-08 21:46                                                       ` David Hildenbrand
2018-01-08 21:55                                                         ` Jim Mattson
2018-01-09  8:19                                                           ` David Hildenbrand
2018-01-08 18:17                                         ` Jim Mattson
2017-12-19 12:45                     ` Paolo Bonzini
2016-11-30 20:03 ` [PATCH 8/8] kvm: nVMX: Defer gpa->hpa lookups for set_vmx_state Jim Mattson
2016-12-09 15:35   ` Paolo Bonzini
2016-12-09 16:26     ` Jim Mattson
2016-12-10  7:48       ` Paolo Bonzini
2016-12-06  9:04 ` [PATCH 0/8] kvm: nVMX: Checkpoint/restore support for VMX state David Hildenbrand
2016-12-06 19:02   ` Jim Mattson
2016-12-09 15:28     ` Paolo Bonzini
2016-12-09 16:16       ` Jim Mattson
2016-12-09 19:15         ` Paolo Bonzini
2017-02-15 19:30           ` Jim Mattson
2017-02-15 21:26             ` Paolo Bonzini
2017-02-15 22:00               ` Jim Mattson
2017-02-15 22:05                 ` Paolo Bonzini
2017-02-15 22:49                   ` Jim Mattson
2017-02-15 23:09                     ` Paolo Bonzini
2017-02-08 16:24 ` Paolo Bonzini
2017-02-14 22:17   ` Jim Mattson
2017-02-15 10:15     ` Paolo Bonzini
2017-02-15 17:02       ` Jim Mattson
2017-02-15 17:31         ` Paolo Bonzini

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=113868cd-5a82-495b-8a0b-d17217c76fd5@redhat.com \
    --to=david@redhat.com \
    --cc=dahi@linux.vnet.ibm.com \
    --cc=jmattson@google.com \
    --cc=kvm@vger.kernel.org \
    --cc=pbonzini@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.