Confused by address translation when running guest os

Confused by address translation when running guest os

[henanwxr]

1、Before do vmlaunch at the first time, CR0 in guest-state area is to paging
protect mode, and this is actual state of guest os, as follow:
GUEST_CR0=v->arch.hvm_vcpu.hw_cr[0] 
which with vaule CR0.PE=1,CR0.PG=1
but in the view of guest its CR0 is set to non paging protect mode, as
follow:
v->arch.hvm_vcpu.guest_cr[0] which with vaule CR0.PE=1,CR0.PG=0
my question is:
Initially, when executing the codes of guest os(such as hvmloader), address
translate in which mode in hell? Is it in actual state of paging protect
mode? Or in view of guest os that non paging protect mode ? And why?   
	(1)If it is in actual state of paging protect mode, then the address
translation must walk through the page table, but we don not construct a
page table in advance?
	(2)If it is in view of guest os that non paging protect mode, then it need
not a page table, I find the address translation is emulated within VMM,
liner address=physical address, as follow:
/arch/x86/hvm/emulate.c
static int hvmemul_linear_to_phys(…..
{
/* With no paging it's easy: linear == physical. */
    if ( !(curr->arch.hvm_vcpu.guest_cr[0] & X86_CR0_PG) )
    {
        *paddr = addr;
        return X86EMUL_OKAY;
    }
………………………..
But every time when guest os access memory and fetch the instruction, does
the address translation should through the emulation of VMM? And should
generate VM exit? Which I am sure is that when VMM process  I/O request of 
guest os it should generate VM exit and call this function.
2、	How does EPT(Extended-Page-Table) work in question 1 above ?
3、When execute hvmloader, it will switch the processor to V86 mode, how
implement address translation since then?
4、	when virtual Bios load the guest os kernel, guest os will switch the 
processor mode to non paging protect mode again, does the process of address
translation same as question 1?
5、	When guest os running normally, it is in paging protect mod, the process
of address translation is: 
guest os liner address --> guest os physical address ( translate by guest
page table)
guest os physical address --> machine address (translate by EPT)
right ?

--
View this message in context: http://xen.1045712.n5.nabble.com/Confused-by-address-translation-when-running-guest-os-tp4416590p4416590.html
Sent from the Xen - Dev mailing list archive at Nabble.com.

Re: Confused by address translation when running guest os

[Tim Deegan]

At 12:58 +0100 on 22 May (1306069124), henanwxr wrote:
> 1???Before do vmlaunch at the first time, CR0 in guest-state area is to paging
> protect mode, and this is actual state of guest os, as follow:
> GUEST_CR0=v->arch.hvm_vcpu.hw_cr[0] 
> which with vaule CR0.PE=1,CR0.PG=1
> but in the view of guest its CR0 is set to non paging protect mode, as
> follow:
> v->arch.hvm_vcpu.guest_cr[0] which with vaule CR0.PE=1,CR0.PG=0
> my question is:
> Initially, when executing the codes of guest os(such as hvmloader), address
> translate in which mode in hell? Is it in actual state of paging protect
> mode? Or in view of guest os that non paging protect mode ? And why?   

There are two CR0s: the one the guest sees and the one the hardware
uses.  In Xen, they're called guest_cr[0] and hw_cr[0] respectively.

So in this case, since hw_cr[0] has PG and PE set, the CPU is using
paging. 

You should probably read the Intel and AMD manuals about how VT-x/SVM
works in general if you're finding this confusing.

> ???	(1)If it is in actual state of paging protect mode, then the address
> translation must walk through the page table, but we don not construct a
> page table in advance?

The pagetables used are the shadow pagetables, which are constructed on
demand.

> ???	(2)If it is in view of guest os that non paging protect mode, then it need
> not a page table, I find the address translation is emulated within VMM,
> liner address=physical address, as follow:
> /arch/x86/hvm/emulate.c
> static int hvmemul_linear_to_phys(???..
> {
> /* With no paging it's easy: linear == physical. */
>     if ( !(curr->arch.hvm_vcpu.guest_cr[0] & X86_CR0_PG) )
>     {
>         *paddr = addr;
>         return X86EMUL_OKAY;
>     }
> ???????????????????????????..

Remember, this code is _emulating_ the virtual machine.  When the guest
thinks paging is disabled, then its linear addresses are the same as its
physical addresses.  There is another step of translation from
guest-specific physical addresses to machine addressess to find the
actual data. 

> But every time when guest os access memory and fetch the instruction, does
> the address translation should through the emulation of VMM? And should
> generate VM exit? Which I am sure is that when VMM process  I/O request of 
> guest os it should generate VM exit and call this function.
> 2???	How does EPT(Extended-Page-Table) work in question 1 above ?

With EPT, hw_cr[0] has PG clear and the p2m is supplied to the CPU so it
can do both translations at once.

> 3???When execute hvmloader, it will switch the processor to V86 mode, how
> implement address translation since then?

>From linear to physical to machine is exactly the same as protected
mode; it's only the segmentation step that's different.  

> 4???	when virtual Bios load the guest os kernel, guest os will switch the 
> processor mode to non paging protect mode again, does the process of address
> translation same as question 1?

Yes.

> 5???	When guest os running normally, it is in paging protect mod, the process
> of address translation is: 
> guest os liner address --> guest os physical address ( translate by guest
> page table)
> guest os physical address --> machine address (translate by EPT)
> right ?

Yes, if you're using EPT.  If not, both steps are done by the shadow PT.
And in either case, when Xen is emulating an instruction, it does both
steps separately in software. 

Tim.

-- 
Tim Deegan <Tim.Deegan@citrix.com>
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)