From: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
To: Jun Nakajima <jun.nakajima@intel.com>
Cc: kvm@vger.kernel.org, Gleb Natapov <gleb@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH v3 05/13] nEPT: MMU context for nested EPT
Date: Tue, 21 May 2013 16:50:58 +0800 [thread overview]
Message-ID: <519B3572.7020604@linux.vnet.ibm.com> (raw)
In-Reply-To: <1368939152-11406-5-git-send-email-jun.nakajima@intel.com>
On 05/19/2013 12:52 PM, Jun Nakajima wrote:
> From: Nadav Har'El <nyh@il.ibm.com>
>
> KVM's existing shadow MMU code already supports nested TDP. To use it, we
> need to set up a new "MMU context" for nested EPT, and create a few callbacks
> for it (nested_ept_*()). This context should also use the EPT versions of
> the page table access functions (defined in the previous patch).
> Then, we need to switch back and forth between this nested context and the
> regular MMU context when switching between L1 and L2 (when L1 runs this L2
> with EPT).
>
> Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
> Signed-off-by: Jun Nakajima <jun.nakajima@intel.com>
> Signed-off-by: Xinhao Xu <xinhao.xu@intel.com>
> ---
> arch/x86/kvm/mmu.c | 38 ++++++++++++++++++++++++++++++++++++++
> arch/x86/kvm/mmu.h | 1 +
> arch/x86/kvm/vmx.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
> 3 files changed, 92 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
> index 6c1670f..37f8d7f 100644
> --- a/arch/x86/kvm/mmu.c
> +++ b/arch/x86/kvm/mmu.c
> @@ -3653,6 +3653,44 @@ int kvm_init_shadow_mmu(struct kvm_vcpu *vcpu, struct kvm_mmu *context)
> }
> EXPORT_SYMBOL_GPL(kvm_init_shadow_mmu);
>
> +int kvm_init_shadow_EPT_mmu(struct kvm_vcpu *vcpu, struct kvm_mmu *context)
> +{
> + ASSERT(vcpu);
> + ASSERT(!VALID_PAGE(vcpu->arch.mmu.root_hpa));
> +
> + context->shadow_root_level = kvm_x86_ops->get_tdp_level();
That means L1 guest always uses page-walk length == 4? But in your previous patch,
it can be 2.
> +
> + context->nx = is_nx(vcpu); /* TODO: ? */
Hmm? EPT always support NX.
> + context->new_cr3 = paging_new_cr3;
> + context->page_fault = EPT_page_fault;
> + context->gva_to_gpa = EPT_gva_to_gpa;
> + context->sync_page = EPT_sync_page;
> + context->invlpg = EPT_invlpg;
> + context->update_pte = EPT_update_pte;
> + context->free = paging_free;
> + context->root_level = context->shadow_root_level;
> + context->root_hpa = INVALID_PAGE;
> + context->direct_map = false;
> +
> + /* TODO: reset_rsvds_bits_mask() is not built for EPT, we need
> + something different.
> + */
Exactly. :)
> + reset_rsvds_bits_mask(vcpu, context);
> +
> +
> + /* TODO: I copied these from kvm_init_shadow_mmu, I don't know why
> + they are done, or why they write to vcpu->arch.mmu and not context
> + */
> + vcpu->arch.mmu.base_role.cr4_pae = !!is_pae(vcpu);
> + vcpu->arch.mmu.base_role.cr0_wp = is_write_protection(vcpu);
> + vcpu->arch.mmu.base_role.smep_andnot_wp =
> + kvm_read_cr4_bits(vcpu, X86_CR4_SMEP) &&
> + !is_write_protection(vcpu);
I guess we need not care these since the permission of EPT page does not depend
on these.
> +
> + return 0;
> +}
> +EXPORT_SYMBOL_GPL(kvm_init_shadow_EPT_mmu);
> +
> static int init_kvm_softmmu(struct kvm_vcpu *vcpu)
> {
> int r = kvm_init_shadow_mmu(vcpu, vcpu->arch.walk_mmu);
> diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h
> index 2adcbc2..8fc94dd 100644
> --- a/arch/x86/kvm/mmu.h
> +++ b/arch/x86/kvm/mmu.h
> @@ -54,6 +54,7 @@ int kvm_mmu_get_spte_hierarchy(struct kvm_vcpu *vcpu, u64 addr, u64 sptes[4]);
> void kvm_mmu_set_mmio_spte_mask(u64 mmio_mask);
> int handle_mmio_page_fault_common(struct kvm_vcpu *vcpu, u64 addr, bool direct);
> int kvm_init_shadow_mmu(struct kvm_vcpu *vcpu, struct kvm_mmu *context);
> +int kvm_init_shadow_EPT_mmu(struct kvm_vcpu *vcpu, struct kvm_mmu *context);
>
> static inline unsigned int kvm_mmu_available_pages(struct kvm *kvm)
> {
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index fb9cae5..a88432f 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -1045,6 +1045,11 @@ static inline bool nested_cpu_has_virtual_nmis(struct vmcs12 *vmcs12,
> return vmcs12->pin_based_vm_exec_control & PIN_BASED_VIRTUAL_NMIS;
> }
>
> +static inline int nested_cpu_has_ept(struct vmcs12 *vmcs12)
> +{
> + return nested_cpu_has2(vmcs12, SECONDARY_EXEC_ENABLE_EPT);
> +}
> +
> static inline bool is_exception(u32 intr_info)
> {
> return (intr_info & (INTR_INFO_INTR_TYPE_MASK | INTR_INFO_VALID_MASK))
> @@ -7311,6 +7316,46 @@ static void vmx_set_supported_cpuid(u32 func, struct kvm_cpuid_entry2 *entry)
> entry->ecx |= bit(X86_FEATURE_VMX);
> }
>
> +/* Callbacks for nested_ept_init_mmu_context: */
> +
> +static unsigned long nested_ept_get_cr3(struct kvm_vcpu *vcpu)
> +{
> + /* return the page table to be shadowed - in our case, EPT12 */
> + return get_vmcs12(vcpu)->ept_pointer;
> +}
> +
> +static void nested_ept_inject_page_fault(struct kvm_vcpu *vcpu,
> + struct x86_exception *fault)
> +{
> + struct vmcs12 *vmcs12;
> + nested_vmx_vmexit(vcpu);
> + vmcs12 = get_vmcs12(vcpu);
> + /*
> + * Note no need to set vmcs12->vm_exit_reason as it is already copied
> + * from vmcs02 in nested_vmx_vmexit() above, i.e., EPT_VIOLATION.
> + */
> + vmcs12->exit_qualification = fault->error_code;
Hmm, you directly copy the error code from FNAME(walk_addr_generic),
but its format is different and i did not see you cook the error code
in the previous patches.
next prev parent reply other threads:[~2013-05-21 8:51 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-19 4:52 [PATCH v3 01/13] nEPT: Support LOAD_IA32_EFER entry/exit controls for L1 Jun Nakajima
2013-05-19 4:52 ` [PATCH v3 02/13] nEPT: Move gpte_access() and prefetch_invalid_gpte() to paging_tmpl.h Jun Nakajima
2013-05-20 12:34 ` Paolo Bonzini
2013-05-19 4:52 ` [PATCH v3 03/13] nEPT: Add EPT tables support " Jun Nakajima
2013-05-21 7:52 ` Xiao Guangrong
2013-05-21 8:30 ` Xiao Guangrong
2013-05-21 9:01 ` Gleb Natapov
2013-05-21 11:05 ` Xiao Guangrong
2013-05-21 22:26 ` Nakajima, Jun
2013-05-22 1:10 ` Xiao Guangrong
2013-05-22 6:16 ` Gleb Natapov
2013-06-11 11:32 ` Gleb Natapov
2013-06-17 12:11 ` Xiao Guangrong
2013-06-18 10:57 ` Gleb Natapov
2013-06-18 12:51 ` Xiao Guangrong
2013-06-18 13:01 ` Gleb Natapov
2013-05-19 4:52 ` [PATCH v3 04/13] nEPT: Define EPT-specific link_shadow_page() Jun Nakajima
2013-05-20 12:43 ` Paolo Bonzini
2013-05-21 8:15 ` Xiao Guangrong
2013-05-21 21:44 ` Nakajima, Jun
2013-05-19 4:52 ` [PATCH v3 05/13] nEPT: MMU context for nested EPT Jun Nakajima
2013-05-21 8:50 ` Xiao Guangrong [this message]
2013-05-21 22:30 ` Nakajima, Jun
2013-05-19 4:52 ` [PATCH v3 06/13] nEPT: Fix cr3 handling in nested exit and entry Jun Nakajima
2013-05-20 13:19 ` Paolo Bonzini
2013-06-12 12:42 ` Gleb Natapov
2013-05-19 4:52 ` [PATCH v3 07/13] nEPT: Fix wrong test in kvm_set_cr3 Jun Nakajima
2013-05-20 13:17 ` Paolo Bonzini
2013-05-19 4:52 ` [PATCH v3 08/13] nEPT: Some additional comments Jun Nakajima
2013-05-20 13:21 ` Paolo Bonzini
2013-05-19 4:52 ` [PATCH v3 09/13] nEPT: Advertise EPT to L1 Jun Nakajima
2013-05-20 13:05 ` Paolo Bonzini
2013-05-19 4:52 ` [PATCH v3 10/13] nEPT: Nested INVEPT Jun Nakajima
2013-05-20 12:46 ` Paolo Bonzini
2013-05-21 9:16 ` Xiao Guangrong
2013-05-19 4:52 ` [PATCH v3 11/13] nEPT: Miscelleneous cleanups Jun Nakajima
2013-05-19 4:52 ` [PATCH v3 12/13] nEPT: Move is_rsvd_bits_set() to paging_tmpl.h Jun Nakajima
2013-05-19 4:52 ` [PATCH v3 13/13] nEPT: Inject EPT violation/misconfigration Jun Nakajima
2013-05-20 13:09 ` Paolo Bonzini
2013-05-21 10:56 ` Xiao Guangrong
2013-05-20 12:33 ` [PATCH v3 01/13] nEPT: Support LOAD_IA32_EFER entry/exit controls for L1 Paolo Bonzini
2013-07-02 3:01 ` Zhang, Yang Z
2013-07-02 13:59 ` Gleb Natapov
2013-07-02 14:28 ` Jan Kiszka
2013-07-02 15:15 ` Gleb Natapov
2013-07-02 15:34 ` Jan Kiszka
2013-07-02 15:43 ` Gleb Natapov
2013-07-04 8:42 ` Zhang, Yang Z
2013-07-08 12:37 ` Gleb Natapov
2013-07-08 14:28 ` Zhang, Yang Z
2013-07-08 16:08 ` Gleb Natapov
-- strict thread matches above, loose matches on Subject: below --
2013-05-09 0:53 Jun Nakajima
2013-05-09 0:53 ` [PATCH v3 02/13] nEPT: Move gpte_access() and prefetch_invalid_gpte() to paging_tmpl.h Jun Nakajima
2013-05-09 0:53 ` [PATCH v3 03/13] nEPT: Add EPT tables support " Jun Nakajima
2013-05-09 0:53 ` [PATCH v3 04/13] nEPT: Define EPT-specific link_shadow_page() Jun Nakajima
2013-05-09 0:53 ` [PATCH v3 05/13] nEPT: MMU context for nested EPT Jun Nakajima
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=519B3572.7020604@linux.vnet.ibm.com \
--to=xiaoguangrong@linux.vnet.ibm.com \
--cc=gleb@redhat.com \
--cc=jun.nakajima@intel.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.