From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Jan Beulich" <JBeulich@suse.com>
Subject: Re: hap_invlpg() vs INVLPGA
Date: Mon, 01 Feb 2016 01:04:59 -0700
Message-ID: <56AF1FBB02000078000CCBF0@prv-mh.provo.novell.com>
References: <56AB761F02000078000CC667@prv-mh.provo.novell.com>
	<56AB6FB7.7030003@amazon.de> <56AB70FE.9030906@amazon.de>
	<56AB992202000078000CC72C@prv-mh.provo.novell.com>
	<56AB9CD9.8070103@amazon.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta14.messagelabs.com ([193.109.254.103])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <JBeulich@suse.com>) id 1aQ9Tu-00028L-R3
	for xen-devel@lists.xenproject.org; Mon, 01 Feb 2016 08:05:06 +0000
In-Reply-To: <56AB9CD9.8070103@amazon.de>
Content-Disposition: inline
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Christoph Egger <chegger@amazon.de>
Cc: xen-devel <xen-devel@lists.xenproject.org>
List-Id: xen-devel@lists.xenproject.org

>>> On 29.01.16 at 18:09, <chegger@amazon.de> wrote:
> On 29/01/16 16:53, Jan Beulich wrote:
>>>>> On 29.01.16 at 15:02, <chegger@amazon.de> wrote:
>>> On 29/01/16 14:57, Egger, Christoph wrote:
>>>> On 29/01/16 14:24, Jan Beulich wrote:
>>>>> Christoph,
>>>>>
>>>>> in commit dd6de3ab99 ("Implement Nested-on-Nested") you added
>>>>> code to hap_invlpg() supposedly emulating INVLPGA. I've been
>>>>> stumbling across this a number of times in the past, not being able
>>>>> to make the connection between (a) VMX/EPT and INVLPGA and
>>>>> (b) SVM's INVLPGA intercept and this function.
>>>>
>>>> When you boot Windows 7 as L1 guest and XP-Mode as L2 guest then
>>>> L2 guest uses INVLPG instruction to invalidate a page and L1 guest
>>>> handles this via using INVLPGA instruction.
>>>>
>>>> The INVLPG intercept flushes the nested hap p2m which is effectively
>>>> a TLB flush to the L1 guest.
>>>
>>> ... actually to the L2 guest. Sorry for the typo.
>> 
>> So if the L1 guest does an INVLPGA, we should see an INVLPGA
>> intercept, not an INVLPG one.
> 
> INVLPG intercept comes first from L2 then INVLPGA from L1.

I.e. Xen's action should be in response to the intercepted INVLPGA,
which afaict wouldn't lead to hap_invlpg().

>>>> Then this intercept is injected into L1 guest.
>> 
>> This, otoh, reads as if you imply we intercept the L2's INVLPG.
>> Yet the INVLPG intercept gets cleared when the domain uses
>> NPT (and your original change also didn't alter any intercept
>> settings). Hence I'm still lost how hap_invlpg() can be reached
>> in that case other than via emulating INVLPG in the instruction
>> emulator.
> 
> svm_invlpg_intercept() and vmx_invlpg_intercept() call
> paging_invlpg().  paging_invlpg() calls hap_invlpg()
> as initialized in xen/arch/x86/mm/hap/hap.c

That's all fine, but according to my previous reply: How does
execution reach svm_invlpg_intercept() when the INVLPG
intercept gets disabled for domains using HAP (NPT)?

Jan