From mboxrd@z Thu Jan  1 00:00:00 1970
From: Keir Fraser <keir.fraser@eu.citrix.com>
Subject: Re: [PATCH 06/16] vmx: nest: handling VMX instruction
	exits
Date: Wed, 15 Sep 2010 14:12:43 +0100
Message-ID: <C8B684DB.230B8%keir.fraser@eu.citrix.com>
References: <1A42CE6F5F474C41B63392A5F80372B22A8C236B@shsmsx501.ccr.corp.intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <1A42CE6F5F474C41B63392A5F80372B22A8C236B@shsmsx501.ccr.corp.intel.com>
List-Unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: "Dong, Eddie" <eddie.dong@intel.com>, Christoph Egger <Christoph.Egger@amd.com>, "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>
Cc: Tim Deegan <Tim.Deegan@eu.citrix.com>, "He, Qing" <qing.he@intel.com>
List-Id: xen-devel@lists.xenproject.org

On 15/09/2010 13:36, "Dong, Eddie" <eddie.dong@intel.com> wrote:

>> Actually it is an issue now. This has nothing to do with VT-d (ie.
>> IOMMU, irq remapping, etc) but with basic core VMX functionality --
>> per I/O port direct execute versus vmexit; per virtual-address page
> 
> I see, for the I/O port, right now we are letting L1 handle it though it
> doesn't expect to :(
> How about to remove the capability of CPU_BASED_ACTIVATE_IO_BITMAP in L1 VMM
> for now to focus on framework?

Well. It'd be better if just worked really, wouldn't it? :-) How hard can it
be?

>> direct access versus #PF vmexit; per physical-frame direct access
>> versus nexted-paging vmexit. In any of these cases the L1 may think
> 
> Didn't quit catch. The memory direct access is always guarded by L0 shadow or
> nested EPT/NPT. Missing something?

L1 gives L2 direct access to, say, HPET (memory-mapped IO) which is actually
(unknown to L1) a virtual HPET emulated by Xen? Yeah, okay, that may be more
unlikely to happen in practice but it *is* allowable by the architecture and
it *should* be supported.

I would be inclined to add test cases for nestedhvm to hvmloader (we already
test various other tricky things in there) to test these kinds of cases.
Broadly speaking it's just a case of walking VVMCS structures to check
IO_BITMAP, or shadow pagetables, or EPT, and jump to the emulator with L2
state if the L1 would have permitted execution. It's really a core bit of
logic in properly doing nested VMX. The unfortunate thing is that the
necessary checks will slow down nested-hvm further, I guess, but perhaps
it's not too bad?

 -- Keir