From: Bandan Das <bsd@redhat.com>
To: Marcelo Tosatti <mtosatti@redhat.com>
Cc: kvm@vger.kernel.org, Paolo Bonzini <pbonzini@redhat.com>,
Gleb Natapov <gleb@kernel.org>,
Jan Kiszka <jan.kiszka@siemens.com>
Subject: Re: [PATCH v2 1/3] KVM: nVMX: Don't advertise single context invalidation for invept
Date: Thu, 10 Apr 2014 20:27:40 -0400 [thread overview]
Message-ID: <jpgioqghfr7.fsf@nelium.bos.redhat.com> (raw)
In-Reply-To: <20140410204738.GA28576@amt.cnet> (Marcelo Tosatti's message of "Thu, 10 Apr 2014 17:47:38 -0300")
Marcelo Tosatti <mtosatti@redhat.com> writes:
> On Mon, Mar 31, 2014 at 05:00:23PM -0400, Bandan Das wrote:
>> For single context invalidation, we fall through to global
>> invalidation in handle_invept() except for one case - when
>> the operand supplied by L1 is different from what we have in
>> vmcs12. However, typically hypervisors will only call invept
>> for the currently loaded eptp, so the condition will
>> never be true.
>>
>> Signed-off-by: Bandan Das <bsd@redhat.com>
>
> Bandan,
>
> Why not fix INVEPT single-context rather than removing it entirely?
>
> "Single-context. If the INVEPT type is 1, the logical processor
> invalidates all guest-physical mappings and combined mappings associated
> with the EP4TA specified in the INVEPT descriptor. Combined mappings for
> that EP4TA are invalidated for all VPIDs and all PCIDs. (The instruction
> may invalidate mappings associated with other EP4TAs.)"
>
> So just removing the "if (EPTP != CURRENT.EPTP) BREAK" should be enough.
The single context invalidation in handle_invept() doesn't do
anything different. It just falls down to the global case.
And the invept code in Xen and KVM both seemed to fall back
to global invalidation if support for single context wasn't found.
So, it was proposed not to advertise it at all.
But rethinking this again, I agree with you. If there's a hypervisor
with a single context invept implmentation that does not fallback,
this will unfortunately not work. Jan, do you agree with this ?
Bandan
>> ---
>> arch/x86/kvm/vmx.c | 15 +++++----------
>> 1 file changed, 5 insertions(+), 10 deletions(-)
>>
>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>> index 3927528..3e7f60c 100644
>> --- a/arch/x86/kvm/vmx.c
>> +++ b/arch/x86/kvm/vmx.c
>> @@ -2331,12 +2331,11 @@ static __init void nested_vmx_setup_ctls_msrs(void)
>> VMX_EPT_INVEPT_BIT;
>> nested_vmx_ept_caps &= vmx_capability.ept;
>> /*
>> - * Since invept is completely emulated we support both global
>> - * and context invalidation independent of what host cpu
>> - * supports
>> + * For nested guests, we don't do anything specific
>> + * for single context invalidation. Hence, only advertise
>> + * support for global context invalidation.
>> */
>> - nested_vmx_ept_caps |= VMX_EPT_EXTENT_GLOBAL_BIT |
>> - VMX_EPT_EXTENT_CONTEXT_BIT;
>> + nested_vmx_ept_caps |= VMX_EPT_EXTENT_GLOBAL_BIT;
>> } else
>> nested_vmx_ept_caps = 0;
>>
>> @@ -6383,7 +6382,6 @@ static int handle_invept(struct kvm_vcpu *vcpu)
>> struct {
>> u64 eptp, gpa;
>> } operand;
>> - u64 eptp_mask = ((1ull << 51) - 1) & PAGE_MASK;
>>
>> if (!(nested_vmx_secondary_ctls_high & SECONDARY_EXEC_ENABLE_EPT) ||
>> !(nested_vmx_ept_caps & VMX_EPT_INVEPT_BIT)) {
>> @@ -6423,16 +6421,13 @@ static int handle_invept(struct kvm_vcpu *vcpu)
>> }
>>
>> switch (type) {
>> - case VMX_EPT_EXTENT_CONTEXT:
>> - if ((operand.eptp & eptp_mask) !=
>> - (nested_ept_get_cr3(vcpu) & eptp_mask))
>> - break;
>> case VMX_EPT_EXTENT_GLOBAL:
>> kvm_mmu_sync_roots(vcpu);
>> kvm_mmu_flush_tlb(vcpu);
>> nested_vmx_succeed(vcpu);
>> break;
>> default:
>> + /* Trap single context invalidation invept calls */
>> BUG_ON(1);
>> break;
>> }
>> --
>> 1.8.3.1
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe kvm" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2014-04-11 0:27 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-31 21:00 [PATCH v2 0/3] nVMX: Fixes to run Xen as L1 Bandan Das
2014-03-31 21:00 ` [PATCH v2 1/3] KVM: nVMX: Don't advertise single context invalidation for invept Bandan Das
2014-04-10 20:47 ` Marcelo Tosatti
2014-04-11 0:27 ` Bandan Das [this message]
2014-04-11 6:22 ` Jan Kiszka
2014-04-11 17:26 ` Bandan Das
2014-04-11 18:01 ` Jan Kiszka
2014-04-11 18:35 ` Bandan Das
2014-04-11 18:53 ` Jan Kiszka
2014-04-11 19:35 ` Marcelo Tosatti
2014-04-14 5:46 ` Jan Kiszka
2014-04-11 19:38 ` Bandan Das
2014-04-11 18:48 ` Marcelo Tosatti
2014-04-11 19:33 ` Bandan Das
2014-04-11 19:02 ` Marcelo Tosatti
2014-03-31 21:00 ` [PATCH v2 2/3] KVM: nVMX: Ack and write vector info to intr_info if L1 asks us to Bandan Das
2014-04-11 18:33 ` Marcelo Tosatti
2014-04-11 19:17 ` Bandan Das
2014-04-11 19:20 ` Marcelo Tosatti
2014-04-12 16:57 ` Paolo Bonzini
2014-03-31 21:00 ` [PATCH v2 3/3] KVM: nVMX: Advertise support for interrupt acknowledgement Bandan Das
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=jpgioqghfr7.fsf@nelium.bos.redhat.com \
--to=bsd@redhat.com \
--cc=gleb@kernel.org \
--cc=jan.kiszka@siemens.com \
--cc=kvm@vger.kernel.org \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.