From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753429AbdKXJoD (ORCPT ); Fri, 24 Nov 2017 04:44:03 -0500 Received: from mx1.redhat.com ([209.132.183.28]:46544 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753192AbdKXJoA (ORCPT ); Fri, 24 Nov 2017 04:44:00 -0500 Subject: Re: Fwd: Why qemu with kvm enabled can boot kernel even if identity page map is not set correctly? To: =?UTF-8?B?5LiB6aOe?= Cc: rkrcmar@redhat.com, linux-kernel@vger.kernel.org References: From: Paolo Bonzini Message-ID: <1f370759-b2a7-c729-d42f-7423e83b39d2@redhat.com> Date: Fri, 24 Nov 2017 10:43:57 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Fri, 24 Nov 2017 09:44:00 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 22/11/2017 03:58, 丁飞 wrote: > ---------- Forwarded message ---------- > From: 丁飞 > Date: Wed, Nov 22, 2017 at 12:58 AM > Subject: Why qemu with kvm enabled can boot kernel even if identity > page map is not set correctly? > To: kvm@vger.kernel.org > > > Hi, KVM developers. Firstly, sorry if it's the wrong place to ask such > a question! > > In the early stages of boot process, kernel need identity mapped page setup > when switching gdt > [https://github.com/torvalds/linux/blob/ed30b147e1f6e396e70a52dbb6c7d66befedd786/arch/x86/kernel/head_64.S#L133-L137] > as code here [https://github.com/torvalds/linux/blob/ed30b147e1f6e396e70a52dbb6c7d66befedd786/arch/x86/kernel/head64.c#L98-L138] > implies. That's why the first few entries > of early_dynamic_pgts are set to map the kernel text range [_text, _end]. > But as we discussed about the role of the first few entries of > early_dynamic_pgts, > we delete them [https://github.com/torvalds/linux/blob/ed30b147e1f6e396e70a52dbb6c7d66befedd786/arch/x86/kernel/head64.c#L98-L138] > and recompile the kernel, then test it on qemu. > > Without '-enable-kvm' option the kernel won't boot as we expected, but with kvm > option on, the kernel can boot and everything runs well, really to our surprise. > > So I guess there are something under the hood done by kvm, which doesn't obey > the rules of how a real physical machine behaves. > > I've setup a debug environment that the page table mis-configed kernel > runs inside > qemu, which nested inside vmware workstation with EPT enabled, and gdb > on the host to debug the kernel kvm of vmware kernel. > > But without any luck I've spent a whole day try to catch what is > happening inside kvm, > I still can't figure out the real magic point that jump through the > broken page table. > It seems that the code just jumps randomly. > > Can anyone confirm what we've observed? Is it designed to be like that? > Any details or explanation would be really appreciated! I'm sorry, I don't know. There are many differences in TLB behavior between emulation and real hardware, those could be the culprit. Paolo