Xen project Mailing List

Re: [Xen-devel] [PATCH 06/16] vmx: nest: handling VMX instruction exits

To: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>

From: Christoph Egger <Christoph.Egger@xxxxxxx>

Date: Mon, 20 Sep 2010 11:41:11 +0200

Cc: Tim Deegan <Tim.Deegan@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, "Dong, Eddie" <eddie.dong@xxxxxxxxx>, "He, Qing" <qing.he@xxxxxxxxx>

Delivery-date: Mon, 20 Sep 2010 02:45:10 -0700

List-id: Xen developer discussion <xen-devel.lists.xensource.com>

On Monday 20 September 2010 10:08:02 Keir Fraser wrote: > On 20/09/2010 04:13, "Dong, Eddie" <eddie.dong@xxxxxxxxx> wrote: > >>>> Actually it is an issue now. This has nothing to do with VT-d (ie. > >>>> IOMMU, irq remapping, etc) but with basic core VMX functionality -- > >>>> per I/O port direct execute versus vmexit; per virtual-address page > >>> > >>> I see, for the I/O port, right now we are letting L1 handle it > >>> though it doesn't expect to :( How about to remove the capability of > >>> CPU_BASED_ACTIVATE_IO_BITMAP in L1 VMM for now to focus on framework? > >> > >> Well. It'd be better if just worked really, wouldn't it? :-) How hard > >> can it be? > > > > You are right. It is easy to do, but we have dillemma to either > > write-protect guest I/O bitmap page, or have to create the shadow I/O > > bitmap at each vmresume of L2 guest. > > You need that anyway don't you, regardless of whether you are accurately > deciding whether to inject-to-L1 or emulate-L2 on vmexit to L0? Whether you > inject or emulate, ports that L1 has disallowed for L2 must be properly > represented in the shadow I/O bitmap page. You need to do additional range-checking to determine if the guest actually touched the IO bitmap page in case Xen uses a super page. > > > Currently we are injecting to L1 guest, but may be not correct in theory. > > For now, VMX can trap L2 guest I/O and emulate them in L0, we can revisit > > some time later to see if we need write-protection of guest I/O bitmap > > page :) > > Are you suggesting to always emulate instead of always inject-to-L1? That's > still not accurate virtualisation of this VMX feature. > > Hmm... Are you currently setting up to always vmexit on I/O port accesses > by L2? Even if you are, that doesn't stop you looking at the virtual I/O > bitmap from in your L0 vmexit handler, and doing the right thing (emulate > versus inject-to-L1). > > -- Keir > > > But, yes, L0 VMM needs to emulate L2 instruction here :) -- ---to satisfy European Law for business letters: Advanced Micro Devices GmbH Einsteinring 24, 85609 Dornach b. Muenchen Geschaeftsfuehrer: Alberto Bozzo, Andrew Bowd Sitz: Dornach, Gemeinde Aschheim, Landkreis Muenchen Registergericht Muenchen, HRB Nr. 43632 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.