> 1) I've seen some slides, back in 08, in which it is described > that the use of VPID, will solve the problem of TLB flush after each VM_EXIT. > But, i see from the code that it actually does a flush after a VM_EXIT. > > Obviously, i am wrong. So I need some help, > Where to look, i mean which lines of code, in order to figure out, what is > happening with TLB flush and VM_EXITS You are saying that you "see from the code that it actually does a flush after a VM_EXIT". Where is this? > 2) system call from ing 0 (non-root), to ring 0(root) > Could guest os, do a system call to host os? No. You'd need a program running on the host, and a channel between this program and a guest (such as a socket or a serial port). > 3) what is the mechanism of virtual interrupt injection > What is the mechanism that is used for a virtual interrupt injection, > in full virtualization? > > Host injects an interrupt to guest, HOW? eg. hardware interrupt? > to which point of guest? guest complete_bh? Interrupt injections happens through ioctls on the KVM file descriptors (the CPU file descriptor for KVM_INTERRUPT, the VM file descriptors for others). When the LAPIC is emulated by userspace (not the common case) this is done with the KVM_INTERRUPT ioctl. When the LAPIC is emulated in kernel, there are various mechanisms. ioctl when? interrupt kind ------------------------------------------------------------------------ KVM_INTERRUPT i8259 in userspace EXTINT KVM_SET_GSI_ROUTING (always) IOAPIC KVM_SIGNAL_MSI (always) MSI KVM_SET_GSI_ROUTING (always) MSI KVM_IRQFD any that can use KVM_SET_GSI_ROUTING After KVM_SET_GSI_ROUTING, the host invokes another ioctl on the VM file descriptor (either KVM_IRQ_LINE or KVM_IRQ_LINE_STATUS) in order to trigger the interrupt. In QEMU this corresponds to qemu_irq_raise, pci_set_irq or msi_notify. After KVM_IRQFD, the host writes to an eventfd in order to trigger the interrupt. In QEMU this corresponds to event_notifier_set. (For MSI, KVM_SIGNAL_MSI is preferred to KVM_IRQ_LINE/KVM_IRQ_LINE_STATUS because it's faster, but they provide the same functionality). > 4) > I've seen from bibliography, that KVM operates in protection ring -1. > What doe it mean? Is there HW implementation for that ring? > > Why not in ring 0? Ring -1 is not a particularly good name. The right name is that KVM operates in VMX ring 0 root mode, while the guest operates in VMX non-root mode (which can be any of ring 0-1-2-3 depending on the current privilege level of the guest). Paolo -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
