On Thu, Aug 3, 2017 at 10:41 AM, Radim Krčmář <rkrcmar@xxxxxxxxxx> wrote: > 2017-08-03 09:05-0700, Jim Mattson: >> On Thu, Aug 3, 2017 at 8:36 AM, Radim Krčmář <rkrcmar@xxxxxxxxxx> wrote: >> > 2017-08-03 16:09+0200, David Hildenbrand: >> >> /* >> >> * If translation failed, no matter: This feature asks >> >> * to exit when accessing the given address, and if it >> >> * can never be accessed, this feature won't do >> >> * anything anyway. >> >> */ >> >> This comment is incorrect. On real hardware, the APIC access page >> doesn't have to exist (i.e. be backed by actual memory), because the >> APIC access page is never accessed. Think of the APIC access page as a >> sentinel value that the hypervisor can put in the page tables (EPT >> page tables if they are in use, x86 page tables otherwise) to trigger >> APIC virtualization. If there is an access, it is to the page at the >> virtual APIC address, not the APIC access page. > > Right, > >> Similarly, in a VM, there need not be a mapping for the APIC access >> page for the feature to work as architected. (Or, at least, that's the >> way it should work. :-) > > the APIC_ACCESS_ADDR is always L0 physical address, so we somehow need > to map the L1 physical address somewhere in order to recognize accesses > from L2. > > I think the correct way would be to should create a new mapping if the > chosen L1 physical address has no L0 physical address yet. > The code was made for the common case where hypervisors select a page > that is mapped by KVM ... Yes, I think that's safest. > Do you wish to send patches? :) Unless someone beats me to it!
