On Wed, Aug 03, 2022, Yu Zhang wrote: > On Tue, Aug 02, 2022 at 08:41:47PM +0000, Sean Christopherson wrote: > > On Fri, Jul 15, 2022, Yu Zhang wrote: > > > Although currently vmx_pf_exception_test can succeed, its > > > success is actually because we are using identical mappings > > > in the page tables and EB.PF is not set by L1. In practice, > > > the #PFs shall be expected by L1, if it is using shadowing > > > for L2. > > > > I'm a bit lost. Is there an actual failure somewhere? AFAICT, this passes when > > run as L1 or L2, with or without EPT enabled. > > Thanks for your reply, Sean. > > There's no failure. But IMHO, there should have been(for the > vmx_pf_exception_test, not the access test) - L1 shall expect > #PF induced VM exits, when it is using shadow for L2. Note, I'm assuming L1 == KVM-Unit-Tests, let me know if we're not using the same terminology. Not using EPT / TDP doesn't strictly imply page table shadowing. E.g. if a hypervisor provides a paravirt interface to install mappings, and the contract is that the VM must use the paravirt API, then the hypervisor doesn't need to intercept page faults because there are effectively no guest PTEs to write-protect / shadow. That's more or less what's happening here, L1 and L2 are collaborating to create page tables for L2, and so L1 doesn't need to intercept #PF.
