On Wed, Aug 03, 2022 at 02:25:15PM +0000, Sean Christopherson wrote: > On Wed, Aug 03, 2022, Yu Zhang wrote: > > On Tue, Aug 02, 2022 at 08:41:47PM +0000, Sean Christopherson wrote: > > > On Fri, Jul 15, 2022, Yu Zhang wrote: > > > > Although currently vmx_pf_exception_test can succeed, its > > > > success is actually because we are using identical mappings > > > > in the page tables and EB.PF is not set by L1. In practice, > > > > the #PFs shall be expected by L1, if it is using shadowing > > > > for L2. > > > > > > I'm a bit lost. Is there an actual failure somewhere? AFAICT, this passes when > > > run as L1 or L2, with or without EPT enabled. > > > > Thanks for your reply, Sean. > > > > There's no failure. But IMHO, there should have been(for the > > vmx_pf_exception_test, not the access test) - L1 shall expect > > #PF induced VM exits, when it is using shadow for L2. > > Note, I'm assuming L1 == KVM-Unit-Tests, let me know if we're not using the same > terminology. > > Not using EPT / TDP doesn't strictly imply page table shadowing. E.g. if a hypervisor > provides a paravirt interface to install mappings, and the contract is that the VM > must use the paravirt API, then the hypervisor doesn't need to intercept page faults > because there are effectively no guest PTEs to write-protect / shadow. > > That's more or less what's happening here, L1 and L2 are collaborating to create > page tables for L2, and so L1 doesn't need to intercept #PF. Oh... So it is intentionally designed to let L1 and L2 use the same address space. Then we can just drop this patch. Thanks a lot for the explanation! B.R. Yu
