On 06/13/2010 03:26 PM, Nadav Har'El wrote:
In this patch we add a list of L0 (hardware) VMCSs, which we'll use to hold a
hardware VMCS for each active L1 VMCS (i.e., for each L2 guest).
We call each of these L0 VMCSs a "vmcs02", as it is the VMCS that L0 uses
to run its nested guest L2.
+
+/* Allocate an L0 VMCS (vmcs02) for the current L1 VMCS (vmcs12), if one
+ * does not already exist. The allocation is done in L0 memory, so to avoid
+ * denial-of-service attack by guests, we limit the number of concurrently-
+ * allocated vmcss. A well-behaving L1 will VMCLEAR unused vmcs12s and not
+ * trigger this limit.
+ */
+static const int NESTED_MAX_VMCS = 256;
This is much too high, it allows the guest to pin a large amount of host
memory. Also, the limit is not real; if the guest exceeds the limit we
should drop some LRU vmcs and instantiate a new one.
I suggest starting with a much lower limit (say, 4) which will exercise
the drop/reload code. Later, we can increase the limit and add a
shrinker callback so the host can reduce the number of cached vmcses if
memory gets tight.
+static int nested_create_current_vmcs(struct kvm_vcpu *vcpu)
+{
+ struct vmcs_list *new_l2_guest;
+ struct vmcs *l2_vmcs;
+
+ if (nested_get_current_vmcs(vcpu))
+ return 0; /* nothing to do - we already have a VMCS */
+
+ if (to_vmx(vcpu)->nested.l2_vmcs_num>= NESTED_MAX_VMCS)
+ return -ENOMEM;
As mentioned above, recycle an old vmcs here.
+
+/* Free the current L2 VMCS, and remove it from l2_vmcs_list */
+static void nested_free_current_vmcs(struct kvm_vcpu *vcpu)
+{
+ struct vcpu_vmx *vmx = to_vmx(vcpu);
+ struct vmcs_list *list_item, *n;
+
+ list_for_each_entry_safe(list_item, n,&vmx->nested.l2_vmcs_list, list)
+ if (list_item->vmcs_addr == vmx->nested.current_vmptr) {
+ free_vmcs(list_item->l2_vmcs);
+ list_del(&(list_item->list));
+ kfree(list_item);
+ vmx->nested.l2_vmcs_num--;
+ return;
+ }
+}
Since you return, no need to be _safe. But we do need to vmclear that
vmcs to avoid the processor writing back to those pages after we've
freed them.
+
+static void free_l1_state(struct kvm_vcpu *vcpu)
+{
+ struct vcpu_vmx *vmx = to_vmx(vcpu);
+ struct vmcs_list *list_item, *n;
+
+ list_for_each_entry_safe(list_item, n,
+ &vmx->nested.l2_vmcs_list, list) {
vmclear needed.
+ free_vmcs(list_item->l2_vmcs);
+ list_del(&(list_item->list));
+ kfree(list_item);
+ }
+ vmx->nested.l2_vmcs_num = 0;
+}
Can share code for dealing with one vmcs with the function above.
--
error compiling committee.c: too many arguments to function
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
