On Wed, Dec 01, 2010, Nadav Har'El wrote about "Re: KVM call minutes for Nov 30": > Specifically, in the last review I was asked to make sure that shadow-on-EPT > works so that users do not need to remember to add the "ept=0" module option > on L0. Unfortunately, while this should have been relatively simple (and it > DID work in some time in the distant past), there appears to be a bug that I > have spent the last couple of weeks chasing - so far unsucessfully. I was finally able to track this bug down. The issue was incorrect setup of the four PDPTE (which are called PDPTR in KVM) fields in vmcs02. These fields are important to set up correctly when using EPT and PAE. For some reason I have yet to understand, KVM (as an L1) appears to be setting the PAE bit in its guest. The previous code copied these fields from vmcs01 to vmcs02, but this is incorrect because these fields need to be recalculated for each cr3, and the GUEST_CR3 used for running L2 (the shadow page table set up by L1) is different from the GUEST_CR3 used to run L1 (this one is defined by L1, and untouched by L0 because L0 uses EPT). We need to emulate what the processor does on a cr3 change when EPT and PAE are both enabled - i.e., dereference the cr3 value (this requires an EPT translation) and find the four pointers to be saved in the PDPTR fields. I have done this, and the shadow-on-ept case finally works, and there is no nead to use ept=0 on L0 any more :-) I'm curious, though, why does KVM set PAE for its guest? What does setting PAE supposed to do while the guest is booting (and thinks it is running in real mode)? What does setting PAE supposed to do while the guest is running in long mode? -- Nadav Har'El | Monday, Dec 6 2010, 30 Kislev 5771 nyh@xxxxxxxxxxxxxxxxxxx |----------------------------------------- Phone +972-523-790466, ICQ 13349191 |Amateurs built the ark - professionals http://nadav.harel.org.il |built the Titanic. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
