On 12/06/2010 09:39 PM, Nadav Har'El wrote:
On Wed, Dec 01, 2010, Nadav Har'El wrote about "Re: KVM call minutes for Nov 30": > Specifically, in the last review I was asked to make sure that shadow-on-EPT > works so that users do not need to remember to add the "ept=0" module option > on L0. Unfortunately, while this should have been relatively simple (and it > DID work in some time in the distant past), there appears to be a bug that I > have spent the last couple of weeks chasing - so far unsucessfully. I was finally able to track this bug down. The issue was incorrect setup of the four PDPTE (which are called PDPTR in KVM) fields in vmcs02. These fields are important to set up correctly when using EPT and PAE. For some reason I have yet to understand, KVM (as an L1) appears to be setting the PAE bit in its guest. The previous code copied these fields from vmcs01 to vmcs02, but this is incorrect because these fields need to be recalculated for each cr3, and the GUEST_CR3 used for running L2 (the shadow page table set up by L1) is different from the GUEST_CR3 used to run L1 (this one is defined by L1, and untouched by L0 because L0 uses EPT). We need to emulate what the processor does on a cr3 change when EPT and PAE are both enabled - i.e., dereference the cr3 value (this requires an EPT translation) and find the four pointers to be saved in the PDPTR fields. I have done this, and the shadow-on-ept case finally works, and there is no nead to use ept=0 on L0 any more :-)
Great. I imagine the fixed code is also simpler. I don't follow what you mean by "this requires an EPT translation". All it requires is a kvm_set_cr3() which will load the PDPTEs into the PDPTRs if PAE is enabled. You may need to order the loading of CR0, CR3, CR4, and EFER to achieve the desired effect.
I'm curious, though, why does KVM set PAE for its guest? What does setting PAE supposed to do while the guest is booting (and thinks it is running in real mode)?
PAE is needed to access >4G of memory. Otherwise the PTEs are 32 bits long and cannot reference all of host memory.
What does setting PAE supposed to do while the guest is running in long mode?
PAE is a required by the processor for long mode (independently of virtualization).
-- error compiling committee.c: too many arguments to function -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
