Xen devel - Oct 2007 - Hypercalls in Intel-VT

folks,

how are hypercalls made in intel-vt? do they cause any vmenter/vmexit?
thanks.

-a


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

if I push xen's some addr (cs & eip) on the target guest os krnl stack
when
an interrupt occurs, would the guest os krnl return to xen immediately upon
executing iret (as iret pops cs, eip from the krnl stack)? or would it make
a vmexit coz of some illegal addr access

On 10/25/07, Cui, Dexuan <dexuan.cui@intel.com>
wrote:
>
>  HVM's hypercalls are implemented by VMCALL(a VMX instruction).
>
> When HVM guest executes VMCALL, a EXIT_REASON_VMCALL VMexit occurs -- see
> xen/arch/x86/hvm/vmx/vmx.c: vmx_vmexit_handler() -> hvm_do_hypercall().
>
> -- Dexuan
>
>  ------------------------------
> *From:* xen-devel-bounces@lists.xensource.com [mailto:
> xen-devel-bounces@lists.xensource.com] *On Behalf Of *Ashish Bijlani
> *Sent:* 2007年10月26日 7:04
> *To:* xen-devel@lists.xensource.com
> *Subject:* [Xen-devel] Hypercalls in Intel-VT
>
> folks,
>
> how are hypercalls made in intel-vt? do they cause any vmenter/vmexit?
> thanks.
>
> -a
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

> From: xen-devel-bounces@lists.xensource.com
[mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of Ashish Bijlani
> Sent: 2007年10月26日 7:44
> To: xen-devel@lists.xensource.com
> Subject: Re: [Xen-devel] Hypercalls in Intel-VT
> if I push xen''s some addr (cs & eip) on the target guest os
krnl stack when an interrupt occurs, would the guest os krnl return to xen
> immediately upon executing iret (as iret pops cs, eip from the krnl stack)?
or would it make a vmexit coz of some illegal addr access
 
I assume you''re only talking about Intel VMX guest. The answer is NO.
For instance, a VMX guest is running in "non-root mode"; it can only
use its (shadowed) page table; it can''t use IRET to return to Xen
that''s running on "root mode".
If you did that, what would happen is, i.e., a 32-bit protection-mode guest uses
its own GDT -- the guest may find the GDT entry indexed by Xen''s CS is
invalid, so a #GP is generated in guest directly, and guest handles this (No
VMexit).

-- Dexuan

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

could there be a way to make a transition into xen without a vmexit upon
executing an iret inside a guest os krnl?

On 10/25/07, Cui, Dexuan <dexuan.cui@intel.com>
wrote:
>
> > From: xen-devel-bounces@lists.xensource.com [mailto:
> xen-devel-bounces@lists.xensource.com] On Behalf Of Ashish Bijlani
> > Sent: 2007年10月26日 7:44
> > To: xen-devel@lists.xensource.com
> > Subject: Re: [Xen-devel] Hypercalls in Intel-VT
>
> > if I push xen''s some addr (cs & eip) on the target guest
os krnl stack
> when an interrupt occurs, would the guest os krnl return to xen
> > immediately upon executing iret (as iret pops cs, eip from the krnl
> stack)? or would it make a vmexit coz of some illegal addr access
>
> I assume you''re only talking about Intel VMX guest. The answer is
NO.
> For instance, a VMX guest is running in "non-root mode"; it can
only use
> its (shadowed) page table; it can''t use IRET to return to Xen
that''s running
> on "root mode".
> If you did that, what would happen is, i.e., a 32-bit protection-mode
> guest uses its own GDT -- the guest may find the GDT entry indexed by
Xen''s
> CS is invalid, so a #GP is generated in guest directly, and guest handles
> this (No VMexit).
>
> -- Dexuan
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

> From: xen-devel-bounces@lists.xensource.com
[mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of Ashish Bijlani
> Sent: 2007年10月26日 8:20
> To: xen-devel@lists.xensource.com
> Subject: Re: [Xen-devel] Hypercalls in Intel-VT
> 
> could there be a way to make a transition into xen without a vmexit upon
executing an iret inside a guest os krnl?
I think we are talking about VMX guest -- the answer it NO...  For an VMX guest
to return to Xen, a VMexit is a must. You can refert to Intel Software Developer
Manual 3B for details.

-- Dexuan

	 

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

how does dom0 on intel-vt gets privileges to access the hardware devices? i
mean does it get these privileges through superpages?

On 10/25/07, Cui, Dexuan <dexuan.cui@intel.com>
wrote:
>
> > From: xen-devel-bounces@lists.xensource.com [mailto:
> xen-devel-bounces@lists.xensource.com] On Behalf Of Ashish Bijlani
> > Sent: 2007年10月26日 8:20
> > To: xen-devel@lists.xensource.com
> > Subject: Re: [Xen-devel] Hypercalls in Intel-VT
>
> >
> > could there be a way to make a transition into xen without a vmexit
upon
> executing an iret inside a guest os krnl?
> I think we are talking about VMX guest -- the answer it NO...  For an VMX
> guest to return to Xen, a VMexit is a must. You can refert to Intel
Software
> Developer Manual 3B for details.
>
> -- Dexuan
>
>
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

DOm0 works in ring 1 root VMX mode. Anyway can switch from ring 1 to ring 0 can
be used for accessing privileged resource such as INT xx, or thru exception like
I/O.
 
But HVM works in non root VMX mode though ring=0, so you need to switch from non
root VMX mode to root VMX mode to access privileged resource. VM Exit is the
only way to do this.


________________________________

	From: xen-devel-bounces@lists.xensource.com
[mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of Ashish Bijlani
	Sent: 2007年10月26日 9:14
	To: xen-devel@lists.xensource.com
	Subject: Re: [Xen-devel] Hypercalls in Intel-VT
	
	
	how does dom0 on intel-vt gets privileges to access the hardware devices? i
mean does it get these privileges through superpages?
	
	
	On 10/25/07, Cui, Dexuan <dexuan.cui@intel.com> wrote: 

		> From: xen-devel-bounces@lists.xensource.com [mailto:
xen-devel-bounces@lists.xensource.com
<mailto:xen-devel-bounces@lists.xensource.com> ] On Behalf Of Ashish
Bijlani
		> Sent: 2007年10月26日 8:20
		> To: xen-devel@lists.xensource.com
		> Subject: Re: [Xen-devel] Hypercalls in Intel-VT 
		
		>
		> could there be a way to make a transition into xen without a vmexit upon
executing an iret inside a guest os krnl?
		I think we are talking about VMX guest -- the answer it NO...  For an VMX
guest to return to Xen, a VMexit is a must. You can refert to Intel Software
Developer Manual 3B for details.
		
		-- Dexuan
		
		
		




_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

that means dom0 doesn't make trap to ring 0 root VMX mode for privileged
operations like updating cr3?

On 10/26/07, Dong, Eddie <eddie.dong@intel.com>
wrote:
>
>  DOm0 works in ring 1 root VMX mode. Anyway can switch from ring 1 to ring
> 0 can be used for accessing privileged resource such as INT xx, or thru
> exception like I/O.
>
> But HVM works in non root VMX mode though ring=0, so you need to switch
> from non root VMX mode to root VMX mode to access privileged resource. VM
> Exit is the only way to do this.
>
>  ------------------------------
> *From:* xen-devel-bounces@lists.xensource.com [mailto:
> xen-devel-bounces@lists.xensource.com] *On Behalf Of *Ashish Bijlani
> *Sent:* 2007年10月26日 9:14
> *To:* xen-devel@lists.xensource.com
> *Subject:* Re: [Xen-devel] Hypercalls in Intel-VT
>
> how does dom0 on intel-vt gets privileges to access the hardware devices?
> i mean does it get these privileges through superpages?
>
> On 10/25/07, Cui, Dexuan <dexuan.cui@intel.com> wrote:
> >
> > > From: xen-devel-bounces@lists.xensource.com
[mailto:xen-devel-bounces@lists.xensource.com]
> > On Behalf Of Ashish Bijlani
> > > Sent: 2007年10月26日 8:20
> > > To: xen-devel@lists.xensource.com
> > > Subject: Re: [Xen-devel] Hypercalls in Intel-VT
> >
> > >
> > > could there be a way to make a transition into xen without a
vmexit
> > upon executing an iret inside a guest os krnl?
> > I think we are talking about VMX guest -- the answer it NO...  For an
> > VMX guest to return to Xen, a VMexit is a must. You can refert to
Intel
> > Software Developer Manual 3B for details.
> >
> > -- Dexuan
> >
> >
> >
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

> that means dom0 doesn''t make trap to ring 0 root VMX mode for
privileged
> operations like updating cr3?
Dom0 always runs paravirtualised, it can''t be an HVM domain.  So it
just uses
the normal paravirtualised interface, regardless of whether VMX is available 
in the hardware.

Cheers,
Mark
> On 10/26/07, Dong, Eddie <eddie.dong@intel.com> wrote:
> >  DOm0 works in ring 1 root VMX mode. Anyway can switch from ring 1 to
> > ring 0 can be used for accessing privileged resource such as INT xx,
or
> > thru exception like I/O.
> >
> > But HVM works in non root VMX mode though ring=0, so you need to
switch
> > from non root VMX mode to root VMX mode to access privileged resource.
VM
> > Exit is the only way to do this.
> >
> >  ------------------------------
> > *From:* xen-devel-bounces@lists.xensource.com [mailto:
> > xen-devel-bounces@lists.xensource.com] *On Behalf Of *Ashish Bijlani
> > *Sent:* 2007年10月26日 9:14
> > *To:* xen-devel@lists.xensource.com
> > *Subject:* Re: [Xen-devel] Hypercalls in Intel-VT
> >
> > how does dom0 on intel-vt gets privileges to access the hardware
devices?
> > i mean does it get these privileges through superpages?
> >
> > On 10/25/07, Cui, Dexuan <dexuan.cui@intel.com> wrote:
> > > > From: xen-devel-bounces@lists.xensource.com
> > > > [mailto:xen-devel-bounces@lists.xensource.com]
> > >
> > > On Behalf Of Ashish Bijlani
> > >
> > > > Sent: 2007年10月26日 8:20
> > > > To: xen-devel@lists.xensource.com
> > > > Subject: Re: [Xen-devel] Hypercalls in Intel-VT
> > > >
> > > >
> > > > could there be a way to make a transition into xen without a
vmexit
> > >
> > > upon executing an iret inside a guest os krnl?
> > > I think we are talking about VMX guest -- the answer it NO... 
For an
> > > VMX guest to return to Xen, a VMexit is a must. You can refert to
Intel
> > > Software Developer Manual 3B for details.
> > >
> > > -- Dexuan


-- 
Dave: Just a question. What use is a unicyle with no seat?  And no pedals!
Mark: To answer a question with a question: What use is a skateboard?
Dave: Skateboards have wheels.
Mark: My wheel has a wheel!

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

thanks for your answers. really appreciate your help. however, i''ve
some
more doubts and would appreciate if you could answer the following: how does
transition happen from root VMX mode to non-root VMX mode? I mean does it
load Xen''s CS, DS from the GDT or does it switch GDT to load
Xen''s GDT?
Also, does it do TLB flush, provided Xen is mapped in the first 64MB of the
guest  VM? thanks.

On 10/26/07, Mark Williamson <mark.williamson@cl.cam.ac.uk>
wrote:
>
> > that means dom0 doesn''t make trap to ring 0 root VMX mode for
privileged
> > operations like updating cr3?
>
> Dom0 always runs paravirtualised, it can''t be an HVM domain.  So
it just
> uses
> the normal paravirtualised interface, regardless of whether VMX is
> available
> in the hardware.
>
> Cheers,
> Mark
>
> > On 10/26/07, Dong, Eddie <eddie.dong@intel.com> wrote:
> > >  DOm0 works in ring 1 root VMX mode. Anyway can switch from ring
1 to
> > > ring 0 can be used for accessing privileged resource such as INT
xx,
> or
> > > thru exception like I/O.
> > >
> > > But HVM works in non root VMX mode though ring=0, so you need to
> switch
> > > from non root VMX mode to root VMX mode to access privileged
resource.
> VM
> > > Exit is the only way to do this.
> > >
> > >  ------------------------------
> > > *From:* xen-devel-bounces@lists.xensource.com [mailto:
> > > xen-devel-bounces@lists.xensource.com] *On Behalf Of *Ashish
Bijlani
> > > *Sent:* 2007年10月26日 9:14
> > > *To:* xen-devel@lists.xensource.com
> > > *Subject:* Re: [Xen-devel] Hypercalls in Intel-VT
> > >
> > > how does dom0 on intel-vt gets privileges to access the hardware
> devices?
> > > i mean does it get these privileges through superpages?
> > >
> > > On 10/25/07, Cui, Dexuan <dexuan.cui@intel.com> wrote:
> > > > > From: xen-devel-bounces@lists.xensource.com
> > > > > [mailto:xen-devel-bounces@lists.xensource.com]
> > > >
> > > > On Behalf Of Ashish Bijlani
> > > >
> > > > > Sent: 2007年10月26日 8:20
> > > > > To: xen-devel@lists.xensource.com
> > > > > Subject: Re: [Xen-devel] Hypercalls in Intel-VT
> > > > >
> > > > >
> > > > > could there be a way to make a transition into xen
without a
> vmexit
> > > >
> > > > upon executing an iret inside a guest os krnl?
> > > > I think we are talking about VMX guest -- the answer it
NO...  For
> an
> > > > VMX guest to return to Xen, a VMexit is a must. You can
refert to
> Intel
> > > > Software Developer Manual 3B for details.
> > > >
> > > > -- Dexuan
>
>
>
> --
> Dave: Just a question. What use is a unicyle with no seat?  And no pedals!
> Mark: To answer a question with a question: What use is a skateboard?
> Dave: Skateboards have wheels.
> Mark: My wheel has a wheel!
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

> thanks for your answers. really appreciate your help. however,
i''ve some
> more doubts and would appreciate if you could answer the following:
We''re now getting a bit outside my understanding of VMX, but the other
guys
may know more.
> how 
> does transition happen from root VMX mode to non-root VMX mode? I mean does
> it load Xen''s CS, DS from the GDT or does it switch GDT to load
Xen''s GDT?
> Also, does it do TLB flush, provided Xen is mapped in the first 64MB of the
> guest  VM? thanks.
Well, the hardware probably does something equivalent to this.  But (as far as 
I know) that''s not how it looks to software: from the
software''s point of
view you are just doing a VMEXIT from non-root mode to root mode.  Root mode 
effectively has a different set of control registers / datastructures to 
non-root mode.  So software doesn''t have to worry so much about the
data
structures involved.  I don''t *think* the software even has to save /
restore
the guest registers (unless it wants to modify them).

Regarding the TLB flush, again, the hardware quite possibly does that.  But 
I''m not aware of anything in the VMX spec that exposes this detail, so
Intel
could easily tag the TLB entries as root / non-root to avoid flushing on a 
VMEXIT / VMENTER.  For all I know, they may do this already!

Eddie, did I get that about right? :-)

Cheers,
Mark
>
> On 10/26/07, Mark Williamson <mark.williamson@cl.cam.ac.uk> wrote:
> > > that means dom0 doesn''t make trap to ring 0 root VMX
mode for
> > > privileged operations like updating cr3?
> >
> > Dom0 always runs paravirtualised, it can''t be an HVM domain. 
So it just
> > uses
> > the normal paravirtualised interface, regardless of whether VMX is
> > available
> > in the hardware.
> >
> > Cheers,
> > Mark
> >
> > > On 10/26/07, Dong, Eddie <eddie.dong@intel.com> wrote:
> > > >  DOm0 works in ring 1 root VMX mode. Anyway can switch from
ring 1 to
> > > > ring 0 can be used for accessing privileged resource such as
INT xx,
> >
> > or
> >
> > > > thru exception like I/O.
> > > >
> > > > But HVM works in non root VMX mode though ring=0, so you
need to
> >
> > switch
> >
> > > > from non root VMX mode to root VMX mode to access privileged
> > > > resource.
> >
> > VM
> >
> > > > Exit is the only way to do this.
> > > >
> > > >  ------------------------------
> > > > *From:* xen-devel-bounces@lists.xensource.com [mailto:
> > > > xen-devel-bounces@lists.xensource.com] *On Behalf Of *Ashish
Bijlani
> > > > *Sent:* 2007年10月26日 9:14
> > > > *To:* xen-devel@lists.xensource.com
> > > > *Subject:* Re: [Xen-devel] Hypercalls in Intel-VT
> > > >
> > > > how does dom0 on intel-vt gets privileges to access the
hardware
> >
> > devices?
> >
> > > > i mean does it get these privileges through superpages?
> > > >
> > > > On 10/25/07, Cui, Dexuan <dexuan.cui@intel.com> wrote:
> > > > > > From: xen-devel-bounces@lists.xensource.com
> > > > > > [mailto:xen-devel-bounces@lists.xensource.com]
> > > > >
> > > > > On Behalf Of Ashish Bijlani
> > > > >
> > > > > > Sent: 2007年10月26日 8:20
> > > > > > To: xen-devel@lists.xensource.com
> > > > > > Subject: Re: [Xen-devel] Hypercalls in Intel-VT
> > > > > >
> > > > > >
> > > > > > could there be a way to make a transition into xen
without a
> >
> > vmexit
> >
> > > > > upon executing an iret inside a guest os krnl?
> > > > > I think we are talking about VMX guest -- the answer it
NO...  For
> >
> > an
> >
> > > > > VMX guest to return to Xen, a VMexit is a must. You can
refert to
> >
> > Intel
> >
> > > > > Software Developer Manual 3B for details.
> > > > >
> > > > > -- Dexuan
> >
> > --
> > Dave: Just a question. What use is a unicyle with no seat?  And no
> > pedals! Mark: To answer a question with a question: What use is a
> > skateboard? Dave: Skateboards have wheels.
> > Mark: My wheel has a wheel!


-- 
Dave: Just a question. What use is a unicyle with no seat?  And no pedals!
Mark: To answer a question with a question: What use is a skateboard?
Dave: Skateboards have wheels.
Mark: My wheel has a wheel!

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

At 02:55 +0100 on 27 Oct (1193453721), Mark Williamson
wrote:
> Regarding the TLB flush, again, the hardware quite possibly does that.  But
> I''m not aware of anything in the VMX spec that exposes this
detail, so Intel
> could easily tag the TLB entries as root / non-root to avoid flushing on a 
> VMEXIT / VMENTER.  For all I know, they may do this already!
Right now, Intel processors always flush the whole TLB (including global
entries) on a transition to or from non-root mode.  Newer AMD processors
have tagged TLBs so you can do an exit/enter without flushing, but you
have to explicitly discard the guest entries when it''s appropriate. 
(Look
at arch/x86/hvm/svm/asid.c).  That''s on the road map for Intel too, I
believe.

Cheers,

Tim.

-- 
Tim Deegan <Tim.Deegan@xensource.com>, XenSource UK Limited
Registered office c/o EC2Y 5EB, UK; company number 05334508

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

does transition from non-root VMX mode to root VMX mode require GDT switch
i.e. does GDT change from guest OS krnl''s GDT to xen''s GDT?

On 10/28/07, Tim Deegan <Tim.Deegan@xensource.com>
wrote:
>
> At 02:55 +0100 on 27 Oct (1193453721), Mark Williamson wrote:
> > Regarding the TLB flush, again, the hardware quite possibly does
> that.  But
> > I''m not aware of anything in the VMX spec that exposes this
detail, so
> Intel
> > could easily tag the TLB entries as root / non-root to avoid flushing
on
> a
> > VMEXIT / VMENTER.  For all I know, they may do this already!
>
> Right now, Intel processors always flush the whole TLB (including global
> entries) on a transition to or from non-root mode.  Newer AMD processors
> have tagged TLBs so you can do an exit/enter without flushing, but you
> have to explicitly discard the guest entries when it''s
appropriate.  (Look
> at arch/x86/hvm/svm/asid.c).  That''s on the road map for Intel
too, I
> believe.
>
> Cheers,
>
> Tim.
>
> --
> Tim Deegan <Tim.Deegan@xensource.com>, XenSource UK Limited
> Registered office c/o EC2Y 5EB, UK; company number 05334508
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

GDTR BASE & Limit are part of Host/Guest state which will be save/restored.
Eddie

________________________________

From: Ashish Bijlani [mailto:ashish.bijlani@gmail.com] 
Sent: 2007年10月29日 6:19
To: Tim Deegan
Cc: Mark Williamson; xen-devel@lists.xensource.com; Dong, Eddie
Subject: Re: [Xen-devel] Hypercalls in Intel-VT


does transition from non-root VMX mode to root VMX mode require GDT switch i.e.
does GDT change from guest OS krnl''s GDT to xen''s GDT?


On 10/28/07, Tim Deegan <Tim.Deegan@xensource.com> wrote: 

	At 02:55 +0100 on 27 Oct (1193453721), Mark Williamson wrote:
	> Regarding the TLB flush, again, the hardware quite possibly does that. 
But
	> I''m not aware of anything in the VMX spec that exposes this
detail, so Intel
	> could easily tag the TLB entries as root / non-root to avoid flushing on a
	> VMEXIT / VMENTER.  For all I know, they may do this already!
	
	Right now, Intel processors always flush the whole TLB (including global 
	entries) on a transition to or from non-root mode.  Newer AMD processors
	have tagged TLBs so you can do an exit/enter without flushing, but you
	have to explicitly discard the guest entries when it''s appropriate. 
(Look
	at arch/x86/hvm/svm/asid.c).  That''s on the road map for Intel too, I
	believe.
	
	Cheers,
	
	Tim.
	
	--
	Tim Deegan <Tim.Deegan@xensource.com>, XenSource UK Limited 
	Registered office c/o EC2Y 5EB, UK; company number 05334508
	




_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

so does xen use a different GDT or it uses a different slot inside the same
GDT? also, does xen use a different ss and esp than guest os krnl or it
operates on the guest os krnl?

On 10/29/07, Dong, Eddie <eddie.dong@intel.com>
wrote:
>
>  GDTR BASE & Limit are part of Host/Guest state which will be
> save/restored.
> Eddie
>
>  ------------------------------
> *From:* Ashish Bijlani [mailto:ashish.bijlani@gmail.com]
> *Sent:* 2007年10月29日 6:19
> *To:* Tim Deegan
> *Cc:* Mark Williamson; xen-devel@lists.xensource.com; Dong, Eddie
> *Subject:* Re: [Xen-devel] Hypercalls in Intel-VT
>
> does transition from non-root VMX mode to root VMX mode require GDT switch
> i.e. does GDT change from guest OS krnl''s GDT to xen''s
GDT?
>
> On 10/28/07, Tim Deegan <Tim.Deegan@xensource.com> wrote:
> >
> > At 02:55 +0100 on 27 Oct (1193453721), Mark Williamson wrote:
> > > Regarding the TLB flush, again, the hardware quite possibly does
> > that.  But
> > > I''m not aware of anything in the VMX spec that exposes
this detail, so
> > Intel
> > > could easily tag the TLB entries as root / non-root to avoid
flushing
> > on a
> > > VMEXIT / VMENTER.  For all I know, they may do this already!
> >
> > Right now, Intel processors always flush the whole TLB (including
global
> >
> > entries) on a transition to or from non-root mode.  Newer AMD
processors
> > have tagged TLBs so you can do an exit/enter without flushing, but you
> > have to explicitly discard the guest entries when it''s
> > appropriate.  (Look
> > at arch/x86/hvm/svm/asid.c).  That''s on the road map for
Intel too, I
> > believe.
> >
> > Cheers,
> >
> > Tim.
> >
> > --
> > Tim Deegan <Tim.Deegan@xensource.com>, XenSource UK Limited
> > Registered office c/o EC2Y 5EB, UK; company number 05334508
> >
>
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

if a VM''s context is saved to and xen''s context is loaded from
VMCS upon
every VMexit call in VT, the why is xen mapped in the first 64MB region of
every guest VM? As far as I know, TLB will also be flushed when xen''s
context is loaded from VMCS host area.

On 10/26/07, Mark Williamson <mark.williamson@cl.cam.ac.uk>
wrote:
>
> > thanks for your answers. really appreciate your help. however,
i''ve some
> > more doubts and would appreciate if you could answer the following:
>
> We''re now getting a bit outside my understanding of VMX, but the
other
> guys
> may know more.
>
> > how
> > does transition happen from root VMX mode to non-root VMX mode? I mean
> does
> > it load Xen''s CS, DS from the GDT or does it switch GDT to
load Xen''s
> GDT?
> > Also, does it do TLB flush, provided Xen is mapped in the first 64MB
of
> the
> > guest  VM? thanks.
>
> Well, the hardware probably does something equivalent to this.  But (as
> far as
> I know) that''s not how it looks to software: from the
software''s point of
> view you are just doing a VMEXIT from non-root mode to root mode.  Root
> mode
> effectively has a different set of control registers / datastructures to
> non-root mode.  So software doesn''t have to worry so much about
the data
> structures involved.  I don''t *think* the software even has to
save /
> restore
> the guest registers (unless it wants to modify them).
>
> Regarding the TLB flush, again, the hardware quite possibly does
> that.  But
> I''m not aware of anything in the VMX spec that exposes this
detail, so
> Intel
> could easily tag the TLB entries as root / non-root to avoid flushing on a
> VMEXIT / VMENTER.  For all I know, they may do this already!
>
> Eddie, did I get that about right? :-)
>
> Cheers,
> Mark
>
> >
> > On 10/26/07, Mark Williamson <mark.williamson@cl.cam.ac.uk>
wrote:
> > > > that means dom0 doesn''t make trap to ring 0 root
VMX mode for
> > > > privileged operations like updating cr3?
> > >
> > > Dom0 always runs paravirtualised, it can''t be an HVM
domain.  So it
> just
> > > uses
> > > the normal paravirtualised interface, regardless of whether VMX
is
> > > available
> > > in the hardware.
> > >
> > > Cheers,
> > > Mark
> > >
> > > > On 10/26/07, Dong, Eddie <eddie.dong@intel.com> wrote:
> > > > >  DOm0 works in ring 1 root VMX mode. Anyway can switch
from ring 1
> to
> > > > > ring 0 can be used for accessing privileged resource
such as INT
> xx,
> > >
> > > or
> > >
> > > > > thru exception like I/O.
> > > > >
> > > > > But HVM works in non root VMX mode though ring=0, so
you need to
> > >
> > > switch
> > >
> > > > > from non root VMX mode to root VMX mode to access
privileged
> > > > > resource.
> > >
> > > VM
> > >
> > > > > Exit is the only way to do this.
> > > > >
> > > > >  ------------------------------
> > > > > *From:* xen-devel-bounces@lists.xensource.com [mailto:
> > > > > xen-devel-bounces@lists.xensource.com] *On Behalf Of
*Ashish
> Bijlani
> > > > > *Sent:* 2007年10月26日 9:14
> > > > > *To:* xen-devel@lists.xensource.com
> > > > > *Subject:* Re: [Xen-devel] Hypercalls in Intel-VT
> > > > >
> > > > > how does dom0 on intel-vt gets privileges to access the
hardware
> > >
> > > devices?
> > >
> > > > > i mean does it get these privileges through superpages?
> > > > >
> > > > > On 10/25/07, Cui, Dexuan <dexuan.cui@intel.com>
wrote:
> > > > > > > From: xen-devel-bounces@lists.xensource.com
> > > > > > >
[mailto:xen-devel-bounces@lists.xensource.com]
> > > > > >
> > > > > > On Behalf Of Ashish Bijlani
> > > > > >
> > > > > > > Sent: 2007年10月26日 8:20
> > > > > > > To: xen-devel@lists.xensource.com
> > > > > > > Subject: Re: [Xen-devel] Hypercalls in
Intel-VT
> > > > > > >
> > > > > > >
> > > > > > > could there be a way to make a transition
into xen without a
> > >
> > > vmexit
> > >
> > > > > > upon executing an iret inside a guest os krnl?
> > > > > > I think we are talking about VMX guest -- the
answer it
> NO...  For
> > >
> > > an
> > >
> > > > > > VMX guest to return to Xen, a VMexit is a must.
You can refert
> to
> > >
> > > Intel
> > >
> > > > > > Software Developer Manual 3B for details.
> > > > > >
> > > > > > -- Dexuan
> > >
> > > --
> > > Dave: Just a question. What use is a unicyle with no seat?  And
no
> > > pedals! Mark: To answer a question with a question: What use is a
> > > skateboard? Dave: Skateboards have wheels.
> > > Mark: My wheel has a wheel!
>
>
>
> --
> Dave: Just a question. What use is a unicyle with no seat?  And no pedals!
> Mark: To answer a question with a question: What use is a skateboard?
> Dave: Skateboards have wheels.
> Mark: My wheel has a wheel!
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

The way that PV and HVM guests work is very different. Many of the tricks
necessary for hosting PV guests, such as stealing address space for the
hypervisor, are not necessary for HVM guests.

 -- Keir

On 29/10/07 07:59, "Ashish Bijlani" <ashish.bijlani@gmail.com>
wrote:
> if a VM''s context is saved to and xen''s context is loaded
from VMCS upon every
> VMexit call in VT, the why is xen mapped in the first 64MB region of every
> guest VM? As far as I know, TLB will also be flushed when xen''s
context is
> loaded from VMCS host area.
> 
> On 10/26/07, Mark Williamson <mark.williamson@cl.cam.ac.uk
> <mailto:mark.williamson@cl.cam.ac.uk> > wrote:
>>> > thanks for your answers. really appreciate your help. however,
i''ve some
>>> > more doubts and would appreciate if you could answer the
following:
>> 
>> We''re now getting a bit outside my understanding of VMX, but
the other guys
>> may know more.
>> 
>>> > how
>>> > does transition happen from root VMX mode to non-root VMX
mode? I mean
>>> does 
>>> > it load Xen''s CS, DS from the GDT or does it switch
GDT to load Xen''s GDT?
>>> > Also, does it do TLB flush, provided Xen is mapped in the
first 64MB of
>>> the
>>> > guest  VM? thanks.
>> 
>> Well, the hardware probably does something equivalent to this.  But (as
far
>> as 
>> I know) that''s not how it looks to software: from the
software''s point of
>> view you are just doing a VMEXIT from non-root mode to root mode.  Root
mode
>> effectively has a different set of control registers / datastructures
to
>> non-root mode.  So software doesn''t have to worry so much
about the data
>> structures involved.  I don''t *think* the software even has to
save / restore
>> the guest registers (unless it wants to modify them).
>> 
>> Regarding the TLB flush, again, the hardware quite possibly does that. 
But
>> I''m not aware of anything in the VMX spec that exposes this
detail, so Intel
>> could easily tag the TLB entries as root / non-root to avoid flushing
on a
>> VMEXIT / VMENTER.  For all I know, they may do this already!
>> 
>> Eddie, did I get that about right? :-)
>> 
>> Cheers,
>> Mark
>> 
>>> >
>>> > On 10/26/07, Mark Williamson < mark.williamson@cl.cam.ac.uk
>>> <mailto:mark.williamson@cl.cam.ac.uk> > wrote:
>>>>> > > > that means dom0 doesn''t make trap
to ring 0 root VMX mode for
>>>>> > > > privileged operations like updating cr3?
>>>> > >
>>>> > > Dom0 always runs paravirtualised, it can''t
be an HVM domain.  So it
>>>> just 
>>>> > > uses
>>>> > > the normal paravirtualised interface, regardless of
whether VMX is
>>>> > > available
>>>> > > in the hardware.
>>>> > >
>>>> > > Cheers,
>>>> > > Mark
>>>> > >
>>>>> > > > On 10/26/07, Dong, Eddie <
eddie.dong@intel.com> wrote:
>>>>>> > > > >  DOm0 works in ring 1 root VMX
mode. Anyway can switch from ring
1 to
>>>>>> > > > > ring 0 can be used for accessing
privileged resource such as INT
xx, 
>>>> > >
>>>> > > or
>>>> > >
>>>>>> > > > > thru exception like I/O.
>>>>>> > > > >
>>>>>> > > > > But HVM works in non root VMX mode
though ring=0, so you need to
>>>> > >
>>>> > > switch 
>>>> > >
>>>>>> > > > > from non root VMX mode to root VMX
mode to access privileged
>>>>>> > > > > resource.
>>>> > >
>>>> > > VM
>>>> > >
>>>>>> > > > > Exit is the only way to do this.
>>>>>> > > > >
>>>>>> > > > >  ------------------------------
>>>>>> > > > > *From:*
xen-devel-bounces@lists.xensource.com [mailto:
>>>>>> > > > >
xen-devel-bounces@lists.xensource.com] *On Behalf Of *Ashish
Bijlani
>>>>>> > > > > *Sent:* 2007年10月26日 9:14
>>>>>> > > > > *To:* xen-devel@lists.xensource.com
>>>>>> > > > > *Subject:* Re: [Xen-devel]
Hypercalls in Intel-VT
>>>>>> > > > >
>>>>>> > > > > how does dom0 on intel-vt gets
privileges to access the hardware
>>>> > >
>>>> > > devices?
>>>> > >
>>>>>> > > > > i mean does it get these privileges
through superpages?
>>>>>> > > > >
>>>>>> > > > > On 10/25/07, Cui, Dexuan <
dexuan.cui@intel.com
>>>>>> <mailto:dexuan.cui@intel.com> > wrote:
>>>>>>>> > > > > > > From:
xen-devel-bounces@lists.xensource.com
>>>>>>>> > > > > > > [mailto:
xen-devel-bounces@lists.xensource.com
>>>>>>>>
<mailto:xen-devel-bounces@lists.xensource.com> ]
>>>>>>> > > > > >
>>>>>>> > > > > > On Behalf Of Ashish
Bijlani
>>>>>>> > > > > >
>>>>>>>> > > > > > > Sent: 2007年10月26日
8:20
>>>>>>>> > > > > > > To:
xen-devel@lists.xensource.com
>>>>>>>> > > > > > > Subject: Re:
[Xen-devel] Hypercalls in Intel-VT
>>>>>>>> > > > > > >
>>>>>>>> > > > > > >
>>>>>>>> > > > > > > could there be a
way to make a transition into xen without
a
>>>> > >
>>>> > > vmexit
>>>> > >
>>>>>>> > > > > > upon executing an iret
inside a guest os krnl?
>>>>>>> > > > > > I think we are talking
about VMX guest -- the answer it NO...
For 
>>>> > >
>>>> > > an
>>>> > >
>>>>>>> > > > > > VMX guest to return to
Xen, a VMexit is a must. You can refert
to
>>>> > >
>>>> > > Intel
>>>> > >
>>>>>>> > > > > > Software Developer Manual
3B for details.
>>>>>>> > > > > >
>>>>>>> > > > > > -- Dexuan
>>>> > >
>>>> > > --
>>>> > > Dave: Just a question. What use is a unicyle with no
seat?  And no
>>>> > > pedals! Mark: To answer a question with a question:
What use is a
>>>> > > skateboard? Dave: Skateboards have wheels.
>>>> > > Mark: My wheel has a wheel!
>> 
>> 
>> 
>> --
>> Dave: Just a question. What use is a unicyle with no seat?  And no
pedals!
>> Mark: To answer a question with a question: What use is a skateboard?
>> Dave: Skateboards have wheels.
>> Mark: My wheel has a wheel!
>> 
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel



_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

so is xen currently mapped in the first  64MB of every guest hvm? also, does
xen use different GDT for itself or it uses some slots in the GDT of every
guest hvm? if you could you guide me to some pointers which mention
xen''s
implementation for intel-vt, that will be really helpful. thanks.

On 10/29/07, Keir Fraser <Keir.Fraser@cl.cam.ac.uk>
wrote:
>
>  The way that PV and HVM guests work is very different. Many of the tricks
> necessary for hosting PV guests, such as stealing address space for the
> hypervisor, are not necessary for HVM guests.
>
>  -- Keir
>
> On 29/10/07 07:59, "Ashish Bijlani"
<ashish.bijlani@gmail.com> wrote:
>
> if a VM''s context is saved to and xen''s context is loaded
from VMCS upon
> every VMexit call in VT, the why is xen mapped in the first 64MB region of
> every guest VM? As far as I know, TLB will also be flushed when
xen''s
> context is loaded from VMCS host area.
>
> On 10/26/07, *Mark Williamson* <mark.williamson@cl.cam.ac.uk
> <mailto:mark.williamson@cl.cam.ac.uk>
<mark.williamson@cl.cam.ac.uk> >
> wrote:
>
> > thanks for your answers. really appreciate your help. however,
i''ve some
>
> > more doubts and would appreciate if you could answer the following:
>
> We''re now getting a bit outside my understanding of VMX, but the
other
> guys
> may know more.
>
> > how
> > does transition happen from root VMX mode to non-root VMX mode? I mean
> does
> > it load Xen''s CS, DS from the GDT or does it switch GDT to
load Xen''s
> GDT?
> > Also, does it do TLB flush, provided Xen is mapped in the first 64MB
of
> the
> > guest  VM? thanks.
>
> Well, the hardware probably does something equivalent to this.  But (as
> far as
> I know) that''s not how it looks to software: from the
software''s point of
> view you are just doing a VMEXIT from non-root mode to root mode.  Root
> mode
> effectively has a different set of control registers / datastructures to
> non-root mode.  So software doesn''t have to worry so much about
the data
> structures involved.  I don''t *think* the software even has to
save /
> restore
> the guest registers (unless it wants to modify them).
>
> Regarding the TLB flush, again, the hardware quite possibly does that.
>  But
> I''m not aware of anything in the VMX spec that exposes this
detail, so
> Intel
> could easily tag the TLB entries as root / non-root to avoid flushing on a
>
> VMEXIT / VMENTER.  For all I know, they may do this already!
>
> Eddie, did I get that about right? :-)
>
> Cheers,
> Mark
>
> >
> > On 10/26/07, Mark Williamson < mark.williamson@cl.cam.ac.uk
> <mailto:mark.williamson@cl.cam.ac.uk>
<mark.williamson@cl.cam.ac.uk> >
> wrote:
> > > > that means dom0 doesn''t make trap to ring 0 root
VMX mode for
> > > > privileged operations like updating cr3?
> > >
> > > Dom0 always runs paravirtualised, it can''t be an HVM
domain.  So it
> just
> > > uses
> > > the normal paravirtualised interface, regardless of whether VMX
is
> > > available
> > > in the hardware.
> > >
> > > Cheers,
> > > Mark
> > >
> > > > On 10/26/07, Dong, Eddie < eddie.dong@intel.com>
wrote:
> > > > >  DOm0 works in ring 1 root VMX mode. Anyway can switch
from ring 1
> to
> > > > > ring 0 can be used for accessing privileged resource
such as INT
> xx,
> > >
> > > or
> > >
> > > > > thru exception like I/O.
> > > > >
> > > > > But HVM works in non root VMX mode though ring=0, so
you need to
> > >
> > > switch
> > >
> > > > > from non root VMX mode to root VMX mode to access
privileged
> > > > > resource.
> > >
> > > VM
> > >
> > > > > Exit is the only way to do this.
> > > > >
> > > > >  ------------------------------
> > > > > *From:* xen-devel-bounces@lists.xensource.com [mailto:
> > > > > xen-devel-bounces@lists.xensource.com] *On Behalf Of
*Ashish
> Bijlani
> > > > > *Sent:* 2007年10月26日 9:14
> > > > > *To:* xen-devel@lists.xensource.com
> > > > > *Subject:* Re: [Xen-devel] Hypercalls in Intel-VT
> > > > >
> > > > > how does dom0 on intel-vt gets privileges to access the
hardware
> > >
> > > devices?
> > >
> > > > > i mean does it get these privileges through superpages?
> > > > >
> > > > > On 10/25/07, Cui, Dexuan < dexuan.cui@intel.com
> <mailto:dexuan.cui@intel.com> <dexuan.cui@intel.com> >
wrote:
> > > > > > > From: xen-devel-bounces@lists.xensource.com
> > > > > > > [mailto:
xen-devel-bounces@lists.xensource.com <mailto:
> xen-devel-bounces@lists.xensource.com> ]
> > > > > >
> > > > > > On Behalf Of Ashish Bijlani
> > > > > >
> > > > > > > Sent: 2007年10月26日 8:20
> > > > > > > To: xen-devel@lists.xensource.com
> > > > > > > Subject: Re: [Xen-devel] Hypercalls in
Intel-VT
> > > > > > >
> > > > > > >
> > > > > > > could there be a way to make a transition
into xen without a
> > >
> > > vmexit
> > >
> > > > > > upon executing an iret inside a guest os krnl?
> > > > > > I think we are talking about VMX guest -- the
answer it NO...
>  For
> > >
> > > an
> > >
> > > > > > VMX guest to return to Xen, a VMexit is a must.
You can refert
> to
> > >
> > > Intel
> > >
> > > > > > Software Developer Manual 3B for details.
> > > > > >
> > > > > > -- Dexuan
> > >
> > > --
> > > Dave: Just a question. What use is a unicyle with no seat?  And
no
> > > pedals! Mark: To answer a question with a question: What use is a
> > > skateboard? Dave: Skateboards have wheels.
> > > Mark: My wheel has a wheel!
>
>
>
> --
> Dave: Just a question. What use is a unicyle with no seat?  And no pedals!
> Mark: To answer a question with a question: What use is a skateboard?
> Dave: Skateboards have wheels.
> Mark: My wheel has a wheel!
>
>
> ------------------------------
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
>
>
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

> so is xen currently mapped in the first  64MB of every guest hvm?
No, it''s not.  Only for PV guests, not HVM.
> also, 
> does xen use different GDT for itself or it uses some slots in the GDT of
> every guest hvm?
Root mode, where Xen runs has a separate GDT to non-root mode where guests 
run.
> if you could you guide me to some pointers which mention 
> xen''s implementation for intel-vt, that will be really helpful.
thanks.
Basically, I think we''re getting confused about how VT fundamentally
works.

Normal x86 has just 4 protection rings and a bunch of special purpose 
datastructures and registers.  Xen runs in ring 0, guests run in rings 1-3 
(usually they run their kernel in 1, userland in 3).  Xen borrows some GDT 
slots from the guest, and also maps itself into the top of the guest address 
space.  That''s how PV works today.

HVM works very differently from the level of the hardware up to the level of 
Xen.

Intel''s VT adds two new modes that are orthogonal to protection rings:
"root
mode" and "non-root mode".  A more descriptive way of thinking
about these is
to think of "root mode" as "host mode" and "non-root
mode" as "guest mode".
I''m going to use these terms in the explanation, but they''re
not the official
terms for those modes.

Xen runs in "host (root) mode" and is aware of the host processor. 
Guests run
in "guest (non-root) mode".  In guest (non-root) mode there is a
separate set
of control registers that are private to the guest.  The guest isn''t
allowed
to touch the privileged control registers of the host, because you can only 
do that if you run in host (root) mode.  The guest doesn''t know that
it''s
running in non-root mode.

When Xen wants to run an HVM guest on VT it does a VMEnter.  This instructs 
the processor to start using the guest''s private registers (EIP, CR3,
EAX,
EBX, etc etc) so that the guest starts running as if it had control over the 
hardware.  The virtual memory space currently in operation is that of the 
guest only.  Xen isn''t mapped in there anywhere, because Xen
isn''t mapped in
guest (non-root) mode.

If an event happens that Xen needs to attend to, the CPU will jump back out of 
guest (non-root) mode and into host (root) mode where Xen is mapped.  This 
event is a VMExit.  The VMExit swaps back the register state that Xen had 
before the guest was entered, so that Xen can continue running as it was 
before.  Xen can run and do whatever it needs to do.

So, in answer to your original question:

1) Xen isn''t mapped into the HVM guest because Xen is not mapped in
non-root
mode.  The guest has the entire virtual address space to itself.

2) Because Xen runs in host (root) mode it uses a completely separate GDT to 
the guest running in non-root mode.  The switch between the two GDTs will 
happen automatically as a consequence of mode switches via VMEnter and 
VMExit.

Does that help?

Cheers,
Mark
> On 10/29/07, Keir Fraser <Keir.Fraser@cl.cam.ac.uk> wrote:
> >  The way that PV and HVM guests work is very different. Many of the
> > tricks necessary for hosting PV guests, such as stealing address space
> > for the hypervisor, are not necessary for HVM guests.
> >
> >  -- Keir
> >
> > On 29/10/07 07:59, "Ashish Bijlani"
<ashish.bijlani@gmail.com> wrote:
> >
> > if a VM''s context is saved to and xen''s context is
loaded from VMCS upon
> > every VMexit call in VT, the why is xen mapped in the first 64MB
region
> > of every guest VM? As far as I know, TLB will also be flushed when
xen''s
> > context is loaded from VMCS host area.
> >
> > On 10/26/07, *Mark Williamson* <mark.williamson@cl.cam.ac.uk
> > <mailto:mark.williamson@cl.cam.ac.uk>
<mark.williamson@cl.cam.ac.uk> >
> >
> > wrote:
> > > thanks for your answers. really appreciate your help. however,
i''ve
> > > some
> > >
> > > more doubts and would appreciate if you could answer the
following:
> >
> > We''re now getting a bit outside my understanding of VMX, but
the other
> > guys
> > may know more.
> >
> > > how
> > > does transition happen from root VMX mode to non-root VMX mode? I
mean
> >
> > does
> >
> > > it load Xen''s CS, DS from the GDT or does it switch GDT
to load Xen''s
> >
> > GDT?
> >
> > > Also, does it do TLB flush, provided Xen is mapped in the first
64MB of
> >
> > the
> >
> > > guest  VM? thanks.
> >
> > Well, the hardware probably does something equivalent to this.  But
(as
> > far as
> > I know) that''s not how it looks to software: from the
software''s point of
> > view you are just doing a VMEXIT from non-root mode to root mode. 
Root
> > mode
> > effectively has a different set of control registers / datastructures
to
> > non-root mode.  So software doesn''t have to worry so much
about the data
> > structures involved.  I don''t *think* the software even has
to save /
> > restore
> > the guest registers (unless it wants to modify them).
> >
> > Regarding the TLB flush, again, the hardware quite possibly does that.
> >  But
> > I''m not aware of anything in the VMX spec that exposes this
detail, so
> > Intel
> > could easily tag the TLB entries as root / non-root to avoid flushing
on
> > a
> >
> > VMEXIT / VMENTER.  For all I know, they may do this already!
> >
> > Eddie, did I get that about right? :-)
> >
> > Cheers,
> > Mark
> >
> > > On 10/26/07, Mark Williamson < mark.williamson@cl.cam.ac.uk
> >
> > <mailto:mark.williamson@cl.cam.ac.uk>
<mark.williamson@cl.cam.ac.uk> >
> >
> > wrote:
> > > > > that means dom0 doesn''t make trap to ring 0
root VMX mode for
> > > > > privileged operations like updating cr3?
> > > >
> > > > Dom0 always runs paravirtualised, it can''t be an
HVM domain.  So it
> >
> > just
> >
> > > > uses
> > > > the normal paravirtualised interface, regardless of whether
VMX is
> > > > available
> > > > in the hardware.
> > > >
> > > > Cheers,
> > > > Mark
> > > >
> > > > > On 10/26/07, Dong, Eddie < eddie.dong@intel.com>
wrote:
> > > > > >  DOm0 works in ring 1 root VMX mode. Anyway can
switch from ring
> > > > > > 1
> >
> > to
> >
> > > > > > ring 0 can be used for accessing privileged
resource such as INT
> >
> > xx,
> >
> > > > or
> > > >
> > > > > > thru exception like I/O.
> > > > > >
> > > > > > But HVM works in non root VMX mode though ring=0,
so you need to
> > > >
> > > > switch
> > > >
> > > > > > from non root VMX mode to root VMX mode to access
privileged
> > > > > > resource.
> > > >
> > > > VM
> > > >
> > > > > > Exit is the only way to do this.
> > > > > >
> > > > > >  ------------------------------
> > > > > > *From:* xen-devel-bounces@lists.xensource.com
[mailto:
> > > > > > xen-devel-bounces@lists.xensource.com] *On Behalf
Of *Ashish
> >
> > Bijlani
> >
> > > > > > *Sent:* 2007年10月26日 9:14
> > > > > > *To:* xen-devel@lists.xensource.com
> > > > > > *Subject:* Re: [Xen-devel] Hypercalls in Intel-VT
> > > > > >
> > > > > > how does dom0 on intel-vt gets privileges to
access the hardware
> > > >
> > > > devices?
> > > >
> > > > > > i mean does it get these privileges through
superpages?
> > > > > >
> > > > > > On 10/25/07, Cui, Dexuan < dexuan.cui@intel.com
> >
> > <mailto:dexuan.cui@intel.com> <dexuan.cui@intel.com> >
wrote:
> > > > > > > > From:
xen-devel-bounces@lists.xensource.com
> > > > > > > > [mailto:
xen-devel-bounces@lists.xensource.com <mailto:
> >
> > xen-devel-bounces@lists.xensource.com> ]
> >
> > > > > > > On Behalf Of Ashish Bijlani
> > > > > > >
> > > > > > > > Sent: 2007年10月26日 8:20
> > > > > > > > To: xen-devel@lists.xensource.com
> > > > > > > > Subject: Re: [Xen-devel] Hypercalls in
Intel-VT
> > > > > > > >
> > > > > > > >
> > > > > > > > could there be a way to make a
transition into xen without a
> > > >
> > > > vmexit
> > > >
> > > > > > > upon executing an iret inside a guest os
krnl?
> > > > > > > I think we are talking about VMX guest -- the
answer it NO...
> >
> >  For
> >
> > > > an
> > > >
> > > > > > > VMX guest to return to Xen, a VMexit is a
must. You can refert
> >
> > to
> >
> > > > Intel
> > > >
> > > > > > > Software Developer Manual 3B for details.
> > > > > > >
> > > > > > > -- Dexuan
> > > >
> > > > --
> > > > Dave: Just a question. What use is a unicyle with no seat? 
And no
> > > > pedals! Mark: To answer a question with a question: What use
is a
> > > > skateboard? Dave: Skateboards have wheels.
> > > > Mark: My wheel has a wheel!
> >
> > --
> > Dave: Just a question. What use is a unicyle with no seat?  And no
> > pedals! Mark: To answer a question with a question: What use is a
> > skateboard? Dave: Skateboards have wheels.
> > Mark: My wheel has a wheel!
> >
> >
> > ------------------------------
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.xensource.com
> > http://lists.xensource.com/xen-devel


-- 
Dave: Just a question. What use is a unicyle with no seat?  And no pedals!
Mark: To answer a question with a question: What use is a skateboard?
Dave: Skateboards have wheels.
Mark: My wheel has a wheel!

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel