confucius
2011-Jun-07 15:41 UTC
[Xen-devel] Manual differ from source code about Unrestricted Guest
As italics show:
Some processors allow guest software to run in unpaged protected mode or in
real-address
mode, such guest called “unrestricted guest”.
If CR0.PG = 0, each linear address is passed directly to the EPT mechanism
for translation to a physical address.”
References to Intel® 64 and IA-32 Architectures Software Developer’s Manual
Volume 3B:System Programming Guide, Part 2 22.8 UNRESTRICTED GUESTS
When we set CR0.PG=0 of a guest, I think it doesn’t need construct a page
table for the unpaged guest, but I found it construct an identify_map table
for unpaged guest in the source codes of xen. As follow:
Xen-4.0/tools/libxc/xc_hvm_build.c
setup_guest()
{
…………………
/*
* Identity-map page table is required for running with CR0.PG=0 when
* using Intel EPT. Create a 32-bit non-PAE page directory of
superpages.
*/
if ( (ident_pt = xc_map_foreign_range(
xc_handle, dom, PAGE_SIZE, PROT_READ | PROT_WRITE,
special_pfn(SPECIALPAGE_IDENT_PT))) == NULL )
goto error_out;
for ( i = 0; i < PAGE_SIZE / sizeof(*ident_pt); i++ )
ident_pt[i] = ((i << 22) | _PAGE_PRESENT | _PAGE_RW | _PAGE_USER |
_PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_PSE);
munmap(ident_pt, PAGE_SIZE);
…………………
}
Why construct such identity map table for unpaged guest?
In my opinion, guset_cr3 doesn’t function when set CR0.PG=0, can guest_cr3
of this unpaged guest point to identity map table?
--
View this message in context:
http://xen.1045712.n5.nabble.com/Manual-differ-from-source-code-about-Unrestricted-Guest-tp4462113p4462113.html
Sent from the Xen - Dev mailing list archive at Nabble.com.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
Ian Campbell
2011-Jun-07 16:19 UTC
Re: [Xen-devel] Manual differ from source code about Unrestricted Guest
On Tue, 2011-06-07 at 16:41 +0100, confucius wrote:> As italics show: > Some processors allow guest software to run in unpaged protected mode or in > real-address > mode, such guest called “unrestricted guest”. > If CR0.PG = 0, each linear address is passed directly to the EPT mechanism > for translation to a physical address.” > References to Intel® 64 and IA-32 Architectures Software Developer’s Manual > Volume 3B:System Programming Guide, Part 2 22.8 UNRESTRICTED GUESTS > > When we set CR0.PG=0 of a guest, I think it doesn’t need construct a page > table for the unpaged guest, but I found it construct an identify_map table > for unpaged guest in the source codes of xen. As follow: > Xen-4.0/tools/libxc/xc_hvm_build.c > setup_guest() > { > ………………… > /* > * Identity-map page table is required for running with CR0.PG=0 when > * using Intel EPT. Create a 32-bit non-PAE page directory of > superpages. > */ > if ( (ident_pt = xc_map_foreign_range( > xc_handle, dom, PAGE_SIZE, PROT_READ | PROT_WRITE, > special_pfn(SPECIALPAGE_IDENT_PT))) == NULL ) > goto error_out; > for ( i = 0; i < PAGE_SIZE / sizeof(*ident_pt); i++ ) > ident_pt[i] = ((i << 22) | _PAGE_PRESENT | _PAGE_RW | _PAGE_USER | > _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_PSE); > munmap(ident_pt, PAGE_SIZE); > ………………… > } > > Why construct such identity map table for unpaged guest?AIUI although the guest is in unpaged mode the _host_ is not and therefore a pagetable is required from somewhere. Since the guest thinks it is in unpaged mode it isn''t going to provide one and therefore the hypervisor must provide them.> In my opinion, guset_cr3 doesn’t function when set CR0.PG=0, can guest_cr3 > of this unpaged guest point to identity map table?I don''t think so -- the use of this identity map table is transparent to the guest. The identity map is just part of the business of providing the illusion of unpaged mode to the guest. Ian.> > > -- > View this message in context: http://xen.1045712.n5.nabble.com/Manual-differ-from-source-code-about-Unrestricted-Guest-tp4462113p4462113.html > Sent from the Xen - Dev mailing list archive at Nabble.com. > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Tim Deegan
2011-Jun-07 20:33 UTC
Re: [Xen-devel] Manual differ from source code about Unrestricted Guest
Hi, confucius, At 08:41 -0700 on 07 Jun (1307436064), confucius wrote:> As italics show:Those of us reading in plain text can''t see any italics. :)> Some processors allow guest software to run in unpaged protected mode or in > real-address > mode, such guest called ???unrestricted guest???. > If CR0.PG = 0, each linear address is passed directly to the EPT mechanism > for translation to a physical address.??? > References to Intel® 64 and IA-32 Architectures Software Developer???s Manual > Volume 3B:System Programming Guide, Part 2 22.8 UNRESTRICTED GUESTS > When we set CR0.PG=0 of a guest, I think it doesn???t need construct a page > table for the unpaged guestYes, but only on newer processors. As it says right at the top of section 22.8, "The first processors to support VMX operation require CR0.PE and CR0.PG to be 1 in VMX operation".>, but I found it construct an identify_map table > for unpaged guest in the source codes of xen. As follow: > Xen-4.0/tools/libxc/xc_hvm_build.cThis is needed for older Intel processors, which cannot run a HVM guest with CR0.PG == 0. On those CPUs, Xen must force CR0.PG == 1 and CR3 =the guest''s identity-map pagetable, to emulate how a real machine would behave with CR0.PG == 0. Tim. -- Tim Deegan <Tim.Deegan@citrix.com> Principal Software Engineer, Xen Platform Team Citrix Systems UK Ltd. (Company #02937203, SL9 0BG) _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
confucius
2011-Jun-08 05:01 UTC
[Xen-devel] Re: Manual differ from source code about Unrestricted Guest
Thank you, Ian and Tim.
But I am still blurry about Ian''s explain, as follow:
"AIUI although the guest is in unpaged mode the _host_ is not and
therefore a pagetable is required from somewhere."
I konw the host is set to paging and protected mode, so the host(VMM) need a
page table itself.But identity map table is pointed by GUEST_CR3, not by
HOST_CR3. The follow is:
xen-4.0/arch/x86/hvm/vmx/vmx.c
static void vmx_update_guest_cr(...)
{
....
switch ( cr )
{
case 0: ....
case 2: ....
case 3:
if ( paging_mode_hap(v->domain) )
{
if ( !hvm_paging_enabled(v) )
v->arch.hvm_vcpu.hw_cr[3]
v->domain->arch.hvm_domain.params[HVM_PARAM_IDENT_PT];
vmx_load_pdptrs(v);
}
__vmwrite(GUEST_CR3, v->arch.hvm_vcpu.hw_cr[3]);
hvm_asid_flush_vcpu(v);
break;
}
}
>From such codes, I found GUEST_CR3 not HOST_CR3 point to the identity map
table with unpaged mode,
so I am confused by Ian''s explain.
--
View this message in context:
http://xen.1045712.n5.nabble.com/Manual-differ-from-source-code-about-Unrestricted-Guest-tp4462113p4466268.html
Sent from the Xen - Dev mailing list archive at Nabble.com.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
confucius
2011-Jun-08 05:33 UTC
[Xen-devel] Re: Manual differ from source code about Unrestricted Guest
Hi, Tim. I think I understand you explain.You said: "This is needed for older Intel processors, which cannot run a HVM guest with CR0.PG == 0. On those CPUs, Xen must force CR0.PG == 1 and CR3 == the guest''s identity-map pagetable, to emulate how a real machine would behave with CR0.PG == 0." For older processor, though it is unpaged mode in the view of the guest, but it is actual paging mode which the guest is running, so we need to constrcut such identity map table for the actual GUEST_CR3.Am I right? And for newer processors, we can set unpaged mode for a guest, though we also used the same codes(which construct identity map table for the unpaged mode guest), but the inentity map table is not used by the unpaged guest actually.Am I right? -- View this message in context: http://xen.1045712.n5.nabble.com/Manual-differ-from-source-code-about-Unrestricted-Guest-tp4462113p4466648.html Sent from the Xen - Dev mailing list archive at Nabble.com. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Ian Campbell
2011-Jun-08 08:08 UTC
Re: [Xen-devel] Re: Manual differ from source code about Unrestricted Guest
On Wed, 2011-06-08 at 06:01 +0100, confucius wrote:> Thank you, Ian and Tim. > But I am still blurry about Ian''s explain, as follow: > "AIUI although the guest is in unpaged mode the _host_ is not and > therefore a pagetable is required from somewhere."Please bear in mind that I''m not an expert in this area. I might be talking rubbish...> I konw the host is set to paging and protected mode, so the host(VMM) need a > page table itself.But identity map table is pointed by GUEST_CR3, not by > HOST_CR3.GUEST_CR3 is the CR3 which the processor actually runs on when in guest (non-root) mode. However this is not necessarily the same as what the guest sees when it reads its CR3 register -- that read can be emulated (see hvm_mov_from_cr) when the guest visible and GUEST_CR3 state do not match. See vmx_update_guest_cr() where we enable/disable CPU_BASED_CR3_{LOAD,STORE}_EXITING (i.e. emulated cr3 accesses) as required by the guest current mode. Similarly for other CRx, i.e. GUEST_CR0 will (on the older VMX processors as Tim points out) contain CR0.PG=1 while what the guest reads from cr0 when it believes it isn''t in paged mode will be CR0.PG=0. Ian.> The follow is: > xen-4.0/arch/x86/hvm/vmx/vmx.c > > static void vmx_update_guest_cr(...) > { > .... > switch ( cr ) > { > case 0: .... > case 2: .... > case 3: > if ( paging_mode_hap(v->domain) ) > { > if ( !hvm_paging_enabled(v) ) > v->arch.hvm_vcpu.hw_cr[3] > v->domain->arch.hvm_domain.params[HVM_PARAM_IDENT_PT]; > vmx_load_pdptrs(v); > } > > __vmwrite(GUEST_CR3, v->arch.hvm_vcpu.hw_cr[3]); > hvm_asid_flush_vcpu(v); > break; > > } > > } > > >From such codes, I found GUEST_CR3 not HOST_CR3 point to the identity map > table with unpaged mode, > so I am confused by Ian''s explain. > > > -- > View this message in context: http://xen.1045712.n5.nabble.com/Manual-differ-from-source-code-about-Unrestricted-Guest-tp4462113p4466268.html > Sent from the Xen - Dev mailing list archive at Nabble.com. > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Tim Deegan
2011-Jun-08 08:21 UTC
Re: [Xen-devel] Re: Manual differ from source code about Unrestricted Guest
Hi, At 22:33 -0700 on 07 Jun (1307485996), confucius wrote:> For older processor, though it is unpaged mode in the view of the guest, > but it is actual paging mode which the guest is running, so we need to > constrcut such identity map table for the actual GUEST_CR3.Am I right? > And for newer processors, we can set unpaged mode for a guest, though we > also used the same codes(which construct identity map table for the unpaged > mode guest), but the inentity map table is not used by the unpaged guest > actually.Am I right?Yes, that''s right. Tim. -- Tim Deegan <Tim.Deegan@citrix.com> Principal Software Engineer, Xen Platform Team Citrix Systems UK Ltd. (Company #02937203, SL9 0BG) _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel