Confused by address translation when running guest os

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Confused by address translation when running guest os

sandbox-2
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: Confused by address translation when running guest os

Tim Deegan-4
At 12:58 +0100 on 22 May (1306069124), henanwxr wrote:

> 1???Before do vmlaunch at the first time, CR0 in guest-state area is to paging
> protect mode, and this is actual state of guest os, as follow:
> GUEST_CR0=v->arch.hvm_vcpu.hw_cr[0]
> which with vaule CR0.PE=1,CR0.PG=1
> but in the view of guest its CR0 is set to non paging protect mode, as
> follow:
> v->arch.hvm_vcpu.guest_cr[0] which with vaule CR0.PE=1,CR0.PG=0
> my question is:
> Initially, when executing the codes of guest os(such as hvmloader), address
> translate in which mode in hell? Is it in actual state of paging protect
> mode? Or in view of guest os that non paging protect mode ? And why?  

There are two CR0s: the one the guest sees and the one the hardware
uses.  In Xen, they're called guest_cr[0] and hw_cr[0] respectively.

So in this case, since hw_cr[0] has PG and PE set, the CPU is using
paging.

You should probably read the Intel and AMD manuals about how VT-x/SVM
works in general if you're finding this confusing.

> ??? (1)If it is in actual state of paging protect mode, then the address
> translation must walk through the page table, but we don not construct a
> page table in advance?

The pagetables used are the shadow pagetables, which are constructed on
demand.

> ??? (2)If it is in view of guest os that non paging protect mode, then it need
> not a page table, I find the address translation is emulated within VMM,
> liner address=physical address, as follow:
> /arch/x86/hvm/emulate.c
> static int hvmemul_linear_to_phys(???..
> {
> /* With no paging it's easy: linear == physical. */
>     if ( !(curr->arch.hvm_vcpu.guest_cr[0] & X86_CR0_PG) )
>     {
>         *paddr = addr;
>         return X86EMUL_OKAY;
>     }
> ???????????????????????????..

Remember, this code is _emulating_ the virtual machine.  When the guest
thinks paging is disabled, then its linear addresses are the same as its
physical addresses.  There is another step of translation from
guest-specific physical addresses to machine addressess to find the
actual data.

> But every time when guest os access memory and fetch the instruction, does
> the address translation should through the emulation of VMM? And should
> generate VM exit? Which I am sure is that when VMM process  I/O request of
> guest os it should generate VM exit and call this function.
> 2??? How does EPT(Extended-Page-Table) work in question 1 above ?

With EPT, hw_cr[0] has PG clear and the p2m is supplied to the CPU so it
can do both translations at once.

> 3???When execute hvmloader, it will switch the processor to V86 mode, how
> implement address translation since then?

>From linear to physical to machine is exactly the same as protected
mode; it's only the segmentation step that's different.  

> 4??? when virtual Bios load the guest os kernel, guest os will switch the
> processor mode to non paging protect mode again, does the process of address
> translation same as question 1?

Yes.

> 5??? When guest os running normally, it is in paging protect mod, the process
> of address translation is:
> guest os liner address --> guest os physical address ( translate by guest
> page table)
> guest os physical address --> machine address (translate by EPT)
> right ?

Yes, if you're using EPT.  If not, both steps are done by the shadow PT.
And in either case, when Xen is emulating an instruction, it does both
steps separately in software.

Tim.

--
Tim Deegan <[hidden email]>
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)

_______________________________________________
Xen-devel mailing list
[hidden email]
http://lists.xensource.com/xen-devel