Re: Trying to switch EPTP for execute-protecting guest pages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/24/2015 05:44 AM, Paolo Bonzini wrote:


On 23/11/2015 18:11, Estrada, Zachary J wrote:
I'm playing around with EPTs and kvm to track execution in the guest.
I've created a separate set of EPTs (and copied the last level entries
from the real tables, minus execute permissions) but I'm not getting
exits where I expect. I also have code in handle_ept_violation to
preserve those permissions for any non-execute ept violations.

Here is what I am calling within a VM Exit handler:
---
kvm_mmu_unload(vcpu);
vcpu->arch.mmu.root_hpa = eptp;
kvm_x86_ops->set_tdp_cr3(vcpu, eptp);
kvm_mmu_load(vcpu);
kvm_flush_remote_tlbs(vcpu->kvm);
---

I think some of this is overkill, but am I missing something? I think I
may need to flush the rmaps too, but I'm not exactly sure how.

My suggestion is:

1) use tracing and check that kvm_mmu_get_page is being called correctly.

2) there is already code for write protection.  Try copying that code
instead of doing a complete reimplementation.

Paolo


1) Will do, thanks!

2) Got it. Let's say I want to work with a copy of the extended page tables instead of the original, what would be the best way to do so? Right now I'm traversing the full tables using root_hpa, but if there's a better way using the spte interface, I would prefer that.

Thanks so much!
--Zak
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux