Ahmed, On Fri, 2018-12-07 at 14:47 +0200, Ahmed Abd El Mawgood wrote: > The reason why it would be better to implement this from inside kvm: instead > of > (host) user space is the need to access SPTEs to modify the permissions, while > mprotect() from user space can work in theory. It will become a big > performance > hit to vmexit and switch to user space mode on each fault, on the other hand, > having the permission handled by EPT should make some remarkable performance > gain. Given that writes to these areas should be exceptional occurrences, I don't understand why this path needs to be optimized. To me it seems, a straight- forward userspace implementation with no additional code in the kernel achieves the same feature. Can you elaborate? Julian Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrer: Christian Schlaeger, Ralf Herbrich Ust-ID: DE 289 237 879 Eingetragen am Amtsgericht Charlottenburg HRB 149173 B
