On 13/08/19 20:36, Mihai Donțu wrote:
>> Why?
> When EPT A/D is enabled, all guest page table walks are treated as
> writes (like AMD's NPT). Thus, an introspection tool hooking the guest
> page tables would trigger a flood of VMEXITs (EPT write violations)
> that will get the introspected VM into an unusable state.
>
> Our implementation of such an introspection tool builds a cache of
> {cr3, gva} -> gpa, which is why it needs to monitor all guest PTs by
> hooking them for write.
Please include the kvm list too.
One issue here is that it changes the nested VMX ABI. Can you leave EPT
A/D in place for the shadow EPT MMU, but not for "regular" EPT pages?
Also, what is the state of introspection support on AMD?
Paolo
