From mboxrd@z Thu Jan 1 00:00:00 1970 From: Paolo Bonzini Subject: Re: Information of EPT violation VMEXIT Date: Tue, 03 Sep 2013 17:31:48 +0200 Message-ID: <522600E4.3090003@redhat.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: kvm , Gleb Natapov , Jan Kiszka To: Arthur Chunqi Li Return-path: Received: from mx1.redhat.com ([209.132.183.28]:45630 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752453Ab3ICPbu (ORCPT ); Tue, 3 Sep 2013 11:31:50 -0400 In-Reply-To: Sender: kvm-owner@vger.kernel.org List-ID: Il 03/09/2013 17:06, Arthur Chunqi Li ha scritto: > Hi there, > > When I testing EPT violation VMEXIT, I get some confusions in bit 7&8 > in "Exit Qualification for EPT Violations" (Table 27-7 in SDM). > > Bit 7 means "Set if the guest linear-address field is valid." In which > occasion will bit 7 clear? I don't quite understand the following > statements in SDM "The guest linear-address field is valid for all EPT > violations except those resulting from an attempt to load the guest > PDPTEs as part of the execution of the MOV CR instruction." I think it means it is loading the PDPT registers, so it would only happen with a 32-bit PAE guest. Testing this is a bit more complicated. You probably should setup the state completely in the VMCS, and only have a "mov %eax, %cr0" instruction as the guest body. > Bit 8 means the causes of EPT violation. But I don't understand what > it is means when set and clear. I always get the exit qualification > with this bit set, how to design a violation with this bit clear? To get bit 8 = 0, you need to place a paging structure (page table, page directory, PDPT or PML4) at a guest-physical address that is marked non-present in the EPT page tables. The same testing technique should work here: as soon as you execute the first instruction of the guest you'll get the EPT violation. Paolo