From mboxrd@z Thu Jan 1 00:00:00 1970 From: Paolo Bonzini Subject: Re: Trying to switch EPTP for execute-protecting guest pages Date: Tue, 24 Nov 2015 16:13:20 +0100 Message-ID: <56547E90.20305@redhat.com> References: <565348BA.4020905@illinois.edu> <56544D8C.10307@redhat.com> <56547962.5050409@illinois.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit To: "Estrada, Zachary J" , kvm@vger.kernel.org Return-path: Received: from mx1.redhat.com ([209.132.183.28]:42423 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753528AbbKXPNX (ORCPT ); Tue, 24 Nov 2015 10:13:23 -0500 In-Reply-To: <56547962.5050409@illinois.edu> Sender: kvm-owner@vger.kernel.org List-ID: On 24/11/2015 15:51, Estrada, Zachary J wrote: > 2) Got it. Let's say I want to work with a copy of the extended page > tables instead of the original, what would be the best way to do so? Why would you want that? It's difficult to give an answer without understanding what you're doing. Notice that KVM pretty much always leaves the X bit set (__direct_map uses ACC_ALL for the pte_access parameter) so it's easy to go from your copy of the extended page tables to the original. I'm not sure if this is your problem, but perhaps you want to record in the role whether the page comes from your version or the original? The role is like the hash key, if the role is the same you get the same PTE. Paolo > Right now I'm traversing the full tables using root_hpa, but if there's > a better way using the spte interface, I would prefer that.