From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Estrada, Zachary J" Subject: Re: Trying to switch EPTP for execute-protecting guest pages Date: Tue, 24 Nov 2015 09:52:30 -0600 Message-ID: <565487BE.3040808@illinois.edu> References: <565348BA.4020905@illinois.edu> <56544D8C.10307@redhat.com> <56547962.5050409@illinois.edu> <56547E90.20305@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 7bit To: Paolo Bonzini , Return-path: Received: from pps05.cites.illinois.edu ([192.17.82.72]:39271 "EHLO pps05.cites.illinois.edu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753730AbbKXPwh (ORCPT ); Tue, 24 Nov 2015 10:52:37 -0500 In-Reply-To: <56547E90.20305@redhat.com> Sender: kvm-owner@vger.kernel.org List-ID: On 11/24/2015 09:13 AM, Paolo Bonzini wrote: > > > On 24/11/2015 15:51, Estrada, Zachary J wrote: >> 2) Got it. Let's say I want to work with a copy of the extended page >> tables instead of the original, what would be the best way to do so? > > Why would you want that? It's difficult to give an answer without > understanding what you're doing. Notice that KVM pretty much always > leaves the X bit set (__direct_map uses ACC_ALL for the pte_access > parameter) so it's easy to go from your copy of the extended page tables > to the original. > Reply sent offlist. > I'm not sure if this is your problem, but perhaps you want to record in > the role whether the page comes from your version or the original? The > role is like the hash key, if the role is the same you get the same PTE. > This is extremely helpful, I had not noticed this. I'm using my new root_hpa as the base_role.word - does that make sense? I just tried it and I seem to get EPT_VIOLATIONS that I was expecting, but missing. Thanks a ton, it appears that the role was exactly the thing I was looking for! --Zak