From mboxrd@z Thu Jan 1 00:00:00 1970 From: Paolo Bonzini Subject: Re: Trying to switch EPTP for execute-protecting guest pages Date: Tue, 24 Nov 2015 17:00:03 +0100 Message-ID: <56548983.2050605@redhat.com> References: <565348BA.4020905@illinois.edu> <56544D8C.10307@redhat.com> <56547962.5050409@illinois.edu> <56547E90.20305@redhat.com> <565487BE.3040808@illinois.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit To: "Estrada, Zachary J" , kvm@vger.kernel.org Return-path: Received: from mx1.redhat.com ([209.132.183.28]:59966 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752770AbbKXQAG (ORCPT ); Tue, 24 Nov 2015 11:00:06 -0500 In-Reply-To: <565487BE.3040808@illinois.edu> Sender: kvm-owner@vger.kernel.org List-ID: On 24/11/2015 16:52, Estrada, Zachary J wrote: >> I'm not sure if this is your problem, but perhaps you want to record in >> the role whether the page comes from your version or the original? The >> role is like the hash key, if the role is the same you get the same PTE. > > This is extremely helpful, I had not noticed this. I'm using my new > root_hpa as the base_role.word - does that make sense? I just tried it > and I seem to get EPT_VIOLATIONS that I was expecting, but missing. I think you should add a new bit to the role meaning "should I clear some X bits?" :) that is computed based on the VCPU state. For an example see commit 699023e2 ("KVM: x86: add SMM to the MMU role, support SMRAM address space"), which does + context->base_role.smm = is_smm(vcpu); in init_kvm_tdp_mmu. BTW, based on what you told me offlist, what you are doing should also just work with shadow page tables. Paolo > Thanks a ton, it appears that the role was exactly the thing I was > looking for!