On 3/7/2016 11:12 AM, Tamas K Lengyel wrote:

EPT is not really required for CR3 monitoring, it just has been the case that vm_events have been only implemented for hap-enabled domains.

I suppose this is not valid for vm-events in their entirety, right? I mean it seems to me that @ least for monitor vm-events VMX is enough.

AFAIK for non-hap case CR3 needs to be trapped unconditionally, yes.

If the former is true, shouldn't we do a check like this in vm_event_monitor_get_capabilities instead?

Yes, it should now, this code was just written before vm_event_monitor_get_capabilities was introduced and we haven't gotten around converting this check to it.

Is there any reason why monitor vm-events in their current state wouldn't work on non-hap domains?
If they would work, shouldn't we instead simply move the monitor.write_ctrlreg_enabled part out of the if ( paging_mode_hap(...) ) ?

2). I was also wondering why CR3 load/stores are trapped if paging is disabled for a domain.

Good question, I was wondering about that myself at some point but I haven't found an answer to it. Maybe some git archaeology can help determining when that was added and why ;)

Cheers,

Tamas

Yep, will "blame into it".

Thanks,
Corneliu.