Finding EPT entries for nested guest in L0

Finding EPT entries for nested guest in L0

[Rohith Kugve Raghavendra]

I have 2 questions.

1. In nested VMs that use multi-dimensional page tables( EPT on EPT)
where exactly in the code are EPT ( 0 -> 2) entries constructed? I can
know from the Turtles paper that these entries are created by
combining EPT 1->2 and EPT 0->1. But I can find that in KVM code.

2. Are there rmap entries for EPT 0->2 pages maintained? I am trying
to write protect nested guest GFN's directly in L0 ( without letting
L1 do it) but I don't know how to find the EPT 0->2  entry for a given
L2 guest GFN.

regards,
Rohith

Re: Finding EPT entries for nested guest in L0

[Paolo Bonzini]

On 08/11/2016 21:27, Rohith Kugve Raghavendra wrote:
> I have 2 questions.
> 
> 1. In nested VMs that use multi-dimensional page tables( EPT on EPT)
> where exactly in the code are EPT ( 0 -> 2) entries constructed? I can
> know from the Turtles paper that these entries are created by
> combining EPT 1->2 and EPT 0->1. But I can find that in KVM code.

It's in mmu.c, same as for shadow pages.

vcpu->arch.nested_mmu contains the MMU for L0->L2, while vcpu->arch.mmu
contains the MMU for L0->L1.

vcpu->arch.walk_mmu points to one of the two, depending on who was
running at the time of the last vmexit.  In particular, prepare_vmcs02
(through nested_ept_init_mmu_context) sets vcpu->arch.walk_mmu to
&vcpu->arch.nested_mmu.

> 2. Are there rmap entries for EPT 0->2 pages maintained? I am trying
> to write protect nested guest GFN's directly in L0 ( without letting
> L1 do it) but I don't know how to find the EPT 0->2  entry for a given
> L2 guest GFN.

Yes, they are.  There is only one rmap for both vcpu->arch.mmu and
vcpu->arch.nested_mmu, but for EPT02 pages of course vcpu->arch.mmu
should be direct mapped and not have any rmap.

Thanks,

Paolo