Re: [Xen-devel] how to set up a #VE

[Tamas K Lengyel <tamas.k.lengyel@xxxxxxxxx>]

On Thu, Apr 28, 2016 at 8:36 AM, Big Strong <fangtuo90@xxxxxxxxx> wrote:

I want to set up an EPT page so as to trigger the #VE for testing purpose. However, some problems are met.

As the Intel Manual said, there are many conditions to trigger a #VE:

a)      If an access to a guest-physical address causes an EPT violation, bit 63 (0) of exactly one of the EPT paging-structure entries used to translate that address is used to determine whether the EPT violation is convertible: either an entry that is not present (if the guest-physical address does not translate to a physical address) or an entry that maps a page (if it does).

b)      A convertible EPT violation instead causes a virtualization exception if the following all hold:

• CR0.PE = 1;

• the logical processor is not in the process of delivering an event through the IDT; and

• the 32 bits at offset 4 in the virtualization-exception information area are all 0.

In xc_altp2m.c, there is a function xc_altp2m_set_vcpu_enable_notify which is used to set up the #VE information area. However, as the arguments gfn is a physical address (of the guest?), how can I safely assign an unused physical memory space to store #VE info?

You can always just add a new page to the domain to be used for #VE.

 

Besides, there is no xenctrl interface for setting the suprress_ve bit (63) of the EPT PTE, which is needed to trigger #VE. Even though I can set that with ept_set_entry function, this is an internal function of Xen and unavailble to dom0.

It's undocumented enough (and it took me a bit to find as well) but if you use xc_altp2m_set_mem_access and have used xc_altp2m_set_vcpu_enable_notify before, then those EPT PTE entries will be converted to #VE automatically.

Tamas

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel