Re: [Xen-devel] Intentional EPT Misconfigurations in xen

[唐伟文 <tww20123030@xxxxxxxxx>]

Hi,

Thanks a lot. I find that if guest writes or reads MSR related to MTRR which will cause vm exit, xen will just calculate mtrr type and store it without setting the EPT. Why doesn't xen set the memory type (ie,emt filed)in entry of EPT when handling vm exit resulting from writing/reading MSR related to MTRR?

I also find that xen will get the field of corresponding entries properly set when handling EPT Misconfigurations. But memory type related to these entries may be changed by guest after xen dose this. So how do we handle these properly configured EPT entries which don't cause EPT Misconfigurations any more when the memory type is changed by guest? Thanks

 

2016-11-28 18:02 GMT+08:00 Andrew Cooper <andrew.cooper3@xxxxxxxxxx>:

On 28/11/16 08:44, 唐伟文 wrote:

Hi,

I have a question that why dose xen hypervisor set entry of ept as invalid (misconfigured) deliberately which will cause VM exit resulting from EPT Misconfigurations. http://xenbits.xenproject.org/gitweb/?p=xen.git;a=commit;h=aa9114edd97b292cd89b3616e3f2089471fd2201 I find the answer in this website which is about a patch of xen. They say that it is necessary to set EPT entry as misconfigured in order to force re-evaluation of memory type as necessary. 

But, I still don't konw why we need to reevaluate memory type? That is to say, why can't we determine memory type during the initialization of EPT. And if it is necessary to do this , which entry of EPT should be misconfigured intentionally?  Thanks

EPT Memory types change at runtime, due to guest actions such as changing the MTRRs, changing CR0.CD, etc, or due to toolstack options such as enabling logdirty mode for live migration.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel