Without EPT or SPT, guest still can access memory?

Without EPT or SPT(shadow page table), guest can access memory?

在看kvm-unit-test时，发现：没有为guest创建EPT or SPT，但是，guest依然可以访问memory，这是怎么做到的呢？

static void init_vmcs_guest(void)
{
	/* 26.3 CHECKING AND LOADING GUEST STATE */
	ulong guest_cr3;
	/* 26.3.1.1 */
	guest_cr3 = read_cr3();
	...
	vmcs_write(GUEST_CR3, guest_cr3);
	...
}

答案便在上述代码片段中：将host的cr3赋值给guest的cr3。这样，直接将MMU pass-thru给guest，并且guest和host复用相同的页表。

这样比较tricky做法的缺点是:失去了隔离性。

Xen中有个叫direct paging的技术与此有异曲同工之妙。

Xen PV had a approach called direct paging. It exposed a GPA->HPA mapping to the guest (this is the pfn2mfn table) and let the guest be responsible for creating GVA->HPA tables. The details are tricky but it was much faster than shadow paging.