本文主要记录ept misconfig的相关笔记。内容主要转载自EPT misconfig

EPT Voilation

相当于EPT(扩展页表)的page fault,是一种特殊的硬件异常。当EPT中不存在指定GPA->HPA的映射时触发,硬件触发。

EPT misconfig

本质上也是一种page fault,与EPT voilation不同(当page not present时触发),EPT misconfig类似于 reserved bit set page fault,也就是说当页表项中的保留位设置时触发,也是硬件触发。

SDM中关于EPT misconfig的描述:

An EPT misconfiguration occurs when, in the course of translating a guest-physical address, the logical processor encounters an EPT paging-structure entry that contains an unsupported value. An EPT violation occurs when there is no EPT misconfiguration but the EPT paging-structure entries disallow an access using the guest physical address.

EPT misconfig用途

EPT misconfig可以用来处理没有passed-through给Guest的mmio区域。

当首次访问某mmio page时,会触发EPT violation,KVM在EPT violation的处理过程中设置相应EPT entry中的保留位,然后在下一次再访问该page时,即会触发EPT misconfig。

详细步骤如下:

  1. QEMU declares a memory region(but not allocate ram or commit it to kvm)
  2. Guest first access the MMIO address, cause a EPT violation VM-exit
  3. KVM construct the EPT page table and marks the page table entry with special mark(110b)
  4. Later the guest access these MMIO, it will be processed by EPT misconfig VM-exit handler

参考资料:

  1. EPT misconfig
  2. KVM MMIO implementation
  3. KVM中的EPT Exception