Hi, as part of my work on Solo5 [1], I recently discovered that some assumptions I made during developing a FreeBSD vmm backend for our "hvt" tender (f.k.a. "ukvm", which some of you may be aware of) do not hold.
Specifically, our ELF loader relies on the ability to enforce memory protection at the guest-physical to host-virtual translation point (i.e. via the EPT mappings). At the time that I wrote the code, I wrongly assumed that FreeBSD vmm would follow the Linux KVM behaviour, i.e. that a host-side mprotect() on a memory range which is part of guest memory would update the EPT mapping used by the hypervisor. For some discussion on our end please see the issue filed at [2], including a proposal from the OpenBSD vmm folks, for which we also have a backend, to implement an "ept-mprotect" like call. Is there any way to get this ability in FreeBSD vmm? I'd be happy with either a solution similar to what Linux KVM does (hooking the EPT mapping update to the host-side mprotect), or the OpenBSD proposal which is actually more flexible in the long run as it could allow for execute-only pages on x86. In my initial investigation I thought this might be achievable in a limited way with careful use of VM_MMAP_MEMSEG, but that seems like the wrong approach? Note that we deliberately do not use libvmmapi in Solo5 due to it making assumptions over things like guest memory layout that are more suited to a "classic" VMM such as bhyve. Martin [1] https://github.com/Solo5/solo5 [2] https://github.com/Solo5/solo5/issues/303 _______________________________________________ freebsd-virtualization@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"
