On 29/06/18 16:22, Jan Beulich wrote: >>>> On 30.05.18 at 15:28, <luwei.k...@intel.com> wrote: >> Using EPT to translate PT output addresses introduces the possibility of >> taking events on PT output reads and writes. Event possibilities include >> EPT violations, EPT misconfigurations, PML log-full VM exits, and APIC >> access VM exits. >> EPT violations: >> a. Intel PT buffer is a MMIO address in guest. Actually, it can be a >> MMIO address (SDM 35.2.6.1), but in order do not affect other >> passthrough/emulate device in guest. Ferbid use MMIO addr at present. >> b. Intel PT buffer is a RAM non-writable address. Don't need emulate >> and inject a #GP to guest. > Is such #GP injection architectural behavior? We've got a few bad > examples where we inject exceptions which are architecturally > impossible - let's please not add any further instances.
We discussed this IRL, and this point was altered. We need to run the ept_violation handler (e.g. to account for logdirty tracking) and it also gives an introspection agent a chance to intervene (e.g. remove protection on the page if its use as a PT buffer is legitimate). However, if the violation isn't fixed (making the frame writeable in EPT, or killing PT), the guest cannot continue executing crashing is the only remaining option. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
