how to set up a #VE

how to set up a #VE

[Big Strong]

[-- Attachment #1.1: Type: text/plain, Size: 1549 bytes --]

I want to set up an EPT page so as to trigger the #VE for testing purpose.
However, some problems are met.

As the Intel Manual said, there are many conditions to trigger a #VE:

a)      If an access to a guest-physical address causes an EPT violation, bit
63 (0) of exactly one of the EPT paging-structure entries used to translate
that address is used to determine *whether the EPT violation is convertible*:
either an entry that is not present (if the guest-physical address does not
translate to a physical address) or an entry that maps a page (if it does).

b)      A convertible EPT violation instead causes a virtualization
exception if the following all hold:

• CR0.PE = 1;

• the logical processor is not in the process of delivering an event
through the IDT; and

• the 32 bits at offset 4 in the virtualization-exception information area
are all 0.
In xc_altp2m.c <http://In xc_altp2m.c, there is a function
xc_altp2m_set_vcpu_enable_notify which is used to set up the #VE
information area. However, as the>, there is a function
xc_altp2m_set_vcpu_enable_notify which is used to set up the #VE
information area. However, as the arguments gfn is a physical address (of
the guest?), how can I safely assign an unused physical memory space to
store #VE info?

Besides, there is no xenctrl interface for setting the suprress_ve bit (63)
of the EPT PTE, which is needed to trigger #VE. Even though I can set that
with ept_set_entry function, this is an internal function of Xen and
unavailble to dom0.

[-- Attachment #1.2: Type: text/html, Size: 3127 bytes --]

[-- Attachment #2: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: how to set up a #VE

[Tamas K Lengyel]

[-- Attachment #1.1: Type: text/plain, Size: 1856 bytes --]

On Thu, Apr 28, 2016 at 8:36 AM, Big Strong <fangtuo90@gmail.com> wrote:

> I want to set up an EPT page so as to trigger the #VE for testing purpose.
> However, some problems are met.
>
> As the Intel Manual said, there are many conditions to trigger a #VE:
>
> a)      If an access to a guest-physical address causes an EPT violation, bit
> 63 (0) of exactly one of the EPT paging-structure entries used to
> translate that address is used to determine *whether the EPT violation is
> convertible*: either an entry that is not present (if the guest-physical
> address does not translate to a physical address) or an entry that maps a
> page (if it does).
>
> b)      A convertible EPT violation instead causes a virtualization
> exception if the following all hold:
>
> • CR0.PE = 1;
>
> • the logical processor is not in the process of delivering an event
> through the IDT; and
>
> • the 32 bits at offset 4 in the virtualization-exception information
> area are all 0.
> In xc_altp2m.c, there is a function xc_altp2m_set_vcpu_enable_notify
> which is used to set up the #VE information area. However, as the arguments
> gfn is a physical address (of the guest?), how can I safely assign an
> unused physical memory space to store #VE info?
>

You can always just add a new page to the domain to be used for #VE.


>
> Besides, there is no xenctrl interface for setting the suprress_ve bit
> (63) of the EPT PTE, which is needed to trigger #VE. Even though I can set
> that with ept_set_entry function, this is an internal function of Xen and
> unavailble to dom0.
>

It's undocumented enough (and it took me a bit to find as well) but if you
use xc_altp2m_set_mem_access and have used xc_altp2m_set_vcpu_enable_notify
before, then those EPT PTE entries will be converted to #VE automatically.

Tamas

[-- Attachment #1.2: Type: text/html, Size: 3892 bytes --]

[-- Attachment #2: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: how to set up a #VE

[Big Strong]

[-- Attachment #1.1: Type: text/plain, Size: 2196 bytes --]

>
> You can always just add a new page to the domain to be used for #VE.

It's there a method to directly assign physical pages to guest from dom0?
Using xc_map_foreign_address just like libvmi?

2016-04-28 23:07 GMT+08:00 Tamas K Lengyel <tamas.k.lengyel@gmail.com>:

>
>
> On Thu, Apr 28, 2016 at 8:36 AM, Big Strong <fangtuo90@gmail.com> wrote:
>
>> I want to set up an EPT page so as to trigger the #VE for testing
>> purpose. However, some problems are met.
>>
>> As the Intel Manual said, there are many conditions to trigger a #VE:
>>
>> a)      If an access to a guest-physical address causes an EPT
>> violation, bit 63 (0) of exactly one of the EPT paging-structure entries
>> used to translate that address is used to determine *whether the EPT
>> violation is convertible*: either an entry that is not present (if the
>> guest-physical address does not translate to a physical address) or an
>> entry that maps a page (if it does).
>>
>> b)      A convertible EPT violation instead causes a virtualization
>> exception if the following all hold:
>>
>> • CR0.PE = 1;
>>
>> • the logical processor is not in the process of delivering an event
>> through the IDT; and
>>
>> • the 32 bits at offset 4 in the virtualization-exception information
>> area are all 0.
>> In xc_altp2m.c, there is a function xc_altp2m_set_vcpu_enable_notify
>> which is used to set up the #VE information area. However, as the arguments
>> gfn is a physical address (of the guest?), how can I safely assign an
>> unused physical memory space to store #VE info?
>>
>
> You can always just add a new page to the domain to be used for #VE.
>
>
>>
>> Besides, there is no xenctrl interface for setting the suprress_ve bit
>> (63) of the EPT PTE, which is needed to trigger #VE. Even though I can set
>> that with ept_set_entry function, this is an internal function of Xen and
>> unavailble to dom0.
>>
>
> It's undocumented enough (and it took me a bit to find as well) but if you
> use xc_altp2m_set_mem_access and have used xc_altp2m_set_vcpu_enable_notify
> before, then those EPT PTE entries will be converted to #VE automatically.
>
> Tamas
>
>

[-- Attachment #1.2: Type: text/html, Size: 4876 bytes --]

[-- Attachment #2: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: how to set up a #VE

[Tamas K Lengyel]

[-- Attachment #1.1: Type: text/plain, Size: 577 bytes --]

On Thu, Apr 28, 2016 at 10:27 PM, Big Strong <fangtuo90@gmail.com> wrote:

> You can always just add a new page to the domain to be used for #VE.
>
> It's there a method to directly assign physical pages to guest from dom0?
> Using xc_map_foreign_address just like libvmi?
>

Please don't top-post on xen-devel.

You could share a page from dom0 but I think what you want to do is
increase the reservation of the domain and then map it into so it can be
used for #VE. The functions for this are
xc_domain_increase_reservation_exact and xc_domain_populate_physmap_exact.

Tamas

[-- Attachment #1.2: Type: text/html, Size: 1212 bytes --]

[-- Attachment #2: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel