Extended page table(ept)

0
votes

Why can't we just get the GPA and then directly compute the real physical address, as shown in the https://www.exploit-db.com/docs/45546 on page 8? we can save a lot of access to memory.

Why do we need the complex calculation with nested page tables, as shown on the same link on page 9?

I am not sure, but my guess is to allow more addressing space. if the virtual machine "has" 4gb virtual space and 4gb physical space then if we use the first approach, we can get only to 4GB in the real machine. But I think that we can overcome it.

1
virtual-machinex86-64virtualizationpage-tablesept
How do you get the Guest Physical Address in the first place? There is no VM exit on a general memory access (which may be implicit), if it would then I'd be slower than using an hardware walked page table. We need more level to make the table sparse and avoid consuming a lot of memory. In general, "breaking" on memory accesses is not trivial on x86, under any mode.Margaret Bloom
@MargaretBloom, I get the Guest Physical Address using the normal page walk of the OS, what the problem with that approach?Moshe Levy
1.Get the GPA using OS normal page walk 2.calculate the PPA using the same page walk(the virtual address is the GPA)Moshe Levy
The GPA to PA mapping is handled by the hypervisor, not by the guest OSMargaret Bloom

1 Answers

1
votes

I got it! every table is located in the GPA, as such, we need to translate it using the table walk with the eptp to get to the PPA of the table!, we need to do it for each table, and that's why the long page walk. For example, PML4 is in the GPA, so we need to translate it, and so on.