This repository has been archived by the owner on Sep 1, 2024. It is now read-only.
Optimize Memory Management for EPT Hooks #25
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Removed the pre-allocated PT from the EptHook instance. The hook should not own the pre-allocated PT. The VM owns it now and is passed to hook manager to populated based on MAX_HOOK. - MTF counter was moved to HookManager - Had to update vmcall.rs, mtf.rs, vmexit/ept.rs for these changes. - Test default is `NtQuerySystemInformation `
- Currently, EPT Misconfig. (Very close) - Fix required - BTreeMap does most things - Could use struct inside BTreeMap - Needs pre-alloc BTreeMap - `get_or_create_shadow_page` index to fill with guest_pa since index is dummy and tmp - hook,rs was no longer needed - updated rest of hook stuff
- Solves issue #21 (Tested single hook so far) - Need to tested multiple hooks on same page to see if any issues.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
This PR significantly enhances the memory management strategy for Extended Page Table (EPT) hooks within the hypervisor framework. By integrating the
heaplesscrate. A system is established where all memory allocations are pre-allocated and fixed, which not only improves stability but also boosts performance during runtime. The update facilitates precise mapping of guest page physical addresses to their corresponding shadow pages and page tables, supporting efficient EPT hook management.Key Enhancements:
Pre-allocated Memory Buffers: Implements upfront allocation of memory for shadow pages and page tables in
MemoryManager::new(). This change eliminates dynamic memory allocation during VM operations, which is critical to avoid allocation failures post-VMExit when requesting memory from UEFI.Pre-allocated Page Table Management: Improved the hypervsor's ability to manage page tables by pre-allocating
Ptstructures, which are later mapped to corresponding guest physical addresses. This setup simplifies tracking and ensures that if a page is already split, the existingPtis reused. This avoids unnecessary operations and errors associated with re-splitting already managed pages.Efficient Shadow Page Management: The hypervisor now allows multiple hooks on the same page to share a single shadow page safely. It prevents unnecessary overwrites and additional copying by returning the same shadow page if it's already mapped to a guest physical address, thereby optimizing resource usage and enhancing performance consistency.
Integration of the Heapless Crate: Utilizes
heaplessto create fixed-size arrays for active and free page tables and shadow pages, eliminating runtime allocation errors. This is particularly beneficial for real-time systems that require predictable execution times.VM Exit Enhancements: Updates related to VM exits, such as EPT violations and monitor trap flags, now leverage pre-mapped page tables and shadow pages accessed via guest physical addresses, streamlining the handling processes.
Enhancement and fixes for #21 and #10