On 30/03/2016 03:56, Xiao Guangrong wrote: >> x86/access.flat is currently using the "other" definition, i.e., PFEC.PK >> is only set if W=1 or CR0.WP=0 && PFEC.U=0 or PFEC.W=0. Can you use it >> (with ept=1 of course) to check what the processor is doing? > > Sure. > > And ept=1 is hard to trigger MMU issue, i am enabling PKEY on shadow > MMU, let's see what will happen. ;)
No, don't do that! ept=1 lets you test what the processor does. It means you cannot test permission_fault(), but what we want here is just reverse engineering the microcode. ept=1 lets you do exactly that. Paolo
