EPT violations on pages are filtered for sub-page write protection so that the introspection library only receives faults on the monitored sub-page.
While we ensure that the feature is enabled in practically all other locations of interest, kvmi_restricted_access does not perform this check.
This issue is especially troublesome if the application intends to change the page protection upon such an event. In my case, it caused over 8 million page faults (compared to around 500 after this fix).
I propose to add a check for the feature before using the bitmap.
EPT violations on pages are filtered for sub-page write protection so that the introspection library only receives faults on the monitored sub-page. While we ensure that the feature is enabled in practically all other locations of interest,
kvmi_restricted_accessdoes not perform this check.This issue is especially troublesome if the application intends to change the page protection upon such an event. In my case, it caused over 8 million page faults (compared to around 500 after this fix).
I propose to add a check for the feature before using the bitmap.
Best, Thomas