vmm support for updating guest EPT mappings

[Martin Lucina]

Hi,

as part of my work on Solo5 [1], I recently discovered that some
assumptions I made during developing a FreeBSD vmm backend for our "hvt"
tender (f.k.a. "ukvm", which some of you may be aware of) do not hold.

Specifically, our ELF loader relies on the ability to enforce memory
protection at the guest-physical to host-virtual translation point (i.e.
via the EPT mappings). At the time that I wrote the code, I wrongly assumed
that FreeBSD vmm would follow the Linux KVM behaviour, i.e. that a
host-side mprotect() on a memory range which is part of guest memory would
update the EPT mapping used by the hypervisor.

For some discussion on our end please see the issue filed at [2], including
a proposal from the OpenBSD vmm folks, for which we also have a backend,
to implement an "ept-mprotect" like call.

Is there any way to get this ability in FreeBSD vmm? I'd be happy with
either a solution similar to what Linux KVM does (hooking the EPT mapping
update to the host-side mprotect), or the OpenBSD proposal which is
actually more flexible in the long run as it could allow for execute-only
pages on x86.

In my initial investigation I thought this might be achievable in a limited
way with careful use of VM_MMAP_MEMSEG, but that seems like the wrong
approach?

Note that we deliberately do not use libvmmapi in Solo5 due to it making
assumptions over things like guest memory layout that are more suited to a
"classic" VMM such as bhyve.

Martin

[1] https://github.com/Solo5/solo5
[2] https://github.com/Solo5/solo5/issues/303