Xen also provides an alternative mode of operation in which guests
have the illusion that their page tables are directly writable. Of
course this is not really the case, since Xen must still validate
modifications to ensure secure partitioning. To this end, Xen traps
any write attempt to a memory page of type PT (i.e., that is
currently part of a page table). If such an access occurs, Xen
temporarily allows write access to that page while at the same time
disconnecting it from the page table that is currently in use.
This allows the guest to safely make updates to the page because the
newly-updated entries cannot be used by the MMU until Xen revalidates
and reconnects the page. Reconnection occurs automatically in a
number of situations: for example, when the guest modifies a different
page-table page, when the domain is preempted, or whenever the guest
uses Xen's explicit page-table update interfaces.
Writable pagetable functionality is enabled when the guest requests
it, using a vm_assist hypercall. Writable pagetables do not provide full virtualisation of the MMU, so the memory management
code of the guest still needs to be aware that it is running on Xen.
Since the guest's page tables are used directly, it must translate
pseudo-physical addresses to real machine addresses when building page
table entries. The guest may not attempt to map its own pagetables
writably, since this would violate the memory type invariants; page
tables will automatically be made writable by the hypervisor, as
necessary.
