Method and apparatus for performing protected walk-based shadow paging using multiple stages of page tables

Abstract

A Protected Walk-based Shadow Paging (PWSP) method includes storing a multiple level first stage (S1) page tables structure in second stage (S2) page tables. The method includes: when an S1 page table in an S2 page table entry is marked with a writable attribute: (i) permitting an operating system (OS) to write to the S1 page table, (ii) blocking a memory management unit (MMU) from reading the S1 page table for translation, and (iii) in response, verifying the S1 page table for translation and changing the marking of the S1 page table in the S2 page table entry to a read-only attribute, enabling the MMU to subsequently read the S1 page table. The method further includes: when the S1 page table in the S2 page table entry is marked with the read-only attribute: (i) permitting the OS to read the S1 page table for translating from a virtual address to an intermediate physical address, (ii) blocking the OS from writing to the S1 page table, and (iii) in response to blocking the OS, updating the S1 page table and changing the marking of the S1 page table in the S2 page table entry to the device memory attribute, enabling the OS to write to the S1 page table. Blocking the MMU from reading the S1 page table for translation may include generating a device memory permissions fault, and blocking the OS from writing to the S1 page table may include generating a read-only prefetch permissions fault.