Page Access Rights
Mapped GPA pages have the following attributes that define the access rights of the partition:
- Readable
-
Data on the page can be read.
- Writeable
-
Data can be written to the page.
- Executable
-
Code on the page can be executed.
These access rights are enforced for explicit accesses that the child partition's virtual processors perform. These access rights are also enforced for implicit reads or writes that the hypervisor performs (for example, because of guest page table flag updates).
Access right combinations are limited by the underlying hardware. The following table shows the valid combinations for an x64 computer.
| Access type | Description | ||
|---|---|---|---|
| Read | Write | Exec | |
|
X |
X |
X |
Instruction fetches, reads, and writes are allowed. |
|
X |
X |
Illegal combination. | |
|
X |
X |
Instruction fetches and reads are allowed. | |
|
X |
Illegal combination. | ||
|
X |
X |
Reads and writes are allowed. | |
|
X |
Illegal combination. | ||
|
X |
Reads are allowed. | ||
|
No access is allowed. | |||
If an attempted memory access is not permitted according to the access rights, the virtual processor that performed the access is suspended (on an instruction boundary), and a message is sent to the parent partition. Code within the parent will typically respond by adjusting the access rights to allow the access or by emulating the instruction that performed the memory access. In either case, the software in the parent partition must "unsuspend" the child's virtual processor. For more information about memory access messages, see Memory Access Messages.
Memory accesses that cross page boundaries are handled in a manner that is consistent with the underlying processor architecture. For x64, this means the entire access is validated before any data exchange occurs. For example, if a four-byte write is split across two pages and the first page is writable but the second is not, the first two bytes are not written.
Send comments about this topic to Microsoft
Build date: 11/16/2013