Why can't we just get the GPA and then directly compute the real physical address, as shown in the https://www.exploit-db.com/docs/45546 on page 8? we can save a lot of access to memory.
Why do we need the complex calculation with nested page tables, as shown on the same link on page 9?
I am not sure, but my guess is to allow more addressing space. if the virtual machine "has" 4gb virtual space and 4gb physical space then if we use the first approach, we can get only to 4GB in the real machine. But I think that we can overcome it.
I got it! every table is located in the GPA, as such, we need to translate it using the table walk with the eptp to get to the PPA of the table!, we need to do it for each table, and that's why the long page walk. For example, PML4 is in the GPA, so we need to translate it, and so on.