lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aO_l5TwbOv2F5E7n@google.com>
Date: Wed, 15 Oct 2025 11:20:21 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Yosry Ahmed <yosry.ahmed@...ux.dev>
Cc: Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 08/12] KVM: selftests: Use 'leaf' instead of hugepage to
 describe EPT entries

On Mon, Oct 13, 2025, Yosry Ahmed wrote:
> On Mon, Oct 13, 2025 at 03:58:30PM -0700, Sean Christopherson wrote:
> > Ah, right, current_level can never be less than target_level because the first
> > assert will fail on iteration-1.
> > 
> > > the assertion here is when we try to override a leaf page table IIUC.
> > >
> > > > Instead of hacking on the nested code, can we instead tweak __virt_pg_map() to
> > > > work with nested TDP?  At a glance, it's already quite close, e.g. "just" needs
> > > > to be taught about EPT RWX bits and allow the call to pass in the root pointer.
> > > 
> > > That would be ideal, I'll take a look. In case I don't have time for
> > > that unification, can this be a follow-up change?
> > 
> > Part of me wants to be nice and say "yes", but most of me wants to say "no".
> 
> So.. which part won?
> 
> > 
> > Struct overlays for PTEs suck.  At best, they generate poor code and obfuscate
> > simple logic (e.g. vm->page_size vs pte->page_size is a confusion that simply
> > should not be possible).  At worst, they lead to hard-to-debug issues like the
> > one that led to commit f18b4aebe107 ("kvm: selftests: do not use bitfields larger
> > than 32-bits for PTEs").
> > 
> > eptPageTableEntry obviously isn't your fault, but nptPageTableEntry is. :-D
> > And I suspect the hardest part of unificiation will be adding the globals to
> > deal with variable bit positions that are currently being handled by the struct
> > overlays.
> 
> I have no problem getting rid of eptPageTableEntry and using bitmasks
> and whatnot on a uint64_t PTE (assuming that's what you are asking for
> here).
> 
> But I think tweaking __virt_pg_map() will involve more than that, or
> maybe I just didn't look close enough yet.

For posterity, Yosry and I chatted off-list.  The plan is to try and convert
__virt_pg_map() to work with variable "mmu", using an approach similar to KVM,
where the bit positions of variable flags, e.g. NX vs. X, are stored in an mmu
structure.  If for whatever reason converting __virt_pg_map() is meaningfully
harder than getting nEPT and nNPT to play nice, then we'll revisit all of this.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ