lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aR0GI81ZASDYeFP_@google.com>
Date: Tue, 18 Nov 2025 15:49:55 -0800
From: Sean Christopherson <seanjc@...gle.com>
To: Yosry Ahmed <yosry.ahmed@...ux.dev>
Cc: Jim Mattson <jmattson@...gle.com>, Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 00/23] Extend test coverage for nested SVM

On Tue, Nov 18, 2025, Yosry Ahmed wrote:
> On Tue, Nov 18, 2025 at 03:00:26PM -0800, Jim Mattson wrote:
> > On Tue, Nov 18, 2025 at 2:26 PM Yosry Ahmed <yosry.ahmed@...ux.dev> wrote:
> > >
> > > On Tue, Oct 21, 2025 at 07:47:13AM +0000, Yosry Ahmed wrote:
> > > > There are multiple selftests exercising nested VMX that are not specific
> > > > to VMX (at least not anymore). Extend their coverage to nested SVM.
> > > >
> > > > This version is significantly different (and longer) than v1 [1], mainly
> > > > due to the change of direction to reuse __virt_pg_map() for nested EPT/NPT
> > > > mappings instead of extending the existing nested EPT infrastructure. It
> > > > also has a lot more fixups and cleanups.
> > > >
> > > > This series depends on two other series:
> > > > - "KVM: SVM: GIF and EFER.SVME are independent" [2]
> > > > - "KVM: selftests: Add test of SET_NESTED_STATE with 48-bit L2 on 57-bit L1" [3]
> > >
> > > v2 of Jim's series switches all tests to use 57-bit by default when
> > > available:
> > > https://lore.kernel.org/kvm/20251028225827.2269128-4-jmattson@google.com/
> > >
> > > This breaks moving nested EPT mappings to use __virt_pg_map() because
> > > nested EPTs are hardcoded to use 4-level paging, while __virt_pg_map()
> > > will assume we're using 5-level paging.
> > >
> > > Patch #16 ("KVM: selftests: Use __virt_pg_map() for nested EPTs") will
> > > need the following diff to make nested EPTs use the same paging level as
> > > the guest:
> > >
> > > diff --git a/tools/testing/selftests/kvm/lib/x86_64/vmx.c b/tools/testing/selftests/kvm/lib/x86_64/vmx.c
> > > index 358143bf8dd0d..8bacb74c00053 100644
> > > --- a/tools/testing/selftests/kvm/lib/x86/vmx.c
> > > +++ b/tools/testing/selftests/kvm/lib/x86/vmx.c
> > > @@ -203,7 +203,7 @@ static inline void init_vmcs_control_fields(struct vmx_pages *vmx)
> > >                 uint64_t ept_paddr;
> > >                 struct eptPageTablePointer eptp = {
> > >                         .memory_type = X86_MEMTYPE_WB,
> > > -                       .page_walk_length = 3, /* + 1 */
> > > +                       .page_walk_length = get_cr4() & X86_CR4_LA57 ? 4 : 3, /* + 1 */
> > 
> > LA57 does not imply support for 5-level EPT. (SRF, IIRC)

Yuuuup.  And similarly, MAXPHYADDR=52 doesn't imply 5-level EPT (thank you TDX!).

> Huh, that's annoying. We can keep the EPTs hardcoded to 4 levels and
> pass in the max level to __virt_pg_map() instead of hardcoding
> vm->pgtable_levels.

I haven't looked at the series in-depth so I don't know exactly what you're trying
to do, but why not check MSR_IA32_VMX_EPT_VPID_CAP for PWL5?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ