Re: [kvm-unit-tests PATCH v2 13/13] x86: Avoid top-most page for vmalloc on x86-64

[Sean Christopherson <seanjc@google.com>]

On Thu, Jun 26, 2025, Mathias Krause wrote:
> The x86-64 implementation if setup_mmu() doesn't initialize 'vfree_top'
> and leaves it at its zero-value. This isn't wrong per se, however, it
> leads to odd configurations when the first vmalloc/vmap page gets
> allocated. It'll be the very last page in the virtual address space --
> which is an interesting corner case -- but its boundary will probably
> wrap. It does so, for CET's shadow stack, at least, which loads the
> shadow stack pointer with the base address of the mapped page plus its
> size, i.e. 0xffffffff_fffff000 + 4096, which wraps to 0x0.
> 
> The CPU seems to handle such configurations just fine. However, it feels
> odd to set the shadow stack pointer to "NULL".
> 
> To avoid the wrapping, ignore the top most page by initializing
> 'vfree_top' to just one page below.
> 
> Reviewed-by: Chao Gao <chao.gao@intel.com>
> Signed-off-by: Mathias Krause <minipli@grsecurity.net>
> ---
> v2:
> - change comment in x86/lam.c too
> 
>  lib/x86/vm.c |  2 ++
>  x86/lam.c    | 10 +++++-----
>  2 files changed, 7 insertions(+), 5 deletions(-)
> 
> diff --git a/lib/x86/vm.c b/lib/x86/vm.c
> index 90f73fbb2dfd..27e7bb4004ef 100644
> --- a/lib/x86/vm.c
> +++ b/lib/x86/vm.c
> @@ -191,6 +191,8 @@ void *setup_mmu(phys_addr_t end_of_memory, void *opt_mask)
>          end_of_memory = (1ul << 32);  /* map mmio 1:1 */
>  
>      setup_mmu_range(cr3, 0, end_of_memory);
> +    /* skip the last page for out-of-bound and wrap-around reasons */
> +    init_alloc_vpage((void *)(~(PAGE_SIZE - 1)));

This breaks the eventinj test (leads to SHUTDOWN).  I haven't spent any time
trying to figure out why.