From: Sean Christopherson <seanjc@google.com>
To: Rick P Edgecombe <rick.p.edgecombe@intel.com>
Cc: "kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Yan Y Zhao <yan.y.zhao@intel.com>,
"yosry.ahmed@linux.dev" <yosry.ahmed@linux.dev>
Subject: Re: [PATCH] KVM: x86/mmu: Don't create SPTEs for addresses that aren't mappable
Date: Mon, 23 Feb 2026 17:49:20 -0800 [thread overview]
Message-ID: <aZ0DoCheX51i3eXI@google.com> (raw)
In-Reply-To: <f4dc2f2fd2c2201c9e5d141c0c83c203e1f57975.camel@intel.com>
On Mon, Feb 23, 2026, Rick P Edgecombe wrote:
> On Fri, 2026-02-20 at 16:49 -0800, Sean Christopherson wrote:
> > > But also the '5' case is weird because as a GVA the max addresse
> > > bits should be 57 and a GPA is should be 54.
> >
> > 52, i.e. the architectural max MAXPHYADDR.
>
> Oops yes I meant 52. But if it is always max physical address and not
> trying to handle VA's too, why is PT32E_ROOT_LEVEL 32 instead of
> 36?
Setting aside how any nNPT with a 32-bit kernel works for the moment, it would
be 52, not 36. PT32E_ROOT_LEVEL is PAE, which per the SDM can address 52 bits
of physical address space:
PAE paging translates 32-bit linear addresses to 52-bit physical addresses.
PSE-36, a.k.a. 2-level 32-bit paging with CR4.PSE=1, is the horror that can
address 36 bits of physical address space by abusing reserved bits in the "offset"
portion of a huge 4MiB page.
Somewhat of an aside, KVM always uses 64-bit paging or PAE paging for its MMU
(or EPT, but that's basically 64-bit), and so when running on 32-bit kernel, KVM
requires a PAE-enabled kernel to enable NPT, because hCR4 isn't changed on VMRUN,
i.e. the paging mode for KVM's MMU is tightly coupled to the host kernel's paging
mode. Which is one of several reasons why nNPT is a mess.
/*
* KVM's MMU doesn't support using 2-level paging for itself, and thus
* NPT isn't supported if the host is using 2-level paging since host
* CR4 is unchanged on VMRUN.
*/
if (!IS_ENABLED(CONFIG_X86_64) && !IS_ENABLED(CONFIG_X86_PAE))
npt_enabled = false;
As for how running a 32-bit PAE nNPT "works", I suspect it simply doesn't from an
architectural perspective. 32-bit KVM-on-KVM works (though I haven't check in a
few years...) because Linux doesn't allocate kernel memory out of high memory,
i.e. L1 KVM won't feed "bad" addresses to L0 KVM, and presumably QEMU doesn't
manage to either.
I might be forgetting something though? If I get bored, or more likely when my
curiousity gets the best of me, I'll see how hardware behaves.
next prev parent reply other threads:[~2026-02-24 1:49 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-19 0:22 [PATCH] KVM: x86/mmu: Don't create SPTEs for addresses that aren't mappable Sean Christopherson
2026-02-19 0:23 ` Sean Christopherson
[not found] ` <c06466c636da3fc1dc14dc09260981a2554c7cc2.camel@intel.com>
2026-02-20 16:54 ` Sean Christopherson
2026-02-21 0:01 ` Edgecombe, Rick P
2026-02-21 0:07 ` Sean Christopherson
2026-02-21 0:08 ` Edgecombe, Rick P
2026-02-21 0:49 ` Sean Christopherson
2026-02-23 23:23 ` Edgecombe, Rick P
2026-02-24 1:49 ` Sean Christopherson [this message]
2026-02-23 11:12 ` Huang, Kai
2026-02-23 16:54 ` Sean Christopherson
2026-02-23 20:48 ` Huang, Kai
2026-02-23 21:25 ` Sean Christopherson
2026-02-23 21:44 ` Huang, Kai
2026-03-05 7:55 ` Yan Zhao
2026-03-06 22:22 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aZ0DoCheX51i3eXI@google.com \
--to=seanjc@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=yan.y.zhao@intel.com \
--cc=yosry.ahmed@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox