kvm: pagetables: Enable 5-level paging

tranji-cloud · gvisor-bot · commit 49a6cc35fab1 · 2025-08-27T13:54:47.000-07:00
This change enables 5-level paging by supporting P4D table.

During PageTable.InitArch(), we detect CPU capabilities and set a flag to
determine the paging mode.

Update iterateRangeCanonical() call handle P4D level. We avoid using a
separate walkP4D function because the call chain would be too deep for the
nosplit attribute. The P4D level logic is wrapped around a if/else statement
for clarity

PiperOrigin-RevId: 800161142
diff --git a/pkg/ring0/kernel_amd64.go b/pkg/ring0/kernel_amd64.go
@@ -205,6 +205,9 @@ func (c *CPU) CR4() uint64 {
 	if hasUMIP {
 		cr4 |= _CR4_UMIP
 	}
+	if hasLA57 {
+		cr4 |= _CR4_LA57
+	}
 	return cr4
 }
 
diff --git a/pkg/ring0/lib_amd64.go b/pkg/ring0/lib_amd64.go
@@ -88,6 +88,7 @@ var (
 	hasXSAVEOPT   bool
 	hasXSAVE      bool
 	hasFSGSBASE   bool
+	hasLA57       bool
 	validXCR0Mask uintptr
 	localXCR0     uintptr
 )
@@ -100,19 +101,12 @@ var (
 func Init(fs cpuid.FeatureSet) {
 	// Initialize all sizes.
 	VirtualAddressBits = uintptr(fs.VirtualAddressBits())
-	// TODO(gvisor.dev/issue/7349): introduce support for 5-level paging.
-	// Four-level page tables allows to address up to 48-bit virtual
-	// addresses.
-	if VirtualAddressBits > 48 {
-		VirtualAddressBits = 48
-	}
 	if PhysicalAddressBits == 0 {
 		PhysicalAddressBits = uintptr(fs.PhysicalAddressBits())
 	}
 	UserspaceSize = uintptr(1) << (VirtualAddressBits - 1)
 	MaximumUserAddress = (UserspaceSize - 1) & ^uintptr(hostarch.PageSize-1)
 	KernelStartAddress = ^uintptr(0) - (UserspaceSize - 1)
-
 	// Initialize all functions.
 	hasSMEP = fs.HasFeature(cpuid.X86FeatureSMEP)
 	hasSMAP = fs.HasFeature(cpuid.X86FeatureSMAP)
@@ -121,6 +115,7 @@ func Init(fs cpuid.FeatureSet) {
 	hasXSAVEOPT = fs.UseXsaveopt()
 	hasXSAVE = fs.UseXsave()
 	hasFSGSBASE = fs.HasFeature(cpuid.X86FeatureFSGSBase)
+	hasLA57 = fs.HasFeature(cpuid.X86FeatureLA57)
 	validXCR0Mask = uintptr(fs.ValidXCR0Mask())
 	if hasXSAVE {
 		XCR0DisabledMask := uintptr((1 << 9) | (1 << 17) | (1 << 18))
diff --git a/pkg/ring0/pagetables/BUILD b/pkg/ring0/pagetables/BUILD
@@ -71,6 +71,7 @@ go_library(
         "//pkg/sentry/platform/kvm:__subpackages__",
     ],
     deps = [
+        "//pkg/cpuid",
         "//pkg/hostarch",
         "//pkg/sync",
     ],
@@ -87,5 +88,8 @@ go_test(
         ":walker_check_arm64",
     ],
     library = ":pagetables",
-    deps = ["//pkg/hostarch"],
+    deps = [
+        "//pkg/cpuid",
+        "//pkg/hostarch",
+    ],
 )
diff --git a/pkg/ring0/pagetables/pagetables.go b/pkg/ring0/pagetables/pagetables.go
@@ -56,6 +56,10 @@ type PageTables struct {
 	// readOnlyShared indicates the Pagetables are read-only and
 	// own the ranges that are shared with other Pagetables.
 	readOnlyShared bool
+
+	// largeAddressesEnabled indicates the Pagetables support addresess
+	// larger than 48 bits.
+	largeAddressesEnabled bool
 }
 
 // Init initializes a set of PageTables.
diff --git a/pkg/ring0/pagetables/pagetables_amd64.go b/pkg/ring0/pagetables/pagetables_amd64.go
@@ -14,28 +14,34 @@
 
 package pagetables
 
+import (
+	"gvisor.dev/gvisor/pkg/cpuid"
+)
+
 // Address constraints.
-//
-// The lowerTop and upperBottom currently apply to four-level pagetables;
-// additional refactoring would be necessary to support five-level pagetables.
-const (
-	lowerTop    = 0x00007fffffffffff
-	upperBottom = 0xffff800000000000
+var (
+	lowerTop    uintptr = 0x00007fffffffffff
+	upperBottom uintptr = 0xffff800000000000
+	pgdShift            = 39
+	pgdMask     uintptr = 0x1ff << pgdShift
+	pgdSize     uintptr = 1 << pgdShift
+)
 
+const (
 	pteShift = 12
 	pmdShift = 21
 	pudShift = 30
-	pgdShift = 39
+	p4dShift = 39
 
 	pteMask = 0x1ff << pteShift
 	pmdMask = 0x1ff << pmdShift
 	pudMask = 0x1ff << pudShift
-	pgdMask = 0x1ff << pgdShift
+	p4dMask = 0x1ff << p4dShift
 
 	pteSize = 1 << pteShift
 	pmdSize = 1 << pmdShift
 	pudSize = 1 << pudShift
-	pgdSize = 1 << pgdShift
+	p4dSize = 1 << p4dShift
 
 	executeDisable = 1 << 63
 	entriesPerPage = 512
@@ -47,6 +53,16 @@ const (
 //
 //go:nosplit
 func (p *PageTables) InitArch(allocator Allocator) {
+	featureSet := cpuid.HostFeatureSet()
+	if featureSet.HasFeature(cpuid.X86FeatureLA57) {
+		p.largeAddressesEnabled = true
+		lowerTop = 0x00FFFFFFFFFFFFFF
+		upperBottom = 0xFF00000000000000
+		pgdShift = 48
+		pgdMask = 0x1ff << pgdShift
+		pgdSize = 1 << pgdShift
+	}
+
 	if p.upperSharedPageTables != nil {
 		p.cloneUpperShared()
 	}
@@ -58,10 +74,10 @@ func pgdIndex(upperStart uintptr) uintptr {
 		panic("upperStart should be pgd size aligned")
 	}
 	if upperStart >= upperBottom {
-		return entriesPerPage/2 + (upperStart-upperBottom)/pgdSize
+		return entriesPerPage/2 + (upperStart-upperBottom)>>pgdShift
 	}
 	if upperStart < lowerTop {
-		return upperStart / pgdSize
+		return upperStart >> pgdShift
 	}
 	panic("upperStart should be in canonical range")
 }
diff --git a/pkg/ring0/pagetables/pagetables_amd64_test.go b/pkg/ring0/pagetables/pagetables_amd64_test.go
@@ -20,62 +20,100 @@ package pagetables
 import (
 	"testing"
 
+	"gvisor.dev/gvisor/pkg/cpuid"
 	"gvisor.dev/gvisor/pkg/hostarch"
 )
 
-func Test2MAnd4K(t *testing.T) {
-	pt := New(NewRuntimeAllocator())
+var (
+	lowerTopAligned uintptr = 0x00007f0000000000
+	pt              *PageTables
+)
+
+func getLargeAddressesEnabled() bool {
+	featureSet := cpuid.HostFeatureSet()
+	return featureSet.HasFeature(cpuid.X86FeatureLA57)
+}
+
+func getLowerTopAligned() uintptr {
+	if getLargeAddressesEnabled() {
+		return 0x00FF000000000000
+	}
+	return lowerTopAligned
+}
+
+func InitTest() {
+	cpuid.Initialize()
+	pt = New(NewRuntimeAllocator())
+	pt.InitArch(NewRuntimeAllocator())
+}
+
+func TestLargeAddresses(t *testing.T) {
+	InitTest()
+	if !getLargeAddressesEnabled() {
+		t.Skip("Large addresses are not supported on this platform")
+	}
+	pt.Map(hostarch.Addr(1<<50), pteSize, MapOpts{AccessType: hostarch.ReadWrite}, pteSize*42)
+	pt.Map(hostarch.Addr(1<<54), pmdSize, MapOpts{AccessType: hostarch.Read}, pmdSize*42)
+
+	checkMappings(t, pt, []mapping{
+		{uintptr(1 << 50), pteSize, pteSize * 42, MapOpts{AccessType: hostarch.ReadWrite}},
+		{uintptr(1 << 54), pmdSize, pmdSize * 42, MapOpts{AccessType: hostarch.Read}},
+	})
+}
 
+func Test2MAnd4K(t *testing.T) {
+	InitTest()
 	// Map a small page and a huge page.
 	pt.Map(0x400000, pteSize, MapOpts{AccessType: hostarch.ReadWrite}, pteSize*42)
-	pt.Map(0x00007f0000000000, pmdSize, MapOpts{AccessType: hostarch.Read}, pmdSize*47)
+	pt.Map(hostarch.Addr(getLowerTopAligned()), pmdSize, MapOpts{AccessType: hostarch.Read}, pmdSize*47)
 
 	checkMappings(t, pt, []mapping{
 		{0x400000, pteSize, pteSize * 42, MapOpts{AccessType: hostarch.ReadWrite}},
-		{0x00007f0000000000, pmdSize, pmdSize * 47, MapOpts{AccessType: hostarch.Read}},
+		{getLowerTopAligned(), pmdSize, pmdSize * 47, MapOpts{AccessType: hostarch.Read}},
 	})
 }
 
 func Test1GAnd4K(t *testing.T) {
-	pt := New(NewRuntimeAllocator())
+	InitTest()
 
 	// Map a small page and a super page.
 	pt.Map(0x400000, pteSize, MapOpts{AccessType: hostarch.ReadWrite}, pteSize*42)
-	pt.Map(0x00007f0000000000, pudSize, MapOpts{AccessType: hostarch.Read}, pudSize*47)
+	pt.Map(hostarch.Addr(getLowerTopAligned()), pudSize, MapOpts{AccessType: hostarch.Read}, pudSize*47)
 
 	checkMappings(t, pt, []mapping{
 		{0x400000, pteSize, pteSize * 42, MapOpts{AccessType: hostarch.ReadWrite}},
-		{0x00007f0000000000, pudSize, pudSize * 47, MapOpts{AccessType: hostarch.Read}},
+		{getLowerTopAligned(), pudSize, pudSize * 47, MapOpts{AccessType: hostarch.Read}},
 	})
 }
 
 func TestSplit1GPage(t *testing.T) {
-	pt := New(NewRuntimeAllocator())
+	InitTest()
 
 	// Map a super page and knock out the middle.
-	pt.Map(0x00007f0000000000, pudSize, MapOpts{AccessType: hostarch.Read}, pudSize*42)
-	pt.Unmap(hostarch.Addr(0x00007f0000000000+pteSize), pudSize-(2*pteSize))
+	pt.Map(hostarch.Addr(getLowerTopAligned()), pudSize, MapOpts{AccessType: hostarch.Read}, pudSize*42)
+	pt.Unmap(hostarch.Addr(getLowerTopAligned()+pteSize), pudSize-(2*pteSize))
 
 	checkMappings(t, pt, []mapping{
-		{0x00007f0000000000, pteSize, pudSize * 42, MapOpts{AccessType: hostarch.Read}},
-		{0x00007f0000000000 + pudSize - pteSize, pteSize, pudSize*42 + pudSize - pteSize, MapOpts{AccessType: hostarch.Read}},
+		{getLowerTopAligned(), pteSize, pudSize * 42, MapOpts{AccessType: hostarch.Read}},
+		{getLowerTopAligned() + pudSize - pteSize, pteSize, pudSize*42 + pudSize - pteSize, MapOpts{AccessType: hostarch.Read}},
 	})
 }
 
 func TestSplit2MPage(t *testing.T) {
-	pt := New(NewRuntimeAllocator())
+	InitTest()
 
 	// Map a huge page and knock out the middle.
-	pt.Map(0x00007f0000000000, pmdSize, MapOpts{AccessType: hostarch.Read}, pmdSize*42)
-	pt.Unmap(hostarch.Addr(0x00007f0000000000+pteSize), pmdSize-(2*pteSize))
+	pt.Map(hostarch.Addr(getLowerTopAligned()), pmdSize, MapOpts{AccessType: hostarch.Read}, pmdSize*42)
+	pt.Unmap(hostarch.Addr(getLowerTopAligned()+pteSize), pmdSize-(2*pteSize))
 
 	checkMappings(t, pt, []mapping{
-		{0x00007f0000000000, pteSize, pmdSize * 42, MapOpts{AccessType: hostarch.Read}},
-		{0x00007f0000000000 + pmdSize - pteSize, pteSize, pmdSize*42 + pmdSize - pteSize, MapOpts{AccessType: hostarch.Read}},
+		{getLowerTopAligned(), pteSize, pmdSize * 42, MapOpts{AccessType: hostarch.Read}},
+		{getLowerTopAligned() + pmdSize - pteSize, pteSize, pmdSize*42 + pmdSize - pteSize, MapOpts{AccessType: hostarch.Read}},
 	})
 }
 
 func TestNumMemoryTypes(t *testing.T) {
+	InitTest()
 	// The PAT accommodates up to 8 entries. However, PTE.Set() currently
 	// assumes that NumMemoryTypes <= 4, since the location of the most
 	// significant bit of the PAT index in page table entries varies depending
diff --git a/pkg/ring0/pagetables/walker_amd64.go b/pkg/ring0/pagetables/walker_amd64.go
@@ -262,30 +262,85 @@ func (w *Walker) iterateRangeCanonical(start, end uintptr) bool {
 		nextBoundary := addrEnd(start, end, pgdSize)
 		pgdIndex := uint16((start & pgdMask) >> pgdShift)
 		pgdEntry := &w.pageTables.root[pgdIndex]
-		if !pgdEntry.Valid() {
-			if !w.visitor.requiresAlloc() {
-				// Skip over this entry.
-				start = nextBoundary
-				continue
+		if !w.pageTables.largeAddressesEnabled {
+			if !pgdEntry.Valid() {
+				if !w.visitor.requiresAlloc() {
+					// Skip over this entry.
+					start = nextBoundary
+					continue
+				}
+
+				// Allocate a new pgd.
+				pudEntries = w.pageTables.Allocator.NewPTEs() // escapes: depends on allocator.
+				pgdEntry.setPageTable(w.pageTables, pudEntries)
+			} else {
+				pudEntries = w.pageTables.Allocator.LookupPTEs(pgdEntry.Address()) // escapes: see above.
+			}
+			// Map the next level.
+			ok, clearPUDEntries := w.walkPUDs(pudEntries, start, nextBoundary)
+			if !ok {
+				return false
 			}
 
-			// Allocate a new pgd.
-			pudEntries = w.pageTables.Allocator.NewPTEs() // escapes: depends on allocator.
-			pgdEntry.setPageTable(w.pageTables, pudEntries)
+			// Check if we no longer need this page table.
+			if clearPUDEntries == entriesPerPage {
+				pgdEntry.Clear()
+				w.pageTables.Allocator.FreePTEs(pudEntries) // escapes: see above.
+			}
 		} else {
-			pudEntries = w.pageTables.Allocator.LookupPTEs(pgdEntry.Address()) // escapes: see above.
-		}
+			var p4dEntries *PTEs
+			if !pgdEntry.Valid() {
+				if !w.visitor.requiresAlloc() {
+					// Skip over this entry.
+					start = nextBoundary
+					continue
+				}
 
-		// Map the next level.
-		ok, clearPUDEntries := w.walkPUDs(pudEntries, start, nextBoundary)
-		if !ok {
-			return false
-		}
+				// Allocate a new pgd.
+				p4dEntries = w.pageTables.Allocator.NewPTEs() // escapes: depends on allocator.
+				pgdEntry.setPageTable(w.pageTables, p4dEntries)
+			} else {
+				p4dEntries = w.pageTables.Allocator.LookupPTEs(pgdEntry.Address()) // escapes: see above.
+			}
+			var clearP4DEntries uint16 = 0
+			p4dStart := start
+			p4dEnd := nextBoundary
+			for p4dStart < p4dEnd {
+				nextP4DBoundary := addrEnd(p4dStart, p4dEnd, p4dSize)
+				p4dIndex := uint16((p4dStart & p4dMask) >> p4dShift)
+				p4dEntry := &p4dEntries[p4dIndex]
+				if !p4dEntry.Valid() {
+					if !w.visitor.requiresAlloc() {
+						// Skip over this entry.
+						clearP4DEntries++
+						p4dStart = nextP4DBoundary
+						continue
+					}
+					// Allocate a new pud.
+					pudEntries = w.pageTables.Allocator.NewPTEs() // escapes: depends on allocator.
+					p4dEntry.setPageTable(w.pageTables, pudEntries)
+				} else {
+					pudEntries = w.pageTables.Allocator.LookupPTEs(p4dEntry.Address()) // escapes: see above.
+				}
+
+				ok, clearPUDEntries := w.walkPUDs(pudEntries, p4dStart, nextP4DBoundary)
+				if !ok {
+					return false
+				}
+				if clearPUDEntries == entriesPerPage {
+					p4dEntry.Clear()
+					w.pageTables.Allocator.FreePTEs(pudEntries) // escapes: see above.
+					clearP4DEntries++
+				}
 
-		// Check if we no longer need this page table.
-		if clearPUDEntries == entriesPerPage {
-			pgdEntry.Clear()
-			w.pageTables.Allocator.FreePTEs(pudEntries) // escapes: see above.
+				p4dStart = nextP4DBoundary
+			}
+
+			// Check if we no longer need this page table.
+			if clearP4DEntries == entriesPerPage {
+				pgdEntry.Clear()
+				w.pageTables.Allocator.FreePTEs(p4dEntries) // escapes: see above.
+			}
 		}
 
 		// Advance to the next PGD entry's range for the next loop.
diff --git a/pkg/ring0/x86.go b/pkg/ring0/x86.go
@@ -31,6 +31,7 @@ const (
 	_CR4_OSFXSR     = 1 << 9
 	_CR4_OSXMMEXCPT = 1 << 10
 	_CR4_UMIP       = 1 << 11
+	_CR4_LA57       = 1 << 12
 	_CR4_FSGSBASE   = 1 << 16
 	_CR4_PCIDE      = 1 << 17
 	_CR4_OSXSAVE    = 1 << 18
diff --git a/pkg/sentry/platform/kvm/physical_map.go b/pkg/sentry/platform/kvm/physical_map.go

Original file line number	Diff line number	Diff line change
`@@ -205,6 +205,9 @@ func (c *CPU) CR4() uint64 {`
`205`	`205`	`if hasUMIP {`
`206`	`206`	`cr4 \|= _CR4_UMIP`
`207`	`207`	`}`
	`208`	`+ if hasLA57 {`
	`209`	`+ cr4 \|= _CR4_LA57`
	`210`	`+ }`
`208`	`211`	`return cr4`
`209`	`212`	`}`
`210`	`213`