On Tue, Nov 16, 2021, Paolo Bonzini wrote: > On 11/16/21 12:07, Maxim Levitsky wrote: > > > - * But, even though there are 18 bits in the mask below, not all > > > combinations > > > + * But, even though there are 20 bits in the mask > > > below, not all combinations > > I to be honest counted 19 bits there (which includes the 'smm' bit), > > but I might have made a mistake. I do wonder maybe it is better to > > just remove that comment with explicit number? > > Yes, they are 19. But the explicit number is there to guide in No, there are 18 from a gfn_track perspective. "smm" isn't counted because it's in a separate memslot address space. The "mask below" is definitely vague on that point though. > understanding how 19 goes down to 14 combinations. > > Here is a better writeup: > > * - invalid shadow pages are not accounted, so the bits are effectively 18 > * - quadrant will only be used if gpte_is_8_bytes is zero (non-PAE paging); > * execonly and ad_disabled are only used for nested EPT which has > * gpte_is_8_bytes=1. Therefore, 2 bits are always unused. > * - the 4 bits of level are effectively limited to the values 2/3/4/5, > * as 4k SPs are not tracked (allowed to go unsync). In addition non-PAE > * paging has exactly one upper level, making level effectively redundant > * when gpte_is_8_bytes=0. > * - on top of this, smep_andnot_wp and smap_andnot_wp are only set if cr0_wp=0, > * therefore these three bits only give rise to 5 possibilities. > > FWIW, the full count becomes 6400 unless I screwed up the math. Which is "in the neighborhood of 2^13" :-)
