hyperlight-dev · danbugs · Mar 3, 2026 · Mar 4, 2026 · Mar 6, 2026
@@ -17,11 +17,9 @@ limitations under the License.
 // This file is just dummy definitions at the moment, in order to
 // allow compiling the guest for real mode boot scenarios.
 
-pub const MAX_GVA: usize = 0xffff_efff;
-pub const SNAPSHOT_PT_GVA_MIN: usize = 0xef00_0000;
-pub const SNAPSHOT_PT_GVA_MAX: usize = 0xefff_efff;
+pub const MAX_GVA: usize = 0xffff_ffff;
 pub const MAX_GPA: usize = 0xffff_ffff;
 
-pub fn min_scratch_size() -> usize {
-    1 * crate::vmem::PAGE_SIZE
+pub fn min_scratch_size(_input_data_size: usize, _output_data_size: usize) -> usize {
+    crate::vmem::PAGE_SIZE
 }
@@ -14,11 +14,20 @@ See the License for the specific language governing permissions and
 limitations under the License.
  */
 
-#[cfg_attr(target_arch = "x86_64", path = "arch/amd64/layout.rs")]
 #[cfg_attr(target_arch = "x86", path = "arch/i686/layout.rs")]
+#[cfg_attr(
+    all(target_arch = "x86_64", feature = "init-paging"),
+    path = "arch/amd64/layout.rs"
+)]
+#[cfg_attr(
+    all(target_arch = "x86_64", not(feature = "init-paging")),
+    path = "arch/i686/layout.rs"
+)]
 mod arch;
 
-pub use arch::{MAX_GPA, MAX_GVA, SNAPSHOT_PT_GVA_MAX, SNAPSHOT_PT_GVA_MIN};
+pub use arch::{MAX_GPA, MAX_GVA};
+#[cfg(feature = "init-paging")]
+pub use arch::{SNAPSHOT_PT_GVA_MAX, SNAPSHOT_PT_GVA_MIN};
 
 // offsets down from the top of scratch memory for various things
 pub const SCRATCH_TOP_SIZE_OFFSET: u64 = 0x08;

@@ -40,7 +40,7 @@ tracing = { version = "0.1.44", features = ["log"] }
 tracing-log = "0.2.0"
 tracing-core = "0.1.36"
 tracing-opentelemetry = { version = "0.32.1", optional = true }
-hyperlight-common = { workspace = true, default-features = true, features = [ "std", "init-paging" ] }
+hyperlight-common = { workspace = true, default-features = true, features = [ "std" ] }
 hyperlight-guest-tracing = { workspace = true, default-features = true, optional = true }
 vmm-sys-util = "0.15.0"
 crossbeam-channel = "0.5.15"
@@ -137,7 +137,7 @@ mshv3 = ["dep:mshv-bindings", "dep:mshv-ioctls"]
 gdb = ["dep:gdbstub", "dep:gdbstub_arch"]
 fuzzing = ["hyperlight-common/fuzzing"]
 build-metadata = ["dep:built"]
-init-paging = []
+init-paging = ["hyperlight-common/init-paging"]
 
 [[bench]]
 name = "benchmarks"

@@ -679,7 +679,22 @@ impl GuestSharedMemory {
             MemoryRegionType::Scratch => {
                 MemoryRegionFlags::READ | MemoryRegionFlags::WRITE | MemoryRegionFlags::EXECUTE
             }
-            MemoryRegionType::Snapshot => MemoryRegionFlags::READ | MemoryRegionFlags::EXECUTE,
+            // For init-paging, the snapshot is read-only because guest page
+            // tables provide CoW semantics for writable pages.  For
+            // non-init-paging there are no guest page tables, so the snapshot
+            // must be writable — otherwise writes (including the CPU setting
+            // the "Accessed" bit in GDT descriptors during segment loads)
+            // cause EPT violations that KVM retries forever.
+            MemoryRegionType::Snapshot => {
+                #[cfg(feature = "init-paging")]
+                {
+                    MemoryRegionFlags::READ | MemoryRegionFlags::EXECUTE
+                }
+                #[cfg(not(feature = "init-paging"))]
+                {
+                    MemoryRegionFlags::READ | MemoryRegionFlags::WRITE | MemoryRegionFlags::EXECUTE
+                }
+            }
             #[allow(clippy::panic)]
             // In the future, all the host side knowledge about memory
             // region types should collapse down to Snapshot vs

@@ -265,6 +265,7 @@ fn filtered_mappings<'a>(
             return None;
         }
         // neither does the mapping of the snapshot's own page tables
+        #[cfg(feature = "init-paging")]
         if mapping.virt_base >= hyperlight_common::layout::SNAPSHOT_PT_GVA_MIN as u64
             && mapping.virt_base <= hyperlight_common::layout::SNAPSHOT_PT_GVA_MAX as u64
         {

@@ -29,9 +29,10 @@ use crate::func::host_functions::{HostFunction, register_host_function};
 use crate::func::{ParameterTuple, SupportedReturnType};
 #[cfg(feature = "build-metadata")]
 use crate::log_build_details;
+use crate::mem::layout::SandboxMemoryLayout;
 use crate::mem::memory_region::{DEFAULT_GUEST_BLOB_MEM_FLAGS, MemoryRegionFlags};
 use crate::mem::mgr::SandboxMemoryManager;
-use crate::mem::shared_mem::ExclusiveSharedMemory;
+use crate::mem::shared_mem::{ExclusiveSharedMemory, SharedMemory};
 use crate::sandbox::SandboxConfiguration;
 use crate::{MultiUseSandbox, Result, new_error};
 
@@ -169,6 +170,43 @@ impl<'a> From<GuestBinary<'a>> for GuestEnvironment<'a, '_> {
 }
 
 impl UninitializedSandbox {
+    /// Returns a host-side pointer to a specific guest physical address (GPA)
+    /// within the sandbox's shared memory region.
+    ///
+    /// This is the safe way to obtain host-side access to guest memory.
+    /// The method validates that the GPA falls within the sandbox's
+    /// allocated memory region before returning the corresponding host pointer.
+    ///
+    /// # Safety
+    ///
+    /// The returned pointer is valid as long as the sandbox (and its underlying
+    /// shared memory mapping) remains alive. Dereferencing the pointer requires
+    /// `unsafe` code and the caller must ensure proper synchronization.
+    pub fn guest_memory_ptr(&mut self, gpa: usize) -> Result<*mut u8> {
+        let base = SandboxMemoryLayout::BASE_ADDRESS;
+        let mem_size = self.mgr.shared_mem.mem_size();
+
+        if gpa < base {
+            return Err(new_error!(
+                "GPA {:#x} is below the sandbox base address {:#x}",
+                gpa,
+                base
+            ));
+        }
+
+        let offset = gpa - base;
+        if offset >= mem_size {
+            return Err(new_error!(
+                "GPA {:#x} (offset {:#x}) is beyond sandbox memory size {:#x}",
+                gpa,
+                offset,
+                mem_size
+            ));
+        }
+
+        Ok(unsafe { self.mgr.shared_mem.base_ptr().add(offset) })
+    }
+
     // Creates a new uninitialized sandbox from a pre-built snapshot.
     // Note that since memory configuration is part of the snapshot the only configuration
     // that can be changed (from the original snapshot) is the configuration defines the behaviour of