On 21/08/20 01:05, Peter Shier wrote: > After L1 exits, vmx_vcpu_run calls vmx_register_cache_reset which > clears VCPU_EXREG_PDPTR in vcpu->arch.regs_dirty. When L2 next > resumes, ept_load_pdptrs finds VCPU_EXREG_PDPTR clear in > vcpu->arch.regs_dirty and does not load VMCS02.GUEST_PDPTRn from > vcpu->arch.walk_mmu->pdptrs[]. prepare_vmcs02 will then load > VMCS02.GUEST_PDPTRn from vmcs12->pdptr0/1/2/3 which contain the stale > values stored at last L2 exit. A repro of this bug showed L2 entering > triple fault immediately due to the bad VMCS02.GUEST_PDPTRn values. > > When L2 is in PAE paging mode add a call to ept_load_pdptrs before > leaving L2. This will update VMCS02.GUEST_PDPTRn if they are dirty in > vcpu->arch.walk_mmu->pdptrs[]. Queued with an improved comment: /* - * Ensure that the VMCS02 PDPTR fields are up-to-date before switching - * to L1. + * VCPU_EXREG_PDPTR will be clobbered in arch/x86/kvm/vmx/vmx.h between + * now and the new vmentry. Ensure that the VMCS02 PDPTR fields are + * up-to-date before switching to L1. */ I am currently on leave so I am going through the patches and queuing them, but I will only push kvm/next and kvm/queue next week. kvm/master patches will be sent to Linus for the next -rc though. Paolo
