On 23/10/20 05:14, Sean Christopherson wrote: >>>> + >>>> + /* >>>> + * Check that the GPA doesn't exceed physical memory limits, as that is >>>> + * a guest page fault. We have to emulate the instruction here, because >>>> + * if the illegal address is that of a paging structure, then >>>> + * EPT_VIOLATION_ACC_WRITE bit is set. Alternatively, if supported we >>>> + * would also use advanced VM-exit information for EPT violations to >>>> + * reconstruct the page fault error code. >>>> + */ >>>> + if (unlikely(kvm_mmu_is_illegal_gpa(vcpu, gpa))) >>>> + return kvm_emulate_instruction(vcpu, 0); >>>> + >>> Is kvm's in-kernel emulator up to the task? What if the instruction in >>> question is AVX-512, or one of the myriad instructions that the >>> in-kernel emulator can't handle? Ice Lake must support the advanced >>> VM-exit information for EPT violations, so that would seem like a >>> better choice. >>> >> Anyone? > > Using "advanced info" if it's supported seems like the way to go. Outright > requiring it is probably overkill; if userspace wants to risk having to kill a > (likely broken) guest, so be it. Yeah, the instruction is expected to page-fault here. However the comment is incorrect and advanced information does not help here. The problem is that page fault error code bits cannot be reconstructed from bits 0..2 of the EPT violation exit qualification, if bit 8 is clear in the exit qualification (that is, if the access causing the EPT violation is to a paging-structure entry). In that case bits 0..2 refer to the paging-structure access rather than to the final access. In fact advanced information is not available at all for paging-structure access EPT violations. Thanks, Paolo