https://bugzilla.kernel.org/show_bug.cgi?id=210695 --- Comment #7 from Sean Christopherson (seanjc@xxxxxxxxxx) --- Finally figured it out. When KVM uses PAE shadow paging, the PDPTRs are effectively skipped when walking the shadow tables because a bad PDPTR will be detected much earlier and KVM essentially hardcodes the PDPTRs. As a result, the corresponding SPTE isn't filled by get_walk() as it never "sees" the SPTE for the PDTPR. The refactored get_mmio_spte() doesn't account for this and checks the PDPTR SPTE array value. This reads uninitialized stack data, and in your case, this yields the garbage value '0x80000b0e' that causes things to explode (my system gets '0' most/all of the time). I'll get a patch out later today, it's a bit of a mess.... -- You are receiving this mail because: You are watching the assignee of the bug.
