On Tue, Jan 12, 2021, Paolo Bonzini wrote: > On 12/01/21 00:01, Sean Christopherson wrote: > > > Perhaps cpuid_query_maxphyaddr() should just look at the low 5 bits of > > > CPUID.80000008H:EAX? > > The low 6 bits I guess---yes, that would make sense and it would have also > fixed the bug. No, that wouldn't have fixed this specific bug. In this case, the issue was CPUID.80000008H:AL == 0; masking off bits 7:6 wouldn't have changed anything. And, masking bits 7:6 is architecturally wrong. Both the SDM and APM state that bits 7:0 contain the number of PA bits. KVM could reject guest.MAXPA > host.MAXPA, but arbitrarily dropping bits would be wrong.