On 12/11/21 01:11, Paolo Bonzini wrote:
Yeah, vmx_prepare_switch_to_guest() doesn't update HOST_CR3 if no
preemption happens from one call of vcpu_enter_guest() to the next
(preemption would cause a call to kvm_arch_vcpu_put and from there to
vmx_prepare_switch_to_host, which clears vmx->guest_state_loaded).
During that time an MM switch is bumping the PCID; I would have expected
any such flush to require a preemption (in order to reach e.g.
switch_mm_irqs_off), but that must be wrong. In the splat below in fact
you can see that the values are 0x60674f2005 (RAX) and 0x60674f2006 (RCX
and CR3).
As Jiangshan said, the PCID is bumped while L2 runs, and is stale when
switching back to the vmcs01. That indeed is compatible with a
preemption. There should definitely be a comment in
vmx_prepare_switch_to_guest() that points to vmx_sync_vmcs_host_state().
Paolo
