On 2021/12/16 00:31, Lai Jiangshan wrote:
What I missed is the case of "if (!enable_unrestricted_guest && !is_paging(vcpu))" in vmx_load_mmu_pgd() which doesn't load GUEST_CR3 but clears dirty of VCPU_EXREG_CR3 (when after next run).
Oops. What I missed is the case of "if (!enable_unrestricted_guest && !is_paging(vcpu))" in vmx_load_mmu_pgd() which doesn't load GUEST_CR3 with the guest cr3 and VCPU_EXREG_CR3 dirty bit is cleared after VMEXIT. When !PG -> PG, GUEST_CR3 is still the ept_identity_map_addr, and VCPU_EXREG_CR3 dirty bit is not set, so vmx_load_mmu_pgd() doesn't update GUEST_CR3.
So when CR0 !PG -> PG, VCPU_EXREG_CR3 dirty bit should be set.
