With 4-level EPT, bits 51:48 of the guest physical address must all be zero; otherwise, an EPT violation always occurs, which is an unexpected VM exit in KVM currently. Even though KVM advertises the max physical bits to guest, guest may ignore MAXPHYADDR in CPUID and set a bigger physical bits to KVM. Rejecting invalid guest physical bits on KVM side is a choice, but it will break current KVM ABI, e.g., current QEMU ignores the physical bits advertised by KVM and uses host physical bits as guest physical bits by default when using '-cpu host', although we would like to send a patch to QEMU, it will still cause backward compatibility issues. For GPA that can't be translated by EPT but within host.MAXPHYADDR, emulation should be the best choice since KVM will inject #PF for the invalid GPA in guest's perspective and try to emulate the instructions which minimizes the impact on guests as much as possible. Signed-off-by: Tao Su <tao1.su@xxxxxxxxxxxxxxx> Tested-by: Yi Lai <yi1.lai@xxxxxxxxx> --- arch/x86/kvm/vmx/vmx.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index be20a60047b1..a8aa2cfa2f5d 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -5774,6 +5774,13 @@ static int handle_ept_violation(struct kvm_vcpu *vcpu) vcpu->arch.exit_qualification = exit_qualification; + /* + * Emulate the instruction when accessing a GPA which is set any bits + * beyond guest-physical bits that EPT can translate. + */ + if (unlikely(gpa & rsvd_bits(kvm_mmu_tdp_maxphyaddr(), 63))) + return kvm_emulate_instruction(vcpu, 0); + /* * Check that the GPA doesn't exceed physical memory limits, as that is * a guest page fault. We have to emulate the instruction here, because -- 2.34.1
