From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=3.0 tests=BAYES_00,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B0A72C4361B for ; Thu, 17 Dec 2020 19:54:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7408C23A33 for ; Thu, 17 Dec 2020 19:54:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728684AbgLQTy4 convert rfc822-to-8bit (ORCPT ); Thu, 17 Dec 2020 14:54:56 -0500 Received: from mail.kernel.org ([198.145.29.99]:55886 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727368AbgLQTy4 (ORCPT ); Thu, 17 Dec 2020 14:54:56 -0500 From: bugzilla-daemon@bugzilla.kernel.org Authentication-Results: mail.kernel.org; dkim=permerror (bad message/signature format) To: kvm@vger.kernel.org Subject: [Bug 210695] error: kvm run failed Invalid argument Date: Thu, 17 Dec 2020 19:54:15 +0000 X-Bugzilla-Reason: None X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: AssignedTo virtualization_kvm@kernel-bugs.osdl.org X-Bugzilla-Product: Virtualization X-Bugzilla-Component: kvm X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: seanjc@google.com X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P1 X-Bugzilla-Assigned-To: virtualization_kvm@kernel-bugs.osdl.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8BIT X-Bugzilla-URL: https://bugzilla.kernel.org/ Auto-Submitted: auto-generated MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org https://bugzilla.kernel.org/show_bug.cgi?id=210695 --- Comment #7 from Sean Christopherson (seanjc@google.com) --- Finally figured it out. When KVM uses PAE shadow paging, the PDPTRs are effectively skipped when walking the shadow tables because a bad PDPTR will be detected much earlier and KVM essentially hardcodes the PDPTRs. As a result, the corresponding SPTE isn't filled by get_walk() as it never "sees" the SPTE for the PDTPR. The refactored get_mmio_spte() doesn't account for this and checks the PDPTR SPTE array value. This reads uninitialized stack data, and in your case, this yields the garbage value '0x80000b0e' that causes things to explode (my system gets '0' most/all of the time). I'll get a patch out later today, it's a bit of a mess.... -- You are receiving this mail because: You are watching the assignee of the bug.