On 29/06/20 15:25, Alexander Boettcher wrote: > Hello, > > during a page table walk of TCG+SVM the code in target/i386/excp_helper.c > get_hphys() uses the cr4 register of the guest instead of the hypervisor to > check for the PSE bit. In the test case we have, the guest have not enabled > (yet) the PSE bit and so the page table walk results in a wrong host physical > address resolution and wrong content read by the guest. > > Attached patch is against 4.2.1, but works also on 3.1.0. It fixes the issue > for our automated testcase, which is a 32bit hypervisor w/o PAE support > running a guest VM with tcg+svm. > The test worked beforehand up to qemu 2.12, started to fail with qemu 3.0 and > later. The added TCG/SVM NPT commit seems to introduce the regression. > > In case someone want to try to reproduce it, the iso is at [0], the good case > is [1] and the failing case is [2]. The used commandline is: > > qemu-system-i386 -no-kvm -nographic -cpu phenom -m 512 -machine q35 -cdrom > seoul-vmm-test.iso > > [0] https://depot.genode.org/alex-ab/images/seoul-vmm-test.iso > [1] https://depot.genode.org/alex-ab/images/seoul-vmm-good.txt > [2] https://depot.genode.org/alex-ab/images/seoul-vmm-bad.txt >
Queued, thanks. Paolo
