arch/x86/kvm/mmu/mmu.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
Don't read guest CR3 in kvm_arch_setup_async_pf() if the MMU is direct
and use INVALID_GPA instead.
When KVM tries to perform the host-only async page fault for the shared
memory of TDX guests, the following WARNING is triggered:
WARNING: CPU: 1 PID: 90922 at arch/x86/kvm/vmx/main.c:483 vt_cache_reg+0x16/0x20
Call Trace:
__kvm_mmu_faultin_pfn
kvm_mmu_faultin_pfn
kvm_tdp_page_fault
kvm_mmu_do_page_fault
kvm_mmu_page_fault
tdx_handle_ept_violation
This WARNING is triggered when calling kvm_mmu_get_guest_pgd() to cache
the guest CR3 in kvm_arch_setup_async_pf() for later use in
kvm_arch_async_page_ready() to determine if it's possible to fix the
page fault in the current vCPU context to save one VM exit. However, when
guest state is protected, KVM cannot read the guest CR3.
Since protected guests aren't compatible with shadow paging, i.e, they
must use direct MMU, avoid calling kvm_mmu_get_guest_pgd() to read guest
CR3 when the MMU is direct and use INVALID_GPA instead.
Note that for protected guests mmu->root_role.direct is always true, so
that kvm_mmu_get_guest_pgd() in kvm_arch_async_page_ready() won't be
reached.
Reported-by: Farrah Chen <farrah.chen@intel.com>
Suggested-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
Changes in v2:
- Use arch.direct_map to key off the reading of guest CR3;
- drop the handling in kvm_arch_async_page_ready() since the read CR3
operation cannot be reached for direct MMU (protected guests);
---
arch/x86/kvm/mmu/mmu.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
index 667d66cf76d5..257835185f90 100644
--- a/arch/x86/kvm/mmu/mmu.c
+++ b/arch/x86/kvm/mmu/mmu.c
@@ -4521,7 +4521,10 @@ static bool kvm_arch_setup_async_pf(struct kvm_vcpu *vcpu,
arch.gfn = fault->gfn;
arch.error_code = fault->error_code;
arch.direct_map = vcpu->arch.mmu->root_role.direct;
- arch.cr3 = kvm_mmu_get_guest_pgd(vcpu, vcpu->arch.mmu);
+ if (arch.direct_map)
+ arch.cr3 = INVALID_GPA;
+ else
+ arch.cr3 = kvm_mmu_get_guest_pgd(vcpu, vcpu->arch.mmu);
return kvm_setup_async_pf(vcpu, fault->addr,
kvm_vcpu_gfn_to_hva(vcpu, fault->gfn), &arch);
base-commit: 7d0a66e4bb9081d75c82ec4957c50034cb0ea449
--
2.43.0Hi Xiaoyao,
kernel test robot noticed the following build warnings:
[auto build test WARNING on 7d0a66e4bb9081d75c82ec4957c50034cb0ea449]
url: https://github.com/intel-lab-lkp/linux/commits/Xiaoyao-Li/KVM-x86-Don-t-read-guest-CR3-when-doing-async-pf-while-the-MMU-is-direct/20251212-220612
base: 7d0a66e4bb9081d75c82ec4957c50034cb0ea449
patch link: https://lore.kernel.org/r/20251212135051.2155280-1-xiaoyao.li%40intel.com
patch subject: [PATCH v2] KVM: x86: Don't read guest CR3 when doing async pf while the MMU is direct
config: i386-buildonly-randconfig-004-20251213 (https://download.01.org/0day-ci/archive/20251213/202512130905.LJZI3LOt-lkp@intel.com/config)
compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251213/202512130905.LJZI3LOt-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202512130905.LJZI3LOt-lkp@intel.com/
All warnings (new ones prefixed by >>):
>> arch/x86/kvm/mmu/mmu.c:4525:14: warning: implicit conversion from 'gpa_t' (aka 'unsigned long long') to 'unsigned long' changes value from 18446744073709551615 to 4294967295 [-Wconstant-conversion]
4525 | arch.cr3 = INVALID_GPA;
| ~ ^~~~~~~~~~~
include/linux/kvm_types.h:54:22: note: expanded from macro 'INVALID_GPA'
54 | #define INVALID_GPA (~(gpa_t)0)
| ^~~~~~~~~
1 warning generated.
Kconfig warnings: (for reference only)
WARNING: unmet direct dependencies detected for I2C_K1
Depends on [n]: I2C [=m] && HAS_IOMEM [=y] && (ARCH_SPACEMIT || COMPILE_TEST [=y]) && OF [=n]
Selected by [m]:
- MFD_SPACEMIT_P1 [=m] && HAS_IOMEM [=y] && (ARCH_SPACEMIT || COMPILE_TEST [=y]) && I2C [=m]
vim +4525 arch/x86/kvm/mmu/mmu.c
4514
4515 static bool kvm_arch_setup_async_pf(struct kvm_vcpu *vcpu,
4516 struct kvm_page_fault *fault)
4517 {
4518 struct kvm_arch_async_pf arch;
4519
4520 arch.token = alloc_apf_token(vcpu);
4521 arch.gfn = fault->gfn;
4522 arch.error_code = fault->error_code;
4523 arch.direct_map = vcpu->arch.mmu->root_role.direct;
4524 if (arch.direct_map)
> 4525 arch.cr3 = INVALID_GPA;
4526 else
4527 arch.cr3 = kvm_mmu_get_guest_pgd(vcpu, vcpu->arch.mmu);
4528
4529 return kvm_setup_async_pf(vcpu, fault->addr,
4530 kvm_vcpu_gfn_to_hva(vcpu, fault->gfn), &arch);
4531 }
4532
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Hi Xiaoyao,
kernel test robot noticed the following build warnings:
[auto build test WARNING on 7d0a66e4bb9081d75c82ec4957c50034cb0ea449]
url: https://github.com/intel-lab-lkp/linux/commits/Xiaoyao-Li/KVM-x86-Don-t-read-guest-CR3-when-doing-async-pf-while-the-MMU-is-direct/20251212-220612
base: 7d0a66e4bb9081d75c82ec4957c50034cb0ea449
patch link: https://lore.kernel.org/r/20251212135051.2155280-1-xiaoyao.li%40intel.com
patch subject: [PATCH v2] KVM: x86: Don't read guest CR3 when doing async pf while the MMU is direct
config: i386-buildonly-randconfig-002-20251213 (https://download.01.org/0day-ci/archive/20251213/202512130717.aHH8rXSC-lkp@intel.com/config)
compiler: gcc-14 (Debian 14.2.0-19) 14.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251213/202512130717.aHH8rXSC-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202512130717.aHH8rXSC-lkp@intel.com/
All warnings (new ones prefixed by >>):
In file included from include/linux/kvm_host.h:43,
from arch/x86/kvm/irq.h:15,
from arch/x86/kvm/mmu/mmu.c:19:
arch/x86/kvm/mmu/mmu.c: In function 'kvm_arch_setup_async_pf':
>> include/linux/kvm_types.h:54:25: warning: conversion from 'long long unsigned int' to 'long unsigned int' changes value from '18446744073709551615' to '4294967295' [-Woverflow]
54 | #define INVALID_GPA (~(gpa_t)0)
| ^
arch/x86/kvm/mmu/mmu.c:4525:28: note: in expansion of macro 'INVALID_GPA'
4525 | arch.cr3 = INVALID_GPA;
| ^~~~~~~~~~~
vim +54 include/linux/kvm_types.h
d77a39d982431e drivers/kvm/types.h Hollis Blanchard 2007-12-03 53
cecafc0a830f7e include/linux/kvm_types.h Yu Zhang 2023-01-05 @54 #define INVALID_GPA (~(gpa_t)0)
8564d6372a7d8a include/linux/kvm_types.h Steven Price 2019-10-21 55
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
On Sat, Dec 13, 2025, kernel test robot wrote: > Hi Xiaoyao, > > kernel test robot noticed the following build warnings: > > [auto build test WARNING on 7d0a66e4bb9081d75c82ec4957c50034cb0ea449] > > url: https://github.com/intel-lab-lkp/linux/commits/Xiaoyao-Li/KVM-x86-Don-t-read-guest-CR3-when-doing-async-pf-while-the-MMU-is-direct/20251212-220612 > base: 7d0a66e4bb9081d75c82ec4957c50034cb0ea449 > patch link: https://lore.kernel.org/r/20251212135051.2155280-1-xiaoyao.li%40intel.com > patch subject: [PATCH v2] KVM: x86: Don't read guest CR3 when doing async pf while the MMU is direct > config: i386-buildonly-randconfig-002-20251213 (https://download.01.org/0day-ci/archive/20251213/202512130717.aHH8rXSC-lkp@intel.com/config) > compiler: gcc-14 (Debian 14.2.0-19) 14.2.0 > reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251213/202512130717.aHH8rXSC-lkp@intel.com/reproduce) > > If you fix the issue in a separate patch/commit (i.e. not just a new version of > the same patch/commit), kindly add following tags > | Reported-by: kernel test robot <lkp@intel.com> > | Closes: https://lore.kernel.org/oe-kbuild-all/202512130717.aHH8rXSC-lkp@intel.com/ > > All warnings (new ones prefixed by >>): > > In file included from include/linux/kvm_host.h:43, > from arch/x86/kvm/irq.h:15, > from arch/x86/kvm/mmu/mmu.c:19: > arch/x86/kvm/mmu/mmu.c: In function 'kvm_arch_setup_async_pf': > >> include/linux/kvm_types.h:54:25: warning: conversion from 'long long unsigned int' to 'long unsigned int' changes value from '18446744073709551615' to '4294967295' [-Woverflow] > 54 | #define INVALID_GPA (~(gpa_t)0) > | ^ > arch/x86/kvm/mmu/mmu.c:4525:28: note: in expansion of macro 'INVALID_GPA' > 4525 | arch.cr3 = INVALID_GPA; > | ^~~~~~~~~~~ Well that's just annoying. Can we kill 32-bit yet? Anyways, just ignore this (unless it causes my KVM_WERROR=1 builds to fail, in which case I'll just add an explicit cast, but I think we can just ignore it).
© 2016 - 2025 Red Hat, Inc.