Xen project Mailing List

Re: [PATCH v1 1/6] nestedsvm: Fix CR3 MBZ check

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Thu, 25 Jun 2026 13:58:46 +0200

Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=google header.d=suse.com header.i="@suse.com" header.h="Content-Transfer-Encoding:In-Reply-To:Autocrypt:From:Content-Language:References:Cc:To:Subject:User-Agent:MIME-Version:Date:Message-ID"

Autocrypt: addr=jbeulich@xxxxxxxx; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL

Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Jason Andryuk <jason.andryuk@xxxxxxx>, Teddy Astie <teddy.astie@xxxxxxxxxx>, Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Thu, 25 Jun 2026 11:59:07 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 26.05.2026 15:01, Andrew Cooper wrote: > On 26/05/2026 1:40 pm, Ross Lagerwall wrote: >> The existing code checks for any reserved bit set while the APM only >> considers it invalid if an MBZ bit is set. Relax the check to match the >> APM and hardware. >> >> Some of the reserved bits were observed to be set running Rocky Linux >> 10.1 on Xen on Xen. >> >> Fixes: 9a779e4fc161 ("Implement SVM specific part for Nested Virtualization") >> Signed-off-by: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx> >> --- >> xen/arch/x86/hvm/svm/vmcb.c | 6 ++---- >> 1 file changed, 2 insertions(+), 4 deletions(-) >> >> diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c >> index 975a1eaef806..9ada491e57db 100644 >> --- a/xen/arch/x86/hvm/svm/vmcb.c >> +++ b/xen/arch/x86/hvm/svm/vmcb.c >> @@ -347,10 +347,8 @@ bool svm_vmcb_isvalid( >> PRINTF("CR0: bits [63:32] are not zero (%#"PRIx64")\n", cr0); >> >> if ( (cr0 & X86_CR0_PG) && >> - ((cr3 & 7) || >> - ((!(cr4 & X86_CR4_PAE) || (efer & EFER_LMA)) && (cr3 & 0xfe0)) || >> - ((efer & EFER_LMA) && >> - (cr3 >> v->domain->arch.cpuid->extd.maxphysaddr))) ) >> + ((efer & EFER_LMA) && >> + (cr3 >> v->domain->arch.cpuid->extd.maxphysaddr)) ) >> PRINTF("CR3: MBZ bits are set (%#"PRIx64")\n", cr3); >> >> valid = hvm_cr4_guest_valid_bits(v->domain); > > The APM does say MBZ for VMRUN, but the end result of a VMEntry (virtual > or otherwise) must be a legal CR3 value. > > For 5.2.1 CR3 Register (Legacy) and 5.3.2 CR3 (Long), the APM states: > > Reserved Bits. Reserved fields should be cleared to 0 by software when > writing CR3. > > What's the real behaviour for trying to set a reserved, non-MBZ bit in > CR3? On Intel it's strictly a #GP, and I really hope it's the same on AMD. As to Intel - are you sure? The MOV to/from control register page has this: "When PCIDs are not enabled, bits 2:0 and bits 11:5 of CR3 are not used and attempts to set them are ignored." Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.