Software sequences that may lead to machine check error code 0150H can be summarized as follows:
- Code is fetched from a linear address translated using a 4 KB translation cached in the ITLB.
- Software modifies the paging structures so that the same linear address is translated using a large page (2 MB, 4 MB, or 1 GB) with a different physical address or memory type.
- After the paging structure modification, but before software invalidates any ITLB entries for the linear address, code fetch happens again on the same linear address.
- This may cause a machine-check error (IA32_MCi_STATUS.MCACOD=150H), which can result in a system hang or shutdown.
The VMM can use Extended Page Tables (EPT) to enforce that each guest physical address is 4 KB in size and that guest software cannot change the hardware page size for translations.
For correctness, the TLB must consider the page size for a given translation to be the smaller of the nested and guest page sizes.
From ASPLOS’08 《Accelerating Two-Dimensional Page Walks》2.4 Large Page Size。
The sequence above requires bit 10 (Execute access for user-mode linear address) to be treated in the same manner as bit 2 when mode-based execution controls are active (the mode-based execute control for EPT feature is present and the VM execution control is set to 1).
- 若Secondary Processor-Based VM-Execution Controls.Mode-based execute control for EPT[bit 22]取1，则该位取1仅表示对于Guest的内核页可执行，不表示对于Guest的用户页可执行
各级页表项的第10位为XU (eXecute for User)，取1表示对于Guest的用户页可执行
- 仅当Secondary Processor-Based VM-Execution Controls.Mode-based execute control for EPT[bit 22]取1时有效，否则该位会被忽略