I am developing a minimal 32-bit protected mode OS with Physical Address Extension (PAE) paging enabled. My paging setup involves allocating a Page Directory Pointer Table (PDPT), Page Directories (PDs), and Page Tables (PTs), populating them with identity mappings for the lower 4GiB of physical memory and mapping a higher-half kernel.

The OS boots into protected mode, detects PAE support, allocates the necessary paging structures, sets up the PDPT, PDs, and PTs, enables PAE in CR4, loads the physical address of the PDPT into CR3, and then attempts to enable paging by setting the PG bit in CR0.

The Problem:

The OS runs without any General Protection Faults (GPFs) when using QEMU's software emulation (i.e., without the -enable-kvm flag). However, when I run the same OS under QEMU with KVM enabled (-enable-kvm), a GPF occurs immediately when I attempt to set the Paging Enable (PG) bit in CR0.

Interestingly, if I set CR0 to 0x11 (Protected Mode enabled, ET set, Paging disabled), no immediate GPF occurs under KVM. The GPF only happens when I try to set the PG bit (e.g., loading 0x80000011 into CR0).

My paging structures are page-aligned, and I perform a TLB flush (by reloading CR3) after setting CR3 and before enabling paging.

Relevant Code Snippets (Conceptual C++):

alignas(PAGE_SIZE) pdpt_t* pdpt = (pdpt_t*)pmm::alloc_frame(1);
        alignas(PAGE_SIZE) pd_t* pds = (pd_t*)pmm::alloc_frame(4);
        alignas(PAGE_SIZE) pt_t* pts = (pt_t*)pmm::alloc_frame(32);

        // Checking if any allocation failed
        if (!pdpt || !pds || !pts) {
            kernel_panic("Paging structures allocation failed!\n");
            return;
        }

        uint64_t frame_addr = 0; // Physical address starts at 0x00000000

        // Set up PDPT
        for (int i = 0; i < 4; i++) {
            pdpt->entries[i] = ((uint64_t)&pds[i] & ~0xFFF) | PRESENT | WRITABLE;
        }

        // Set up PDs and PTs
        for (int i = 0; i < 4; i++) {
            for (int j = 0; j < 512; j++) {
                int pt_index = (i * 512) + j;
                pds[i].entries[j] = ((uint64_t)&pts[pt_index] & ~0xFFF) | PRESENT | WRITABLE;

                for (int k = 0; k < 512; k++) {
                    pts[pt_index].entries[k] = (frame_addr & ~0xFFF) | PRESENT | WRITABLE;
                    frame_addr += PAGE_SIZE; // Move to next 4KiB frame
                }
            }
        }
        
        // Load PDPT, setting up higher-half kernel, enable PAE, enable paging and flush the TLB
        enable_pae();
        active_pdpt = pdpt;
        
        // Setting up higher half kernel
        // Mapping 0x100000-0x400000 to 3GiB in virtual memory
        uint64_t kernel_base = uint64_t(&__kernel_phys_base);
        for(uint64_t addr = kernel_base, v_addr = KERNEL_BASE; addr < kernel_base + 0x400000; addr += PAGE_SIZE, v_addr += PAGE_SIZE)
            vmm::map_page(v_addr, addr, PRESENT | WRITABLE);

        // Identity mapping up to 4GiB (or to max RAM installed if 4GiB is not available)
        uint64_t target = (0x100000000 > pmm::total_installed_ram) ? pmm::total_installed_ram : 0x100000000;
        for (uint64_t addr = 0; addr < target; addr += PAGE_SIZE)
            vmm::map_page(addr, addr, PRESENT | WRITABLE);
        
        set_pdpt(uint32_t(pdpt));
        flush_tlb();

        enable_paging();
        flush_tlb();

        enabled_paging = true;
        vga::printf("Paging initialized with identity map up to 4GiB\n");

GPF full error message: