From: Ryan Roberts <ryan.roberts@arm.com>

Date: Thu, 3 Nov 2022 15:05:06 +0000

Subject: KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52.

Git-commit: 579d7ebe90a332cc5b6c02db9250fd0816a64f63

Patch-mainline: v6.2-rc1

References: git-fixes

For nvhe and protected modes, the hyp stage 1 page-tables were previously

configured to have the same number of VA bits as the kernel's idmap.

However, for kernel configs with VA_BITS=52 and where the kernel is

loaded in physical memory below 48 bits, the idmap VA bits is actually

smaller than the kernel's normal stage 1 VA bits. This can lead to

kernel addresses that can't be mapped into the hypervisor, leading to

kvm initialization failure during boot:

  kvm [1]: IPA Size Limit: 48 bits

  kvm [1]: Cannot map world-switch code

  kvm [1]: error initializing Hyp mode: -34

Fix this by ensuring that the hyp stage 1 VA size is the maximum of

what's used for the idmap and the regular kernel stage 1. At the same

time, refactor the code so that the hyp VA bits is only calculated in

one place.

Prior to 7ba8f2b2d652, the idmap was always 52 bits for a 52 VA bits

kernel and therefore the hyp stage1 was also always 52 bits.

Fixes: 7ba8f2b2d652 ("arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds")

Signed-off-by: Ryan Roberts <ryan.roberts@arm.com>

[maz: commit message fixes]

Signed-off-by: Marc Zyngier <maz@kernel.org>

Link: https://lore.kernel.org/r/20221103150507.32948-2-ryan.roberts@arm.com

Acked-by: Ivan T. Ivanov <iivanov@suse.de>

---

 arch/arm64/kvm/arm.c |   20 +++-----------------

 arch/arm64/kvm/mmu.c |   28 +++++++++++++++++++++++++++-

 2 files changed, 30 insertions(+), 18 deletions(-)

--- a/arch/arm64/kvm/arm.c

+++ b/arch/arm64/kvm/arm.c

@@ -1447,7 +1447,7 @@ static int kvm_init_vector_slots(void)

 	return 0;

 }

-static void cpu_prepare_hyp_mode(int cpu)

+static void cpu_prepare_hyp_mode(int cpu, u32 hyp_va_bits)

 {

 	struct kvm_nvhe_init_params *params = per_cpu_ptr_nvhe_sym(kvm_init_params, cpu);

 	unsigned long tcr;

@@ -1463,23 +1463,9 @@ static void cpu_prepare_hyp_mode(int cpu

 	params->mair_el2 = read_sysreg(mair_el1);

-	/*

-	 * The ID map may be configured to use an extended virtual address

-	 * range. This is only the case if system RAM is out of range for the

-	 * currently configured page size and VA_BITS, in which case we will

-	 * also need the extended virtual range for the HYP ID map, or we won't

-	 * be able to enable the EL2 MMU.

-	 *

-	 * However, at EL2, there is only one TTBR register, and we can't switch

-	 * between translation tables *and* update TCR_EL2.T0SZ at the same

-	 * time. Bottom line: we need to use the extended range with *both* our

-	 * translation tables.

-	 *

-	 * So use the same T0SZ value we use for the ID map.

-	 */

 	tcr = (read_sysreg(tcr_el1) & TCR_EL2_MASK) | TCR_EL2_RES1;

 	tcr &= ~TCR_T0SZ_MASK;

-	tcr |= (idmap_t0sz & GENMASK(TCR_TxSZ_WIDTH - 1, 0)) << TCR_T0SZ_OFFSET;

+	tcr |= TCR_T0SZ(hyp_va_bits);

 	params->tcr_el2 = tcr;

 	params->stack_hyp_va = kern_hyp_va(per_cpu(kvm_arm_hyp_stack_page, cpu) + PAGE_SIZE);

@@ -1937,7 +1923,7 @@ static int init_hyp_mode(void)

 		}

 		/* Prepare the CPU initialization parameters */

-		cpu_prepare_hyp_mode(cpu);

+		cpu_prepare_hyp_mode(cpu, hyp_va_bits);

 	}

 	if (is_protected_kvm_enabled()) {

--- a/arch/arm64/kvm/mmu.c

+++ b/arch/arm64/kvm/mmu.c

@@ -1351,6 +1351,8 @@ static struct kvm_pgtable_mm_ops kvm_hyp

 int kvm_mmu_init(u32 *hyp_va_bits)

 {

 	int err;

+	u32 idmap_bits;

+	u32 kernel_bits;

 	hyp_idmap_start = __pa_symbol(__hyp_idmap_text_start);

 	hyp_idmap_start = ALIGN_DOWN(hyp_idmap_start, PAGE_SIZE);

@@ -1364,7 +1366,31 @@ int kvm_mmu_init(u32 *hyp_va_bits)

 	 */

 	BUG_ON((hyp_idmap_start ^ (hyp_idmap_end - 1)) & PAGE_MASK);

-	*hyp_va_bits = 64 - ((idmap_t0sz & TCR_T0SZ_MASK) >> TCR_T0SZ_OFFSET);

+	/*

+	 * The ID map may be configured to use an extended virtual address

+	 * range. This is only the case if system RAM is out of range for the

+	 * currently configured page size and VA_BITS_MIN, in which case we will

+	 * also need the extended virtual range for the HYP ID map, or we won't

+	 * be able to enable the EL2 MMU.

+	 *

+	 * However, in some cases the ID map may be configured for fewer than

+	 * the number of VA bits used by the regular kernel stage 1. This

+	 * happens when VA_BITS=52 and the kernel image is placed in PA space

+	 * below 48 bits.

+	 *

+	 * At EL2, there is only one TTBR register, and we can't switch between

+	 * translation tables *and* update TCR_EL2.T0SZ at the same time. Bottom

+	 * line: we need to use the extended range with *both* our translation

+	 * tables.

+	 *

+	 * So use the maximum of the idmap VA bits and the regular kernel stage

+	 * 1 VA bits to assure that the hypervisor can both ID map its code page

+	 * and map any kernel memory.

+	 */

+	idmap_bits = 64 - ((idmap_t0sz & TCR_T0SZ_MASK) >> TCR_T0SZ_OFFSET);

+	kernel_bits = vabits_actual;

+	*hyp_va_bits = max(idmap_bits, kernel_bits);

+

 	kvm_debug("Using %u-bit virtual addresses at EL2\n", *hyp_va_bits);

 	kvm_debug("IDMAP page: %lx\n", hyp_idmap_start);

 	kvm_debug("HYP VA range: %lx:%lx\n",