Commit f5523423 authored by Russell King's avatar Russell King Committed by Marc Zyngier
Browse files

arm64: kvm: Fix IDMAP overlap with HYP VA 



Booting 5.4 on LX2160A reveals that KVM is non-functional:

kvm: Limiting the IPA size due to kernel Virtual Address limit
kvm [1]: IPA Size Limit: 43bits
kvm [1]: IDMAP intersecting with HYP VA, unable to continue
kvm [1]: error initializing Hyp mode: -22

Debugging shows:

kvm [1]: IDMAP page: 81a26000
kvm [1]: HYP VA range: 0:22ffffffff

as RAM is located at:

80000000-fbdfffff : System RAM
2080000000-237fffffff : System RAM

Comparing this with the same kernel on Armada 8040 shows:

kvm: Limiting the IPA size due to kernel Virtual Address limit
kvm [1]: IPA Size Limit: 43bits
kvm [1]: IDMAP page: 2a26000
kvm [1]: HYP VA range: 4800000000:493fffffff
...
kvm [1]: Hyp mode initialized successfully

which indicates that hyp_va_msb is set, and is always set to the
opposite value of the idmap page to avoid the overlap. This does not
happen with the LX2160A.

Further debugging shows vabits_actual = 39, kva_msb = 38 on LX2160A and
kva_msb = 33 on Armada 8040. Looking at the bit layout of the HYP VA,
there is still one bit available for hyp_va_msb. Set this bit
appropriately. This allows KVM to be functional on the LX2160A, but
without any HYP VA randomisation:

kvm: Limiting the IPA size due to kernel Virtual Address limit
kvm [1]: IPA Size Limit: 43bits
kvm [1]: IDMAP page: 81a24000
kvm [1]: HYP VA range: 4000000000:62ffffffff
...
kvm [1]: Hyp mode initialized successfully

Fixes: ed57cac8 ("arm64: KVM: Introduce EL2 VA randomisation")
Signed-off-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
[maz: small additional cleanups, preserved case where the tag
 is legitimately 0 and we can just use the mask, Fixes tag]
Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/E1ilAiY-0000MA-RG@rmk-PC.armlinux.org.uk
parent 5f675c56

arch/arm64/kvm/va_layout.c

+25 −31
Original line number Diff line number Diff line
@@ -13,52 +13,46 @@ 
#include <asm/kvm_mmu.h>



/*

 * The LSB of the random hyp VA tag or 0 if no randomization is used.

 * The LSB of the HYP VA tag

 */

static u8 tag_lsb;

/*

 * The random hyp VA tag value with the region bit if hyp randomization is used

 * The HYP VA tag value with the region bit

 */

static u64 tag_val;

static u64 va_mask;



/*

 * We want to generate a hyp VA with the following format (with V ==

 * vabits_actual):

 *

 *  63 ... V |     V-1    | V-2 .. tag_lsb | tag_lsb - 1 .. 0

 *  ---------------------------------------------------------

 * | 0000000 | hyp_va_msb |   random tag   |  kern linear VA |

 *           |--------- tag_val -----------|----- va_mask ---|

 *

 * which does not conflict with the idmap regions.

 */

__init void kvm_compute_layout(void)

{

	phys_addr_t idmap_addr = __pa_symbol(__hyp_idmap_text_start);

	u64 hyp_va_msb;

	int kva_msb;



	/* Where is my RAM region? */

	hyp_va_msb  = idmap_addr & BIT(vabits_actual - 1);

	hyp_va_msb ^= BIT(vabits_actual - 1);



	kva_msb = fls64((u64)phys_to_virt(memblock_start_of_DRAM()) ^

	tag_lsb = fls64((u64)phys_to_virt(memblock_start_of_DRAM()) ^

			(u64)(high_memory - 1));



	if (kva_msb == (vabits_actual - 1)) {

		/*

		 * No space in the address, let's compute the mask so

		 * that it covers (vabits_actual - 1) bits, and the region

		 * bit. The tag stays set to zero.

		 */

		va_mask  = BIT(vabits_actual - 1) - 1;

		va_mask |= hyp_va_msb;

	} else {

		/*

		 * We do have some free bits to insert a random tag.

		 * Hyp VAs are now created from kernel linear map VAs

		 * using the following formula (with V == vabits_actual):

		 *

		 *  63 ... V |     V-1    | V-2 .. tag_lsb | tag_lsb - 1 .. 0

		 *  ---------------------------------------------------------

		 * | 0000000 | hyp_va_msb |    random tag  |  kern linear VA |

		 */

		tag_lsb = kva_msb;

	va_mask = GENMASK_ULL(tag_lsb - 1, 0);

		tag_val = get_random_long() & GENMASK_ULL(vabits_actual - 2, tag_lsb);

		tag_val |= hyp_va_msb;

		tag_val >>= tag_lsb;

	tag_val = hyp_va_msb;



	if (tag_lsb != (vabits_actual - 1)) {

		/* We have some free bits to insert a random tag. */

		tag_val |= get_random_long() & GENMASK_ULL(vabits_actual - 2, tag_lsb);

	}

	tag_val >>= tag_lsb;

}



static u32 compute_instruction(int n, u32 rd, u32 rn)
@@ -117,11 +111,11 @@ void __init kvm_update_va_mask(struct alt_instr *alt, 
		 * VHE doesn't need any address translation, let's NOP

		 * everything.

		 *

		 * Alternatively, if we don't have any spare bits in

		 * the address, NOP everything after masking that

		 * kernel VA.

		 * Alternatively, if the tag is zero (because the layout

		 * dictates it and we don't have any spare bits in the

		 * address), NOP everything after masking the kernel VA.

		 */

		if (has_vhe() || (!tag_lsb && i > 0)) {

		if (has_vhe() || (!tag_val && i > 0)) {

			updptr[i] = cpu_to_le32(aarch64_insn_gen_nop());

			continue;

		}

CRA Git | Maintained and supported by SUSTech CRA and CCSE